[HN Gopher] US puts NSO Group on trade blacklist
___________________________________________________________________
US puts NSO Group on trade blacklist
Author : FDSGSG
Score : 380 points
Date : 2021-11-03 14:38 UTC (8 hours ago)
(HTM) web link (www.ft.com)
(TXT) w3m dump (www.ft.com)
| COGlory wrote:
| There's a dead comment from a throwaway that I mostly disagree
| with. Except for this last line:
|
| >This seems like the government outsourcing controversial
| activities to Israel.
|
| It certainly feels that way to me, as well. The US is in a sticky
| situation. This just feels like a standard burn. You're caught,
| now you're out. NSO made too much noise and got cut loose.
| Obviously the NSA and others are going to continue this kind of
| work.
| colinmhayes wrote:
| It makes perfect sense for the US to outsource controversial
| work to the Israeli military industrial complex, just like it
| makes perfect sense for fortune 500 corporations to outsource
| controversial work to mckinsey. Plausible deniability for the
| party that cares about their image, money for the party that
| has embraced the destruction of theirs. I guess the US could
| use domestic contractors instead, but then they'd have to admit
| the contractors were sanctioned when they don't bring criminal
| charges.
|
| I'd be much more worried if US government was found to be
| hacking/assassinating Saudi dissidents, because that would mean
| the leaders of the US government are completely incompetent.
| That's not to say it's not happening, just that it would be
| idiotic for the government to do that themselves when they can
| use foreign contractors instead.
| slg wrote:
| Here is the formerly dead comment[1]. I just vouched for it so
| it is no longer dead. I'm not sure why you would agree with the
| quoted portion and disagree with the rest. The rest is
| documented historical fact.[2]
|
| [1] - https://news.ycombinator.com/item?id=29095907
|
| [2] - https://en.wikipedia.org/wiki/Edict_of_Expulsion
| COGlory wrote:
| 'Jews as moneylenders' has a strong religious context I don't
| see in this story. That's all. Thanks for vouching for the
| comment.
| slg wrote:
| Jews as moneylenders is a stereotype that originates from
| history due to both religious and political motivations
| such as those previously mentioned. I can understand being
| uneasy with that in a modern context. I have also
| criticized people on HN before for equating all Jews with
| Israel or vice versa, but I don't see that happening here.
| The analogy works if the modern equivalent is any other
| country because the primary link is the outsourcing of a
| controversial job and not Jewishness.
| LogonType10 wrote:
| Do you think US intelligence agencies were hindered whatsoever
| by their bad reputation?
| COGlory wrote:
| Absolutely. Look at the Patriot Act. It took a national
| crisis to justify that for them.
| LogonType10 wrote:
| What did they do after the patriot act that they weren't
| doing before it?
| sol_invictus wrote:
| Yep. Also see: Wuhan lab, and the US ties to it.
| rougka wrote:
| NSO is a private company which is unrelated to the US
| intelligence relations with Israel, there's no outsourcing here
| and it actually makes more sense NSO causes major headaches to
| the US (see murder of Khashoggi) than otherwise
| [deleted]
| frankfrankfrank wrote:
| If this were not just an utterly meaningless exercise, every
| single person that has ever worked at or with the NSO group
| should be blacklisted and untouchable to send an actual signal
| and make the consequences of participating in such activities
| actually meaningful and consequential.
| FDSGSG wrote:
| This has some meaningful consequences. It makes NSO and any
| money that has touched NSO poisonous. It's not illegal to
| touch, but few banks will want to work with you.
|
| If you're an employee receiving salary payments from NSO,
| expect your bank to be unhappy with you.
| bberenberg wrote:
| That isn't what the Entity List does. See
| https://www.bis.doc.gov/index.php/policy-guidance/lists-
| of-p...
| funnyflamigo wrote:
| Does this mean you can still work with them, you just
| require a license first?
| [deleted]
| FDSGSG wrote:
| This is very much what the entity list does _in practice_.
| Any company listed on the entity list is an _incredibly_
| high risk client.
|
| Just like a NYT article accusing you of being a terrorist
| does not carry any _official_ repercussions, it will
| certainly ruin your banking relationships.
| bberenberg wrote:
| I don't know enough about this topic, can you show any
| evidence of this? Maybe through a bank's policy docs or
| something along those lines?
| alwayseasy wrote:
| McKinsey has a rather generalist and reader friendly take
| on it that won't break any laws: If you look at their
| Exhibit 1, "Sanctions" is clearly a contributor to high
| risk in AML/CFT models. As your link showed, the Entity
| List is one of the first sanctions list created with CFT
| in mind.
|
| Source: https://www.mckinsey.com/business-functions/risk-
| and-resilie...
| FDSGSG wrote:
| I can't show evidence, but I don't have to because this
| is incredibly obvious to anyone with basic banking
| experience.
|
| FWIW It is practically illegal for banks to discuss their
| AML/KYC practices, nobody is going to go into detail
| about this.
| jcrawfordor wrote:
| It's a very well-understood aspect of the financial
| industry that banks use a combination of in-house
| departments and outside providers to perform background
| research on their clients. The depth and breadth of this
| research depends on the size of the financial
| relationship. Things like searching for domestic and
| foreign news articles that mention the client, and
| particularly flagging any that indicate a suspect
| business history or suspect relationships, is basically a
| minimum requirement for a significant client under
| today's AML/KYC framework. It's almost explicitly
| required since there are regulatory requirements
| pertaining to politically exposed persons (PEPs), and the
| standards for identification of PEPs directly relate to
| public profile. i.e. if you are frequently mentioned in
| the newspaper, even purely positively, a bank is going to
| have to perform additional diligence.
