Nearly two years ago, security researchers unearthed what was, at the time, arguably the most advanced piece of mobile hacking software the world had ever seen. The tool in question was called Pegasus and was the brainchild of an Israeli-based security company called the NSO Group. As is often the case, the NSO Group’s business model rests on creating sophisticated software-based exploits and selling them to intelligence agencies and foreign governments.
What made Pegasus unique, if not downright impressive, is that it was built on a whopping three iOS zero-day exploits that gave third-parties the ability to eavesdrop on a target’s phone calls while also keeping an eye on a target’s location, screenshots, photo library, emails, text messages, and more. Further, Pegasus was remarkably easy to install, with the only requirement being that a targeted individual tap on a seemingly innocent link sent via a text message.
Earlier today, word emerged via Motherboard that a rogue NSO Group employee tried to sell the advanced exploit to unauthorized parties for $50 million worth of cryptocurrency. The employee in question has since been charged and slapped with an indictment.
According to the indictment, the unnamed employee started work as a senior programmer at NSO last year. As part of his job, the employee had access to NSO’s product and its source code, the document adds.
NSO’s computers have systems in place to stop employees attaching external storage devices to company computers. But the employee searched the internet for ways to disable those protections, turned them off, and then stole a cache of data, the document reads.
The employee was subsequently caught when the NSO Group was alerted that its software was available for sale online.