Activist countries

iPhone spyware maker NSO wants to sell to countries marked in red

iPhone spyware maker NSO’s financial problems were so severe late last year that it struggled to make a payroll – after the company failed to make a single sale over a period of several months.

The company, which sells software to perform remote no-click hacks on iPhones and Android smartphones, has been in deep trouble since being blacklisted by the US government. However, his plan to overcome his misfortunes could make Pegasus an even nastier threat…

iPhone spyware maker NSO

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company buys so-called zero-day vulnerabilities (those unknown to Apple) from hackers, and its software is said to be able to mount clickless exploits – where no user interaction is required by the target.

In particular, it has been reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with nearly all personal data exposed.

Prime Ministers, US State Department officials, senior EU officials, journalists, lawyers and human rights activists are among those whose iPhones have been hacked by Pegasus.

The US government banned the importation and use of Pegasus, depriving the company of its most lucrative customer base: US law enforcement. Apple added to the pressure by suing the company and alerting owners of infected iPhones.

The CEO wants to sell to countries under the red flag

The company was short on cash at the end of last year, and the FinancialTimes reports that things were so desperate that he was struggling to meet the payroll.

A loan solved the immediate crisis, but the only future the company’s CEO could see was to tear up its already dodgy rules against selling to governments with poor human rights records.

Faced with a looming cash crunch so severe that Israel’s NSO Group, maker of the Pegasus cyberweapon, could miss its November 2021 payroll, Shale Hulio made a startling suggestion.

The rude CEO told a team representing the company’s majority owners in New York that month: why not start selling to risky customers again? […]

To his audience, the suggestion was alarming. They were managers of Berkeley Research Group, which had recently been brought in by investors in a billion-euro private equity fund run by London-based Novalpina Capital, which had a majority stake in NSO but had then gone collapsed in a quarrel of associates.

BRG’s task was to close the Novalpina fund. Now they were being asked to get involved in decisions about whether or not to sell Pegasus to countries that even ONS staff might have flagged.

BRG’s lawyers naturally said no, but Hulio had a plan B: create a new company, with a new name, and transfer the code and engineers to it.

The new entity would not be affected by the NSO blacklist and would start selling again. To hedge against the obvious likelihood of NSO MkII being immediately blacklisted, Hulio apparently indicated that the company’s new owner could be “a major US defense contractor.”

The 9to5Mac take

The plan seems rather far-fetched, as it is unlikely that a US defense company will purchase a product on the Commerce Department’s Entity List.

However, many US law enforcement agencies would still like to use Pegasus, so this possibility cannot be ruled out.

Either way, it shows how far the Android and iPhone spyware maker is willing to go, and how futile its claims of ethical behavior are.

Photo: Sigmund/Unsplash

FTC: We use revenue-generating automatic affiliate links. After.

Check out 9to5Mac on YouTube for more Apple news: