Have their capabilities been overplayed? Is selling done under pressure? Are they not actually sitting on big bank and procurement network of valuable 0days?
They only cost a few million dollars to find or just buy and last I checked, a few years ago, there are multiple brokers each with tens in stock.
With that much prevailing stock, you do not run the risk of suddenly not having a supply, so you do not even need to keep a material hoard for yourself. They probably just had like 3-5 at any one time with a in-house team only requiring a few million a year in funding to keep up with the expected churn. If they got more churn than expected, then they buy them retail to keep their product working.
So even if we go with 9 M$ per 0-day (which is a multiple of actual cost), we would only expect them to have like 50 M$ in “assets” and a “procurement network/exploit factory” capable of keeping up with “depreciation” on-average.
Seems pretty reasonable to be under 100 M$. If we went with more reasonable numbers, it would not even be that weird if it was less than 20 M$ for over 50% even at their peak.
People have the mistaken belief that total security compromises are challenging or expensive leading them to the mistaken belief that these companies must be valuable with valuable assets and high revenue.
Hacking-for-hire is barely more than a commodity, like aluminum smelting. There are capital costs, you need technology and expertise, but it is highly fungible leading to lots of suppliers competing on cost and quality of service (turn key, white-glove, etc.) Hell, it is even cheaper to get into and stay on top than aluminum smelting since the capital costs are so much lower.
I think so, but also while they're known as creating 0days, I think they do much more than that, and a lot of it is mundane in comparison.
Probably a big departure from their glory days anyway.
https://www.amnesty.org.uk/meet-nso-group-go-company-human-r...
But on a more serious note, I'm sure a Hollywood producer will bring much needed change to the company.
Its more beneficial to report the amount for taxes, how much you wind up paying is a separate matter, but you need to report it to create the deductions
Apple pays 2m for 0-days now, but I bet kings pay better yet.
History has documented what sort of player they are, I suppose it says something of the times that they still operate/proliferate with impunity.
Software exploits are not munitions and are not controlled, they are not illegal to find, they are illegal to use, hence why there is a market for selling them to sovereigns who have immunity from criminal liability
Shifting liability until it reaches the end user who has no liability or takes the risk
Under the hood there could be anything, we only know just the surface of information that they purposefully let reach the surface. If there was a valid motivation to make it appear as a billion dollar acquisition, I’m sure there’d have been a way to make it appear as such.
But, is it worse than ad tech at large? Is it worse than companies addicting people to their phones via psychological tricks at alarming rates? Or siphoning money from kids via freemium models? Or working on a chatbot that helps kids kill themselves? Or the gazillion payday loan apps? Or the gazillion prediction market/sports betting avenues?
I'm sure some work for more ethical companies, and I like to think I do.. But let's not pretend the vast majority of big money and biggest employers are doing any good in the world.
Given the choice between said evils, I'd probably rather work for a company that is at least honest about what they do.
That being said, I also don't have a family to support - it's just me - which makes the calculus easier. It's still a choice, and everyone should try to face the reality of "what effect is the 8 hours a day I work having on the world?", but I know life-shit can be complicated and stressful and most people are just trying their best.
Take Epic for example, on one hand they're heavy in Marketing/PR about user freedom, but in practice they deliberately targeted children for harm with their Fortnite game, while also looking the other way when it came to issues of sexual predation and bullying. Their behaviours led to a settlement with the FTC for over half a billion USD.
https://www.ftc.gov/news-events/news/press-releases/2022/12/...
https://lawandcrime.com/technology/makers-of-fortnite-to-pay...
Anyone that works at FAANG or "big"/mobile game studios, anything to do with advertising, banking, natural resources extraction/processing, non-sustansible farming, etc, etc.
In my opinion there are not many constructive things you can work with that really improve society or peoples lives.
But then again I'm in a quite dark place this year.
Sorry about your dark place. Keep looking for the light!
Isn't it the other way around: the public sector funds the private sector that allows people to amass their hoards?
> “This investment does not mean that the company is moving out of Israeli regulatory or operational control,” said Hershowitz. “The company’s headquarters and core operations remain in Israel. It continues to be fully supervised and regulated by the relevant Israeli authorities, including the Ministry of Defense and the Israeli regulatory framework.”
