Israeli hacking firm NSO Group is mostly known for peddling top-shelf malware capable of remotely cracking into iPhones. But according to Israeli authorities, the company’s invasive mobile spy tools could have wound up in the hands of someone equally, if not far more, devious than its typical government clients.
A 38-year-old former NSO employee has been accused of stealing the firm’s malware and attempting to sell it for $50 million in cryptocurrency on the dark net, according to a widely reported indictment first published by Israeli press.
The stolen software is said to be worth hundreds of millions of dollars.
According to Israel’s Justice Ministry, the ex-employee was turned in by a potential buyer. The suspect was arrested on June 5, Reuters reported. The accused has been charged with employee theft, attempting to sell security tools without a license, and conduct that could harm state security
Obviously security holes found will be exploited, which is why responsible disclosure is a good idea. It’s much better for devices to be secure than for intelligence agencies to be able to exploit holes – because non-nation state actors (read: criminals, although there are nations who think other nations are criminal) also have access to these holes.