Israeli Exploit Developer Caught Negotiating Spyware Sales With Saudi Government
from the got-'em-right-in-the-optics dept
More ugly news has surfaced about Israeli malware developer NSO Group. Over the past year, investigations have uncovered sales of phone-targeting spyware to countries known mostly for their human rights violations. Even less questionable governments have purchased NSO’s software ostensibly for law enforcement purposes only to use it to target activists, journalists, and government critics.
There’s no telling how US agencies will deploy this malware, but there’s no question federal entities like the DEA think NSO spyware would be a useful addition to their investigative tool kits. The US government doesn’t appear to be worried about getting in bed with tech companies willing to sell software to blacklisted countries, so NSO Group is still a viable option.
Haaretz has obtained information showing NSO is willing to sell its exploits to its own enemies. Unfortunately, Haaretz has also decided to paywall its discovery, so we’ll be pointing you to the Times of Israel’s reporting instead.
An Israeli company that specializes in cyber espionage tools reportedly negotiated a multi-million-dollar deal with Saudi Arabia to sell a technology that allows governments to hack their citizens’ cellphones, and to listen to calls as well as conversations that take place near the phones.
Representatives from the Herzliya-based NSO Group held meetings with Saudi officials in Vienna and, apparently, also in a Gulf State to negotiate a $55 million sale of their Pegasus 3 software, the Haaretz daily reported on Sunday.
These negotiations occurred shortly before Mohammed bin Salman kicked his purge machinery into high gear. Unfortunately, the documents (which surfaced due to a lawsuit filed against NSO by an employee who says the company screwed him on commissions) don’t say whether or not the Saudi government chose to purchase this software and/or whether it was used to help MBS hunt down his political opponents.
From what has been seen, NSO tried to play it both ways while negotiating a deal with the Saudis. It refused to identify the person behind an anti-government Twitter account but did offer to demonstrate the effectiveness of tools designed to hijack targets’ cellphones.
In response to the recent stream of criticism, NSO Group also tried to have it both ways:
The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has shirked responsibility in cases where it was allegedly used for civil rights abuses.
“We made them promise to only use the tools for good” is a pretty weak defense of sales to countries like Uzbekistan and Kazakhstan. And it certainly doesn’t excuse approaching the Saudi government with tools NSO certainly knew would not be used for good. Then again, our president just made it clear no amount of murdered journalists is going to stand in the way of selling weapons to Mohammed bin Salman’s government, so there’s really no taking the high road in international relations should it be discovered the Saudi government is using Israeli tools to hunt down dissenters… or Israeli natsec personnel.
Filed Under: espionage, exploits, israel, jamal khashoggi, journalists, mohammed bin salman, saudi arabia, spying
Companies: nso group
Comments on “Israeli Exploit Developer Caught Negotiating Spyware Sales With Saudi Government”
Dont think this is the only one...
Just cause 1 person/group has found some dirty tricks..
Dont mean someone ELSE hasnt created them also..
Who understands the ideals of an open society?? Esp. with semi smart people, and kids that DO know tech..
The only down side is finding and fixing the problem. This only gives OTHER GROUPS, the ability to Sell you the Solution.
This goes back to the old days..of Anti-Virus, and WHERE THE HELL IT CAME FROM.. Think how hard in the old days, it took to get a virus onto a computer. No internet(not like todays) Dick operated system, requires a set of Disks EACH time you boot up.. think about that..and Iv found 7 virus on 1 Floppy disk..
We are on the Cusp of a new form of protection and SALES..
Anyone for Linux??
Re: Dont think this is the only one...
NO. Not for anything productive.
Nor any longer for "hobbyist". You’ll waste dozens of hours "learning" each ones’s unique quirks and trying to find one that just works. But you won’t.
Just read Distrowatch.com Weekly: even those who want it can’t find one that works.
Linux on the desktop has failed.
Re: Re: Not for anything productive.
Note that, by “productive”, we mean “getting actual work done” as opposed to “farting around with your PC”. Such as trying to recover files that Microsoft has decided to delete.
Re: Re: Re: Not for anything productive.
Oh, I agree! You won’t find a more staunch opponent of Crimosoft.
But key problem is programmers: they’ve no common sense, always doing more tricks rather than making appliances.
I stop there because off-topic and you’re replying to ME whom I doubt wanted to.
Re: Re: Dont think this is the only one...
Well damn. I guess I need to throw away my laptop which has been running Debian for over a decade and buy one of those new fancy laptops that reports everything I do to Redmond, Wa.
Re: Re: Re: Dont think this is the only one...
Free software on an antique is an all old alky / doper like you can afford. That’s why you’re a pirate, too.
But I’m even more right, and you can prove it to yourself: just TRY a modern Linux distro / GUI. They’ve gone backwards in last 10 years.
Re: Re: Re:2 just TRY a modern Linux distro / GUI
Well, LibreOffice has a more modern GUI than Microsoft Office. Microsoft”s “ribbon” UI was developed before modern widescreen monitors became popular. Because documents still tend to have portrait-oriented pages, the Ribbon reduces the area available to show your document. Whereas the LibreOffice Sidebar occupies the available space to the side, letting you see more of your document at once.
