Pretty sure this was known since last year[0], although it may be slightly different.
The smaller firms are just alphabet soup remixes of the larger ones. I wouldn't be surprised if they have the same owners, same staff, same offices -- just with a different logo at the top of a second set of business cards.
> Years prior, NSO had formed an ethics committee, made up of a bipartisan cast of former U.S. foreign-policy officials who would advise on potential customers. After the Khashoggi killing in 2018, its members requested an urgent meeting to address the stories circulating about NSO involvement. Hulio flatly denied that Pegasus had been used to spy on the Washington Post columnist. Pegasus systems log every attack in case there is a complaint, and — with the client’s permission — NSO can perform an after-the-fact forensic analysis. Hulio said his staff had done just that with the Saudi logs and found no use of any NSO product or technology against Khashoggi. The committee nonetheless urged NSO to shut off the Pegasus system in Saudi Arabia, and it did. The committee also advised NSO to reject a subsequent request by the Israeli government to reconnect the hacking system in Saudi Arabia, and it stayed off.
> Then, the following year, the company reversed course. Novalpina, a British private-equity firm, acting in cooperation with Hulio, purchased Francisco Partners’ shares of NSO, with a valuation of $1 billion — more than five times more than it was when the American fund acquired it in 2014. In early 2019, NSO agreed to turn the Pegasus system in Saudi Arabia back on.
> Keeping the Saudis happy was important for Netanyahu, who was in the middle of a secret diplomatic initiative he believed would cement his legacy as a statesman — an official rapprochement between Israel and several Arab states. In September 2020, Netanyahu, Donald Trump and the foreign ministers of the United Arab Emirates and Bahrain signed the Abraham Accords, and all the signatories heralded it as a new era of peace for the region.
> But behind the scenes of the peace deal was a Middle East weapons bazaar. The Trump administration had quietly agreed to overturn past American policy and sell F-35 joint strike fighters and armed Reaper drones to the U.A.E., and had spent weeks assuaging Israel’s concerns that it would no longer be the only country in the region with the sophisticated F-35. Pompeo would later describe the aircraft deals in an interview as “critical” to obtaining M.B.Z.’s consent to the historic move. And by the time the Abraham Accords were announced, Israel had provided licenses to sell Pegasus to nearly all the signatories.
> Things hit a snag a month later, when the Saudi export license expired. Now it was up to the Israeli Defense Ministry to decide whether or not to renew it. Citing Saudi Arabia’s abuse of Pegasus, it declined to do so. Without the license, NSO could not provide routine maintenance on the software, and the systems were crashing. Numerous calls among Prince Mohammed’s aides, NSO executives, the Mossad and the Israeli Defense Ministry had failed to resolve the issue. So the crown prince placed an urgent telephone call to Netanyahu, according to people familiar with the call. He wanted the Saudi license for Pegasus renewed.
> Prince Mohammed had a significant amount of leverage. His ailing father, King Salman, had not officially signed on to the Abraham Accords, but he offered the other signatories his tacit blessing. He also allowed for a crucial part of the agreement to move forward: the use of Saudi air space, for the first time ever, by Israeli planes flying eastward on their way to the Persian Gulf. If the Saudis were to change their mind about the use of their airspace, an important public component of the accords might collapse.
> Netanyahu apparently had not been updated on the brewing crisis, but after the conversation with Prince Mohammed his office immediately ordered the Defense Ministry to have the problem fixed. That night, a ministry official called NSO’s operations room to have the Saudi systems switched back on, but the NSO compliance officer on duty rebuffed the request without a signed license. Told that the orders came directly from Netanyahu, the NSO employee agreed to accept an email from the Defense Ministry. Shortly afterward, Pegasus in Saudi Arabia was once again up and running.
> The next morning, a courier from the Defense Ministry arrived at NSO headquarters delivering a stamped and sealed permit.
