Cyber Crime

Ex-employee stole secrets of Israeli spyware firm for dark web deals

Israeli authorities have arrested a 38-year-old man for allegedly stealing secrets of the NSO Group, a Herzliya-based firm that specializes in developing spyware and help governments to spy on targets. The firm claims to provide “authorized governments with technology that helps them combat terror and crime.”

The man (whose name has not been revealed) worked as a programmer in the company but was fired after coming under suspicion of stealing data including the Group’s cyber technology, software, sensitive tools etc, to sell them on the dark web for a whopping $50 million.

NSO Group, the developers of the infamous Pegasus spyware

NSO Group once made headlines for developing Pegasus, a spyware which in 2016 targeted iPhone devices making them vulnerable to government-sponsored attacks. In a report published by Citizen Labs and Lookout Security, Pegasus spyware was caught targeting dissidents and activists including Ahmed Mansoor, a renowned human rights activist in UAE.

Last year, the Android version Pegasus spyware was also found targeting unsuspected users. Pegasus contains highly sophisticated and advanced features, as it can be controlled through SMS and has self-destructing abilities too. It can grab higher amounts of comms data, WhatsApp’s calls and messages records and valuable data from Gmail, Facebook, Skype, and Twitter, etc. Furthermore, it can control the device’s camera and microphone and conducts keylogging and can capture screenshots as well.

Busted by a potential buyer

According to court documents seen by TOI, due to the nature of his job, the programmer had complete access to sensitive data and he used it to download sensitive tools on an external drive which was later found under his bed.

Upon downloading the data, his first destination was the dark web marketplaces where he planned to sell the deal against cryptocurrencies that would avoid authorities tracking his location or transaction history. He pitched his offer to a potential buyer and pretended to be a hacker who stole data from NSO Group.

However, the potential buyer suspected wrongdoing and informed the NSO group about the incident. The group contacted police and on July 5th, the suspect was apprehended by Lahav 433 serious crime unit. According to reports, the suspect failed to sell the stolen data however if successful, the Group could have collapsed.

“The accused committed these crimes out of greed, despite knowing, even if he shut his eyes from seeing it, that his crimes might damage state security and lead to the collapse of a firm employing 500 workers,” said the State Attorney’s Office.

Not for the first time

This is not the first time when an insider has tried to damage a company. Last month, Tesla sued its ex-employee for hacking & sharing gigabytes of company’s data to outside entities. In April this year, a woman was arrested for hacking into her previous employer’s (Peninsula Airlines or PenAir, an Alaskan regional airline) internal networks and creating havoc by sabotaging the day-to-day activities of the company.

If you own a business and fear that insider threat can destroy your company, check our detailed write-up educating business owners about managing insider threats with internal monitoring.

Image credit: Depositphotos

To Top

Pin It on Pinterest

Share This