NSO Group employee allegedly stole, attempted to sell 'Pegasus' iOS malware for $50M
A disgruntled employee at NSO Group, an organization that creates tools to exploit iPhones and other mobile devices, allegedly stole the firm's infamous "Pegasus" code and tried to sell it to unauthorized buyers for upwards of $50 million in cryptocurrency.
Leaked NSO Group materials demonstrate what data can be stolen from a compromised phone.
Located in Israel, NSO markets highly effective malware solutions to governments and law enforcement agencies looking to gain access to smartphones. One of the firm's spyware products, known as "Pegasus," was allegedly stolen earlier this year by an employee, Motherboard reports.
Citing an indictment, reports from Israeli news media outlets claim the unnamed person started work at NSO as a senior programmer in 2017, a position that granted access to highly sensitive, potentially dangerous code. Facing possible termination, the employee downloaded a copy of NSO source code worth "hundreds of millions of [US] dollars."
NSO has security protocols in place that prevent employees from using external storage devices, but the apparently disgruntled employee searched online -- namely Google -- for ways to disable those security features and save the data cache that included Pegasus, the indictment reads. His search history also revealed queries regarding how and where to sell cyber secrets, and who might be a good buyer.
The cache was peddled on the dark net for around $50 million in crypto before a possible buyer engaged. Instead of following through on the deal, the potential buyer alerted NSO of the theft, who in turn worked with law enforcement to identify the thief. The employee's apartment was raided a few days later.
Publication of the indictment was delayed due to concerns over national security, the report said.
Pegasus made waves a couple years ago before being patched in iOS 9.3.5. Using it, attackers could gain access to an iPhone and steal a nearly endless amount of data.
After clicking a seemingly innocuous link received through a message, the target device would be jailbroken, and malware would be loaded to monitor and steal data. Pegasus allowed attackers to access passwords, messages, calls, emails, and logs from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and more.
After being patched on iOS, Apple soon after issued a patch for Safari on macOS 10.11. El Capitan to address the vulnerability. The assault package on iOS was able to leverage the same zero-day vulnerability to take over a Mac with a single click.
Leaked NSO Group materials demonstrate what data can be stolen from a compromised phone.
Located in Israel, NSO markets highly effective malware solutions to governments and law enforcement agencies looking to gain access to smartphones. One of the firm's spyware products, known as "Pegasus," was allegedly stolen earlier this year by an employee, Motherboard reports.
Citing an indictment, reports from Israeli news media outlets claim the unnamed person started work at NSO as a senior programmer in 2017, a position that granted access to highly sensitive, potentially dangerous code. Facing possible termination, the employee downloaded a copy of NSO source code worth "hundreds of millions of [US] dollars."
NSO has security protocols in place that prevent employees from using external storage devices, but the apparently disgruntled employee searched online -- namely Google -- for ways to disable those security features and save the data cache that included Pegasus, the indictment reads. His search history also revealed queries regarding how and where to sell cyber secrets, and who might be a good buyer.
The cache was peddled on the dark net for around $50 million in crypto before a possible buyer engaged. Instead of following through on the deal, the potential buyer alerted NSO of the theft, who in turn worked with law enforcement to identify the thief. The employee's apartment was raided a few days later.
Publication of the indictment was delayed due to concerns over national security, the report said.
Pegasus made waves a couple years ago before being patched in iOS 9.3.5. Using it, attackers could gain access to an iPhone and steal a nearly endless amount of data.
After clicking a seemingly innocuous link received through a message, the target device would be jailbroken, and malware would be loaded to monitor and steal data. Pegasus allowed attackers to access passwords, messages, calls, emails, and logs from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and more.
After being patched on iOS, Apple soon after issued a patch for Safari on macOS 10.11. El Capitan to address the vulnerability. The assault package on iOS was able to leverage the same zero-day vulnerability to take over a Mac with a single click.
Comments
PS: If you use a browser like Tor it'll inform you that going fullscreen can get help determine your computer type because JS will determine your display resolution so if you really want to be clever and you're using a laptop (preferably running a flavor of Linux) you should attach of some old monitor to run the web browser on that display to be obfuscate any source even further which you can then discard.
They pretend to be legit by claiming to only do business with governments and police forces when most of those are corrupt and a bunch of murderers.
Good to see that backstabbing and betrayal run deep in their own company. It's also good to see that all of their security keys can be removed by just a google search. Sounds like a bunch of script kiddies who pretend to be white hats.
They have no ethics so they get what they deserve.
This is a curious description. If your "group" is all about exploiting other people' devices, exactly how can an employee of that group be described as "disgruntled"? This is like calling a member of a theft ring as a law-abiding citizen.