NSO Offered US Mobile Security Firm 'Bags of Cash', Whistleblower Claims

A whistleblower has alleged that an executive at NSO Group offered a US-based mobile security company "bags of cash" in exchange for access to a global signalling network used to track individuals through their mobile phone, according to a complaint that was made to the US Department of Justice. The Guardian: The allegation, which dates back to 2017 and was made by a former mobile security executive named Gary Miller, was disclosed to federal authorities and to the US congressman Ted Lieu, who said he conducted his own due diligence on the claim and found it "highly disturbing." Details of the allegation by Miller were then sent in a letter by Lieu to the Department of Justice. "The privacy implications to Americans and national security implications to America of NSO Group accessing mobile operator signalling networks are vast and alarming," Lieu wrote in his letter. The letter was shared with the Guardian and other media partners on the Pegasus project, a media consortium led by the Paris-based Forbidden Stories that has investigated NSO and published a series of stories about how governments around the world have used the company's spyware to target activists, journalists, and lawyers, among others.

I certainly hope ...

[PPH]

... that these were not single use plastic bags.

Re:

[Krishnoid]

I bet they're more worried about being able to run their fingers through them [schlockmercenary.com].

What Global Signalling Network is this?

[bubblyceiling]

I know for a fact that governments use triangulation data from operators for this, but the "Global Signalling Network" have yet to hear of. Is this a network, that is separate from GSM? Do they have another option apart from triangulation?

Maybe the USA set one up?

[rapjr]

Based on past experience they are the ones with the expertise. Maybe this is the global signaling network: https://www.schneier.com/blog/... [schneier.com]

Partial solution to disrupt enemy trust

[couchslug]

Allow whistleblowers to keep bribes as rewards in return for denouncing the perpetrator to law enforcement, plus a fat percentage of any fines, judgments etc.

Laws should be changed to not merely allow but encourage puntive asset forfeiture for bribery and other corruption. We don't hurt white collar criminals enough though their punishment should be exemplary as their crimes are not acts of passion but cold calculation.

I wonder..

[TrumpShaker]

What mobile security company took the deal as is and didn't tell on NSO?

Conversion required

[fahrbot-bot]

bags of cash

What's that in Libraries of Congress or Lengths of CVS Receipts or ... ?

(I don't see any of these in the MS Calculator drop-down...)

Syniverse?

[laughingskeptic]

They describe themselves as a mobile security company, have access to the data, a poor history of qualifying partners and have suffered some bad, long-lived hacks: https://www.vice.com/en/articl... [vice.com]

What is most likely beig referenced SS7

[bferrell]

And if THAT's the case, it would tend to call into question the long standing howls about:

A.) how easy it is to "hack" INTO SS7.
B.) and why additional internal security is needed for SS7

The fact is that access to SS7 is NOT easy
and yeah, once you're in, you can pretty well send any message to anyone you want... BUT "they" know who did and from where.