What will NSO do without its flagship product?


The Israeli company is considering shelving Pegasus, the cyberattack product that brought it a bad name. Can it reinvent itself, as similar companies have in the past?

A month ago, the US Department of Commerce added Israeli cyberattack technology company NSO to its list of companies operating against US national security and foreign policy interests. If at the time they thought at NSO that they would be able to talk to a few US politicians and officials to have the company taken off the list and get back to business as usual, now, as time goes on and it remains in the headlines internationally, the chances of that happening seem to be disappearing.

Even back then, "Globes" reported that the company was considering the sale of its Pegasus division, the division responsible for the spyware that had been used to hack the telephones of politicians, journalists, activists and others, and changing its spots to become a cybersecurity company assisting governments in securing installations and infrastructure. It now seems that the company is in need of even more serious surgery. Its problem is mainly a branding one. In fact, its brand name has become so toxic that potential buyers are seeking to avoid buying it whole simply because of the fear of damaging their own brands.

Inwardly, life at NSO carries on as normal. Two weeks ago, its employees went on a group vacation in Eilat, and they look forward to the sale of the company as an opportunity to make an exit, or at least as a valve to ease the pressure that has built up in the past few months as a result of the various media reports. But according to Bloomberg, NSO has already hired the services of Moelis & Co., a small investment bank, that has agreed to work with it to find a buyer. The plan is that Pegasus will be shut down and $200 million will be injected into the company to transform it from a company developing cyberattack tools into a cyberdefense player.

NSO not the first

It won't be for the first time in history. US cyber company Endgame was founded by ex-CIA people, raised funds from prestigious venture capital firms like Bessemer and Kleiner Perkins, but was swiftly caught offering for sale information on cyber vulnerabilities of other entities. The company had to switch to a model in which it protected cyber weaknesses for financial companies, and it was eventually sold two years ago for $234 million.

French company Amesys also metamorphosed after its managers were accused of infringing human rights following the sale of systems to Libya and Egypt. They reformed it as Nexa Technologies, although that company mainly deals in integration of cyberattack solutions and not so much in developing technology of its own.

Italian cyber company Hacking Team, which sold cyber hacking tools to various countries, underwent a similar process. The company shut down, changed ownership, and shelved the hacking tools that it had developed. It then reopened under the name Memento Labs, and it is now developing new systems on the basis of its founders' expertise. Hacking Team subjected itself to new ethical rules, and formed an ethics committee together with representatives from academic institutions, and works closely with European regulators.

NSO has several toxic assets, such as its brand, and there are outstanding lawsuits against it in the US courts, such as the suits by Facebook and Apple. On the other hand, it has several assets that could turn it into a prosperous cyber company: a team that understands every possible security weakness and the way that Russian and Chinese hackers think; a management with connections with governments and security agencies; and hundreds of millions of dollars in cash.

US administration tightens controls but leaves opening

Although the US administration put the company on its blacklist, it does not rule out the use of Trojan horses for monitoring citizens and locating them. There are many companies in the US - some privately held, some semi-governmental - that operate cyberattack tools no less effective than those of NSO. US-based Accuvant was recently exposed as the company behind hacks of iPhones in the United Arab Emirates.

Last Friday, the Biden administration did announce tighter controls on exports of cyberattack technology, but it does not intend to fight to the death against cyberattack companies, certainly not against Israeli ones that work with the administration, serving as external subcontractors for work that the Americans don't want to do. It only seeks to limit sales to non-democratic countries. The administration has marked more than 100 countries as members of the "Democracy Summit" forum, which will work jointly to promote democratic values and combat the autocratic winds blowing from various corners of the world.

President Biden has no problem with the fact that Israeli cyberattack company Paragon, among the investors in which is US venture capital firm Battery Ventures, will continue working with countries in Europe. Nor will he have any problem with NSO working with the US administration in its new guise, with a different name and face. Only recently, the Israeli company signed a huge contract with the German government, worth tens of millions of dollars.

After the closure of Pegasus, NSO will be able to spin-off the lawsuits to another company and transfer to it all the capital required to deal with them. It will be able to keep its workers and technologies connected to products other than Pegasus, such as its drone management system, in a separate company under a new brand. A few months later it could hire a reputable CEO, of the description that Itzik Benbenisti would have filled, had he not departed two weeks after being appointed. In a new configuration as a defensive cybersecurity company, NSO will be able to offer its wares for protecting government or public infrastructures, by means of its army of consultants, hackers, and drones.

Who will buy NSO? In the past, names of major US cyber companies such as Palantir were in the air, but the chances of that are now low. It could be a financial fund that injects capital just for the purposes of rebranding and changing strategic direction. Product companies like Samsung, which employs hundreds of hackers to break into its products and spot vulnerabilities, are other potential buyers.

The management and employees, however, will have to adapt themselves to the consequences of the strategic change and the new reality. The value of contracts will fall substantially, and pay will fall along with them. Competition will be tougher, and NSO's ability to shine as a company that offers higher salaries and better conditions than anyone else will not last forever.

Published by Globes, Israel business news - en.globes.co.il - on December 15, 2021.

© Copyright of Globes Publisher Itonut (1983) Ltd., 2021.

Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018