Skip to content ↓ | Skip to navigation ↓

So, you recognize that insider threats are a considerable risk inside your company? Just imagine how serious those threats are for a business that designs mobile spyware for helping law enforcement and intelligence agencies spy on “people of interest.”

NSO Group is a firm that, in its own words, provides “authorized governments with technology that helps them combat terror and crime.”

The most notorious products sold by the Israeli tech firm are spyware kits that exploit unpatched iOS vulnerabilities, allowing intelligence agencies to remotely snoop upon the communications and locations of targeted iPhones. The malware can typically be installed just by tricking a user into clicking on a link sent to them via a text.

It is NSO’s spyware that is thought to have been used in attacks against human rights activist Ahmed Mansoor (recently sentenced to 10 years in jail) in the United Arab Emirates as well as in surveillance campaigns against Mexican journalists, politicians and legislators.

NSO GroupNSO Group told Forbes two years ago that it only sold its spyware software to “authorized governmental agencies, and fully complies with strict export control laws and regulations.” But it’s easy to imagine how there might be plenty of authoritarian regimes around the world that might be very interested in knowing what is on certain people’s iPhones.

So, you would like to think that NSO Group takes its own security very seriously… but they’ve just discovered that it’s difficult to eliminate the threat posed by rogue insiders.

Israeli media have uncovered an indictment that details how an employee allegedly stole NSO Group’s spyware code and attempted to steal it for a third party for $50 million.

According to reports, NSO Group summoned a 38-year-old lead programmer to an internal disciplinary meeting on April 29, 2018, as the firm was considering terminating his employment.

Documents filed with an Israeli court claim that the company’s spyware and additional information was downloaded onto an external device immediately following the meeting. The defendant is then alleged to have approached a potential third-party buyer, posing as a member of a hacking group that had broken into NSO Group’s servers.

The price allegedly asked for NSO’s spyware code (and the potential ability to create new versions of the software)? A cool $50 million in cryptocurrency.

NSO Group was lucky, however, as the potential buyer is said to have contacted the firm about being approached by a “hacker.” Further communications allegedly betrayed information that ultimately led Israeli police’s cyber crimes unit to arrest a man on May 6th.

The truth is that your company doesn’t have to work in the field of high-tech surveillance and spyware to find itself at risk from insiders. Every firm runs the risk of having a disgruntled worker who decides to wreak some revenge by exploiting the privileged access they might have to your systems, your data, or your intellectual property.

All businesses would be wise to consider the insider threat and implement measures to reduce the chances of a rogue employee putting security at risk. For more information, click here.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.