Cybersecurity

Embattled spyware firm becomes ‘cautionary tale’ for industry

FILE - A logo adorns a wall on a branch of the Israeli tech company NSO Group, near the southern Israeli town of Sapir, Aug. 24, 2021. Digital-rights researchers have concluded that the mobile phones of four Jordanian human rights activists were hacked over a two-year period with software made by the Israeli spyware company NSO Group. Tuesday, April 5, 2022 findings by Front Line Defenders and Citizen Lab said at least some of the hackings appear to have been carried out by the Jordanian government. (AP Photo/Sebastian Scheiner, File)

The embattled Israeli spyware firm NSO Group is replacing its CEO and cutting 13 percent of its workforce as it tries to recover from being blacklisted by the U.S. government. 

Experts say the longtime industry leader has become a “cautionary tale,” after allowing its flagship Pegasus spyware to become a high-profile threat to global security and human rights, with media outlets worldwide detailing how governments were abusing its tools. 

The company’s restructuring is likely tied to the Department of Commerce’s decision last fall to add the company to its entities list and the recent failure of its acquisition deal with U.S. defense contractor L3Harris, experts added. 

“Being put on the entities list was killing the company,” said James Lewis, a senior vice president and director with the strategic technologies program at the Center for Strategic and International Studies.

NSO Group suffered another blow in July, when L3Harris ended its bid to buy NSO’s spyware technology following concerns raised by the Biden administration that the acquisition would “pose a serious counterintelligence and security risk to U.S. personnel and systems.”

Apple also sued NSO Group last fall over the use of spyware on iPhones. The tech giant sought to ban the Israeli firm from using Pegasus on Apple’s hardware. 

In the lawsuit, Apple accuses NSO Group of being “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse,” The Associated Press reported

Experts said these events taken together are sinking the company. 

“I think NSO’s rumored acquisition by L3Harris was the best lifeboat the company had, and what we’re witnessing now is a disintegrating ship,” said Mike Sexton, a senior policy adviser for cyber at Third Way’s national security program.

Despite the restructuring and the recent scandals NSO Group has faced, there will still be a high demand for these highly sophisticated spyware tools, experts said.

“[The restructuring] won’t have much of an impact on how clients use spyware — there will always be countries that want to acquire and use spyware for malicious political ends,” said Jason Blessing, a research fellow at the American Enterprise Institute.

However, the changes could potentially impact the supply side of the market as the company seeks to downsize and be more selective about its clients, Blessing said.

“To date, NSO Group has largely dominated the spyware market, and laying off roughly 13 percent of their employees will certainly affect the firm’s ability to maintain its market share,” Blessing added.

NSO Group came under global scrutiny in July 2021, when a number of news organizations collaborated on the Pegasus Project, revealing how the company had been selling its spyware to governments who use the tool to spy on political rivals, dissidents, journalists and human right activists.

The U.S. Congress took note, and last month took steps to address the threat from foreign spyware.

House lawmakers included a provision in the Intelligence Authorization Act authorizing the director of national intelligence to prohibit the U.S. intelligence community from buying and using foreign spyware. 

The bill would also allow the president to impose sanctions on foreign government officials and firms that target U.S. officials with spyware. 

“This spyware could be used against every member of this committee, every employee of the executive branch, every journalist or political activist,” said Rep. Adam Schiff (D-Calif.), chairman of the House Intelligence Committee, at a July hearing.

U.S. officials, including diplomats, have reportedly been the victim of the spyware. 

Late last year, Reuters reported that at least nine State Department officials based in Uganda were hacked by an unknown attacker using Pegasus. Sources told Reuters at the time that the hacks took place for several months.

NSO Group also said it will now focus its business on NATO countries, a decision experts said is related to allegations of human rights abuses by governments who had purchased its spyware tool.

“Pursuing NATO countries as the primary customer base is an attempt by the firm to survive and to salvage its reputation by prioritizing business with rich democratic countries,” Blessing said.

The experts added that if NSO Group is able to rebuild its brand and increase its revenue, it will probably start working again with non-NATO countries.

“It looks like this will serve as a cautionary tale of a spyware merchant that flew too close to the sun,” Sexton said.

“NSO overextended its client list and turned a blind eye to malpractice to the point that it became politically untenable both for the Biden administration and Israel’s post-Netanyahu coalition government,” he added.