The powerful incentives for developing smartphone spyware

A recent investigation by Ronen Bergman and Mark Mazzetti in The New York Times Magazine opened the curtains into the complex, high-stakes world surrounding commercially available smartphone spyware. Zeroing in on NSO Group’s Pegasus product, the reporters detailed the powerful incentives at play in the proliferation of this spyware.

Some of the key motivators highlighted in the piece include the following.

• Profit: As a for-profit enterprise, NSO Group and its investors are, of course, primarily driven by sales. Between changes in ownership in 2014 and again in 2019, the company’s valuation more than quintupled, hinting at a customer base hungry for its capabilities.
• Diplomatic influence: Israel, where NSO Group is based, has ultimate control, via its export-licensing process, over which countries NSO Group can sell to. This mechanism enables the country to leverage Pegasus for influence on the international stage. Notably, Israel used Pegasus to help secure the support of Arab nations in its campaign against Iran.
• Intelligence gathering: Legitimate customers of Pegasus, including intelligence and law-enforcement agencies, rely heavily on the spyware as a way to circumvent the encrypted communications commonly employed by investigative targets. The capture by Mexican authorities of the drug kingpin known as El Chapo is one example where spyware played an instrumental role.
• Domestic power: One of the side effects of NSO Group’s quest for profits and Israel’s search for influence is that Pegasus has at times ended up in the hands of less-than-reputable actors, including repressive governments and corrupt politicians around the world. In one case, the UAE used the software to hack the phone of a civil rights activist, Ahmed Mansoor, whom the government threw in jail.

With such strong incentives throughout the cyberarms marketplace, it’s easy to see why companies like NSO Group invest so heavily in finding and exploiting smartphone vulnerabilities. As long as government organizations of all stripes are willing to pay a premium for the best hacking tools available, this situation is unlikely to change in the near future.