A former employee at a notorious Israeli spyware maker has been arrested and charged after trying to sell his ex-company’s wares on the dark web, according to reports.
The unnamed 38-year-old was a senior programmer with privileged access to NSO Group’s networks.
After being fired on April 29 the individual is said to have downloaded IP worth hundreds of millions of dollars, before trying to sell it for $50m online.
However, their plans were disrupted when the potential buyer alerted NSO, which called in the police to arrest the suspect on July 5, according to Reuters.
The spyware maker, which has sold surveillance tools to governments around the world, claims none of its proprietary information has been exposed.
However, the Israeli Justice Ministry said that the former company employee’s actions posed a threat to national security, meaning more details of the case are being kept private.
Experts pointed to the case as yet another incident highlighting the potential insider threat facing firms.
"It is never a good idea to behave in an unprofessional manner — from logic bombs and dead-man-switches to IP and trade secret theft, it is always a mark of immaturity, desperation and a violation of trust,” argued Cybereason chief security officer, Sam Curry. “This is a true in Hollywood and health sciences as it is in software and manufacturing, but it’s especially stupid in the world of cyber-warfare, international relations and national security.”
High-Tech Bridge CEO, Ilia Kolochenko added that no organization is safe from the risks posed by insider threats.
“Four-eyes principles, anomaly detection, role-based access to sensitive data and two-factor authentication, continuous monitoring and employee vetting can substantially reduce those risks, but not eliminate them,” he added.
“Worse, being extremely busy with external security threats, many organizations blindly trust their internal employees and tend to ignore automated security alerts coming from the inside. In many cases, conscientious employees are tricked in a sophisticated manner by cyber-criminals to unwittingly help them get inside of corporate networks.”
NSO Group sprang to notoriety in 2016 when one of its tools, a spyware product known as Pegasus, was used in a sophisticated campaign against internationally renowned campaigner Ahmed Mansoor, which some have traced back to the UAE government.