The hacker-for-hire industry is now too big to fail

The NSO group has been plagued by criticism and allegations of abuse for years. In 2016, Ahmed Mansour, a human rights activist, was caught using the NSO Group’s Pegasus in the UAE, a tool that exploits software flaws to hack iPhones and give NSO Group customers control. In that case, the UAE government was seen as the culprit, and the NSO walked away unscathed (Mansoor is still in prison on charges of criticizing the country’s rule).

This pattern has been repeated for years – often, governments have been accused of using NSO hacking tools against dissidents but the company has denied wrongdoing and escaped punishment. Then, in mid-2021, new reports of alleged abuse against Western governments surfaced. The company was approved by the U.S. in November, and in December Reuters reported that U.S. State Department officials were hacked using Pegasus.

Now the NSO group is facing costly public lawsuits from Facebook and Apple. He faces debt, low morale, and fundamental risks to his future. Suddenly, the poster for Spyware Child is facing an existential crisis.

This is all familiar territory. In 2014, when the Italian firm Hacking Team was accused of selling its “untraceable” spyware in dozens of countries regardless of human rights or privacy violations, the secret hacker-for-hire industry first flooded the headlines of international newspapers.

The hacking team opened the eyes of the world to a global industry that buys and sells powerful tools to get into computers anywhere. The resulting storm of scandals seemed to kill him eventually. The company lost business and lost the ability to legally sell its equipment internationally. The hacking team was sold and, in people’s minds, was left to die. Eventually, however, he rebranded and started selling the same products. Only this time, it was a small fish in a very large pond.

“The demise of the hacking team has not fundamentally changed the industry,” says James Shiers, an assistant professor at the Institute for Security and Global Affairs at Leiden University. “The same dynamic and demand still exists.”

A small group of countries eager to do power projects around the world through the Internet were early customers of the industry. Today the situation is more complicated. Many more countries now pay for their instant ability to hack opponents internationally and within their own borders. Billions of dollars are in the game, but there is very little transparency and little accountability.

While public scrutiny of companies for hiring hackers has increased, so has the global demand for offensive cyber capabilities. In the 21st century, the government’s top-value targets are more online than ever before અને and hacking is usually the most effective way to achieve them.

The result is a growing crowd of countries willing to spend large sums to develop sophisticated hacking operations.

For governments, investing in cyber is a relatively inexpensive and powerful way to compete with rival nations and develop powerful tools of local control.

“Especially in the last five years, you have more countries developing cyber capabilities,” says Sahar Nauman, chief threat intelligence analyst at BAE Systems.

And more countries are looking out for help. “If you have no way of using the skills or talents of the people of your country, but you have the resources to outsource, why don’t you go commercial?” She said. “It’s an option in a lot of different industries. That way, cyber isn’t that different. You’re paying for something you’re not going to create yourself.”

Oil-rich countries on the Persian Gulf, for example, have historically lacked the significant technological capabilities needed to develop local hacking power. So they spend on shortcuts. “They don’t want to be left behind,” Nauman says.

Military contract giants around the world are now developing and selling these capabilities. These tools have been used for horrific abuse of power. They are increasingly being used against legitimate criminal investigations and terrorism and are key to espionage and military operations.

The demand for what private hacking companies are selling is not going away. “The industry is bigger and more visible today than it was a decade ago,” says Winona DeSombre, a security researcher and colleague at the Atlantic Council. “Demand is growing as the world becomes more technologically connected.”

December recently mapped the popular opaque industry by charting hundreds of companies selling digital surveillance tools worldwide. She argues that much of the industry’s growth is hidden from public view, including the sale of cyber weapons and surveillance technology by Western companies to geopolitical opponents.

“The biggest problem comes when the space is primarily self-regulating,” she explained. Self-regulation can lead to “widespread human rights abuses” or even friendly fires, while hacking tools are sold to foreign governments that turn against the country of origin and use the same capabilities.

Given the growing influence of the industry, authorities around the world are now aiming to shape its future with sanctions, charges and new regulations on exports. However, the demand for equipment is increasing.

Ultimately, the most meaningful change can come when companies’ revenue is affected. Recent reports indicate that the NSO Group is in debt and is struggling in court for Wall Street investment.

“This is a commercial industry,” says Shire. “If venture capital firms and large corporate investors see this as a risky move, they will choose to exit. More than anything else, it could radically change the industry.”

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *