A lead programmer which worked for the Israeli cybersecurity firm NSO Group has recently been arrested after illegally trying to sell the Pegasus iPhone malware, a top secret spyware. The man has tried to sell the malware on the dark web in exchange for $50 million USD worth of cryptocurrency.
A report from the local media states that the man was arrested and prosecuted by the Tel Aviv District Court on charges of trying to damage property, harming national security, theft, market activities without permit and obstruction and interfering with computer material.
While the transaction did not work, the whole process served to raise questions about the internal security of the NSO Group and other private security firms that create or deal with products that could be hazardous if they fall in the hands of the wrong people.
The Man Had Access To The NSO Group Servers
According to the reports, the man that was arrested went ahead on his plan because he knew that he was going to be fired. After researching how to connect an external storage device on the company’s computers, he knew that he would lose his job for breaking the policies of the company.
The reports also state that he fully knew the potential impact of releasing the malware to people outside of the government. The Israeli government had already chosen to break people’s privacy by using the software, but if it would be in the hands of a thief, millions and millions of dollars could be easily lost.
After the company detected his actions, it summoned him for a termination, but it also allowed him to visit his workstation, where he connected a storage drive on the server to download Pegasus with the intent of selling it on the black market.
The Plan To Sell Pegasus On The Black Market
The man’s plan was to sell the code on the dark web. He wanted to be paid in Monero, Zcash or Verge, tokens that cannot be traceable by anyone because of their protocols. He would pose as a member of a hacker group which hacked the NSO servers. The fate of the man was decided when a potential customer was suspicious.
Suspicious, he contacted the NSO to inform that their software was being sold online. Up until that point, NSO was completely unaware of the theft. After that, the man was arrested by the local cyber crimes police unit.
NSO Looked Bad At The Eyes of The Public
After the man was arrested, the NSO explained that despite the theft, Pegasus was not leaked to any public domain and the potential catastrophe was averted. According to a statement made by the NSO, the team was able to quickly identify the breach, collect evidence and notify the authorities.
However, it is clear that were not the customer that warned the company, the Malware could have been leaked easily. This has caused some people on the internet to complain about how not only NSO created a threat that was used by governments like the Israeli one, known for its violations of human rights, but that could have been leaked all over the internet.