|
| Since checking all manner of sanction, exclusion, risk,
| etc. lists published by the government is trivially
| automatable it is basically a minimum standard, and even
| the simplest KYC systems are going to flag customers that
| appear on any of these. For more significant clients
| additional databases and analyst resources will be used
| that are likely to uncover a relationship with such
| entities, especially a simple and easy to check one like
| prior employment.
|
| This is a world with few black and white rules, and banks
| are mostly not outright prohibited from providing
| services to high-risk customers. But higher and higher
| levels of approval will be required, and the bank will
| have to go into the situation knowing that they will
| incur extra costs in terms of analyst time, compliance
| work, and ultimately liability of potentially huge
| amounts of money. It will be difficult, although maybe
| not impossible, to convince a bank to work with you.
| Everything will end up costing you more. You will have to
| be very cautious because banks will sometimes change
| their risk evaluations and decide to terminate the
| relationship, and you will have to figure out how to
| start your banking relationship over somewhere else.
|
| While all of this is required under various laws
| (federally things like the BSA, PATRIOT act, etc),
| statutes are intentionally vague about the requirements
| both because banks are encouraged (and pretty much
| required) to perform internal research and development to
| improve their AML/KYC methods, and because the system
| operates in part on secrecy - bank clients need to not
| know how AML/KYC analysis works in much detail or they
| may find a way to structure around it. Banks also share
| information with each other and with governments, much of
| which is done under strict confidentiality agreements for
| several different reasons.
|
| Banks that get this wrong can lose hundreds of millions
| and occasionally even billions of dollars, so there's a
| lot of hesitance to take on risk. It's also generally
| perceived that enforcement is becoming more aggressive
| over time, not less.
| lordofgibbons wrote:
| I think you might be mixing up trade imbargo with a sanction.
| tyingq wrote:
| Perhaps confusing it with the OFAC list, which is directly
| about banking and blocking transactions for named entities
| and individuals.
| FDSGSG wrote:
| Not confusing with the OFAC list. Being on _any_ list
| makes you a toxic customer.
|
| Yes, there are other designations which would carry even
| worse repercussions.
| JumpCrisscross wrote:
| > _I think you might be mixing up trade imbargo with a
| sanction_
|
| Being employed, or even having been employed, by an entity
| on the BIS's Entity List will make doing business in U.S.
| and in U.S. dollars expensive and tedious. At the very
| least, you will impose ongoing additional costs for every
| financial institution you interact with.
| FDSGSG wrote:
| Of course not, I'm simply pointing out that this certainly
| places you in the "super high risk" category as far as any
| KYC procedures go.
| eli wrote:
| It means, among other things, that no US company or person can
| sell them technology or offer technical services under threat
| of significant penalty. How is that meaningless?
| more_corn wrote:
| Furthermore this means that US police departments and
| intelligence agencies will be banned from purchasing and
| deploying NSO spying tools to attack their own citizens.
| worik wrote:
| Trade protection?
| e0a74c wrote:
| That probably just means that they don't need these tools
| (because they helped develop them or have something much
| better/scarier already). These types of laws/export bans
| only exist because the security community allows it.
| shlurpy wrote:
| Companies can be disbanded and reformed. The people in charge
| can distance themselves from the "failed" attempt and make a
| new, nonblacklisted one. That's why punishment and
| blacklisting has to extend to decision-makers, rather then
| flimsy symbolic entities.
| JumpCrisscross wrote:
| > _Companies can be disbanded and reformed_
|
| This is the U.S. Treasury. The concerns you're worried
| about have been contemplated.
| tgsovlerkhgsel wrote:
| Exactly. Which means that it's intentional to leave this
| relatively meaningless, more posturing and a slap on the
| wrist instead of an actual punishment for the people
| involved.
|
| If they really wanted to stop this kind of activity,
| they'd sanction the individuals involved. This would
| deter others from forming a successor - would _you_
| accept an extremely well paid job if there was a risk
| that the US will put you on its official international
| shitlist for that?
| JumpCrisscross wrote:
| > _it 's intentional to leave this relatively
| meaningless_
|
| That's not how the Entity or SDN lists work. Every
| individual ever employed by NSO Group is going to start
| having difficulties with their bank and securities
| accounts starting today. Affiliation with a blacklisted
| entity moves you from "person who does not generate hits
| on OFAC" to "person who does." For many institutions,
| that's a dealbreaker.
|
| You can't get around a blacklist by shutting down shop
| and re-starting under a new name. These are old, battle-
| hardened tools originally designed to go after state
| actors. The loopholes have been thoroughly explored.
| eli wrote:
| In this hypothetical, creating a new entity seems like a
| fair bit of work, but adding the new entity to the list so
| it faces the same controls is trivial. What am I missing?
|
| I certainly wouldn't send technology subject to export
| control to anyone I knew to be a part of NSO Group or any
| successor.
| shawnz wrote:
| If this was done as a reaction to changing public opinion
| and not genuine concern, then it will be a while before
| public opinion catches up with the new entity.
| alwayseasy wrote:
| I doubt the people at the US Treasury would be blind to
| such an obvious maneuver. Not matter what the public
| opinion says I think they won't let NSO try and evade
| their blacklist.
| golemiprague wrote:
| Basically the US didn't like the competition, they are going to
| do the same things only with American companies. They don't
| really mind when Google are spying their users and has the power
| to control information so suddenly they care about some spying
| software?
|
| This is not the first time the US is clipping the wings of the
| Israeli security industry, it is part of the dance between the
| too nations, if Israel wants the support they need to stop
| compete.
|
| In general Israel doesn't need the American money and considering
| the racism against Israelis among the progressives and the
| extreme right maybe it is about time that Israel should
| reconsider their alliance with the deteriorating American empire.
