I'm glad someone else who pays attention (more than I do, I'm sure) to NSO is on the thread. Just in case other people here have difficulty with the distinction between positive and normative arguments (we all do sometimes), I'll be clear: I think NSO is a force for evil.
Yeah. And it isn't even always the case that they are magic gods at it... when I first heard about NSO, it was because I learned (as part of Citizen Lab's public analysis of a payload) that they were using some of my software--which I guess they didn't know how to replicate, and, since it wasn't open source, they were awkwardly having to shell out to binaries that I provided in ways that I guess worked well enough--as part of their persistent iPhone spyware.
Ahmed Mansoor--the particular UAE dissident who was being targeted in that analysis--is often in the crosshairs, and I think it just goes to further the point of your narrative that there are other companies from countries people ignore (as they don't get to go "oh no! it's Israel! they're scary!") providing software that people are trying to use to hack his devices. One of the other attempts I had paid some attention to was an Italian company named Hacking Team.
That hack also relied on third-party software, this time written by Collin Mulliner, whom I had known from grad school. He developed software that was somewhat analogous to my work for iOS that ran on Android, and he actually started getting flack as if he had something to do with the hacking, and so ended up publishing a blog post and public statements pointing out his software was both reusable and even sometimes open source, and he had no involvement.
