Security
Headlines
HeadlinesLatestCVEs

Headline

US Investors Sniffing Around Blacklisted NSO Group Assets

Pressure mounts on the NSO Group’s business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.

DARKReading
#vulnerability#web#apple#git#intel#asus#auth#sap

NSO Group is facing a number of existential crises at the moment, and it appears there’s a group of enterprising investors — including, reportedly, a Wrigley chewing gum magnate — ready to take advantage, lassoing control of arguably the most destructive and powerful spyware tool known to-date, i.e., Pegasus.

The Israeli firm was blacklisted by the US government in November 2021 for creating and selling its powerful zero-click spyware tool Pegasus, which has been used by its customers to target and track government officials, human rights workers, journalists, activists, academics, embassy workers, and businesspeople across the world.

The designation placed severe restrictions on the firm’s ability to operate by banning any transfer of US technology to NSO Group. Then, in December 2021 NSO Group’s spyware was found on the phones of at least nine US State Department employees, which didn’t help thaw the firm’s relationship with Biden administration either.

There’s also the problem of the mounting number of lawsuits.

NSO Group’s Lawsuit Docket Grows

A new lawsuit filed by Hanan Elatr, widow of murdered Washington Post journalist Jamal Khashoggi, accuses NSO Group’s Pegasus spyware of violating US hacking laws to track the couple leading up to the 2018 killing of the vocal Saudi dissident.

Elatr says in the lawsuit that the Pegasus spyware “caused her immense harm, both through the tragic loss of her husband and through her own loss of safety, privacy, and autonomy, as well as the loss of her financial stability and career.”

In addition to Elatr, there are other, far more deep-pocketed legal foes for NSO Group to worry about. Apple filed suit in November 2021 against the organization for targeting its users with Pegasus spyware (attacks that are ongoing). And in January, the US Supreme Court denied a petition to block a suit to proceed against NSO Group filed by Meta-owned WhatsApp for spyware damages.

Juicy Fruit Heir, Sandler Movie Producer Float NSO Purchase

Despite the legal, business, and brand challenges, NSO Group reportedly continued to hone and improve Pegasus spyware. A recent report from research organization Citizen Lab, which has been at the forefront of working to expose Pegasus abuse, said it discovered at least three new exploit chains against human rights activists as recently as 2022.

Perhaps because of that, investors have begun to sniff out a potential opportunity. Reportedly, a motley gang of investors including Robert Simonds, a US investor whose background includes producing Adam Sandler movies, and his buddy, cannabis industry investor and chewing-gum fortune heir William “Beau” Wrigley, are looking at buying up NSO Group’s assets, according to new reporting from The Guardian.

The report adds a spokesperson for Wrigley denied he is in discussions to buy NSO Group assets, while a source close to Simonds said he was “deep” in talks about a sale but aware it would be a steep climb to get the deal done.

“Placing such powerful surveillance technology in the hands of individuals who may not have deep expertise in the cyber industry or a history of involvement in the sector raises questions about the potential ramifications,” Callie Guenther, cyber threat research manager with Critical Start tells Dark Reading about the potential NSO sell-off. “It is essential to ensure that any potential acquirer of NSO’s assets possesses the necessary expertise to handle the technology responsibly, maintain appropriate safeguards, and prevent potential misuse.”

It should be noted that other attempts at buying control of Pegasus haven’t worked out. Last year L3Harris, an American company and US defense contractor was looking into a possible purchase of NSO Group’s technology, but the White House objected over “serious counter-intelligence and security concerns,” the Guardian added.

Then there is the Israeli government, which closely regulates NSO Group and could potentially intervene in any sell off of its technology, the Guardian points out.

“NSO operates under close regulation by Israel’s Ministry of Defense, and any potential sale of its assets would likely face scrutiny from Israeli authorities,” Guenther says. “It remains to be seen how such a transaction could proceed and whether it would comply with relevant regulatory requirements and national security considerations.”

Perhaps there’s a pot-sweetener here though: The Guardian added a juicy rumor to its reporting that Simonds has privately pledged to hand over the surveillance technology to the so called “Five Eyes” alliance between the intelligence agencies of Australia, Canada, New Zealand, the UK, and the US.

Even so, a pledge is not a guarantee. Guenther outlines a number of potential problems with NSO Group’s assets falling into the wrong hands, including giving the new owners the power to improve upon its existing capabilities for exploitation, targeting, as well as slow down future potential vulnerability disclosures.

“The acquisition could impact the overall cyber threat landscape. If NSO’s spyware technology becomes more accessible or proliferates in unauthorized hands, it could lead to an increase in targeted attacks, surveillance activities, and potential abuse,” Guenther warns. “This would necessitate heightened vigilance and strengthened defensive measures from organizations, governments, and cybersecurity communities to mitigate the associated risks.”

Has Pegasus Already Peaked?

Many may question the power a tool like Pegasus could have when flying on behalf of someone rich enough to buy it, but the true value of NSO Group, and its dominance in the spyware space, might have already peaked.

JT Keating, senior vice president of mobile security firm Zimperium, explained to Dark Reading that the trend is decidedly moving toward open source spyware, making the surveillance tools available to almost anyone and driving down the value of NSOs proprietary Pegasus product.

“Spyware is now mainstream, including the shift from sole reliance on the Dark Web for distribution to seeing the same kits and tools being found on online repositories like GitHub or online communities like Reddit,” Keating says. “Regardless of what happens to organizations like NSO, mobile spyware will only continue to proliferate.”

Meanwhile though, the squeeze on NSO Group’s business continues.

DARKReading: Latest News

Microsoft Pulls Exchange Patches Amid Mail Flow Issues