| DerekL wrote:
| TIL there's a spyware company called Candiru.
|
| https://en.wikipedia.org/wiki/Candiru_(spyware_company)
|
| https://en.wikipedia.org/wiki/Candiru_(fish)
| boardwaalk wrote:
| Considering how powerful politically Israel is in the US and how
| seemingly the NSO Group was government-sanctioned, this seems
| crazy to me.
|
| I would not be silly enough to think this means less
| unconditional support for Israel in general, though. NSO Group
| just specifically got too toxic.
| goboronshka wrote:
| Israel is hardly powerful in the US. US foreign policy is
| overall pretty antisemitic. Israel would own half of Egypt at
| least if the US didn't drive them out in the Yom Kippur War.
| sudosysgen wrote:
| Without US support Israel would have had to deal with the
| full might of the USSR.
| KoftaBob wrote:
| You are either unbelievably uninformed, or you're purposely
| spreading nonsense to defend Israel.
| GhettoComputers wrote:
| I have never heard once of an Israeli who thought Egypt
| belonged to them after the war. This viewpoint is so
| foreign from any Israeli I ever spoken to it's completely
| new.
| KoftaBob wrote:
| > Israel is hardly powerful in the US. US foreign policy
| is overall pretty antisemitic.
|
| I was speaking more so to this first part of their
| statement. Someone making this claim is very uninformed
| on geopolitics.
| servytor wrote:
| In 2020, we gave more foreign aid to Egypt + Jordan than we
| did to Israel[0], for the others that are going to bring up
| foreign aid.
|
| [0]: https://foreignassistance.gov/cd
| daemoens wrote:
| You're combining both countries though? Israel was still
| the largest receiver in the region.
| obiwan14 wrote:
| > Israel is hardly powerful in the US.
|
| In the words of a famous ex-tennis player, "You can't be
| serious, man. You can not be serious!"
|
| I don't know any other country able to influence US domestic
| and foreign policy more than Israel. Feel free to name one.
| GhettoComputers wrote:
| Says whom?
|
| Israelis themselves prided themselves on invading but with
| every intention to not take Egyptian land. Israelis weren't
| driven out, they beat Egypt to show their power and created a
| good relationship with them. No Israeli I have ever talked to
| says half of Egypt should have been theirs or the US drove
| them out, they always make a point they bargain and prefer
| peace.
|
| I'd like you to define how US policy is "antisemitic". Why
| are these horrible US antisemites giving Israel military aid
| and money?
| baybal2 wrote:
| Very much so, a paradox given millions flying in defence aid
| to _both_ Egypt, and Israel.
|
| The kind of lobbyists in Washington are not rooting for the
| secular state of Israel, but pretty much specifically for the
| orthodox Haradrim, or the kind of Neftali Bennet.
|
| Equally so, Israelis hating Arabs don't preclude them
| propping up the criminal Saudi _state_ , and a small portion
| of Saudi elites who hate Turkey.
| handrous wrote:
| Israel and Egypt both being top recipients of US aid is
| part of the peace arrangement. Egypt is by far Israel's
| strongest neighbor, militarily. No coalition of neighboring
| states has any chance defeating Israel without them, so the
| US pays Egypt not to mess around with Israel.
| GhettoComputers wrote:
| Egypt was defeated by Israel who had no intention of
| keeping their land, and they have had a better
| relationship than most other countries in that region for
| a long time.
| handrous wrote:
| OK? The US aid arrangement is also part of the whole
| thing, though.
|
| [EDIT] Oh damn, when did Jordan rocket up the list of US
| aid recipients? I gotta start keeping up with
| geopolitical shenanigans again, I'm clearly behind the
| times. But yes, the Egypt thing was, if not publicly the
| case, one of those open-secret things that're taken for
| granted in poli-sci and policy circles, like "Israel has
| nukes", or "the US removing MRBMs from Turkey was part of
| the deal for keeping Soviet nukes out of Cuba". The US
| pays Egypt not to mess with Israel.
| GhettoComputers wrote:
| It's as useful as the money they used in Afghanistan.
| This isn't the 70s anymore. Egypt isn't incentivized to
| battle Israel, and Israel isn't incapable of defending
| itself.
| handrous wrote:
| It wasn't incapable then, either. Clearly. But this takes
| some of the heat off them, and discourages Egypt from
| permitting--or encouraging--non-conventional anti-israel
| forces within its borders, or abroad, even as its
| domestic politics shift (no-one wants to shut off the
| money hose).
| [deleted]
| goboronshka wrote:
| And in return for said aid, Israel has become an American
| puppet and stays about the size of New Jersey without us
| having to use force. Between sending in troops and paying
| them, the US decided to pay. Imagine if a bully promised to
| not beat you up as long as he could pay you a small sum to
| sit in a corner in a fetal position all day. These politics
| are a lot more complex than you're making them out to be.
| GhettoComputers wrote:
| If the US hated Israel it wouldn't have supported its
| creation, and last I checked the US is paying Israel not
| the opposite. Your analogy is stupid and pointless. Are
| you crying in a fetal position all day making analogies
| out of your own delusional fantasies?
| yyyk wrote:
| >If the US hated Israel it wouldn't have supported its
| creation
|
| The US did not support Israel past the original vote,
| rather it tried to push a series of measures that would
| have been detrimental to Israel. At the time Israel was
| far more reliant on the USSR.
| GhettoComputers wrote:
| So it supported its creation just like I stated? What
| kind of antisemite country supports the creation of
| Israel? Do non antisemites by that logic not support the
| creation of Israel?
| yyyk wrote:
| I never said the US was an antisemitic country? Both that
| and 'the US unconditionally supports Israel' are myths.
