Reply to post: Re: How does it work?

Israeli authorities investigate NSO Group over Pegasus spyware abuse claims

doublelayer Silver badge

Re: How does it work?

We don't have knowledge of everything in their code, so these points are based on partial information which has been released:

First, NSO operates several servers which are used to install and operate the malware. This means they know at least some of the targets because they are infecting them on behalf of their clients. We don't know whether it's possible to change those servers to ones that NSO don't operate. Similarly, we know that NSO has target limits where certain licenses are paid depending on how many devices you want to force spyware onto. That implies but doesn't necessarily mean that there is some mechanism for checking whether a client has complied with those licenses or preventing them from infecting others when they have run out of credits. This would also imply that they know when and by whom someone was infected even if they go to some effort not to know who the victim was.

More speculatively now, I think NSO must continue to control the malware after they've sold it because they are operating in a very ambiguous area. They do have some protection from Israel for some reason which has never really made sense to me, but if Israel decided they no longer supported NSO, there would be major problems for the company. Therefore, NSO needs to make sure that, whichever governments or groups (yeah, I'm not buying their claims) they sell it to, they don't sell it to someone who will cause Israel to abandon them. For instance, they could sell it to governments for repression of the local populace, but selling it to someone who would use it against Israeli government figures is something they'll do a lot to avoid. Making a version available which is easily controlled without their knowledge is an invitation to do exactly that. They have strong financial and safety incentives to control who gets to buy and who gets to be the victims, and I'm going to assume that they know these things very well.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon