Microsoft president slams NSO over rising cyberattacks

NSO

Brad Smith: NSO represents the increasing confluence between sophisticated private-sector technology and nation-state attackers.

In an official company blog, Microsoft president Brad Smith has blamed Israeli company NSO and similar tech companies for the rising number of serious cyberattacks including the assaults on US major government sites and companies that were revealed last week.

In the attacks, attributed to Russian hackers by the "New York Times," US government agencies were allegedly breached including the Departments of Defense, State, Homeland Security, and Commerce. The source of the breach has been identified as malware installed on the computer network tool SolarWinds' Orion product. The assault device was a Trojan horse distributed as part of an upgrade last March.

SolarWinds has 300,000 customers, many of them government agencies including to CNBC all five branches of the US military, and some 425 of the Fortune 500 companies.

In his post, Brad Smith expresses concern in "the continuing rise in the determination and sophistication of nation-state attacks," and says "we need to strengthen international rules to put reckless nation-state behavior out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem."

He takes aim at "a new generation of private companies akin to 21st century mercenaries," who facilitate these attacks with their technology, and singles out Israel's NSO Group.

He writes, "One illustrative company in this new sector is the NSO Group, based in Israel and now involved in US litigation. NSO created and sold to governments an app called Pegasus, which could be installed on a device simply by calling the device via WhatsApp; the device’s owner did not even have to answer. According to WhatsApp, NSO used Pegasus to access more than 1,400 mobile devices, including those belonging to journalists and human rights activists. "NSO represents the increasing confluence between sophisticated private-sector technology and nation-state attackers. Citizen Lab, a research laboratory at the University of Toronto, has identified more than 100 abuse cases regarding NSO alone. But it is hardly alone. Other companies are increasingly rumored to be joining in what has become a new $12 billion global technology market."

Later on in the post he returns to the example of NSO. "An early opportunity for the Biden-Harris Administration will come in an appellate judicial case involving the NSO Group itself. NSO has appealed a lower court finding that it is not immune from claims that it violated the U.S. Computer Fraud and Abuse Act by accessing mobile devices without permission. Its argument is that it is immune from U.S. law because it is acting on behalf of a foreign government customer and hence shares that government’s legal immunity. NSO’s proposed recipe would make a bad problem even worse, which is why Microsoft is joining with other companies in opposing this interpretation. The Biden/Harris Administration should weigh in with a similar view."

"NSO’s legal approach, while disconcerting, does the world a service by highlighting the path needed to thwart this new cyberattack ecosystem. It’s to ensure that domestic laws clearly and strongly prohibit companies from helping governments engage in unlawful and offensive cyberattacks and investors from knowingly financing them."

Sources close to NSO Group said, "As a leading and known company in its field, NSO is itself a fixed target for extensive cyberattacks and is acquainted with the enormous challenges posed by attacks, terror and crime sponsored on the web."

Exactly for this aim, the company develops technology that will allow countries to cope with the challenges, and has developed alongside this significant regulatory policies and ethical rules and unprecedented transparency in the business sector."

The sources added, "The significant challenges are those that require global cooperation of countries and the business sector, and we will be happy to share thewir experiences in investigating cyberattacks and formulating a binding technological and regulatory response, as Microsoft is proposing."

Published by Globes, Israel business news - en.globes.co.il - on December 20, 2020

© Copyright of Globes Publisher Itonut (1983) Ltd. 2020

Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018