| The US position is occasionally cynical but consistent
| and unemotional.
|
| Anyway, the US policy at the time was determined by the
| State Department which was very anti-Israel for various
| reasons. Truman overrode them for the US vote, but was
| too busy with other affairs to set policy afterwards.
| GhettoComputers wrote:
| My mistake I thought you supported the person that I
| originally responded to. Is that why they had kibbutz? I
| know Israel was more communist at the beginning and it
| even worked for a while, but they ended it. I remember
| Milton Friedman talking about how he liked Likud in the
| 60s.
| yyyk wrote:
| Well, that was the local Socialists' idea of how to
| implement "a new society", not much to do with the USSR.
| It couldn't scale for obvious reasons, and their own
| descendants abandoned this almost entirely.
| goboronshka wrote:
| Yes sorry I mistyped, it was early, I meant the bully
| pays you to sit in the corner, otherwise he beats you up.
| Sure he's paying you, but it's still clearly coercive.
| GhettoComputers wrote:
| Israelis don't see the US as a bully. I have never heard
| of this viewpoint, Israel has settlers, it has borders,
| and if it chooses to change its borders the US won't be
| the bully, it will be a battle with the other countries
| in the middle east. I don't get any of your points, you
| are complaining about money that Israel takes and how its
| coersive, so you don't have to take the money?
|
| Trump moved the US embassy to Jersusalem, and the US
| gives billions of aid to Israel. What is your criteria
| for "antisemitism"? If accepting the capital of Israel,
| giving money, military aid, is your definition of
| antisemetic it dimimishes Nazis activity if you group aid
| into "bullying" and "antisemitism".
| yyyk wrote:
| Basically his position, when you strip out the
| inflammatory rhetoric, is that the US wants to keep
| Israel weak and dependent on US aid. i.e. Get Israel to
| make concessions (say returning the Sinai to Egypt), the
| US covers up for that with aid, but the aid can always be
| withdrawn (say if Israel dares make the US upset, or if
| some radical President is elected), leaving Israel
| dependent, and at risk in the long term.
|
| I don't think that accurately describes US policy
| anymore, if it ever did. Modern day US administrations
| have withdrawn from the world, and that means their ME
| policies are not determined by reality, but by domestic
| ideologies and domestic political considerations.
| Minor49er wrote:
| On the contrary, the US gives $3.8 billion to Israel every
| year in military aid alone
|
| https://ifamericansknew.org/stat/usaid.html
| miohtama wrote:
| > NSO Group just specifically got too toxic
|
| It would never have happened without good Western journalism.
| Basically NSO was allowed to operate unless they screw up.
| Which they did with all the scandals, making Israeli look like
| crooks.
| Fnoord wrote:
| I'd put the attribution mainly on Citizen Lab [1], and
| they're not what I'd call Western journalism. Without them,
| there would've been nothing to report on. Ie. they did the
| technical research, and the funding behind such technical
| researchers.
|
| [1] https://en.wikipedia.org/wiki/Citizen_Lab
| wizzwizz4 wrote:
| I considered Citizen Lab journalists when they came out
| with this. Highly-technical investigative journalists,
| maybe, but they _were_ doing investigative journalism.
| _wldu wrote:
| It seems there is no safe cell phone. They all run closed source
| software, written in unsafe languages (C and C++) and can be
| abused by cyber criminals and governments to spy on and track
| people at will.
|
| Why do we carry these things in our pockets?
|
| And I'm not convinced Signal or any other privacy protecting app
| is really useful. If we assume all cell phones are owned (or can
| be at any time) then the criminals own all the private keys on
| the phones as well.
|
| It's impossible to have private communications with a cell phone.
| badRNG wrote:
| > They all [are] written in unsafe languages (C and C++) and
| can be abused by cyber criminals and governments to spy on and
| track people at will.
|
| All major OSes (regardless of formfactor) that a consumer uses
| are written in C.
|
| All languages, including C, are "unsafe" if the standard is
| that software in said language can be written in an unsafe way.
| Writing an operating system, firmware, or embedded software is
| a fundamentally different category of activity from writing
| some CRUD app (other than unhelpfully sharing terms like
| "engineering", "language", and "software.") OSes are written in
| C because the task demands it; the reason that there isn't a
| Javascript-based kernel isn't an arbitrary one. Perhaps Rust
| will change the game at some point, however as it stands, it
| doesn't make any sense to draw a distinction between OSes
| written in so-called "unsafe" and "safe" languages.
| GhettoComputers wrote:
| Programming languages won't stop triangulation. The
| assumption of privacy is not rooted in any fact. In Japan
| people can disappear if they want to because of the culture.
| Privacy is a culture. You can't use tech as the panacea,
| because the US is not inherently culturally private. Privacy
| occurs because others aren't tracking you, if you're being
| traced by computers, motivated people with advanced tools,
| living in a world where you're supposed to share and a
| paparazzi celebrity culture, you're not going to get privacy
| no matter how "safe" you program your memory to be.
| LogonType10 wrote:
| GrapheneOS runs all open source software (no closed source
| Google code), doesn't phone home to Google, doesn't allow for
| targeted updates based on IMEI, has strong app memory
| isolation, and isn't vulnerable to run of the mill NSO zero
| days. Buy a Mint Mobile SIM card with cash and boom, anonymous
| phone not tied to your name.
| GhettoComputers wrote:
| Yet you're connecting to T-mobile towers and having your
| location tracked 24/7. How is that in any way private?
| LogonType10 wrote:
| My phone is in a faraday bag when it gets anywhere close to
| my home or place of work. Even if you were bulk collecting
| cell tower data and location data you couldn't identify my
| phone, it's lost in the noise.
