The FBI is Investigating NSO Group for Personal and Government Hacks
The Israeli based NSO Group is under investigation concerning possible attacks on United States citizens and companies by the FBI. Reuters reported on January 30, 2020 that the probe, which has been active since 2017, concerns the infection of smartphones. NSO Group creates products for government intelligence and law enforcement agencies for use against crime and terror. A spokesperson for the NSO Group stated “We have not been contacted by any U.S. law enforcement at all about any such matters,” and the FBI will neither confirm or deny the existence of any investigations.
Pegasus Product of Special Concern
The NSO Group’s Pegasus product is a software tool that can capture data on a phone including encrypted messages and audio. Allegations have been raised that Pegasus might have been used in a hack against Amazon’s Jeff Bezos. The FBI has met with Bezos and has reported that if US citizens are being hacked that it considered both the company supplying the software and the criminals using those tools responsible. In a quote an FBI official said “Whether you do that as a company or you do that as an individual, it’s an illegal activity”.
Where to Draw the Line
As with any tool, the ultimate benefit or harm in its use lays in the hands of the person or agency employing it. While few would argue that fighting crime and terror are not noble goals, care must be taken in providing those tools to appropriate people or agencies. Furthermore continued oversight by those agencies empowered by such tools must be maintained to make sure rogue individuals within an organization do not use them maliciously. Perhaps of greater concern is that once the technologies are obtained by nefarious players there is no way to reestablish control of them, placing all of us at risk.
Smartphone Cyber Vulnerabilities for Businesses
Smartphones are of special concern to businesses because of the ability of users to inadvertently place proprietary data at risk. The costs of such data breaches is difficult to ascertain because of the shared risk with suppliers, vendors, and customers. Adequate mitigation requires a flexible strategic program that can adapt to threats as they evolve. This is best provided by an Information Security Management System (ISMS). An ISMS is a management system based on risk assessment to establish, implement, operate, monitor, maintain and improve information security. CVG Strategy can help you achieve ISMS Certification. Contact us to learn more.