After Weeks Of Reports Of Misuse Of Its Exploits, NSO Group Considering Shutting Down Its Malware Service

from the if-you-can't-beat-'em,-quit dept

RIP NSO Group. Cause of death: investigative reporting.

It’s probably too early to celebrate the demise of Israel’s most infamous export, but it’s looking like NSO is running out of options. The Israeli government recently (and drastically) reduced the number of approved governments NSO could sell its powerful Pegasus malware to, trimming down the permitted list from 102 countries to 37. That followed blacklisting by the US Commerce Department, which means American tech companies aren’t permitted to sell exploits, hardware, or devices to NSO without securing a waiver they’re unlikely to receive.

That followed weeks of revelations about how NSO customers were using its Pegasus spyware. According to multiple reports, governments and the occasional king were using NSO tools to target journalists, dissidents, government critics, religious leaders, US State Department employees, an ex-wife, an ex-wife’s lawyer, and government officials.

I guess when it’s no longer feasible to sell spyware to authoritarians and human rights violators, the only option is to default on your debts and shut down your most toxic product.

The NSO Group, the controversial technology company recently blacklisted by the United States over the illegal use of its spyware, is reportedly considering shutting down its Pegasus operation and selling the entire company to an American investment fund, Bloomberg reported on Monday.

The report, citing officials involved in the talks, said that there are two potential suitors for the embattled company, who have discussed a potential takeover and the shuttering of Pegasus unit, in exchange for a $200 million injection of capital and a pivot into strictly defensive cybersecurity services.

NSO needs the cash. It has millions in debt and whatever plans it had for paying it back have been severely curtailed with its blacklisting by the US government and its reduced customer base.

The U.S. restrictions put added pressure on NSO, which needs to pay back about $450 million in debt, just two years after a management buyout that valued the company at about $1 billion. Moody’s Investors Service said last month there’s an increasing risk the company will violate the terms of its loans.

The problem with ditching Pegasus is that it’s NSO’s most valuable product. This premium phone exploit accounts for half of NSO’s business. Fifty percent of NSO is worth far less than the $200 million the company is hoping to obtain. Now that it’s blacklisted, it can’t purchase exploits or devices from the US, which means it will be extremely difficult to develop new hacking tools worth selling. There may be a market for defensive tech, but that’s likely to be far less popular with foreign governments than zero-click exploits that can be deployed remotely.

Here’s how it looks for NSO on the home front, as reported by Israeli newspaper Haaretz:

Defense officials think the sanctions could soon bring about the company’s collapse and a shutdown of its operations. The company depends upon constant innovation: It’s one Apple or Android cellphone update away from the failure of its products. If it doesn’t manage to hold onto the best personnel in the world, the kind who would continue to find vulnerabilities in the operating systems, they won’t have a product.

Senior officials have told Haaretz that the move by the United States has totally paralyzed the company’s future operations. “They’re not able to buy a pen at a Walmart store,” the officials quipped. If an American company wants to sell them products, it needs a special permit.

According to this report, the Israeli government believes its local tech companies are being unfairly targeted by US sanctions. The country is home to 19 companies developing offensive exploits, but so far the US has only blacklisted NSO Group and Candiru. The government appears to have been caught off guard by the sanctions handed down by the Biden Administration after having received much more support and cooperation from the previous president, Donald Trump.

The Israeli government may be reeling a bit from the last few months of negative press targeting NSO, but it really can’t blame anyone else for the mess the company is in or the sanctions that have greeted the steady stream of reporting about misuse of its Pegasus spyware. It was directly involved with the sale of the malware to a number of known human rights abusers.

[I]n Israel it is acknowledged that oversight of contracts NSO entered into was too lax. The Netanyahu government gladly traded in spyware, with the Mossad reportedly assisting in the initial mediation of the transactions.


The company’s sales momentum over the past decade is closely linked to the diplomatic and intelligence-related steps that Netanyahu took, which improved relations with countries in various parts of the world, and where NSO’s technology often served as an asset that brought Israel to the table for the improvement of ties. In the past, Netanyahu ordered the defense establishment to advance offensive cybertechnology deals, and it appears he preferred that overly energetic oversight not be imposed on the deals or the parties to them.

Welp. The shitbirds have come home to roost, as the saying goes.

And if the Israeli government thinks the US Commerce Department overreacted, it won’t be pleased with the latest demands from members of the federal government.

More than a dozen Democratic lawmakers have called on the Biden administration to sanction four cyber surveillance firms for “enabling human rights abuses” by “selling powerful surveillance technology to authoritarian governments.”

The letter, led by Sen. Ron Wyden of Oregon and House Intelligence Chairman Adam Schiff of California, asks the Treasury Department to sanction Israeli spyware vendor NSO Group, Emirati cybersecurity firm DarkMatter and European surveillance firms Nexa Technologies and Trovicor — as well as the firms’ top executives.

This would go beyond the blacklisting already in place. The Global Magnitsky Human Rights Accountability Act allows the US president to sanction people and companies for human rights abuses. In this case, the abuses would have been aided and abetted by NSO, rather than participated in directly by NSO execs or employees. While it normally is used to sanction government officials, it has been used in the past to sanction private parties with ties to human rights abusers.

Whether or not sanctions ever arrive, it appears NSO’s days are numbered. But there are still plenty of malware purveyors out there. And there are plenty of authoritarians willing to pay top dollar for spy tech that enables them to more efficiently oppress their countries’ populations. The exploit market will remain lively. It just may be that one of the most recognizable names in the business will no longer be in business.

Filed Under: , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “After Weeks Of Reports Of Misuse Of Its Exploits, NSO Group Considering Shutting Down Its Malware Service”

Subscribe: RSS Leave a comment
Anonymous Coward says:

“They’re not able to buy a pen at a Walmart store,” the officials quipped. If an American company wants to sell them products, it needs a special permit.

That’s obvious bullshit. Walmart does not require its customers, upon entering a physical store or paying with cash, to state or prove they’re not buying for NSO. And it would be extreme idiocy for a company in NSO’s position to be buying electronic equipment anywhere but a physical store, off the shelf—governments could fuck with ("interdict") any shipment that’s linkable to them.

Lack of cash, however, could be a very real difficulty for them. As would selling to countries who now know NSO has been hacking their officials.

Anonymous Coward says:

Left hand, Right hand...

"It just may be that one of the most recognizable names in the business will no longer be in business."

At least it may no longer be ‘visibly’ in business.
But the product is in high demand – especially after all this great publicity – and such things always find a merchant willing and eager to peddle them to those willing and eager to utilize them.

Amazing how much money one can make by doing private deals behind the scenes. And as a bonus, there is no tax data attached to such transactions.

I’m certain the company will do just fine, even if it is dissolved. Publicly. 🙂

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...