Microsoft Blasts NSO Group As Ruthless Cyber Mercenaries Hiding Behind Immunity Shields
As cybersecurity attacks continue to rise, companies are stepping in to provide digital weapons to anyone with ill-will and deep enough pockets. One of these companies, NSO Group, is trying to hide behind legal immunity granted by government clients. If this immunity were granted, it would set a dangerous precedent and lead to many other issues.
The NSO Group is a technology and cybersecurity company or "mercenary," as Microsoft describes. NSO Group claims on its website that they create "technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe." That is a rather noble-sounding description for someone who effectively manufactures digital weapons. The NSO Group is simply a seller of digital weapons, and could pose a risk to everyone in the world when targeted.
A program called Pegasus was sold by NSO Group that can be installed on a device "simply by calling the device via WhatsApp; the device's owner did not even have to answer." It is reported that over 1,400 mobile devices have been accessed this way, "including those belonging to journalists and human rights defenders." Now knowing this, WhatsApp have sued NSO Group with the backing of Microsoft and several other companies. Ultimately, though, the NSO Group operating the way they do could lead to several issues.
The first major issue with the Pegasus or other cybersecurity software being sold is that it can fall into a malicious actor's hands. Government created or owned cybersecurity and espionage tools leaked before, such as the exploit called EternalBlue discovered by the NSA, which then powered the WannaCry ransomware attack in 2017. As Microsoft explains, "Lowering the barrier for access to these weapons would guarantee that such catastrophes would be repeated."
Next, organizations such as the NSO Group are not bound by international laws or diplomacy. Furthermore, "some governments – like the United States – may share high-consequence vulnerabilities they discover with impacted technology providers so the providers can patch the vulnerability and protect their customers." The NSO Group and other private companies are solely out for themselves as a for-profit business, and thus they can leave vulnerabilities alone for financial gain.
Finally, "companies like the NSO Group threaten human rights whether they seek to or not." When journalists or human rights defenders cannot do their jobs without fear, democracy, and human rights are smothered. As Microsoft explains, "Privacy is fundamental to the ability of journalists to report, of dissidents to speak their voices and of democracy to flourish and these tools threaten their rights and their lives."
With these issues in mind, private-sector offensive actors, such as the NSO Group, are incredibly dangerous to everyone. Human rights and fundamental freedoms are trampled on when companies like this operate in legal darkness. Over 164 years ago, Benjamin Franklin wrote that "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." This sentiment remains true today in the age of cyber-threats, and people need to be reminded of it when profit and greed begin to outweigh peoples' liberty.