Re: Re: Re:2 Dont think this is the only one...
Part of this STUFF..
tends to be Linux trying to get Programing BACK to linux side..
before 1999, Linux was the system to create things…Then MS got pissy..and said NOPE..
How many environments on Win10 computer NOW..
DX, ??Netframework, then trying to get the phone/console/desktop All running the same Environment.. then trying to lock down its Own Browser, with a new one..Are those holes still in it?? Is the Advert backdoor still there??
Re: Re: Re:2 Dont think this is the only one...
Right, and in the world of Linux, there is no way to choose a different GUI, you are locked in. Unlike Windows, where there is a rich selection of interfaces to choose from, and the newer interfaces were widely praised for their usability.
Oh, wait, that’s all bullshit. Windows 8/10 "Modern" interface is a usability abomination, and Linux offers dozens of different GUIs, most of them highly customizable. You’re talking out of your ass, again.
Re: Re: Re:3 Dont think this is the only one...
Did we really expect anything else from out_of_the_blue?
Re: Re: Re:2 Dont think this is the only one...
Because of the range of software available and installable from the software manager, especially on distros like Debian(testing) and Manjaro, I have no need to pirate software, unlike many Windows users.
Re: Re: Re:2 Dont think this is the only one...
Lol. Love the uninformed insults. Very entertaining. Aren’t you the one who claims that ad hominems detract from this site?
I am not a pirate, except for one day a year when I talk like one. If you are referring to illegal downloading, then you are also incorrect. What content (which is very little since I pay for HBO/SHOWTIME/CINEMAX on my Directv account) I do download/view these days is from PAID accounts.
Not sure what you are babbling about here, my Debian install IS the latest since I upgrade to the latest Debian distros when they are released.
My laptop may be considered an "antique", but it works just fine for my purposes. Why fix something if it ain’t broke?
Re: Re: Re:3 Dont think this is the only one...
Switch to Debian testing, and enjoy a reliable, up to date, rolling distro. Seven years and counting of daily updates, and no significant issues to report.
Re: Re: Re:4 Dont think this is the only one...
I used to use the testing repository and did have some problems with Wine years ago. I prefer to do my upgrades manually (I’m old school, I guess lol).
For awhile I didn’t upgrade at all because I resisted the change to systemd as long as I could, not because it doesn’t work, but because I really don’t like the design philosophy behind it. systemd marked the beginning of the end for "Do one thing and do it well". Debian is now headed into the Microsoft land of "do a bunch of things mostly well".
Re: Re: Re:5 "Do one thing and do it well"
Doug McIlroy has a lot to answer for, for the misinterpretation of his words. Unix/Linux has never exclusively consisted of the kind of small, modular pieces he was talking about. They would have been useless without the many large, monolithic pieces that are also an essential part of the system. Consider:
systemd provides a unified architecture for dealing with a number of tasks that have hitherto been managed piecemeal by various ad-hoc pieces that were not performing their tasks particularly well at all. By combining these, you get an overall simplification by exploiting synergies between them. Other projects (e.g. launchd, upstart) were feeling their way towards the same goal; systemd simply offers the best realization of this idea.
Re: Re: Re:6 "Do one thing and do it well"
Yes, I’ve heard the arguments for systemd and I’ve since resigned myself to fact that it’s a necessary evil going forward on Linux.
I am just not all that comfortable with one program having that much control of critical functions on my system because it makes it a huge target for infiltration by black hat hackers or government agencies. A couple of security flaws have already been discovered in systemd.
Re: Re: Re:7 A couple of security flaws have already been discovered in s
How does that compare to those other big, monolithic pieces I mentioned? Or to the older pieces that systemd is replacing?
In other words, has systemd made any difference (in either direction) to the security of your installation?
'They even PINKY PROMISED!'
The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has shirked responsibility in cases where it was allegedly used for civil rights abuses.
Which, since the malware they sell can only be used to combat those things, seems like a perfectly reasonable condition. I mean it’s not like someone would use malware that is designed to strip a target of anonymity to go after their critics who might have very real reasons to want to be anonymous, after having promised not to do that very thing…
Re: 'They even PINKY PROMISED!'
To be fair, “crime” is a term whose definition varies widely between countries, and far too often the reason people need anonymity is because exercising civil rights is a crime in their country…
Re: Re: 'They even PINKY PROMISED!'
And ‘terrorism’ literally means using fear and/or violence to accomplish your political goals. Wouldn’t be too hard to say those journalists were scaring people, so therefore they’re terrorists. And those anti-government groups scare the government, so they’re terrorists to!
Re: Re: Re: And 'terrorism' literally means ...
… violence targeted indiscriminately at civilians for political ends.
…
…
…
Pass.
From a Reuters item:
The first of the five who’s gonna be found guilty? The one who forgot to check if Turkey was on NSO Group’s customer list, too.