Rogue Security Analyst Tries to Sell Top-Secret iPhone Malware for $50 Million in Cryptocurrency

Journalist:
David Hundeyin @DavidHundeyin
July 11, 2018

A lead programmer working for NSO Group, the Israeli cybersecurity firm behind the notorious Pegasus iPhone malware has been arrested after a failed attempt to illegally sell the top-secret spyware to an unauthorized party via the dark web in exchange for $50 million worth of cryptocurrency.

A report from the Times of Israel states that the 38-year-old engineer from the Netanya has been indicted by prosecutors at the Tel Aviv District Court on charges of “trying to damage property in a way that would harm national security, theft by an employee, activities to market defense material without a permit, and obstruction and interfering with computer material.”

Although the attempted $50 million sale was unsuccessful, the incident raises a number of questions about the internal security processes of NSO and other private cybersecurity firms whose products like Pegasus could have potentially disastrous and far-reaching consequences if they fall into the wrong hands.

Access to NSO Servers

According to a report from Israeli tech news platform CTech, even though the suspect was aware of the damage that could be caused by leaking Pegasus to non-government entities, he went ahead with his plan to sell the top-secret malware because he was set to lose his job at NSO after violating company policy by connecting an external storage device to the company’s computers after researching to how to do so without being detected on the internet.

The company detected his actions and summoned him to a pre-termination hearing on April 29. Following the hearing, for an unspecified reason, he was permitted to return to his workstation where he connected a storage drive to the company server and downloaded the company’s source code along with additional information that could potentially be used to create a black market version of Pegasus.

His plan was to sell the code on the dark web for $50 million in untraceable anonymous crypto coins – Monero, Zcash and Verge, the indictment reveals – posing as a member of a hacker group that gained access to NSO servers. The proposed buyer however grew suspicious of the suspect’s claims and contacted NSO to inform them that their software was being touted online. Remarkably, until that point, NSO was not aware of the theft.

Following a complaint by NSO, the Israeli police cyber crimes unit arrested the programmer on May 6, and brought him up on a number of serious charges including “attempting to maliciously damage assets used by Israel’s security arms in a way that could jeopardize the country’s security.”

Following his indictment, NSO was at pains to point out that despite the theft, Pegasus has not found its way into the public domain, and no confidential information has been leaked.

A statement released to the press by NSO said in part:

“The company was able to quickly identify the breach, collect evidence, identify the perpetrator, and share its findings with the relevant authorities. The authorities, in turn, responded quickly and effectively, so that within a very short time the former employee was arrested and the stolen property was secured. No (intellectual property) or company materials have been shared with any 3rd party or otherwise leaked, and no customer data or information was compromised.”

It will be recalled that Pegasus attained global notoriety after it was revealed that a number of governments around the world have made use of the malware to spy on activists. Pegasus remains uniquely attractive as a malware because it is the only malware solution that combines complete surveillance of an iOS user’s actions with easy installation, reportedly installing itself via a simple SMS link.

Featured image from Shutterstock.

Tags: israel
David Hundeyin @DavidHundeyin

I am a busy Nigerian writer, journalist and writer with an interest in tech and finance. When I'm not contributing to CCN and traveling around Africa, you can catch me contributing to CNN Africa, or in the writers room at 'The Other News', Nigeria's weekly answer to 'The Daily Show' with nearly 2 million viewers. My work on 'The Other News' was featured in the New Yorker Magazine, and that was then cited in the Washington Post so I'm not sure that counts as a feature but I'll definitely mention it too! I have been nominated by the US State Department to take part in the 2019 Edward R. Murrow Program for journalists under the International Visitors Leadership Program. I also like hamsters. You can reach me on Twitter at _David_Hundeyin