Security analyst tries to sell stolen spyware for $50M in crypto: report

An Israeli man has been indicted for threatening national security after an attempted extortion against his employer, a firm working closely with the Israeli government to develop cyber security software, The Times of Israel reported.

According to the news outlet, the 38-year-old suspect allegedly stole cyber security software from NSO Group, a firm which works in conjunction with Israeli authorities to develop cyber defences. The man reportedly tried to sell the software on the dark web, in exchange for $50 million in cryptocurrency.

The Ministry of Justice said the indictment had been filed at Tel Aviv District Court, with several charges, including theft by an employee, obstruction and interfering with computer material, and attempting to damage property in a way that would harm national security.

Despite the suspect’s best efforts, the software was not sold, and no ransom money was paid. While the suspect was indicted last week, there has been an embargo on reporting the details until now, given the sensitive national security issues at stake.

Information gathered from interviewing the suspect highlighted that the man posed “a real danger to NSO and could have led to its collapse,” based on the sensitivity of the data he was preparing to leak. The Ministry of Justice’s official statement concluded that “beyond that, the activities of the suspect endanger national security.”

The specific nature of the threat to national security remained undisclosed, but prosecutors have said the suspect knew his actions could have had serious implications on the national stage, not to mention the likelihood of destroying NSO Group.

While his primary motivation was the money, prosecutors have contended his conscious knowledge of the implications was an aggravating factor.

Based in Herzliya, NSO Group works with the Israeli government to help gather intelligence from smartphones. The firm was previously known for identifying weaknesses in Apple’s iOS, which allowed them to exploit these loopholes within Apple devices.

Investigators said the suspect, who worked as senior developer for NSO, downloaded data to a hard drive, and was found to have searched for ways of downloading data to an external drive without being identified. After being confronted and fired, he reportedly went to his desk and downloaded to the external drive, before heading for home, where he hid the drive under his bed.

The suspect allegedly found a potential buyer on the dark web, but instead of buying the software, the contact spoke to NSO and agreed to work with them to uncover the plot.

For the time being, the suspect remains in police custody, for fear he could “continue to harm national security and public welfare if he is released,” pending further investigations.