Israel’s NSO Reportedly in Covert Deal With Cyber Firm Trained to Exploit Security Weak Spots
© AFP 2023 / JOEL SAGETThis studio photographic illustration shows a smartphone with the website of Israel's NSO Group which features 'Pegasus' spyware, on display in Paris on July 21, 2021. - Private Israeli firm NSO Group has denied media reports its Pegasus software is linked to the mass surveillance of journalists and rights defenders, and insisted that all sales of its technology are approved by Israel's defence ministry
© AFP 2023 / JOEL SAGET
Subscribe
NSO Group of Israel appeared on the US Department of Commerce's list in November of organisations involved in activities against national security. The company has recently been embroiled in a massive scandal revealing that its Pegasus spyware was used to "target government officials, journalists, activists, etc" around the world.
Israel’s spyware company NSO Group has teamed up with a consulting cyber firm capable of discovering and exploiting security vulnerabilities in computing services, Israeli newspaper Ha'aretz reported. The technology firm is said to be operating Realmode Labs, staffed with “top-notch researchers and developers of security-related products, graduates of the Israel Defense Forces (IDF), government agencies and leading companies in this industry,” according to the company’s website.
"The Petah Tikva-registered Realmode Labs was established early last year. It is headed by Ariel Tempelhof, a graduate of the prestigious IDF “Psagot” programme that trains soldiers to meet the demands of the military's increasingly high-tech world.
Realmode had been hired by businesses in the past to locate breaches in their security: in January, one of Realmode's employees, Yuval Bar-On, discovered a breach in book-reading service Kindle.
#KindleDrip - Critical vulnerability found in #Amazon #Kindle devices. Attackers could send you malicious books without any user interaction. Could compromise your device & credit card!
— Yaar Hahn (@YaarHn) January 21, 2021
Kudos to Yogev Bar-On of @RealmodeLabs.https://t.co/LNZnUfLtMZ
As a result, hackers were able to get their hands on credit card information of Kindle's users and made purchases on Amazon. After the breach was sealed, Bar-On was paid $18,000 by Amazon.
© AFP 2023 / DENIS CHARLETIn this photograph taken on November 18, 2020 in Lille, a person poses with a smartphone showing an Amazon logo, in front of a computer screen displaying the home page of Amazon France sales website.
In this photograph taken on November 18, 2020 in Lille, a person poses with a smartphone showing an Amazon logo, in front of a computer screen displaying the home page of Amazon France sales website.
© AFP 2023 / DENIS CHARLET
Accordingly, recruiting Realmode’s high-tech “commandos” could present new possibilities for NSO Group, which boasts expertise in breaking into Apple and Google systems and in hacking mobile phones. The deal between NSO and Realmode was reportedly signed this year and the cyber firm is able to remain independent which suggests that Realmode staff are engaged in a covert project for NSO.
NSO was recently blacklisted by the US Department of Commerce after it was decided that its operations were harmful to American interests.
The group had been embroiled in a massive scandal revealing its Pegasus spyware was used to spy on the phones of about 50,000 targets, including “government officials, journalists, businesspeople, artists, activists, academics, and embassy workers". French President Emmanuel Macron was said to be one of those whose phone was targeted.
The announcement came after news related to the misuse of NSO’s flagship Pegasus software, with Apple filing a lawsuit in late November holding the group accountable for the surveillance and targeting of its customers.
NSO founder, Shalev Hulio, was cited as acknowledging at a meeting that finding staff was becoming increasingly challenging. There has not yet been any comment from NSO on the report. Ha'aretz cited Realmode as saying:
“Realmode Labs offer consultation services in diverse areas to many technology companies. As we publish from time to time, our employees collaborate with other companies in improving the security of their products.”