Another Israeli Exploit Developer Caught Selling Malware To Blacklisted Countries
from the quite-the-cottage-industry-you-got-there dept
Maybe it’s time for the Israeli government to put a moratorium on Mossad-based startups. Israeli intelligence services have been the petri dishes for a particular strain of techbro — ones who have the smarts to create zero-click exploits but none of the common sense needed to cull baddies from their customer lists.
Months of negative press got NSO blacklisted by the US government. It also got it investigated in its homeland, finally resulting in the Israeli government (reluctantly) limiting who the company could sell to.
NSO isn’t the only malware merchant with Israeli roots. Candiru — another recipient of US sanctions — calls Israel home. So does Cytrox, yet another exploit developer with ties to Israeli intelligence services. Cytrox was at the center of a recent domestic spying scandal in Greece, with its malware being used to target opposition leaders and journalists. This culminated in Greek police forces raiding Cytrox’s local office, presumably as part of the ongoing investigation.
Now there’s another Israeli spyware maker making the wrong kind of headlines, as Fanny Potkin and Poppy McPherson report for Reuters.
Israel’s Cognyte Software Ltd won a tender to sell intercept spyware to a Myanmar state-backed telecommunications firm a month before the Asian nation’s February 2021 military coup, according to documents reviewed by Reuters.
No matter who’s running the Myanmar government, they shouldn’t be trusted with powerful spyware. For most of the past 60 years, the country has been run by some form of military dictatorship. The 2021 coup simply reshuffled a bit of the military dictatorship organizational chart. Throughout this time period, residents (especially Muslim residents) have been on the receiving end of intense oppression. For Myanmar’s Muslims, oppression means death: ethic cleansing.
Given the fact that any malware sold to the Myanmar government was likely to be abused to target critics and political opponents, Cognyte never should have agreed to sell the government its products. That’s what it should have willingly decided to do because that’s just being responsible.
But there’s another reason Cognyte shouldn’t have done it: it had to violate the law to complete the sale.
The deal was made even though Israel has claimed it stopped defence technology transfers to Myanmar following a 2017 ruling by Israel’s Supreme Court, according to a legal complaint recently filed with Israel’s attorney general and disclosed on Sunday.
According to the documents seen by Reuters, the sale was finalized at the end of 2020, apparently with the assistance of regulator Myanmar Post and Telecommunications (MPT). Given its proximity to the beginning of the coup, it seems this was deliberately acquired for use by the military government, which decided to contest an election it lost in November 2020 by overthrowing the democratically elected government three months later.
The fact that this sale occurred after the government swears it no longer permitted sales to Myanmar presents two possibilities. Neither option is good.
Either the government never stopped handing out export licenses to tech companies hoping to sell to Myanmar’s government or Cognyte ignored the restriction and made the sale without the required export license. Given that the documents show Cognyte as the winning bidder, the company didn’t even bother to try to launder its illegal export through a middleman. Or maybe it was both: a “don’t ask, don’t tell” policy for malware sales to human right abusers.
Whatever the case, it’s another black eye for the Israeli government — one that has done little to prevent local companies from selling powerful tech to bad people. It’s also an indictment of its intelligence services, which seem capable of attracting extremely skilled people who somehow decide that the logical extension of the lessons they’ve learned securing their nation is abandoning any remaining morality or ethics once they hit the private sector.