Even if NSO goes, cyberattack is here to stay

The Israeli company may not continue operations but as long as intelligence agencies need surveillance technologies, there will be cyberattack companies.

The wave of lawsuits and scandals sweeping over NSO Group recently is swelling. The recent investigations by Citizen Lab, 60 Minutes and Amnesty and Forbidden Stories and the blacklisting of NSO by the US Department of Commerce have created a snowball effect that could bury the Israeli cyberattack company for good.

Earlier this month Israel's Ministry of Defense entered the fray, although it was more of a symbolic act for foreign consumption than a serious move. The Ministry of Defense cancelled exemptions on a permit for opening talks with 60 countries for exporters of weapons or cyberattack technologies, leaving only 30 countries, all of them western democracies, with the exemption.

The change means that that NSO or its rivals will now be forced to request a special permit from the Ministry of Defense's export supervision department to begin talks for sales to these 60 countries. But in terms of export licenses there is no actual change. If negotiations develop into a signed deal, then cyberattack companies still need a separate export permit, which the Ministry of Defense anyway discusses, as has always been the case.

NSO is currently doing all that it can to be taken off the US Department of Commerce's blacklist. The company works with many defense organizations in the US and being placed on the blacklist halts all its American operations and requires it to undergo protracted and tough regulatory procedures.

If NSO's CEO Shalev Hulio does not manage to persuade US administration bodies to back down, senior figures in the cyberattack industry believe that the company's management would prefer to sell its Pegasus spyware division, despite the range of lawsuits against it, to another cyber company. It would then be able to focus on cybersecurity technologies to help governments protect critical infrastructures from enemy countries and quasi-governmental organizations. In such a case, then NSO is expected to change its name and adopt a similar business model to that of US company Palantir Technologies, in other words offering government infrastructure security services through big data products, miniature aircraft, and human- operated cybersecurity systems. Another scenario sees a sale of the entire company.

NSO is expected to change its spots but the idea behind it is alive and kicking. Dozens of other companies operate worldwide in a similar way and nobody in the US administration or Apple talks about them. The reason for this is contained not only in NSO's high media profile and the fact that it does not conceal its tools, but also in its technology which is considered more immune to upgrading by cellular phone manufacturers operating systems and the fact that there is no need to click on a link to breach the telephone with its invasive software. In effect, NSO is the 'Coca Cola' of the cyberattack industry. All the others are imitators.

Ultimately the concept behind NSO won't go away any time soon. Dozens of companies worldwide allow defense organizations to penetrate digital privacy of citizens for defense and other needs. If NSO leaves the world of cyberattack by closing down or being sold, somebody else will take the lead.

In addition to Israeli cyberattack company Candiru, which was also blacklisted by the US, there is Cypriot-based Israeli company Quadream that has been striving hard to emulate NSO's system backed by IDF 8200 intelligence unit veteran Ehud Schneerson. Quadream provides tools to breach chat apps and is in talks with some East Asian governments.

Israel is not alone in the field: Cyberattack companies that provide hacking and tracking tools for surveillance of private individuals have been set up throughout the world. Wherever there are intelligence agencies needing cyberattack technologies, then privately-held companies will be established to sell them technologies.

MIT's technology magazine only recently revealed that US company Accuvant sold the UAE hacking tools to breach iPhones in 2016 for $1.3 million, without permission from the US government. French company Amesys changed its name to Nexa and continues selling spyware for phone systems, and hacking tools for WiFi systems and electronic weapons systems for shooting down drones, even though a former senior executive was indicted in the past for selling tracking systems to the Libya of Muammar Gaddafi.

And let us not forget Niv Karmi, one of the founders of NSO, who put the N in NSO and left the company after a short while. Today he is CEO of Swiss company Polus Tech, which provides governments with surveillance tools based on cellular networks for gathering intelligence from phones, whether conversations, text messages, data transfers or manipulation of the end user.


Comments