There are good applications of these tools. If you can hack the phones of a terrorist organization, you can find out about attacks before they happen and stop them. If you can extract data off of locked computers, you can help win convictions that wouldn't otherwise be possible against people who do truly awful things.
The question, of course, is whether these good applications outweigh the misuse, but that's where it gets murky in a hurry. Individual researchers at these privately owned "boutique" exploit companies (to my knowledge) tend not to know the nitty gritty details of how their work is used out in the world unless it gets caught and dissected online. The more reputable western companies sell only to "democratic" governments which are political allies, but that only goes so far as misuse and abuse is always a risk (not to mention the shaky nature of...certain... western democracies).
At the end of the day, you really just have to hope your work is being used to target terrorists and not journalists. The money obviously makes it easier, but it's not completely disingenuous of the people who work there to believe they're doing good.
But, but, but.
> "[...] it's not completely disingenuous of the people who work there to believe they're doing good."
Given how well and widely NSO and their merchandise were reported on, including the dissection of various associated scandals in the mainstream media, I beg to differ. These people are not dumb, they know exactly what they do, and who their clients are. Your good-faith assumptions with regards to these players come across as extremely naive, to put it mildly.
Outcasts. You know, some people aren’t gratified by society. Even well-inserted people.
I’ve always wondered why people had ethical questions as soldiers dropping Little Boy. Imagine being a soldier at war, of course you hate your enemies. Now imagine being bullied at school and later. Some criminals even literally do crime for the thrills.
Life isn’t generally rewarding, except for a few lucky with a nice social fabric.
The “develops weaponised software exploits” is not clear for me. Maybe it’s the same kind of mindset that lets people design and build weapons and bombs and such?
There are also many governments that use this tool to combat terror or drug dealers and more.
"In October 2018, Citizen Lab reported on the use of NSO software to spy on the inner circle of Jamal Khashoggi just before his murder."
If your work indirectly kills people you can't say that it's not your job not to fight this. You are if that is the case among the causes, so you are responsible.
Also investors: let's invest in hacker business and break into all phones in the world
I feel like ESG has been rammed in to every company i've worked at for a couple of decades now.
There’s a reason government need to hand out tax benefits for people to invest into eco-friendly companies.
The reason this acquisition is happening is to enable ICE to enforce NSPM-7.
America is no longer a free state. You cannot be free in a panopticon.
What a failure for a spokesperson.
This isn't good journalism and should not be celebrated.
Now, the "victim" here is NSO, so not expecting any sympathy, but journos do this to everyone, even normal people.
> Puff pieces
But with the aforementioned rhetoric in vogue these days, every piece of journo is a forced "scoop", leading to most of modern media(social and mainstream, the incentives are the same) being misconstrued non-factual brain damage. Even press conferences, most questions are just loaded and very bad-faith, basically trying to get you to say something they can quote out of context, or use for a misconstrued "non-truth", or a false equivalence. Or sometimes they just make things up! Retarded scoop-bait headlines as well.
The root cause for all this is that adversarial rhetoric.
Before you say "but the press is an adversary against the government", they do this to sportspersons, and a variety of other normal people too. If they only did this to the designated government spokesperson, it would be OK.
Now, this rhetoric itself is a result of "news"[1] companies competing for audiences. A fairly obvious incentive there. On socials too. Engagement is rewarded, leading to the same thing.
Furthermore, LLMs if used for content generation, will compete for audience, and even inference-time feedback driven optimisation leads to it giving the same reality-bending outputs. It's been simulated and shown in this stanford paper already: https://arxiv.org/abs/2510.06105
[1] they really deserve the quotes these days
It's quite the opposite, actually. As Katherine Graham, the former publisher of the Washington Post, used to say: News is what someone wants suppressed. Everything else is just advertising.
TechCrunch is not obligated to let NSO's mouthpiece advertise on their pages.
Why are you simply repeating what GP said followed by a call to authority (a biased one at that)?
I explained why it is problematic in the 2nd part of my post.
The implied agreement is that everything is on the record unless explicitly agreed otherwise beforehand.
This is not a new or unique circumstance.
Americans, if you don't stand up now, you will have to relearn the lesson Germans had to learn eighty years ago.
Seems low. I wonder if it's because it being a foreign company was valuable because it wasn't subject to as many US laws.