Blog maker

Spyware maker Pegasus is in an even tougher spot now

Comment

Good morning! This story of a fake cricket league in India is the craziest thing I have read today.

Below: Microsoft says it’s temporarily delaying the rollout of a long-awaited security feature, and the FTC says it will take action against illegal data use following Roe vs. Wade being overthrown.

The future of the NSO group is in danger

NSO’s future is even more uncertain now that a major US defense company has reportedly dropped a bid to buy its hacking tools.

When L3Harris and spyware maker Pegasus NSO Group reportedly spoke last month about a potential sale of NSO’s hacking tools, it appeared to be part of an attempt by NSO to salvage its valuable computer code and employees while giving to an American entrepreneur a way to use the powerful tool.

But the abandonment of the offer by L3Harris puts NSO in a difficult position. For one thing, the company is already on a federal blacklist that limits its ability to receive American technology.

And this: The company also ran into financial difficulties last year, the Financial Times reported in June. It struggled to close new sales after The Washington Post and 16 media partners reported that Pegasus was being used to target activists, executives and journalists, the outlet reported. (NSO told the FT that its tools continue to see “high demand”.)

L3Harris is the originator of other surveillance tools, and a purchase of NSO could have boosted its competitive advantage – or so it is believed.

But the Biden administration was quick to raise public concerns about the deal, with a senior White House official telling the Post last month that the administration was “deeply concerned” about it.

  • One of the main unanswered questions regarding such a deal was whether the Israeli government would still be able to use NSO technology. US officials say the Israeli government, which is not part of the Five Eyes intelligence-sharing alliance, has a close relationship with NSO, which poses a potential counterintelligence problem.

The negotiations showed how difficult it would have been for an American firm especially a defense contractor to complete such an acquisition of NSO without US government approval. L3Harris ‘significantly’ dependent on US government contracts for business, says 2021 report Annual Report.

  • There has been a “definite pushback” from the US government, a person familiar with the talks told The Guardian, who reported the story with The Post and Haaretz. [within L3Harris leadership] that there was no way the company would go ahead with this… If the [U.S.] government is not aligned, there is no way for L3 to be aligned.

thoughts of John Scott Railtona senior researcher at the Citizen Lab cybersecurity research group, a leading critic of NSO:

When L3Harris traveled to Israel for the ONS negotiations, the company said US spies were “quietly supporting its plans to buy NSO”, Mark Mazzetti and Ronen Bergman of The New York Times wrote on Sunday.

But a US official contradicted this, telling my colleague Ellen Nakashima that “we are not aware of any indications of support or involvement from anyone in a decision-making, policy-making or leadership role.”

“The U.S. government has not been involved and has not supported or attempted to facilitate any reported potential transactions involving a foreign commercial surveillance software company on the Commerce Department’s Entity List,” they said. “In fact, the intelligence community expressed concerns after learning of the possibility of the sale, which informed the administration’s concerns.”

NSO did not respond to a request for comment from The Post on the latest development of the potential deal. The company declined to comment to The New York Times. L3Harris previously declined to comment on the existence of talks with NSO, with a company spokesperson telling the Post that “we are aware of the capability and are constantly evaluating the national security needs of our customers,” and that ” anything beyond that is speculation.” ”

In Europe, policy makers are still investigating the use of Pegasus and other spyware.

At least five European countries have used NSO technology, the firm’s top lawyer Told a committee of the European Parliament last month.

The committee plans to visit Israel, Poland and Hungary in the coming months. But a planned trip to Spain – where Spanish and Catalan politicians have reportedly been targeted by Pegasus – has been scrapped over fears it could embarrass Spanish politicians, Politico Europe reports.

Assita KankoBelgian member of the European Parliament, told Politico that she “would be concerned” if the committee encountered difficulties in organizing trips.

“If you have nothing to hide, it makes no sense to prevent a commission of inquiry from visiting,” Kanko told Politico.

Long-awaited security feature delay is ‘temporary’, Microsoft says

In February, Microsoft announcement its plan to automatically block groups of commands called “macros” from the Internet in its software. Ransomware groups and other malicious hackers have relied on macros to infect systems and cybersecurity experts rented Microsoft product change. But the rollout has been temporarily delayed, the company said.

  • Microsoft initially “warned without real explanation that this change would be rolled back”, beeping computerby Sergiu Gatlan writing. Some admins say it’s difficult to enable macros, and users have reported issues when trying to enable blocked macros.

“Based on user feedback, we have temporarily rolled back this change while we make additional changes to improve usability. This is a temporary change, and we are fully committed to making the change default for all users. the company said, noting that it would detail its timeline in the “coming weeks.”

Cyber ​​experts call for a ‘new foreign policy for cyberspace’

More than two dozen cybersecurity experts have endorsed a new report of the Council on Foreign Relations which declares the end of the “age of the global Internet” and calls on cybersecurity and digital policy leaders to revamp data, privacy and cybersecurity policies for the years to come. come.

“The increased instability of cyberspace presents a serious challenge,” the task force wrote in the report. “Compared to its adversaries, the United States is largely alone, the most connected society but with the most vulnerable data. Washington needs a comprehensive digital, cyber, and foreign policy strategy that confronts the reality of the end of the global Internet.

Nate FickPresident Biden’s nominee to be the State Department’s Goodwill Ambassador for Cyberspace and Digital Policy, co-chaired the task force and, like other task force members, signed an endorsement of the report’s general message .

FTC vows to ‘fully’ fight unlawful use of sensitive data after Roe

Less than a week after President Biden issued an executive order urging the Federal Trade Commission to take action to protect reproductive health data after Roe vs. Wade was cancelled, the agency outlined its plans to do just that in a blog post On Tuesday, Cristiano Lima reports for The Cybersecurity 202.

“The Commission is committed to using the full extent of its legal powers to protect consumer privacy. We will vigorously enforce the law if we uncover unlawful conduct that exploits Americans’ location, health, or other sensitive data,” the FTC said. Christine Cohen wrote.

The agency has identified three areas of focus: protecting “sensitive data” that is already protected by federal and state laws, targeting “misleading” claims that data is anonymized, and combating excessive collection, indefinite retention or the “misuse” of related data. .

Here’s how North Korean agents are trying to infiltrate US crypto companies (CNN)

Hackers are helping to accelerate China’s e-scooter boom (Bloomberg)

Experian, you have some explaining to do (Krebs on security)

The Italian watchdog warns TikTok of an alleged breach of EU privacy rules (Reuters)

Barr subpoenaed in Dominion’s $1.6 billion lawsuit against Fox News (Bloomberg)

The cyber insurance market has a critical infrastructure problem (CyberScoop)

  • The Atlantic Council hosts an event on new data protection rules in the UK today at 9am The think tank also spear a report on cybersecurity and the energy sector today at 3:30 p.m.

Thanks for reading. Until tomorrow.