8/ Lifting consequences on NSO would be read by other mercenary companies as: it's OK to contribute to undermining US cybersecurity... as long as you play nice later.
Despite all this, NSO is probably in DC pitching themselves as an ally with valuable tech.
They're selling a lemon, here's why...
Despite all this, NSO is probably in DC pitching themselves as an ally with valuable tech.
They're selling a lemon, here's why...
Comments
Pegasus is actually a bright flashlight that doesn’t just expose the target, it reveals the operator.
Proof? For 9 years, we modestly-resourced researchers keep finding it.
If we can, so can adversaries.
Open question whether NSO even have what it takes to purchase the kind of zero-click exploits they were once notorious for.
the sleezebags who developed NSO's products (and set up servers to receive and sell stolen data) are now safely ensconced in their own nasty little labs, concocting updates.
Moreover, NSO is a counterintelligence nightmare: closely aligned with a foreign gov + reports it has been subject to pressure from them.
NSO has a history of being unable to address insider risks. An NSO employee stole source code to sell it.
Another used the hacking tech to target a love interest.
This kind of behavior runs the risk of getting this tech into the wrong hands.
2 most likely explanations: Either NSO-dev'd code made its way to SVR, or NSO quietly did business with an entity that also supplies SVR. Yikes.
https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
Mindset is probably why NSO kept hacking WhatsApp, an American company, even after they got caught and sued. And selling that tech to foreign governments.
Scofflaw stuff.