| GhettoComputers wrote:
| Your disconnects will flag it in the metadata. You don't
| think they can identify phones in bulk collection? What
| evidence is there of that?
| LogonType10 wrote:
| >Your disconnects will flag it in the metadata.
|
| This would make too many false positives, for which you'd
| have to do in person surveillance to verify.
|
| >You don't think they can identify phones in bulk
| collection? What evidence is there of that?
|
| It doesn't matter if a cell tower can read your IMEI. It
| matters if that IMEI can be associated with your real
| name. Have you seen anyone's location data successfully
| correlated with a real identity when that location data
| doesn't include travel to residence or place of work? If
| you can solve this problem, you can sell it for more
| money than you could fathom.
| GhettoComputers wrote:
| You don't think they can match location data with
| metadata and figure it out? Circumstantial evidence is
| easily used to figure it out.
| LogonType10 wrote:
| >You don't think they can match location data with
| metadata and figure it out?
|
| Automatically, with dragnet surveillance? Not a chance,
| the search space is too huge. But if you think it's so
| easy, feel free to try building this and selling it, you
| would become the next billionaire.
| GhettoComputers wrote:
| Already made. It's automatically matched to other
| databases like apartment records and other public
| information. Signature electronic radiation leak is
| easily traceable, probably logged unless you never
| connect it to any other devices. The delusion you have
| about being private while having a device that tracks
| your location has no logic or evidence of privacy.
| Expecting cell phones using cellular towers for privacy
| is the equivalent of joining a botnet and saying you're
| private if you block the signal occasionally.
| LogonType10 wrote:
| Please don't be snarky and assume the weakest possible
| interpretation of what someone says (I already talked
| about faraday bags near residences and workplaces).
| Repeatedly calling another's argument delusional without
| substantive discussion isn't helpful and it's not what
| people use HN for.
|
| https://news.ycombinator.com/newsguidelines.html
| GhettoComputers wrote:
| You say snarky things like build a database, it'll make
| you a billionare, (which already exists) to track you
| that you were ignorant about then try to feint innocence
| and attack my conduct?
|
| There is no snark in facts. You're connecting to a
| triangulating system that traces your location and expect
| privacy if you use some open source android distribution
| which you assume has zero bugs that others can't exploit
| and trace you. That is delusional. The device has a
| signature electronic radiation that is easily
| identifiable whenever its on, which you ignored as a
| method of tracing.
|
| There is zero factual evidence that you can be private
| when using cell phones at all. It is a delusion with no
| basis. You don't make any substantive arguments that
| proves privacy aside from hopeful/delusional assumptions
| that aren't sourced or prove any privacy. You think
| buying a sim card with cash is enough to protect your
| identity when stores have cameras and your fingerprint is
| on cash? Where is your evidence that you are private?
| GhettoComputers wrote:
| >It seems there is no safe cell phone. They all run closed
| source software, written in unsafe languages (C and C++) and
| can be abused by cyber criminals and governments to spy on and
| track people at will.
|
| Why should we have any expectation of privacy when we use a
| cell phone at all? It is triangualating your location 24/7 even
| if its not a smartphone. When/why did we expect them to be
| private in any way? How can you expect privacy when your
| location data is being broadcast and you're carrying a tracking
| device?
|
| >Why do we carry these things in our pockets?
|
| Its worth it for the tradeoffs.
| [deleted]
| WaitWaitWha wrote:
| This will impact Title 28. Will it impact Title 50?
| DisjointedHunt wrote:
| The programmers who i've read about getting hit with penalties as
| a consequence of working with companies such as NSO or with
| governments such as the UAE seem to be exposing a significant gap
| in the US' treatment of their most prized minds.
|
| The NSA and other government agencies seem to not be attractive
| from the point of view of a great place to work and the money to
| be made in the private sector in the US alone is thin. . .
| economic forces dictate that supply will meet demand especially
| when the demand is rich middle eastern wealth.
|
| There is no obvious "red team" or similar career for these people
| in the US to help defend the nations systems for a fee. All
| government contracts for cybersecurity go out in tenders that
| prioritize entities that can navigate the complex logistics of
| filing a response with the Government and working their way.
|
| That's the biggest concern for me seeing this pattern emerge. On
| the specific entity here, the NSO group being blacklisted, that
| will change little. There is a systemic risk of us continuing to
| lose great talent to more attractive ventures.
| 2pEXgD0fZ5cF wrote:
| I wouldn't say that being the most morally bankrupt (actively
| working on the attack on journalists, critics and minorities)
| automatically qualifies someone as a "most prized mind", it's
| not like they are developing all of those zero days inhouse,
| they buy them for the most part.
|
| It seems to me like you are overestimating the skills of people
| that just don't have any moral barrier while underestimating
| the skills of many proper security researchers. Companies like
| NSO are most of the time able to do what they do because they
| shake the right hands and get the right support (or the right
| people to look the other way), not because they have some
| special people that you can't find anywhere else.
| shmatt wrote:
| These are the same people (ex 8200 - Israeli NSA) who sell
| security startups for 9 figures within a year of opening them.
| Then the next year open another one
|
| The same people are playing both sides
|
| It's not like the government doesn't purchase private sector
| cyber security. It's just 1 group of very smart people doing
| all the work for both sides
| DisjointedHunt wrote:
| I'm not speaking about the founders. I should have been more
| specific. The talent in the NSA that leaves and ends up
| working for the UAE, as an example[1]
|
| [1]https://darknetdiaries.com/episode/47/
| [deleted]
| gad0lin wrote:
| Episode 100 of darknetdiaries is devoted to NSO and talks
| about usage of Pegasus in Mexico and other countries
| https://darknetdiaries.com/episode/100/
|
| I think there might have been pressure on NSO as part of
| trial of Google|Fb.. against them.