This Novalpina thing has been creating a lot of drama in the past few weeks. It turns out
1) The purchase was done as a leveraged purchase, very odd in the Israeli high tech/startup world. maybe even unprecedented. NSO is about to default on said debt
2) Novalpina are now at odds with Hulio, blaming him on trying to move all of the debt to 3 of the companies "healthy" subsidiaries. Apparently NSO is built like a maze, with lots of smaller companies, some of those aren't on the US ban list, and Hulio is trying to move all of the debt to them. The Israeli courts are now in the mix, trying to figure out who owns what
Unfortunately I couldn't find an article in english, but here is one in Hebrew with the ability to Google Translate
Hard not to view these expiration of permits or recommendations of ethical committees as calculated moves to create leverage and to increase valuations. Especially when within 12 months a 5x return on investment is realized followed by an immediate policy reversal or when the Israelis suddenly gain the blessings of the gulf to annex Jerusalem.
What a shame on every computer scientist involved and every one who is an expert in this domain and. Is staying silent.
You know these efforts don’t work without the involvement of academics and venture capitalists and skilled programmers. And what did they create? A tool that was used to spy on a dissident journalist in order to put together a savage assassination operation.
Shame on the Saudis and shame on their Israeli enablers.
Come on everyone spies. There’s no point in establishing an embassy if you’re not also getting an understanding of both stated and unstated intentions.
I don’t know about all of them, but a quick Google search shows that both Mongolia and Puru have intelligence agencies, which means very likely they have some sort of collection capability for HUMINT and/or SIGINT.
The ones that don’t have intelligence capabilities are probably the exception rather than the rule, and I doubt they’re doing out of good will vs just not having the resources for it.
I can't tell if you're being sarcastic, or genuinely giving a list of minuscule island chains, culminating in the country that's literally the universal metonym for 'middle of nowhere'.
That's not the issue. The issue is the US getting mad at counter-espionage by Uganda while they are themselves engaging in espionage. It's very hypocritical.
That is simply false. Few countries hypocritical about counter-intelligence. You absolutely have to draw the difference between intelligence work and counter-intelligence work. Saying that going after someone for catching your spies is normal is totally insane, no one except the US does it.
If Uganda was spying on the US in the US, then you would have a point. That's not what happened.
But USA is the most hypocritical about it. It systematically spies on its allies, with the exception of Israel and these 2 countries take active measures for some cybertools not to spy on each other. (or Israel tries to make it seem that way).
I guarantee you that the US spies on Israel and vise versa. I'd honestly be surprised if there was a single country both didn't spy on. But I'd say the same about Germany, Australia, France, Spain, UK, Russia, China, and many more.
Hell, DLI teaches Hebrew (once euphemized as "special Arabic" in some settings) [0]. That's not just for exchange/liaison officers... Not to dig up that bucket of worms, but there were Hebrew linguists aboard the USS Liberty.
We don't disappear people under diplomatic cover, we PNG them just like everyone else does. And when we do catch foreign agents without diplomatic cover, we imprison them. Why kill a useful asset that could be traded for someone on our team?
Offensive counterintelligence is not the same as catching a spy and hacking them.
Offensive counterintelligence involves manipulation or long-term disruption of adversaries. Hacking someone's phone doesn't qualify, that's just normal defensive counterintelligence.
>We don't disappear people under diplomatic cover, we PNG them just like everyone else does.
Sure.
>nd when we do catch foreign agents without diplomatic cover, we imprison them. Why kill a useful asset that could be traded for someone on our team?
We both know that's not true. When it's more useful to trade them, that's done. When you want to send another signal, the US is not shy at all about killing them.
> When you want to send another signal, the US is not shy at all about killing them.
What information is this based on? I don't have any particularly strong opinions on this subject, but I can't recall ever reading about anything like this.
What exactly do you want evidence of? That U.S. intelligence agencies disappear people? That they do so to send a message? Or are you asking for specific examples of that happening to foreign intelligence operatives? Because you will never be able to read of an example of that happening - when we learn about people kidnapped by U.S. intelligence agencies, it's only because they were eventually released. It's an inference from the fact that US intelligence agencies kill many people for multiple reasons including sending a message, and that U.S. intelligence has clandestine facilities on American soil where they commit crimes on foreign intelligence operative (See the case of Yuri Noseko) without consequence, which have only been expanded since then - the CIA now has extraterritorial black sites, so nowadays Yuri would simply have been sent to Romania and then no record would be available of his torture unless he was released.
