Locked Out Of NSO Group’s Pegasus Spyware, DEA Purchases Exploits From Its Non-Union, Israeli Equivalent
from the pegasus,-paragon:-tomato,-tomahto dept
First off, let’s just clear one thing up: the headline is a Simpson’s reference, not a dog whistle aimed at unions and/or the Jewish population of Israel.
Let’s face it: the DEA doesn’t care what anybody thinks of it. It will continue to get funded. It will continue to say incredibly stupid shit. It will continue to gain the attention and support of alarmists. And it will continue to seek out the spyware it desires to carry out its mission, which appears to be “lose the war on drugs for decades in a row.”
The administration can blacklist, criticize, and strongly suggest federal agencies not do business with shady exploit hawkers. None of these things will have an effect on the DEA, which will continue to do what it wants because Congress as a whole is too cowardly to sign off on anything indicating the agency has done more harm than good since its inception.
With NSO Group (and one of its prominent competitors) currently blacklisted by the US Commerce Department, the DEA must search elsewhere for phone exploits. But it’s not willing to search elsewhere, much less hold off for just a bit to make sure its newest malware partner isn’t just another NSO — a company stockpiling accelerants and dumpsters in hopes of setting its own reputation on fire within the next few months or years.
Instead, the DEA has demonstrated it’s willing to throw tax dollars at other Israeli malware companies formed by former Israeli intelligence agents, apparently assuming international criticism lightning won’t strike twice, as 9to5Mac reports, citing earlier reporting by the Financial Times.
The US government banned the use of NSO’s Pegasus spyware 18 months ago, but a new report today says that at least one government agency is using very similar malware from a rival company: Paragon Graphite.
Graphite reportedly has the same capabilities as Pegasus, and the US Drug Enforcement Administration (DEA) is said to be using it …
The Financial Times report (paywalled) contains more details. But the details are unsurprising.
According to four of those people, the US Drug Enforcement and Administration Agency is among the top customers for Paragon’s signature product nicknamed Graphite.
The malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like Signal or WhatsApp, sometimes harvesting the data from cloud backups — much like Pegasus does.
Paragon was set up by Ehud Schneorson, the retired commander of Unit 8200, the Israeli army’s elite signals intelligence arm. According to people familiar with the company, which includes ex-Prime Minister Ehud Barak on its board, has secured investment from two US-based venture capital firms, Battery Ventures and Red Dot.
Locked out of securing contracts with the disgraced NSO Group, the DEA has decided to go with its closest analogue. It’s another Israeli malware company selling a product that has the same amount of syllables (Paragon) as NSO’s flagship exploit, Pegasus. All that’s missing is a couple of years of negative press coverage.
And that’s good enough for the DEA, which will undoubtedly weather yet another scandal once it’s shown Paragon is no more trustworthy than NSO.
I’m not being glib or facile. We have yet to see an Israeli exploit developer formed by former Israeli intelligence officers steer clear of scandal. While it’s true these former government employees are good at their job (as far as exploit development is concerned), they seem universally unwilling to prevent the world from becoming a worse place to live. Universally, these companies court and cater to known human rights abusers, providing them with powerful tools to further their evil aims.
If there’s anything positive to glean from this reporting, it’s this: Paragon — at least for the moment — is steering clear of selling to the many of the known human rights abusers NSO Group catered to. But everyone has to turn a profit — especially companies beholden to foreign investors. And while US investors certainly don’t want to be linked to human rights abuses, they also want to see a return on their investment, which might mean Paragon will be expected to start selling to the countries that want these exploits the most… which are also the ones most willing to target journalists, activists, opposition leaders, and anyone sympathizing with those being targeted.
Filed Under: dea, malware, spyware
Companies: nso group, paragon graphite
Comments on “Locked Out Of NSO Group’s Pegasus Spyware, DEA Purchases Exploits From Its Non-Union, Israeli Equivalent”
At this point it becomes a game of wack-a-mole with the gavel moving at the speed of McConnell’s turtle race
should be illegal
Sales of malware should be illegal.
Re:
It is. There is no exception for government agents in the Computer Fraud and Abuse Act without a warrant – something the DEA seldom bothers with when using malware attacks.
At the intersection of malware and warez, of course this will go well…
/S
Apologies, that’s the biggest sarcasm flag available.
lets see
I suggested there were others. But lets look at the fun a capitalist and Smart company can do.
1. Create Sub companies. they charge more thent he original, which forces those that want to buy to go to the original.
2. You understand whats going to happen, and its Better to create 3-4 of this business and Spread them around abit. Once the 1st goes down, the second gets the money and it still passes to the original people.
3. As the Companies are taken away, you create replacements, as well as go underground.
4. underground is great, as you can charge even more for the product, and the Corps will love it also. AND NO RECORDS, unless you want to include blackmail of the corps.
5 no need for personal ID, as everyone is now in the system. And Maybe to add to this, we add a Chip to Prove ID. (HACKERS DELIGHT)
6. Hackers delight in a challenge. How to get past Facial ID and a Chip. The person you want to copy is Close, you take a pic to fake it, then read the chip from 3-6 feet away. Make a large purchase and go away. BEST PART, the real person is AT that location and it impossible to deny the charges.
Malware
Malware=
Tools we use to fix most machines or programs.
But used in a way as to make Problems not solutions.
The DEA is basically the longest-running moral panic in US history.
Re:
Pretty much.
strike fear into the medical people who can write Rx script as a bonus.