Suspect accused of endangering national security in spyware theft plot

Netanya man allegedly asked $50 million for technology he stole from his employer, a Herzliya-based company that helps governments hack into cellphones

Stuart Winer is a breaking news editor at The Times of Israel.

A view of the NSO Group headquarters in Herzliya. (Screen capture: Google Street View)
A view of the NSO Group headquarters in Herzliya. (Screen capture: Google Street View)

A Netanya man has been accused of endangering national security by stealing sensitive cyber technology from a spy software company and trying to sell it for tens of millions of dollars on the internet, the Justice Ministry said Thursday.

State prosecutors filed an indictment at the Tel Aviv District Court last week against the suspect, 38, on charges of trying to damage property in a way that would harm national security, theft by an employee, activities to market defense material without a permit, and obstruction and interfering with computer material, the ministry said in a statement.

According to the indictment revealed Thursday, no part of the proposed $50 million sale went ahead and no sensitive material or software was compromised.

The incident had been kept under wraps, and several details of the case were still under a gag order.

The suspect allegedly stole cyber technology from NSO Group, an Israeli company which makes technology solutions against cyber attacks as well as information tools and software used for national security and counter-terrorism work.

The suspect, who was working for NSO at the time, tried to sell the material on the dark web, an area of the internet often used to carry out crime due to its greater anonymity.

Testimony gathered during his questioning showed the suspect’s plan presented “a real danger to NSO and could have led to its collapse.”

“Beyond that, the activities of the suspect endanger national security,” the statement said, leading to charges of attempting to damage material used by security forces in a manner that would lead to harming national security.

The specific details of how it would have harmed national security were covered by the gag order.

Prosecutors say that while the suspect was motivated by money, he would have been aware of the national security implications of his actions, as well as the fact that they could have sunk the company.

Herzliya-based NSO helps governments spy on cellphones. The Israeli company, worth some $900 million, made headlines after the highly sophisticated Pegasus spyware it developed reportedly took advantage of previously undisclosed weaknesses in Apple’s mobile operating system.

The system was used in a botched attempt to break into the iPhone of an Arab activist in the United Arab Emirates.

Although NSO markets its software abroad, the sales are monitored by Defense Ministry.

According to the indictment the suspect was a senior programmer at the company. Through his position the suspect had access to the company’s computer servers, to tools developed by the company stored on the servers, and to the source code of the company’s products.

Prosecutors said that in February the suspect broke company policy by connecting an external drive to the computers after having searched on the internet how to do so without being detected.

Nonetheless, the company noticed the activity and he was summoned for a pre-firing hearing with his manager on April 29.

After the meeting he allegedly returned to his station and connected a portable storage device to the servers, then downloaded software estimated to be worth hundreds of millions of dollars.

He then hid the drive under his bed at his apartment in central city of Netanya.

According to prosecutors the suspect made contact via the dark web with a figure and offered to sell the software. He explained his possession of the software by saying he was a hacker from a group he claimed had managed to break into the NSO system.

Typing on a laptop computer (photo credit: Sophie Gordon/Flash90)
Illustrative photo of a laptop computer (Sophie Gordon/Flash90)

The suspect offered to sell the NSO cyber capabilities for $50 million, to be paid out in distributed virtual currencies which would prevent him being tracked.

However, the contact was suspicious of the arrangement and told NSO what was going on, then agreed to cooperate with the company. After further negotiations were made between the suspect and the contact, all under the watchful eye of NSO, the company contacted police and the suspect was arrested on July 5 by officers from the Lahav 433 serious crime unit.

NSO said in a statement that “attempts to steal internal information from a company are always a challenge to prevent and identify.”

The Justice Ministry statement noted that in recent years there have been a number of cases in which valuable software was stolen by someone on the inside of a company who had legitimate access to the material.

Prosecutors have asked that the suspect be kept in custody for the remainder of proceedings, arguing that he would “continue to harm national security and public welfare if he is released.”

Most Popular
read more: