Even if NSO goes, cyberattack is here to stay
The Israeli company may not continue operations but as long
as intelligence agencies need surveillance technologies, there will be
cyberattack companies.
The wave of lawsuits and scandals sweeping over NSO Group
recently is swelling. The recent investigations by Citizen Lab, 60 Minutes and
Amnesty and Forbidden Stories and the blacklisting of NSO by the US Department
of Commerce have created a snowball effect that could bury the Israeli
cyberattack company for good.
Earlier this month Israel's Ministry of Defense entered the
fray, although it was more of a symbolic act for foreign consumption than a
serious move. The Ministry of Defense cancelled exemptions on a permit for
opening talks with 60 countries for exporters of weapons or cyberattack
technologies, leaving only 30 countries, all of them western democracies, with
the exemption.
The change means that that NSO or its rivals will now be
forced to request a special permit from the Ministry of Defense's export supervision
department to begin talks for sales to these 60 countries. But in terms of
export licenses there is no actual change. If negotiations develop into a
signed deal, then cyberattack companies still need a separate export permit,
which the Ministry of Defense anyway discusses, as has always been the case.
NSO is currently doing all that it can to be taken off the
US Department of Commerce's blacklist. The company works with many defense
organizations in the US and being placed on the blacklist halts all its
American operations and requires it to undergo protracted and tough regulatory
procedures.
If NSO's CEO Shalev Hulio does not manage to persuade US
administration bodies to back down, senior figures in the cyberattack industry
believe that the company's management would prefer to sell its Pegasus spyware
division, despite the range of lawsuits against it, to another cyber company.
It would then be able to focus on cybersecurity technologies to help
governments protect critical infrastructures from enemy countries and
quasi-governmental organizations. In such a case, then NSO is expected to
change its name and adopt a similar business model to that of US company
Palantir Technologies, in other words offering government infrastructure
security services through big data products, miniature aircraft, and human-
operated cybersecurity systems. Another scenario sees a sale of the entire
company.
NSO is expected to change its spots but the idea behind it
is alive and kicking. Dozens of other companies operate worldwide in a similar
way and nobody in the US administration or Apple talks about them. The reason
for this is contained not only in NSO's high media profile and the fact that it
does not conceal its tools, but also in its technology which is considered more
immune to upgrading by cellular phone manufacturers operating systems and the
fact that there is no need to click on a link to breach the telephone with its
invasive software. In effect, NSO is the 'Coca Cola' of the cyberattack
industry. All the others are imitators.
Ultimately the concept behind NSO won't go away any time
soon. Dozens of companies worldwide allow defense organizations to penetrate
digital privacy of citizens for defense and other needs. If NSO leaves the
world of cyberattack by closing down or being sold, somebody else will take the
lead.
In addition to Israeli cyberattack company Candiru, which
was also blacklisted by the US, there is Cypriot-based Israeli company Quadream
that has been striving hard to emulate NSO's system backed by IDF 8200
intelligence unit veteran Ehud Schneerson. Quadream provides tools to breach
chat apps and is in talks with some East Asian governments.
Israel is not alone in the field: Cyberattack companies that
provide hacking and tracking tools for surveillance of private individuals have
been set up throughout the world. Wherever there are intelligence agencies
needing cyberattack technologies, then privately-held companies will be
established to sell them technologies.
MIT's technology magazine only recently revealed that US
company Accuvant sold the UAE hacking tools to breach iPhones in 2016 for $1.3
million, without permission from the US government. French company Amesys
changed its name to Nexa and continues selling spyware for phone systems, and
hacking tools for WiFi systems and electronic weapons systems for shooting down
drones, even though a former senior executive was indicted in the past for
selling tracking systems to the Libya of Muammar Gaddafi.
And let us not forget Niv Karmi, one of the founders of NSO,
who put the N in NSO and left the company after a short while. Today he is CEO
of Swiss company Polus Tech, which provides governments with surveillance tools
based on cellular networks for gathering intelligence from phones, whether
conversations, text messages, data transfers or manipulation of the end user.
Comments
Post a Comment