Rogue in Vogue: What Can Happen When Specialized Software Becomes Available

October 25, 2021

I read “New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts.” I have no idea if the story is true or recounted accurately. The main point strikes me that a person or group allegedly used the NSO Group tools to compromise the mobile of a journalist.

The article concludes:

Hubbard was repeatedly subjected to targeted hacking with NSO Group’s Pegasus spyware. The hacking took place after the very public reporting in 2020 by Hubbard and the Citizen Lab that he had been a target. The case starkly illustrates the dissonance between NSO Group’s stated concerns for human rights and oversight, and the reality: it appears that no effective steps were taken by the company to prevent the repeated targeting of a prominent American journalist’s phone.

The write up makes clear one point I have commented upon in the past; that is, making specialized software and systems available without meaningful controls creates opportunities for problematic activity.

When specialized technology is developed using expertise and sometimes money and staff of nation states, making these tools widely available means a loss of control.

As access and knowledge of specialized tool systems and methods diffuses, it becomes easier and easier to use specialized technology for purposes for which the innovations were not intended.

Now bad actors, introductory programming classes in many countries, individuals with agendas different from those of their employer, disgruntled software engineers, and probably a couple of old time programmers with a laptop in an elder care facility can:

  • Engage in Crime as a Service
  • Use a bot to poison data sources
  • Access a target’s mobile device
  • Conduct surveillance operations
  • Embed obfuscated code in open source software components.

If the cited article is not accurate, it provides sufficient information to surface and publicize interesting ideas. If the write up is accurate, the control mechanisms in the countries actively developing and licensing specialized software are not effective in preventing misuse. For cloud services, the controls should be easier to apply.

Is every company, every nation, and every technology savvy individual a rogue? I hope not.

Stephen E Arnold, October 25, 2021


Comments are closed.

  • Archives

  • Recent Posts

  • Meta