What do we know about the curious and secret group of OSN? Very few, but after this week, much more than before.
The group, a company based in Israel but owned by the United States, specializes in making tools against crime and terrorism. But security researchers call them something else: a cyber criminal.
On Thursday, the NSO group was released for international headlines after being credited with making malicious software that was jailbreak on any iPhone with just a touch of the screen and then installing vicious Malware.
- Founded in 2010 and has had several different names
- Based in Herzliya, Israel, and owned by US investment firm Francisco Partners
- Could be worth $1bn
Human rights lawyer, security expert, Ahmed Mansoor, was hit by the attack when his iPhone received a message that promised “secrets” about the torture that took place in the UAE prisons.
If I had clicked on the link, the phone would have been looted. Large amounts of private data: text messages, photos, e-mails, location data, even what the microphone and camera collect.
Fortunately he didn’t. Instead, he passed the message on to experts from Citizen Lab and Lookout, who removed the covers from what they described as one of the most advanced cyber weapons ever discovered. With the evidence, the experience of the OSN group was at the heart of everything.
Great offers of money
Earlier this year, the British regulator Privacy International launched a database that followed the global trade in cyber weapons. He intended to follow the deals between the cyber arms companies and the governments.
According to the Surveillance Industry Index (SII), the NSO Group was established in 2010 and has its headquarters in Herzliya, an attractive city north of Tel Aviv known as a group of new technology companies. The group was probably funded by the elite 8200 Intelligence Unit, an Israeli plan funded by the military for new businesses.
According to Forbes, Intelligence Unit 8200 has actively participated in providing experience and financing for Stuxnet, a cyber attack against Iran that was a joint operation between the United States and Israel.
The list of SSI included multi-million dollar agreements between the NSO group and government entities in Mexico and Panama. This is the tip of the iceberg: reports from sales presses are based on leaks and anonymous sources, so there are probably many more unknowns to the general public.
In 2015, the owners of Grupo NSO, the American venture capital company Francisco Partners, tried to sell the company for a value of approximately $ 1,000 million. Neither company has responded to requests from the BBC for further comments.
The fact that the NSO group sells instruments to governments is no secret. In a statement in response to allegations that he was behind the attack on Mr. Mansoor said, the NSO Group spokesman, Zamir Dahbash, said: “The company only sells to authorized government agencies and fully complies with strict export control laws and regulations.”
But the company has not gone any further and describes who its customers are and what exactly they are buying. He does say that he has no control over how his tools are used and for what purpose.
Whatever the NSO Group is, what has been created, is an exceptionally talented team of cybernetic specialists.
The attack on Mr. Mansoor, if it had worked, would have used not one, but three zero-day attacks. A “zero day” is a term given to vulnerabilities that were previously unknown in the security industry and therefore open to attacks. Discovering a zero day is rare, finding three is excellent.
The clues about the origin of the attack occurred when the experts looked at the reports that Mr. Mansoor received. It contained a link to a known web domain that refers to servers configured by the NSO Group for its customers.
When the researchers analyzed the spyware code, they noticed clear references to “Pegasus”, the name the NSO group gave to one of its spy products.
Details about Pegasus were made public last year when another cyber company, the Hacking Team, was raped. The material used to commercialize Pegasus was then filtered.
When Apple realized the vulnerabilities on its iPhone, it acted quickly, resolved the issue in 10 days, and extended an update for all its users. That has certainly neutralized this specific attack, but it is likely that many more are hidden.
In a rare interview with Defense News, co-founder of OSN Group Omri Lavie said his attacks “left no trace.”
Thanks to Mr. Rapid thinking Mansoor and the forensic efforts of the investigators, the group is temporarily dragged to the center of attention, but it will only be for a short moment. The NSO group will soon have a meeting with the rest of the cybernetic arms trade for money spinning in the shadow.