A former senior programmer at one of the world’s most powerful hacking companies was charged with stealing spyware and trying to secretly sell it for $50 million on the dark net.
Headquartered in Tel Aviv, NSO Group is an Israeli cyber surveillance company famous for developing expensive malware that the world’s governments buy to use against high-value targets. The Israeli Justice Ministry said that a 38-year-old former employee downloaded the proprietary malware and attempted to sell it for cryptocurrency after he was fired on April 29, Israeli media reported.
The identity of the alleged hacker has not been released publicly. The Justice Ministry imposed a gag order citing a threat to national security.
According to Israeli authorities, the former employee conducted internet searches about how to circumvent McAfee Data Loss Protection software that is used by NSO Group as a security measure for its intellectual property. The employee allegedly then moved the data containing NSO Group source code to an external drive without permission and left the workplace. NSO Group estimates the software is worth “hundreds of millions of dollars.” The external drive was hidden under the mattress in the employee’s home.
NSO Group was alerted to the sale by a potential buyer. The seller represented themselves as someone who hacked into NSO Group networks from the outside. Payment was requested in crytocurrencies like Monero and Zcash that are designed for anonymity, making it more difficult for authorities to track buyers and sellers.
“The defendant did this to hide his identity,” according to prosecutors.
Israeli police arrested the suspect on June 5.
The company gained the world spotlight in 2016 when researchers discovered malware known as “Pegasus,” highly sophisticated programs that cracked Apple’s iOS. The malware was thought to have been purchased by the United Arab Emirates government to spy on the human rights activist named Ahmed Mansoor. Mansoor was recently sentenced to ten years in prison for social media posts.
NSO Group also sold the malware to the Mexican government, who in turn reportedly used it to spy on journalists, scientists and public health campaigners.
The defendant’s lawyer told the news website Ynet that his client did not think about harming state security.
The indictment states that NSO Group employs 500 individuals and is valued at at least $900 million. The company has been on sale for closer to $1 billion and, according to one employee, makes over $200 million in sales per year.
This is not the first time that a spyware maker has lost track of its wares. Previously leaked internal documents showed that equipment sold by Hacking Team, another offensive hacking firm, had been misplaced by a customer in Panama following a Presidential election.