Former Employee of Israeli Surveillance Company Indicted for Attempt to Sell Spyware for $50 Million on Darknet

A former employee of NSO Group is accused of stealing the code of the company’s spyware, which can be used to intercept mobile phone calls and remotely control devices

Tomer Ganon and Hagar Ravet 11:3705.07.18

A former employee of Israeli surveillance company NSO Group is accused of stealing the code of the company’s spyware and data and attempting to sell the assets to a third party for $50 million, according to an indictment filed to Israeli court. The indictment was revealed after a gag order issued by Israeli court was partially lifted Thursday.


For daily updates, subscribe to our newsletter by clicking here. 


Israel-based NSO develops and sells a spyware that can be used to intercept mobile phone calls and text messages and to remotely control devices. The company’s clients, subject to approval from the Israeli ministry of defense, include governments and law enforcement agencies.


NSO's Israeli offices. Photo: Orel Cohen NSO's Israeli offices. Photo: Orel Cohen


In 2016, the University of Toronto's Citizen Lab, a digital and human rights research group, published a report stating that NSO’s Pegasus spyware was used by the United Arab Emirates to target a human rights activist. They made a similar allegation in 2017, stating that the Mexican government used it in a covert operation to spy on activists, journalists, and political opposition in the country.


In a December 2017 Hebrew language interview with 30 Minutes or Less, a podcast published by Microsoft Accelerator TLV, NSO co-founder Omri Lavie said the company conforms to Israeli, U.S. and European regulations regarding the sale of its technology, adding "Our decisions are subject to review by a very strict internal ethics committee that examines things that governments may not, such as corruption and human rights." However, he also stated that once a sale is made, NSO does not know how its technology is used, nor do it wish to.


In May, the Wall Street Journal and Calcalist reported that NSO is negotiating a $1 billion merger with Nasdaq-listed surveillance and business intelligence company Verint Systems Inc. NSO’s controlling shareholder is San Francisco-based private-equity firm Francisco Partners.


According to documents filed to an Israeli court, the defendant, 38, was employed at the company's testing and automation division as a lead programmer. On April 29, 2018, he was summoned to a pre-termination hearing with his manager. Immediately following the meeting, he allegedly used an external device to download the code to the company’s spyware and additional information that would potentially enable a buyer to develop a new version of the software.


He then allegedly went on to attempt to sell the assets to a third party for $50 million worth of crypto coins on the darknet, posing as part of a hacker group that managed to breach NSO’s servers. The third party contacted NSO, and in cooperation with the company, opened a dialogue with the seller in an attempt to get further information.


NSO filed a complaint with Israel Police, and the defendant was arrested on May 6 by the police’s cyber crimes unit. The defendant is also accused of attempting to maliciously damage assets used by Israel’s security arms in a way that could jeopardize the country’s security.


“The company was able to quickly identify the breach, collect evidence, identify the perpetrator, and share its findings with the relevant authorities,” NSO said in a statement to the press. “The authorities, in turn, responded quickly and effectively, so that within a very short time the former employee was arrested and the stolen property was secured. No (intellectual property) or company materials have been shared with any 3rd party or otherwise leaked, and no customer data or information was compromised ” the company stated.


“Identification and prevention of insider theft attempts are always a challenge,” NSO stated in an announcement. “In this case, the company identified the attempt within a very short time, immediately started an investigation, identified the relevant person, and notified authorities,” the company stated.


In documents filed to the court, the prosecution alleges the defendant was motivated by greed. The prosecution states in the indictment that NSO employs 500 people and has an estimated valuation of no less than $900 million.
Cancel Send
    To all comments