| https://www.theverge.com/2020/12/22/22194930/microsoft-
| googl...
| dpratt wrote:
| I'm not particularly bothered by losing access to the kind of
| 'prized mind' who sees no problem with creating tools to
| enforce a totalitarian state.
|
| I find it logically untenable that a 'prized mind' would not be
| completely aware of the types of things they were building and
| the intended usage thereof. If they aren't smart enough to
| figure it out, then we're not losing access to some particular
| genius. If they are smart enough to figure it out and continue
| to contribute to the work they have become complicit at best,
| and likely are an amoral psychopath.
| boomboomsubban wrote:
| As I doubt the US needed the recent stories to know what the NSO
| Group was up to, this will cause similar groups to treat any
| potential leak source with even more hostility. The US is making
| it clear that targeting dissidents, journalists or activists is
| fine but getting caught is a problem.
| fishtacos wrote:
| > The US is making it clear that targeting dissidents,
| journalists or activists is fine but getting caught is a
| problem.
|
| What's that saying? "Better late than never."? Or how about
| "Never let perfect be the enemy of good."?
|
| Obviously the US intelligence agencies knew about this well
| before the public did... and while I'm not quite ready to put
| this all on the goodwill of the Biden administration, it's also
| a reminder that civilian leadership changes do effect change,
| despite all the "Deep State" nonsense going on these days.
| syshum wrote:
| >>despite all the "Deep State" nonsense
|
| You believe it is nonsense? I figured it was just generally
| understood that the President is more or less powerless
| really at this point, This is not new under Trump, hell this
| really was that way before 9/11 but accelerated ALOT after.
|
| NSA, CIA, FBI, etc do not really answer to elected officials,
| I am surprised people still believe they do
| worik wrote:
| Life is not binary, just because the president isn't an
| absolute monarch doesn't make him powerless
|
| The USA system was designed to balance powers between the
| three branches of government.
|
| Turns out there is a fourth branch: Bureaucracy
| syshum wrote:
| >Turns out there is a fourth branch: Bureaucracy
|
| yes that is also known as the Deep State, which the grand
| parent claims is "nonsense"
| xxpor wrote:
| It responds perfectly well to people that understand its
| knobs. But when you elect a guy who's never been in a
| government position before, is it really any surprise he
| can't bend it to his will?
|
| It's like if you pulled someone random off the street and
| made them CEO of a Fortune 500. Do you think the entire
| org would just turn on a dime and listen to them? No
| chance.
| syshum wrote:
| There is a bit of unrealistic faith there... even if a
| president knows how to turn the knobs the bureaucracy has
| its own beliefs and positions, and can absolutely slow
| things down to where it is impossible to make the change
| if the bureaucracy does not agree with the change
|
| So sure it may not be outright insubordination, but the
| result is the same
|
| They can also use other levers to ensure any they dislike
| fails, etc....
|
| This is the deep state, where if the bureaucracy does not
| like a policy they can and do resist it.
| xxpor wrote:
| Seems like that'd be a good incentive to not align your
| political axis around educated vs uneducated.
|
| As for simply installing uneducated people in the
| bureaucracy instead, that's how you end up with the
| Soviet Union.
| syshum wrote:
| I am not sure where educated vs uneducated comes into
| play here. I know the media seems to play this up and it
| seems you buy into this narrative.
|
| Also I resist the idea that attaining a degree, any
| degree, qualifies as "educated" and anyone that has not
| attained a degree is "uneducated" that type of
| credentialism leads to all kinds of negative outcomes,
| and false assumptions. Which is the metric the media uses
| to label the electorate is "educated" or "uneducated".
| There are a huge number of people that have high levels
| of informal education, and there are people that have
| degree's that one can objectively argue are uneducated by
| any reasonable measure.
|
| So over all I reject completely on different levels the
| entire premise of your comment
| JumpCrisscross wrote:
| > _yes that is also known as the Deep State, which the
| grand parent claims is "nonsense"_
|
| "Deep State" implies more than acknowledging the
| bureaucracy. It's the claim that the bureaucracy is
| unresponsive to, or even controlling over, our elected
| leaders. (And presumably, the courts, though I don't tend
| to see that part addressed in common tellings.)
|
| If you don't believe the latter bit, using the term "deep
| state" unnecessarily tarnishes the credibility of your
| argument. (Federal bureaucracy is a more neutral term.)
| rougka wrote:
| Life is not binary, just because the president isn't an
| absolute monarch doesn't make him powerless
| Hikikomori wrote:
| You can always count on the Americans to do the right thing,
| after they've exhausted all other options.
| mc32 wrote:
| What about everyone else, goody two shoes?
| psadauskas wrote:
| Its a quote, usually incorrectly attributed to Winston
| Churchill.
| https://quoteinvestigator.com/2012/11/11/exhaust-
| alternative...
| shlurpy wrote:
| On the subject at hand, Israeli misdeeds in international
| law, I think the USA has been and continues to be
| uniquely dedicated to doing the wrong thing at all costs.
| mc32 wrote:
| Unique compared to? Costa Rica? Ok. Compared to Iran,
| Russia, China, Turkey, Saudi Arabia, Cuba, etc...
| buran77 wrote:
| It's telling that you have to pick Iran, Russia, China,
| Turkey, Saudi Arabia to show that the US is not unique in
| their actions. Especially since 2 of those countries are
| close US allies. That's a very interesting bar to set,
| and very unflattering company.
|
| I mean you're correct, all superpowers will eventually
| resort to the same tactics to get, maintain, or increase
| their power, even if some are able to give them that
| fresh, clean smell. But having those countries as a moral
| baseline doesn't paint the bright picture you're looking
| for.
