I'm not challenging your assertion, I'm genuinely looking for backing evidence here. Do you have evidence that NSO knows who is being targeted by the tools they sell?
Could you please point out where exactly in this 69 minute podcast do they talk about NSO knowing who exactly is being targeted at any given moment, and what proof is there to back these claims? Could you perhaps quote the transcript?
This is a 69 minutes podcast episode, I'm not in a position to listen to all of it and try and pick out the relevant details. A lot of links are provided, but again - which of those are relevant here? Skimmed through some of them, and they don't even touch on this specific issue at-all?
As I've mentioned before, I'm not challenging your assertions - I'm looking for credible proof that NSO can tell, at any given moment, which specific people are being targeted by the clients/governments to which NSO is licensing its' software.
According to WhatsApp’s filing, NSO gained “unauthorised access” to its servers by reverse-engineering the messaging app and then evading the company’s security features that prevent manipulation of the company’s call features. One WhatsApp engineer who investigated the hacks said in a sworn statement submitted to the court that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data centre was used by NSO.
NSO has said in legal filings that it has no insight into how government clients use its hacking tools, and therefore does not know who governments are targeting.
But one expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp on the case, said NSO’s control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted.
“Whether or not NSO looks at those logs, who knows? But the fact that it could be done is contrary to what they say,” Scott-Railton said.
In a statement to the Guardian, NSO stood by its earlier remarks. “Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients,” the company said. “Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate.”
Adding to this, it's relatively trivial to have encrypted traffic transit your servers without the ability to actually view the traffic. This is basic stuff so I suspect you're not going to find the evidence from people who are citing podcasts...
Correct, and when traffic transits your servers you know where that traffic is coming from (i.e. the target). I found your last comment rude considering the podcast I citied is an interview with citizen lab researchers; the people who research Pegasus malware. The podcast website also contains sources that I also linked to above. It’s “basic stuff” to look into what someone posted before making a comment like yours.
How do you identify a target individual purely from source traffic metadata...? Sure, you can identify them if you've totally rooted a target's phone and uploads all the data such that NSO group can read it - my point is that NSO group could offer transit encryption so long as they haven't backdoored whatever client is being used.
The reason I bring that up is that it's precisely the service you might offer if you wanted more plausible deniability. I still don't consider this hugely complex stuff.
