The hacking industry faces the end of an era – MIT Technology Review

But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.
NSO Group, the world’s most notorious hacking company, could soon cease to exist. The Israeli firm, still reeling from US sanctions, has been in talks about a possible acquisition by the American military contractor L3 Harris. 
The deal is far from certain—there is considerable opposition from both the White House and US intelligence—but if it goes through, it’s likely to involve the dismantling of NSO Group and the end of an era. The company and its technology would likely be folded into a unit within L3 Harris. The American firm already has its own offensive cyber division, known as Trenchant, which has quietly become one of the most sophisticated and successful such shops in the world, in large part thanks to a strategy of smart international acquisitions.
But no matter what happens with this potential deal, the changes afoot in the global hacking industry are far bigger than any single company.
The hacking industry looks dramatically different today from the way it did a year ago. 
Two major events have changed the landscape. The US sanctioned NSO Group in late 2021 after determining that government customers had used its Pegasus spyware to “maliciously target” journalists, human rights activists, and government officials around the world. 
Within days, amid global concern over spyware abuse, the Israeli ministry of defense followed the American sanctions by severely restricting export licenses so that the country’s roaring hacking industry lost the majority of its customers virtually overnight. The number of countries that its hacking firms could sell to fell from over 100 to 37, a group that includes Western European nations, the United States, Canada, the United Kingdom, Australia, Japan, and India.
French officials were close to buying controversial surveillance tool Pegasus from NSO earlier this year. Now the US has sanctioned the Israeli company, and insiders say it’s on the ropes.
That’s still a huge and rich market, but it cuts out dozens of nations in Latin America, Africa, Eastern Europe, and Asia, where Israeli cyber firms had been making a killing selling cutting-edge surveillance tools to customers with deep pockets and a willingness to spend. It’s also where NSO Group kept getting in trouble for getting caught selling powerful hacking tools to authoritarian regimes that abused Pegasus. NSO Group executives say they have terminated eight Pegasus contracts due to abuse. 
The defense ministry’s licensing restrictions have sounded the death knell for several smaller shops of hackers and researchers. Nemesis, an Israeli cyber firm that had managed to keep a low public profile, shut down in April. Ace Labs, a spinoff of the billion-dollar tech giant Verint, closed up shop and fired all its researchers earlier this month.
The Israelis’ former customers are not standing idle. New players and old rivals are stepping into the vacuum to provide the hacking capability that more and more governments demand. 
“The landscape is shifting and, to a certain degree, diversifying,” said Christoph Hebeisen, director of security intelligence research at the mobile security firm Lookout. 
Several European firms are stepping into the gap. 
Intellexa is an “alliance” of hacking firms, operating out of several locations in Europe and Asia, that have been able to attract and retain business from nations no longer able to buy Israeli hacking tools. The group boasts Israeli and European talent but avoids the new Israeli restrictions that have stung several of its competitors. Mobile spyware from Cytrox, a North Macedonian hacking firm and founding member of the Intellexa alliance, was found on an Egyptian target last year.
RCS Labs is an Italian hacking firm whose spyware was recently spotted in Kazakhstan. Until as late as 2021, Kazakhstan was reportedly a customer of NSO Group, but it is now restricted. Now the mobile security firm Lookout says it sees the country using RCS’s malware to spy on Android phones. Kazakhstan is an authoritarian nation that recently jailed an opposition leader just a few months after the mass killing of protesters. NSO Group hacking tools were reportedly used to spy on activists there last year. When reached for comment, RCS Labs provided an unattributed statement condemning “any abuse or improper use” of its products that are “designed and produced with the intent of supporting the legal system in preventing and combating crime.”
Besides increased global uncertainty and the restrictions on Israeli hacking companies, several industry executives say they see two more shifts in play. 
Many more countries are investing in building their own domestic cyber capability. Most countries haven’t had the resources, expertise, or money to date—and firms like NSO Group have made it economically easier to just buy the tools instead. But now countries desire their own domestic hacking capabilities to insulate themselves from global variables like political strife and human rights criticism.
The most valuable hacking tools were once the domain of governments. Not anymore.
The archetype is the United Arab Emirates, which spent 10 years hiring former Western intelligence officers to build up DarkMatter, a firm that was famously caught spying on journalists and dissidents. DarkMatter has been replaced in the United Arab Emirates by firms like Edge Group. 
Now, according to sources from within the Israeli and European hacking industries, governments of states like Saudi Arabia, Bahrain, Qatar, and Singapore are following in the UAE’s footsteps by offering top financial incentives to attract hacking talent from around the world.
Several industry sources who wished to remain anonymous say they see Chinese actors stepping into the void to try to sell surveillance and cyber tools, especially to African and Asian nations, where Beijing has been aggressively expanding its influence in recent years.
Israeli officials are suggesting to the country’s cyber companies that they should prepare for this situation to potentially last until at least two years from now—incidentally, when the next American presidential election will take place. What happens after that is unclear in more ways than one. 
American sanctions and Israeli restrictions may conceivably contribute to the end of NSO Group. But what happens next?
The market is bigger and more visible than ever before, encompassing hundreds of companies selling surveillance tech globally. One of the industry’s top trade shows, ISS World, recently held a show in Prague, and it was bigger than ever on both the company and government delegation sides. Calls from every conceivable corner to regulate the industry internationally have largely failed. As a result, there is still little global transparency or accountability for abuse despite increased attention on the problem.
One thing we are learning is that a vacuum can’t last long in a market where demand is so high.
The attack on Viasat showcases cyber’s emerging role in modern warfare.
A multi-year hacking campaign shows how dangerous old flaws can linger for years.
Cloud-based tech solutions are helping manufacturers manage a new ecosystem of suppliers with greater agility and resilience.
Many suspect the Chinese state has forced Gitee, the Chinese competitor to GitHub, to censor open-source code in a move developers worry could obstruct innovation.
Discover special offers, top stories, upcoming events, and more.
Thank you for submitting your email!
It looks like something went wrong.
We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.
Our in-depth reporting reveals what’s going on now to prepare you for what’s coming next.
Subscribe to support our journalism.
© 2022 MIT Technology Review

source

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported