The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Pegasus spyware maker is in an even tougher spot now

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.


Good morning! This story about a fake cricket league in India is the craziest thing I've read today.

Below: Microsoft says it's temporarily delaying the rollout of a long-awaited security feature, and the FTC says it will take action against illegal data use in the wake of Roe v. Wade being overturned.

NSO Group’s future is in jeopardy

NSO's future is even more in doubt now that a major U.S. defense firm has reportedly dropped a bid to buy its hacking tools.

When L3Harris and Pegasus spyware maker NSO Group reportedly talked last month about a potential sale of NSO’s hacking tools, it appeared to be part of an attempt by NSO to salvage its valuable computer code and employees while giving a U.S. contractor a way to use the powerful tool.

But L3Harris’s dropping of its bid puts NSO in a difficult position. For one, the company already on a federal blacklist that restricts its ability to receive American technologies. 

And this: the company also faced financial difficulties last year, the Financial Times reported in June. It had a hard time closing new sales after The Washington Post and 16 media partners reported that Pegasus was used to target activists, executives and journalists, the outlet reported. (NSO told the FT that its tools continue to see “high demand.”)

No deal?

L3Harris is behind other surveillance tools, and a purchase of NSO could have bolstered its competitive advantage – or so the thinking goes.

But Biden administration had quickly raised public concerns about the deal, with a senior White House official telling The Post last month that the administration was “deeply concerned” about it.

  • One of the key unanswered questions about such a deal was whether the Israeli government would still be able to use NSO technology. U.S. officials say that the government of Israel, which is not part of the Five Eyes intelligence-sharing alliance, has a close relationship with NSO, posing a potential counterintelligence issue.

The negotiations showed how difficult it would have been for an American firm especially a defense contractor to complete such an acquisition of NSO without a stamp of approval from the U.S. government. L3Harris “significantly” depends on U.S. government contracts for its business, according to its 2021 annual report.

  • There was "definitive pushback” from the U.S. government, a person familiar with the talks told The Guardian, which reported the story with The Post and Haaretz. "There was a view [within L3Harris leadership] that there was no way the company was moving forward with this…If the [U.S.] government is not aligned, there is no way for L3 to be aligned.”

Thoughts from John Scott-Railton, a senior researcher at the cybersecurity research group Citizen Lab, a leading critic of NSO:

Dueling narratives

When L3Harris visited Israel for NSO negotiations, the company said that U.S. spies “quietly supported its plans to purchase NSO,” the New York Times’s Mark Mazzetti and Ronen Bergman wrote on Sunday. 

But a U.S. official contradicted that, telling my colleague Ellen Nakashima that “we are unaware of any indications of support or involvement from anyone in a decision-making, policymaking or senior role.”

“The U.S. Government was not involved in and did not support or attempt to facilitate any reported potential transaction involving a foreign commercial surveillance software company on the Department of Commerce’s Entity List,” they said. “In fact, the intelligence community expressed concerns after learning about the possibility of the sale, which informed the administration’s concerns.”

NSO didn’t respond to a request for comment from The Post on the latest development in the potential deal. The company declined to comment to the New York Times. L3Harris previously declined to comment on the existence of talks with NSO, with a company spokesperson telling The Post that “we are aware of the capability and we are constantly evaluating our customers’ national security needs,” and that “anything beyond that is speculation.” 

NSO under pressure

In Europe, policymakers are still looking into the use of Pegasus and other spyware.

At least five European countries have used NSO technology, the firm’s top lawyer told a European Parliament committee last month.

The committee plans to visit Israel, Poland and Hungary in the coming months. But a planned trip to Spain — where Spanish and Catalan politicians were allegedly targeted with Pegasus — has been scrapped over fears that it could embarrass Spanish politicians, Politico Europe reports.

Assita Kanko, a Belgian member of the European Parliament, told Politico that she “would be worried” if the committee was running into challenges in arranging trips.

“If you have nothing to hide, it doesn't make sense to stop an inquiry committee from paying a visit,” Kanko told Politico.

The keys

Delay of long-awaited security feature is “temporary,” Microsoft says

In February, Microsoft announced its plans to block groups of commands known as “macros” coming from the Internet automatically in its software. Ransomware groups and other malicious hackers have relied on macros to infect systems, and cybersecurity experts praised Microsoft’s product change. But the rollout has been delayed temporarily, the company said.

  • Microsoft initially “warned without any real explanation that this change would be rolled back,” Bleeping Computer’s Sergiu Gatlan writes. Some administrators argue that it’s difficult to enable macros, and users have reported problems when they try to enable blocked macros.

“Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users,” the company said, noting that it would detail its timeline in the “upcoming weeks.”

Cyber experts call for “new foreign policy for cyberspace”

More than two dozen cybersecurity experts have endorsed a new report from the Council on Foreign Relations that declares an end to the “era of the global Internet” and calls for cybersecurity and digital policy officials to revamp data, privacy and cybersecurity policies for the years ahead. 

“The increased instability of cyberspace presents a grave challenge,” the task force writes in the report. “Compared with its adversaries, the United States stands largely alone, the most connected society but with the most vulnerable data. Washington needs a comprehensive digital, cyber, and foreign policy strategy that confronts the reality of the end of the global Internet.”

Nate Fick, President Biden’s nominee to be the State Department’s ambassador at large for cyberspace and digital policy, co-chaired the task force and, like the other members of the task force, signed on to an endorsement of the report’s overall message. 

FTC pledges to ‘fully’ enforce against illegal use of sensitive data post-Roe

Less than a week after President Biden issued an executive order urging the Federal Trade Commission to take steps to protect reproductive health data after Roe v. Wade was struck down, the agency outlined its plans to do just that in a blog post Tuesday, Cristiano Lima reports for The Cybersecurity 202.

“The Commission is committed to using the full scope of its legal authorities to protect consumers’ privacy. We will vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data,” the FTC's Kristin Cohen wrote.

The agency laid out three areas of focus: protecting “sensitive data” that is already protected under federal and state laws, targeting “deceptive” claims that data is anonymized and cracking down on over-collection, indefinite retention or “misuse” of related data.

Global cyberspace

Here's how North Korean operatives are trying to infiltrate U.S. crypto firms (CNN)

Hackers are helping to speed up China’s electric scooter boom (Bloomberg)

Cyber insecurity

Experian, you have some explaining to do (Krebs on Security)

Privacy patch

Italy's watchdog warns TikTok over alleged breach of EU privacy rules (Reuters)

Securing the ballot

Barr subpoenaed in Dominion’s $1.6 billion suit against Fox News (Bloomberg)

Industry report

The cyber insurance market has a critical infrastructure problem (CyberScoop)


  • The Atlantic Council hosts an event on new U.K. data protection rules today at 9 a.m. The think tank also launches a report on cybersecurity and the energy sector today at 3:30 p.m.

Secure log off

Thanks for reading. See you tomorrow.