The Italians are the new Israelis… at least in terms of hawking phone exploits and other spyware.
NSO Group crashed hard following leaks showing its customers (many of which were, shall we say, questionable) were targeting political rivals, dissidents, human rights activists, journalists, lawyers, and religious leaders with powerful exploits that completely exposed the contents of targeted phones, as well as allowing those doing the targeting to eavesdrop on every conversation and communication engaged in by phone users.
NSO not only crashed hard, but its splash damage was enough to get other Israel competitors hit with US sanctions or forced to hook up with offshore distributors just to be able to sell their products to the few world governments still willing to do business with them. No surprise here, though. The list of willing buyers had pretty much been whittled down to the serial human rights violators that got NSO Group in trouble in the first place.
Israeli news service Haaretz took a trip to Milipol in Paris, a convention hosting a ton of third parties providers from all over the world seeking to sell surveillance tech (as well as good old fashioned guns) to the world’s cops and soldiers.
Not present at this gathering? Israeli phone exploit hawkers, who apparently decided now is not the time to be making public appearances. NSO, Candiru, and other homegrown Israeli spyware firms took a pass on Milipol, ceding plenty of floor space to numerous rivals, many of which called Italy home.
Though Israeli offensive cyber firms did not attend, their European competitors did: RCS, producer of the Hermit spyware that is considered a competitor of NSO’s Pegasus; Memento Labs, formerly known as Hacking Team; and IPS-Intelligence, all Italian firms, were present.
Memento Labs certainly has more reason now than ever to separate itself from the “Hacking Team” brand. Not only did the company suffer through a truly embarrassing hacking itself (one that exposed its sales to UN-blacklisted governments), but one of its founders was recently arrested for attempted murder (!!).
Not that Italy has the surveillance market cornered. But companies calling it home have been major players for years and the void left by the sudden absence of dominant Israeli firms has opened up the market to companies often considered to be nothing more than also-rans.
In addition to the heavy Italian presence at this wing of Milipol, Haaretz reports other firms offering anything from remote phone exploits to “tactical” communication interception software/hardware pitched their products to buyers. It’s not just one corner of the world producing surveillance tech. Haaretz notes several new players are on the scene, including companies located in Croatia, Czechoslovakia, and… France.
Not that there weren’t any Israeli firms in attendance. Those, however, were pushing products for more passive surveillance, as well as regular army stuff, like anti-drone systems and battery packs for military hardware.
If companies like NSO Group made any friends in the surveillance tech field, they sure don’t seem to have many left. While they aren’t exactly distancing themselves from the new pariahs, they sure don’t seem to have much sympathy for a company that saw itself outed by a disastrous target list leak.
“The Israelis fucked up and their clients exposed them,” an employee from one of the EU-based cyber arms firms said on condition of anonymity.
And certainly none of these spyware purveyors are any more honorable than the companies they’re supplanting.
They admitted that their firm and others in Europe sell their spywares to clients in the same states that Israeli firms also sold to – including countries in Africa and in the Arab world – from which they are currently barred from doing business with.
This seems surprising, given that a lot of NSO Group’s sales to human rights violators were brokered by the Israeli government, which seemingly considered selling powerful tools to dictators to be a form of diplomacy. According to the companies spoken to by Haaretz, European restrictions are far less restricting than those imposed by the Israeli government on Israeli tech firms. So, if we were hoping for a better world with fewer powerful tech tools in the hands of autocrats, it appears that dream is as dead as NSO itself.
And it’s not as though Memento Labs — formerly Hacking Team — has turned over a new leaf as a result of its own disastrous public exposure. It has already rebranded its rebrand, referring to itself as M-Labs. All its reformation has accomplished is the creation of a new layer of plausible deniability. It no longer sells its exploits to questionable governments. Instead, it sells its exploits to other developers, allowing them to do the actual dirty work of dealing with human rights violators while it collects licensing fees for its exploit code.
There will always be a market for these products. And there will always be a very healthy autocrat market for the most powerful exploits and surveillance gear. It isn’t that no one should be creating these tools. It’s that they should be far more judicious about who they sell to. That’s what got NSO in trouble. And that’s what’s ultimately going to cause the downfall of other companies that have the same tech talent and the same gaping hole where a moral center should be.
