Israeli hacking firm NSO Group is mostly known for peddling top-shelf malware capable of remotely cracking into iPhones. But according to Israeli authorities, the company’s invasive mobile spy tools could have wound up in the hands of someone equally, if not far more, devious than its typical government clients.
A 38-year-old former NSO employee has been accused of stealing the firm’s malware and attempting to sell it for $50 million in cryptocurrency on the dark net, according to a widely reported indictment first published by Israeli press.
The stolen software is said to be worth hundreds of millions of dollars.
According to Israel’s Justice Ministry, the ex-employee was turned in by a potential buyer. The suspect was arrested on June 5, Reuters reported. The accused has been charged with employee theft, attempting to sell security tools without a license, and conduct that could harm state security.
The accused former employee’s name has not been released.
The near leak of NSO’s malware underscores the risk such tools pose, regardless of the measures taken by developers to keep them secure, should they fall into the hands of criminals or nation states prone to surveilling journalists and dissidents. (Motherboard reported in June 2017 that NSO sold spyware to a customer in Mexico who then used it to target reporters.)
“Today nobody is safe from a wide spectrum of malicious insider activities,” said Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge. “Four-eyes principles, anomaly detection, role-based access to sensitive data and two-factor authentication, continuous monitoring and employee vetting can substantially reduce those risks, but not eliminate them.”
In May, Reuters reported that, in a deal worth about $1 billion, U.S.-based software company Verint Systems was in talks to merge its security division with NSO, citing an anonymous source. The deal was previously reported by The Wall Street Journal.
NSO could not be immediately reached for comment.