- DEA has reportedly tried to buy malware from the NSO Group, but they didn’t because it was too pricey.
- The agency bought a different solution from another company but didn’t use it much.
- The NSO downplayed the story, and the DEA denied to discuss any contractual details.
The U.S. Drug Enforcement Administration (DEA) has reportedly tried to buy malware tools from the Israeli tech firm “NSO Group”, a controversial entity in the field of surveillance software development. As revealed by Motherboard, who support their story with leaked documents of email communication, the DEA decided to withdraw from the negotiations with the NSO, not because the latter was involved in shady operations but because their products were too expensive for the agency.
According to the details that are laid out in the Motherboard story, the two entities had several conversations which ended in August 2014 with the following: “…Unfortunately, due to the high cost associated with the initial test and the approximate cost of the overall system I don’t think that it is within our current budgetary parameters to pursue.” Representatives from the DEA and the NSO had already met previously, and the malware developer apparently demonstrated their tool’s capabilities and function, which reportedly impressed the senior DEA staff.
The NSO has ties with multiple governments, like the Mexican, or regimes in the Middle East. The spyware developer creates tools that can hack into iPhone and Android devices, allowing silent spying, eavesdropping, data exfiltration, and more. However, while NSO may be doing business with government agencies behind closed doors, some of its former employees are doing it on the dark web. On 2018, their “Pegasus Spyware” was found in 45 countries, and in the hands of actors who were blatantly violating all forms of data privacy regulations. Moreover, they were doing it against privacy rights and freedom of speech advocates, and generally activists who their government had reasons to track and silence.
DEA did proceed with another contractor, after all, paying $2.4M for a contract with “Hacking Team”, an Italian company that is engaged in the same field as NSO. After three years and 17 times that Hacking Team’s spyware was used by the DEA, the agency terminated their contract as they figured they didn’t need the tool after all. Motherboard tried to reach DEA for a comment, but their current chief denied to comment anything regarding their internal contracting process. Moreover, NSO’s co-founder Omri Lavie responded to the media channel, downplaying the story, and saying “good luck with another story about nothing”.
The NSO rightfully feels that there’s no story here, because the essence of the story is in elements they don’t recognize or respect. These elements constitute of people’s privacy rights and an ethical approach in investigation. When these rights are violated by government agencies, who rely on people’s taxes to purchase and turn sophisticated malware against them, there’s a story.