That's a long paragraph, but, as far as I can tell, doesn't contain a shred of the evidence or sources I asked for?
The one concrete detail you mention is 'Yuri Noseko' [Nosenko], who seemingly was a defector imprisoned for three years on suspicion of being a spy and then released. I'm not sure how this substantiates any of your claims. It appears to do the opposite.
Where did I say diplomats? Of course, you wouldn't disappear the diplomats. However, they almost never operate alone - whenever there is a diplomat engaged in intelligence there are almost always other assets without diplomatic status.
Offensive intelligence operations that the US has been conducting in Uganda are, well, offensive in nature, and are thus an attack. Not all attacks are an act of war.
> I think your comment sounds a bit biased that’s all. If you share some light - happy to accept the points raised.
I don't see how it is biased. The US applying sanctions on Uganda after they got caught spying by Ugandan counter-intelligence (under other pretenses, of course) is massively hypocritical. As far as I know using economic pressure to coax a country into accepting espionage is a new low. The US is trying to normalize and establish as basic expectations that weaker countries should just let it spy on them, and that's hypocritical above and beyond the norm.
Agreed, but they are the ones that peddle that way of viewing things to their own population to get what they want, and they should be called out for it.
The US has been using Israel as high-tech offshore military R&D for at least the past 40 years. The US "gives" $4 Billion in "military aid" to Israel each year.
You may also be aware that Israel invaded territory in 1967 which it continues to occupy in flagrant violation of "international law," and that this occupation continues to be violently resisted.
Those are a few of the more salient reasons why Israel is a hotbed of military/cyber/border/security technology. It's all developed, tested, and deployed against a vulnerable occupied population, then sold to the "friendly" (ahem) nations of the world.
I think they have a really strong culture/ecosystem around cybersecurity given the close relationships between the IDF and the startup ecosystem and given how many Israelis serve, there's likely much more understanding (if not interest) of govtech/defensetech compared to the U.S. where it's an all volunteer force and not that much crossover in Silicon Valley and DoD, although lots of folks trying to change that like DIU, AFWERX, SOFWERX, etc.
Russians, Chinese, and Americans prefer keeping these capabilities internal to their militaries. Israel seems to want to use cyber weapons exporting for building diplomatic ties.
And Google's Project Zero is just as productive at finding 0-days - they just conduct responsible disclosure instead of selling the 0-days they discover.
Jews have taken the flack for centuries in Europe, I notice in the West the financials are not looking so good, you know facebook, Bank of England now rolling back the £800+bn quantitative easing (money printing) to support the financial crisis, so a bit of division being whipped up with stuff like this, usually means there's some high level falling out taking place.
If you think the NSO/KSA/and others are the only one's at it, think again.
In the 90's I used to get hassled by the police with more frequent stop and searches pulled over when driving. Why? Because I was learning about firewalls over the dialup internet and of course, GCHQ have total surveillance but playing down capabilities is a valid military tactic.
Never under estimate the military or more importantly the security services in a country. Those shadowy operators who hate the spotlight!
I imagine they cut deals with the spy agencies and other authorities there to be able have much fewer regulations on what they are working on, particularly if they share it at a very discounted price with the Israeli government.
For those who are just being exposed to this stuff, This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth was an entertaining read that covers some of the history in this space.
I recommend the darknet diaries episode “The Athens Shadow Games” where the CIA murdered a Greek telecommunications engineer after their wiretapping of the whole Greek cabinate (including the Prime minister and his wife) was exposed.
That said, I cannot recall Google ever having a breach, a la Yahoo, Sony, and basically most other companies. Does that mean everyone else should use who Google is using?
That conclusion doesn't necessarily follow, fwiw. If you find a password list, then you hash all the passwords and see if any match the hashes you store, now you know if the password found online belonged to someone on your system but at no point did you keep your own system password in plaintext.
Mind you with salt and pepper (roughly, ways to modify the hash and overcome rainbow tables) checking anything other than the very highest frequency passwords found would seem onerous.
