Skip to Content

Bungling thief steals government spyware

Hackers are not who you think they are. Thanks to Hollywood, we usually imagine a nerdy teenager hiding in their parents’ basement while breaking into a company’s computer system.

In reality, these days, hackers are typically a sophisticated group of experts who are up to no good. They may even be funded by foreign governments.

However, there are still some exceptions to the rule. A recent example is an employee who allegedly ripped off government spyware. You won’t believe what he did with it.

Cybercriminal goes rogue

Last year, a spyware maker dubbed the NSO Group made headlines. Its malware, called Chrysaor for Apple products and Pegasus for Android, let attackers gain access to everything on victims’ phones. It can spy on your messages, contacts, browsing history and, track your physical location.

NSO charges hundreds of thousands of dollars, usually to governments, to spy on people. It has described this malware as a “ghost.”

Chrysaor gains access to phones with a malicious app or with a text message. Both Google and the internet security company Lookout have found evidence that Chrysaor is difficult for you to get rid of.

Even if your Android phone has security software installed, Chrysaor can gain access. It asks users for permission for access and, since it looks like a regular app or text, many people give it permission.

More surprising, Chrysaor can uninstall itself. The malware is designed to detect if it’s been discovered. It can also block security patches.

Now, an unnamed programmer for NSO has been indicted for allegedly stealing source code from the company. He tried selling it on the Dark Web for $50 million. The spyware is said to be worth much more than that. It could be worth hundreds of millions of dollars.

Here’s the funny part of this tale. After stealing the source code, the thief actually hid it under his bed. The indictment reads like a Hollywood thriller:

“Software worth hundreds of millions of dollars is stolen by an employee of a leading cyber security company. All the warning lights turn on during the theft and no one does anything. For about three weeks, the worker keeps the powerful weapons under the mattress in his apartment in Netanya – and no one does anything.

“During the period, he checks Google (yes, Google) [to find out] how he can sell the secret software, and after the test he offers to sell his weapons to a foreign party on the ‘Dark Net’ for $50 million.”

The thief’s indictment also says he’s worked for NSO since 2017. But years earlier, he supposedly searched the internet to learn ways to disrupt NSO’s security software. I guess he found it.

He’s being charged with attempting to “maliciously cause damage to property used by armed forces,” and to harm security of the country. He’s also being charged with illegally selling the software without a marketing license.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me