| mc32 wrote:
| It's telling but not in the way you think it's telling.
|
| Anyone who has power wilds it: colonial France, Spain,
| Japan, etc.
| buran77 wrote:
| You should also learn when to stop digging, especially
| when you're in the hole.
|
| Again it's _really_ telling that you had to move to
| comparing today 's US to decades or centuries ago France,
| Spain, or that country on which you had to drop 2 atomic
| bombs to get it to stop. Is everything acceptable today
| because it was done in the past? And if it's not
| acceptable than what point are you trying to make? That
| it's abysmal but at least that totalitarian regime is
| also doing it?
|
| Ted Bundy, John Wayne Gacy, or Jeffrey Dahmer had power
| and wielded it. But whenever you are desperate enough to
| make yourself look good by comparing to them you lost the
| battle before it began.
| buran77 wrote:
| The snark is unwarranted. The US has far more political,
| economic, and military power than any other country.
| Stands to reason that more is expected from them
| especially when "morality", "freedom", "rights", "doing
| the right thing" etc. seem to be the publicly stated
| cornerstones of most US initiatives. Do you think Denmark
| putting something on a blacklist will have anywhere near
| the same effect?
|
| Also your question is rarely asked when the US is doing
| something... questionable but certainly to their
| advantage when the rest of the world didn't do. It seems
| unfair to bring up the "whatabout" argument only when you
| feel insulted especially since it's not a strong defense
| to begin with, it's even weaker in this particular case.
|
| If you _can_ do the right thing but decide to put your
| morals to sleep for as long as it 's advantageous to you,
| then any positive spin (like protecting "the rules-based
| international order") is just a spin.
| LogonType10 wrote:
| America prosecutes American hackers who hack foreign
| nationals. This already gives them the moral high ground
| over their peers. See: Russian ransomware gangs that are
| _de facto_ state sponsored. Cyberspace is a new frontier
| that wasn 't built to conform to your sense of right and
| wrong.
|
| >questionable but certainly to their advantage when the
| rest of the world didn't do
|
| They would if they could.
| trasz wrote:
| >America prosecutes American hackers who hack foreign
| nationals
|
| America prosecutes the NSA? :-D
| LogonType10 wrote:
| I'm not sure what point you're trying to make. Was this
| supposed to be a funny joke?
| boomboomsubban wrote:
| The NSO Group is clearly being punished for being caught. If
| you agree that the intelligence knew about this earlier, they
| could have punished them years ago and prevented basically
| all the intrusions found in the leaks.
|
| And taking the most favorable view of the Biden
| administration on this move, "Biden punishes foreign private
| competitor to US intelligence agencies" wouldn't be a sign of
| him addressing US intelligence.
| bosswipe wrote:
| Oh thanks for the Biden mention. I was confused by your
| convoluted yet harsh complaint about the US for this
| action, but now I see it was more of a partisan thing.
| schawtz-dkk wrote:
| Im sure boom boom would also criticize the last President
| for failing to do the same thing. Mentioning a government
| official who belongs to a party doesnt make you a
| partisan for a different party. That would be a shallow
| dismissal of his valid point.
| boomboomsubban wrote:
| The person I was replying to brought up the Biden
| administration, I personally don't think any president in
| the last fifty years would have handled this differently.
| 10xrubberduck wrote:
| People really think this will have an impact? Look at post
| snowden leaks, on orgs that dissolved and what new orgs popped
| up around the world (and even some ex-employees, moved from one
| country to another to the new orgs). I live in a country that's
| deep into all this, so I am not going to put any names or links
| here, but search HN historic links a bit and you see them.
| more_corn wrote:
| As long as attackers are sending their exploits to their
| targets they're going to have trouble remaining in the shadows.
| Perhaps if we continue unmasking the attackers they'll think
| twice about operating so brazenly.
| snarf21 wrote:
| This feels a lot like faux outrage. "How dare they!!! That's
| our job!!"
| md_ wrote:
| There's every reason to be skeptical of the US government's
| use of spyware, but at least it is, notionally, a democracy
| responsive to its citizens. A for profit company selling to
| the highest bidder is surely even worse, no?
|
| Like, yeah, I want nuclear weapons to be abolished. But if
| NSO were selling briefcase nukes to everyone interested, I
| wouldn't say, "but what about the SAC?"
| xxpor wrote:
| Who said life's fair?
|
| The fact of the matter is, given the way the world works, you
| probably don't want to piss off the US Treasury Department.
| atmosx wrote:
| Assumed innocence is one of the pillars of the justice estate
| and public relations. I believe it's a sign of civilisation.
|
| I know that in this case puts the whole thing in a bad light,
| but still as a principle assumed innocence is worth preserving
| IMHO.
| tptacek wrote:
| It's hard to punish people for _not_ getting caught.
| boomboomsubban wrote:
| I'd guess that the NSA had already caught them.
| JumpCrisscross wrote:
| > _US is making it clear that targeting dissidents, journalists
| or activists is fine but getting caught is a problem_
|
| The U.S. was willing to look the other way when NSO was selling
| its crap to _e.g._ the UAE, an American ally.
|
| In my opinion, NSO fucked up twice: first, by selling to
| America police departments, thereby putting it on one side of a
| partisan issue. Second, by helping subvert democracy in India,
| thereby pissing off its allies in State. The first mistake made
| them _persona non grata_. The second removed the protection
| their being Israeli granted.
| cutemonster wrote:
| I wonder if this will make NSO group focus even more on
| selling to dictatorships and subvert-democracy-groups in
| India hereafter, and drug lord politicians in Mexico?