That doesn't mean it's stored in plain text. They could be storing a nice hash, and then when the crawler finds your email and password on some site some where, it could try to hash it as if you were logging in and see if it matches.
Salting doesn't matter in this case. They're not finding a list of free-floating passwords and then seeing if anyone has that password; they're finding a list of accounts and associated passwords. So they only have to check that particular combination, just as they would for a regular login.
It's computationally expensive to hash every single possible password, but given a proposed login/password combo, it's not expensive to check just the one. If Google, in crawling, finds a dump of several million accounts and their purported passwords, it's not a heavy lift to check each password.
Its still standing precisely because the outsourced and likely compromised security is far more useful if it appears to be working than if it collapses in an act of digital vandalism.
Is Israel THE go-to haven for security firm and three-letter agencies to arbitrage/bypass surveillance regulations?
If the CIA isn't allowed to do certain things for spying, so ... just have Israel spy on our populace and since we basically fund them and let them spy on us anyway, just make sure their database is open to us?
Where else is there 1) the talent and 2) the relative degree of trust?
There are a lot of stories from my childhood (of debatable ranking on the conspiracy scale) of the dirty pool and awful unconstitutional behavior by the CIA and other agencies.
It is my vague impression that the increased information awareness from the web tempered the bad behavior for a couple decades, but I think the old habits will start reappearing in "cyberspace" once they gain sufficient deniability, and people's live reach a level of "mortal" dependence on it.
>If the CIA isn't allowed to do certain things for spying, so ... just have Israel spy on our populace
You basically described various "X eyes" programs. Western intelligence services are completely out of control.
My country (Denmark) was involved in a similar program with the NSA:
>Danish intelligence (FE) also helped the US agency to spy on the Danish foreign and finance ministries as well as a Danish weapons manufacturer. The FE also cooperated with the NSA on spying operations against the US government itself.
Highest Nobel prize per capita. Has an advanced military intelligence arm and released soldiers are great employees for the IT security sector. These two combined create a strong cyber security presence.
Regardless, I don't know what regulations you refer to when the US and China lead the charge on actively spying on the entire world. The US drags down with it many western countries. Which is how the "5 eyes" was created. And no one bats an eyelash.
After the US was exposed for what the NSA did against its allies, no one was persecuted and the Senate was powerless to do anything. All inquires were met with "classified". So, at best, the propaganda over there convinced one person that there are regulations restraining military intelligence and the CIA.
tech firms actually add presence in israel but ip is usually owned by other entities, outside of israel.
usually the biggest problem with ip in israel, it's in case that there was investment into company/development by chief scientist. it comes with a lot of strings attached and requires payoff to transfer ip outside of state
>When GCHQ does supply the US with valuable intelligence, the agency boasts about it. In one review, GCHQ boasted that it had supplied "unique contributions" to the NSA during its investigation of the American citizen responsible for an attempted car bomb attack in Times Square, New York City, in 2010.
>No other detail is provided – but it raises the possibility that GCHQ might have been spying on an American living in the US. The NSA is prohibited from doing this by US law.
I always try and work with the assumption that the media is lying to me. Mainly by omission. These things are owned by private people and/or are run by people with agendas. There has to be limits to their trustworthiness. I salt every news story that gets served up to me.
Criticizing Israel is a big no-no when it comes to certain issues, but I’m not sure it’s the case here. In this case they seem to be an easy foil to place the blame upon, when other governments are either doing the same thing or are collaborating with Israel to export the development.
For example, Ethiopia literally drone-striked a refugee camp last month and there was almost no media coverage. Compared with the wall to wall breathless coverage of the Gaza conflict last year.
You can always cherry pick news items to depict Israel as bad or as good as you want to. But remember, reality is more complex than what's on the news.
While there are some terrible mistakes, Israel's treatment of Ethiopian Jews is definitely not terrible.
>While there are some terrible mistakes, Israel's treatment of Ethiopian Jews is definitely not terrible.
Our definition of 'not terrible' surely must be different.
I first became aware of the issues this community faces when the news broke last decade about the government sterilizing immigrant Ethiopian women without their knowledge or consent. A matter of record: https://www.haaretz.com/israel-news/.premium-ethiopians-fool...
