There should be no difference with usual botnet owner/ransomware gangs and such companies. Management should go to prison for good 20-30 years for that and being extradited worldwide. Considering that ransomware gangs are probably less harmful to the society than guys who hack journalists and politicians, putting their lifes at literal risks, not just their pockets.
There should be no "legal" hacking of someone's devices apart from extraction of data from already convicted people in public court with the right to defend themselves
Its not like this is that different than traditional "weapons" (i hate the "cyberweapons" analogy, but if the shoe fits).
Sell guns to governments, even unsavoury ones, it is very rare anything will happen to you except in pretty extreme cases. Sell guns to street gangs, well that is a different story. Like i don't think this situation is different because it is "hacking".
The NSO created/ran cloud instances for each client country and reviewed and approved every target. The didn’t sell weapons like in your analogy. They were effectively assassins for hire.
The problem with selling exploits is you want to maintain “ownership” of the exploit details, lest your customer just take the exploit and sell/use it without paying more or use it to attack you or your friends. This means you end up with veto power. I.e. culpability.
The second part though doesn't make sense. If the US president can send drones to kill terrorists without taking them to court, surely he can order hacking their phones. If you think that there's no case where the latter is ok you shouldn't you fight against the former first?
The part that you miss is, are they only killing "terrorists" extrajudicially? To take that propaganda at its face value is to ask, what else could they be killing brown people for, if not terrorism?
There are many other companies beyond NSO Group, if I were a journalist I would write a more comprehensive list of them and educate about this whole "industry".
Aaaaand it's flagged out of the front page. @dang, so early in the day this is obviously some coordinated manipulation.
31. 206 points 9 hours ago US judge finds Israel's NSO Group liable for hacking journalists via WhatsApp (reuters.com)
22. 37 points 8 hours ago My Pal, the Ancient Philosopher (nautil.us)
15. 4 points 4 hours ago Testing for Thermal Issues Becomes More Difficult (semiengineering.com)
18. 11 points 2 hours ago The Christmas story of one tube station's 'Mind the Gap' voice (2019) (theguardian.com)
From reading other in depth sources it looks more like anti competitive business practices. Certain former politician who is well connected in democratic party cycles basically shutdown the whole Israeli offensive cyber industry except his company which is the main competitor of NSO. This whole drama wouldn't happened otherwise. With Republicans moving in, we might never hear about those issues again.
The encryption isn't alleged to have been compromised. The app itself deals with a lot of untrusted input (eg, thumbnailing video files you've been sent) so there's a meaningful attack surface outside the protocol itself.
The group exploited a bug in WhatsApp to deliver the spyware. It wasn't an E2E issue.
> A U.S. judge ruled on Friday in favor of Meta Platforms' (META.O), opens new tab WhatsApp in a lawsuit accusing Israel's NSO Group of exploiting a bug in the messaging app to install spy software allowing unauthorized surveillance.
Which is ironic considering the FBI and CISA just today announced that you _should_ use WhatsApp and not use SMS for two factor authentication. Although they point out the biggest problem is mobile users click on links in SMS. We live in a mostly captured and anti consumer environment. I'm not sure there's any great advice.
There should be no difference with usual botnet owner/ransomware gangs and such companies. Management should go to prison for good 20-30 years for that and being extradited worldwide. Considering that ransomware gangs are probably less harmful to the society than guys who hack journalists and politicians, putting their lifes at literal risks, not just their pockets.
There should be no "legal" hacking of someone's devices apart from extraction of data from already convicted people in public court with the right to defend themselves
Its not like this is that different than traditional "weapons" (i hate the "cyberweapons" analogy, but if the shoe fits).
Sell guns to governments, even unsavoury ones, it is very rare anything will happen to you except in pretty extreme cases. Sell guns to street gangs, well that is a different story. Like i don't think this situation is different because it is "hacking".
All the cartels in Mexico buy their guns from America and nobody is going to jail over it.
People do in fact get sent to prison for that, straw purchases are a federal felony. Not all of them actually get caught, which is true of any crime.
The NSO created/ran cloud instances for each client country and reviewed and approved every target. The didn’t sell weapons like in your analogy. They were effectively assassins for hire.
The problem with selling exploits is you want to maintain “ownership” of the exploit details, lest your customer just take the exploit and sell/use it without paying more or use it to attack you or your friends. This means you end up with veto power. I.e. culpability.
I agree with the first part, at least in spirit.
The second part though doesn't make sense. If the US president can send drones to kill terrorists without taking them to court, surely he can order hacking their phones. If you think that there's no case where the latter is ok you shouldn't you fight against the former first?
> send drones to kill terrorists
The part that you miss is, are they only killing "terrorists" extrajudicially? To take that propaganda at its face value is to ask, what else could they be killing brown people for, if not terrorism?
Imagine if they chase NSO as hard as they chased Wikileaks
Certainly the ones that hack journalists should go to prison.
Why should journalist badge provide some kind of protection shield? [1]
[1] https://en.wikipedia.org/wiki/Pablo_Gonz%C3%A1lez_Yag%C3%BCe
There are many other companies beyond NSO Group, if I were a journalist I would write a more comprehensive list of them and educate about this whole "industry".
> "Surveillance companies should be on notice that illegal spying will not be tolerated."
That is kinda funny, although sad at the same time
On the flip side, I guess that means META allows WhatsApp users being only “legally spied” on
"Unauthorized hostility against pioneer detected"
Aaaaand it's flagged out of the front page. @dang, so early in the day this is obviously some coordinated manipulation.
Probably done by the same NSO Group. But for US americans they are the good criminals, the chosen criminals
From reading other in depth sources it looks more like anti competitive business practices. Certain former politician who is well connected in democratic party cycles basically shutdown the whole Israeli offensive cyber industry except his company which is the main competitor of NSO. This whole drama wouldn't happened otherwise. With Republicans moving in, we might never hear about those issues again.
I thought Whatsapp and signal share the same encryption
The encryption isn't alleged to have been compromised. The app itself deals with a lot of untrusted input (eg, thumbnailing video files you've been sent) so there's a meaningful attack surface outside the protocol itself.
The attack wasn't targeting the encryption part of whatsapp (afaik).
Encryption is important but it often is not the weakest link in the security chain.
The group exploited a bug in WhatsApp to deliver the spyware. It wasn't an E2E issue.
> A U.S. judge ruled on Friday in favor of Meta Platforms' (META.O), opens new tab WhatsApp in a lawsuit accusing Israel's NSO Group of exploiting a bug in the messaging app to install spy software allowing unauthorized surveillance.
[dead]
[dead]
Didn't the US fund those guys to do exactly that?
It is only legal and ethical when we do it.
The US often does unlawful things.
Well, good. But also: build better software.
Ahem we don't do that here. We get to market faster before our runway ends so we don't risk our exit.
I support this.
It’s not possible to be “perfect,” but if we do our best to get there, we’ll make really good stuff.
It’s unlikely to happen, though, as we have a system that explicitly rewards writing crap, because it makes money.
As long as we fail to reward good work, we will continue to get poor work.
[flagged]
[flagged]
Which is ironic considering the FBI and CISA just today announced that you _should_ use WhatsApp and not use SMS for two factor authentication. Although they point out the biggest problem is mobile users click on links in SMS. We live in a mostly captured and anti consumer environment. I'm not sure there's any great advice.
https://www.newsnationnow.com/business/tech/fbi-warns-agains...
Of course there is. Always prefer an authenticator app over SMS. Also, Passkeys are supposed to be a big upgrade in this regard.
Whatsapp is not still vulnerable to the hack (as far as we know) and SMS applications have had similar vulnerabilities in the past.