|
| Hereafter, why not, they're already blacklisted (in the US)
| anyway
| mrtesthah wrote:
| Not being able to sell to US firms/agencies will greatly
| reduce their potential revenue. Less money coming in means
| less money to spend on the black market for exploits, which
| means less incentive for security researches to sell to
| NSO.
|
| Edit: I apparently didn't read closely enough
| xxpor wrote:
| Oh this is much worse than that. They can't (in theory)
| buy any US software or hardware.
|
| That's essentially everything. Including mainstream x86
| and ARM implementations. And Linux. And Windows. and iOS.
| And most foreign software, since nearly everything
| includes various libraries, which have Americans writing
| code for them.
|
| This is the same list Huawei was added to.
| mrtesthah wrote:
| Well, that sounds great!
| JumpCrisscross wrote:
| > _Oh this is much worse than that. They can 't (in
| theory) buy any US software or hardware._
|
| Practically speaking, it also means they and their
| affiliates will have a difficult time maintaining bank
| accounts and getting financing.
| xxpor wrote:
| Yeah, and that's the real enforcement mechanism. No one's
| going to stop them from walking into a store and buying a
| copy of Windows (is that even a thing you can do any more
| regardless?)
| dylan604 wrote:
| Well it's a good thing you can't download software
| anonymously from any place on the internet. That'll show
| 'em we're serious by telling them no. /s
|
| toothless is toothless no matter if it is wrapped in
| state level dressings.
| xxpor wrote:
| But on the other hand, for anything physical you wish to
| buy on the internet, it's nearly impossible to be
| completely anonymous. Or at least a much bigger pain in
| the ass.
| cutemonster wrote:
| Maybe the employees will need to buy their own laptops
| etc as freelancers or something, and then they'll get
| reimbursed
| evilpie wrote:
| I was wondering if the recent falling out with France had
| something to do with it. Maybe this is a cheap way to earn
| some points with Macron after NSO was caught potentially?
| spying on him/his government.
| JumpCrisscross wrote:
| > _wondering if the recent falling out with France had
| something to do with it_
|
| Forgot about that. Almost certainly.
|
| I doubt it was an explicit deal. NSO was protected, to a
| degree, because State didn't want to piss off Israel. (I
| don't think the IC ever came to bat for them.) But
| systematically screwing with American allies, democracies
| at that, and then getting undeniably caught, makes one
| difficult to defend. The French part not only contributed
| to this erosion of their defensibility, but may have made
| throwing them under the bus diplomatically advantageous.
| alwayseasy wrote:
| Actually, 2 days ago Macron said the NSO incidents were
| behind them and France would strengthen cooperation with
| Israel.
|
| Source:
| https://twitter.com/BarakRavid/status/1455178005500805120
| throwaway781a wrote:
| Controversial statement but this reminds me of Jews as
| moneylenders. Government lets them do an unpopular thing the
| benefits it, and if anyone throws a stink they throw them out and
| wash their hands and act like they were shocked. This seems like
| the government outsourcing controversial activities to Israel.
| greatjack613 wrote:
| huh, that sounds like the nazis saying the jews were the rich
| ones taking advantage of everyone.
| GhettoComputers wrote:
| Historically in Germany kings would use Jews for their
| business skills and when they needed money they'd kill/banish
| them and steal their accumulations. Nazis just perpetuated
| that cycle but instead made it more racist and eugenics based
| rather than pragmatic as their ancestors did. They did not
| understand the cycle of history.
| GhettoComputers wrote:
| The US does this with the military industrial complex and uses
| private companies like this constantly in the U.S. and all
| around the world. Israel just has huge human capital and is a
| source for educated intelligent workers for this work.
| devmunchies wrote:
| lots of R&D for AI and chips/hardware is done in Israel as
| well. https://en.wikipedia.org/wiki/List_of_multinational_com
| panie...
| cblconfederate wrote:
| The fact that "spyware firm" is a thing is comical. Don't let the
| world know
| FDSGSG wrote:
| Does this kill NSO? It seems like they might be _too big_ and
| interconnected to be able to reasonably survive this.
| bberenberg wrote:
| From the article:
|
| > NSO and a smaller Tel Aviv-based company, Candiru, were among
| four companies added by the US commerce department on Wednesday
| to its so-called entity list, which would restrict exports of
| US technology to the companies.
|
| From https://www.commerce.gov/news/press-
| releases/2021/11/commerc...
|
| > The Entity List is a tool utilized by BIS to restrict the
| export, reexport, and in-country transfer of items subject to
| the EAR to persons (individuals, organizations, companies)
| reasonably believed to be involved, have been involved, or pose
| a significant risk of being or becoming involved, in activities
| contrary to the national security or foreign policy interests
| of the United States. For the four entities added to the Entity
| List in this final rule, BIS imposes a license requirement that
| applies to all items subject to the EAR. In addition, no
| license exceptions are available for exports, reexports, or
| transfers (in-country) to the entities being added to the
| Entity List in this rule. BIS imposes a license review policy
| of a presumption of denial for these entities.
|
| General Entity List descriptions are available at
| https://www.bis.doc.gov/index.php/policy-guidance/lists-of-p...
|
| It seems like it mostly restricts them from using US made tech
| and punishes US companies that supply them.
| ryanlol wrote:
| > It seems like it mostly restricts them from using US made
| tech and punishes US companies that supply them.
|
| It's also not super easy to find banks willing to work with
| companies publicly blacklisted by the US government.
| ldiracdelta wrote:
| Of course not. They liquidate and form another company under
| assumed aliases.
| alwayseasy wrote:
| The favorite game of North Koreans. Doesn't work well though.
| [deleted]
___________________________________________________________________
(page generated 2021-11-03 23:01 UTC)