>How about the time when Israel rescued some 14,000 people of this community in 36 hours from Addis Ababa just before rebel forces arrived at the city?
It was convienent for the regime to do this back then and they left those people to rot as second class citizens. Now that a cold war situation isn't applicable, where is Israel to airlift those in recent conflicts? What support do they get when they arrive? Stop playing out tired old stories from many decades ago, the past is the past, let's get current and see where the work is going?
>My point is that if you get your information only from the news than you are bound to get a biased picture of reality.
You have done nothing to show me that my assessment on this is wrong. Instead you've chosen this dishonest form of argument and been vague this entire time.
Tell us a story then from the ground? You've got a short post history on HN and since this seems to have struck a nerve for you, I'm quite certain you can tell us what good your country is doing for these people. I linked a colonial state news source, an American Jewish news source, and an Israeli news source. You've kept it to vague smears, I'm curious and I want to hear the opposing mindset. So far you've given me nothing of substance, I'm disappointed.
This is comical. Of course more than one person knows about each 0-day at NSO. Maybe they even brought it over from a different place. And they can forward it (for money or ego) to 1000 other people. There truly is no limit, once someone has committed the idea to anyone but themselves
NSO (and the smaller, anonymous companies) are famous for bringing in people from Israeli NSA (8200) or Mossad. Why? They're not just smart, they also have a bank of 0-days in their brains. Even if they're not bringing over actual code, they remember all of the 0-days they were exposed to. There is no way to stop them from "uploading" their knowledge to a new company with a 7 figure compensation package
At some point the UAE figured this out, and Dark Matter opened an office in Cyprus. Offering ex-8200 7 figures (in $) to come build cyber weapons for them, limiting their dependency on NSO and export licenses[1]. The Israeli Govt. was furious but it wasn't illegal to move abroad and work for a foreign country
> NSO (and the smaller, anonymous companies) are famous for bringing in people from Israeli NSA (8200) or Mossad.
Literally every tech company in Israel has people from 8200. I worked at a few mobile game companies, and each had 22 year old kids straight from the 8200.
true, and 8200 is huge, being there doesn't mean much in terms of ability to remotely take over an iPhone
The more accurate description is - these cyber weapon companies bring in the 22 year olds that were building cyber weapons in 8200
Its an elite group of a couple hundred at most. who are then snatched up for their existing knowledge, even if they can't figure out how to find new exploits
also worth stating that Israel has compulsory military service, so a huge number of computer geeks, like you and me, will get into this service for the mandated time rather than the more physical and distasteful alternatives. It's (i imagine) like an enforced first year MIT cyber security course for the majority of people in that service.
In summary, the label of belonging to them means not that much in reality - rather one should look at length of service, age of entry and any subsequent / previous activities when they leave. (basically like any other cybersecurity job, really)
Companies hire people from government agencies for their connections. Government jobs doesn't pay a lot. Thus there is an implicit agreement that if a government employee awards contracts to a company they will eventually be "rewarded" by being hired into a good-paying job with that company. Repeat this process a few times and employees learn the process. You scratch our back and we scratch yours.
I had a thought after thinking about the publicity of this second exploit: If Facebook says iOS is causing $10B loss of revenue (https://news.ycombinator.com/item?id=30190216) then it would be in their interest to hurt the public's opinion on iPhone privacy/security.
The general public worries about Instagram/Alexa listening to their conversations to presumably show them targeted ads.
NSO spyware isn't on their radar, because they simply aren't important enough to be a target. For dissidents, journalists and diplomats on the other hand, it could be a death sentence.
Apple has many competitors and others they deal with, who have many motives. Sans evidence, everything is speculation. Drawing a linefrom a potential motive to action is the stuff of fiction.
If device is jailbroken, and you apply root limit and other things to break standard features. Would it make it harder to exploit an ios?
I would imagine you can do default hardening like modifying the software version label so when the software queries it will be unable to automatically "arm" itself and apply persistence.
Are there any packages/places where this is already discussed?
