Former NSO employee attempts to sell stolen hacking tool on Dark web

NSO is an Israeli cybersecurity contractor and software developer that specialises in helping governments to monitor enemies using spyware technology. Recently, a former employee whose name is currently being kept hidden by the authorities allegedly stole NSO’s cyber technology, spying tools and software, with the intention of selling them on the dark web for $50 million and that could harm state security, Israel’s Justice Ministry said.

The staff member stole Pegasus spyware code and attempted to sell it.

The 38-year-old senior programmer was fired due to suspicion of stealing valuable data from the company. Upon investigation it was found that he had a hard drive with company’s servers and proprietary tools stored on it, a ministry statement said on July 5. It was found under his bed when the authorities raided his house.

The company is very strict regarding their data policy because many of their technologies are sensitive such as the Pegasus software that is driven with SMS technology and can extract Whatsapp data, messages, social media data and even gain control of a smartphone’s camera to spy on the user.

The ministry said the accused, who was hired in November 2017, was called in for a hearing by NSO on 29 April before his dismissal, after which he downloaded software and information worth hundreds of millions of dollars.

NSO Group, in the same manner as many cybersecurity firms, had protections in place to prevent the external transfer of its intellectual property and software. The employee's role permitted him access to the firm's servers, tools, and source code, but he was still restricted in the same way.

The hackers attempt to steal the data and sell it to the dark web in exchange for cryptocurrency backfired because the buyer himself tipped off NSO. He was apprehended by the Lahav 433 serious crime unit and the stolen data wasn’t sold. The statement did not identify the person who contacted the former NSO employee.