If not, then I guess I will pick up some older iphone devices and play along - because it seems to be a great point - I highly doubt there is much sophistication in these malwares and there has to be some sanity checks that make it so that if you are targetted it will not "reveal" itself.
And of course the basic one of VPN, and forcing to change the DNS servers which the ios devices operates on.
Any kind of defense would be by chance. You aren't realistically able to "harden" the OS against attacks better than Apple can. Maybe you might be able to confuse some attacks but this would still be basically random luck.
The only thing that I took from this was NSO Group, blacklisted for selling to foreign governments, demonstrated an iPhone exploit and another reason to stay awake in foreign countries.
I am not sure if it was already covered, but at this point one has to assume that every government that can obtain it, will[1]. I do find it odd however that FBI did given some of the more recent revelations about hacks against US using same software.
What are the chances that they bought the vulnerability from the same place? Finding something like that at the same time if it was there for awhile is rather suspect.
It could be reverse-engineered too if they got their hand on an exploited phone, but these firms don't seem to offer any defensive cybersecurity services. It seems to me that would be a great synergy, if they can scoop up exploits used against the customers they are defending, they could then use those exploits in their offensive products.
Assuming NSO would even allow itself to be purchased, various nations would get involved to prevent it. Too many national security issues on the line for them. If anything, Apple would be better off starting up a new office and try to hire individuals within the NSO Group.
Whether poached or acquired, NSO employees are almost certainly already under the influence of Israeli security agencies.
If your players in this hypothetical are Apple, NSO, Israel, and USG—each could probably have a pretty convincing list of arguments for and against. I could see it going either way.
If by "under the influence" you mean alumni of. They're similar to the staff of military contractors in the US, roving from company to company to use all the skills they learned on the inside for massive profits privately.
NSO seems to essentially be a front for Israel's Mossad intelligence agency. They get to wash their hands of whatever NSO does by saying "hey that wasn't a nation state spying, they're a private company and we'll punish them for you don't worry."
For a more public facing version of this from the CIA, look at their unofficial Venture Capital wing: https://www.iqt.org/about-iqt/
It's usually ex intelligence that work in such companies. That being said, that's not how the tools work. Data exfiltration wasn't tracked to the vendor.
You must remember the US' interest in spying and conquest is a rather unique trait. Most countries don't go looking for trouble worldwide.
NSO, while having the blessing of a nation state, is still a private company, but has access to some very high-end exploits that would almost certainly require a very large team to develop and to keep ahead of the fixes. It is just more likely they are going the cheaper route of buying the exploits and copy/pasting them into their system. This way they can outbid most others as they are reselling the exploits multiple times to many different nations - the other potential buyers, e.g. intelligence services are buying only for themselves and are limited in their budgets.
And the people at that company who enjoy developing attacks more than they enjoy defending against attacks would just leave and form a new company, that would then sell its attacks to the highest bidder.
But some people might not decide that this is the career for them. You can't eliminate a threat to iPhone security by buying the company, because you can't enslave its employees.
The closed system is just fancy words for "you don't really own your phone, we do". Doesn't help a tiny bit against the devices getting pwned, if you'll excuse the pun.
Because that's how Apple publicly justifies the closed ecosystem. You and I are savvy enough to know that it's hogwash, but you would be surprised by how many people, including technologists, buy that marketing.
Probably because Apple has invested a lot of money in their "Privacy: That's iPhone" advertising campaign, and used the closed nature of the iOS ecosystem to defend their position in the highly popularized Epic Games v. Apple trial.
Umm if it's zero click why would it need to get on the App Store ? And what does getting something on App Store have to do with the system being open or closed ?
What makes you feel that malicious apps are the only vector for these exploits. The web is open and iOS users can still download files on their devices. Let's disable file downloads altogether and limit people to an alternative "reviewed" web.
Please don't use the flimsiest of excuses to bootstrap an argument for a more restrictive world.
The smaller firms are just alphabet soup remixes of the larger ones. I wouldn't be surprised if they have the same owners, same staff, same offices -- just with a different logo at the top of a second set of business cards.
[0] https://www.haaretz.com/israel-news/tech-news/.premium.HIGHL...