[HN Gopher] The secret Uganda deal that has brought NSO to the b...
___________________________________________________________________
The secret Uganda deal that has brought NSO to the brink of
collapse
Author : dwynings
Score : 86 points
Date : 2021-12-21 18:35 UTC (1 days ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| bestouff wrote:
| So hacking phones for the US governement is ok, but hacking
| phones for Uganda is not ?
| rmah wrote:
| Yes, according to the US gov. I imagine that according to the
| Ugandan gov, it's ok to hack phones of foreign govs but not of
| the Ugandan gov. In fact, I strongly suspect that for any
| nation X, it's ok to hack non-X gov phones but not X gov
| phones. I don't understand why this surprises anyone.
| pm90 wrote:
| This is an interesting industry.
|
| > "We always knew this thing had an expiration date," he told the
| friend, complaining that some clients had asked to shift their
| contracts to lesser-known rivals, according to a person familiar
| with the conversation.
|
| I guess if you have this perspective, you want to maximize
| revenues and IPO before your product gets misused and invites US
| sanctions.
|
| I wonder what the reaction would be if this was a US company and
| not an Israeli one. Apple would still sue them, of course. But
| they couldn't be sanctioned by USG, right?
| HillRat wrote:
| A US company wouldn't be selling a CCL-restricted product to a
| foreign state without going through USG review -- or at least,
| they'd get to do that once, before DOJ comes in with the search
| warrants.
| yardie wrote:
| > I wonder what the reaction would be if this was a US company
| and not an Israeli one.
|
| For hacking into a US official's phone without a warrant? They
| would go to jail.
| fennecfoxen wrote:
| > I guess if you have this perspective, you want to maximize
| revenues and IPO
|
| Why would you IPO this business? Disclosures associated with
| the IPO might accelerate the expiration date, you don't need
| the capital, and IPOs cost real money, which you could instead
| move into your own pockets. What does it bring -- besides
| _lowkey defrauding investors_ , who don't know what they're
| getting theirselves into, so they can be left with a worthless
| business at the end of the game?
| cjfd wrote:
| What would happen if it was a US company? Probably they would
| be forbidden from selling anything outside of the US. Remember
| what the US did with crypto exports for decades? Next, if you
| tried to investigate anything that it was doing, you would be
| persecuted relentlessly by the US government. Note what
| happened to Julian Assange. It really is not like the US
| government is a nice organization or anything.
| KKKKkkkk1 wrote:
| > What would happen if it was a US company? Probably they
| would be forbidden from selling anything outside of the US.
|
| That's just false. The NSA bought the Swiss company Crypto AG
| and has been selling backdoored crypto devices all over the
| world for decades before being found out.
| [deleted]
| lazyasciiart wrote:
| That doesn't seem like a similar enough story to contradict
| anything here.
| yardie wrote:
| Which is odd because NSO made many assurances to the US govt they
| were in control of the tech and that US nationals were not to be
| included. Looks like they weren't in as much control as they
| stated they were.
| FabHK wrote:
| Maybe NSO didn't allow it to be used on US numbers. How are
| they supposed to know the nationality of the user of a phone?
|
| > NSO has always told its customers that US phone numbers are
| off-limits. In this case, all 11 targets were using Ugandan
| numbers, but had Apple logins using their state department
| emails, according to the two US officials.
| perlgeek wrote:
| > How are they supposed to know the nationality of the user
| of a phone?
|
| That's why you do recon before targeting somebody.
|
| Do you suppose they just sprayed the malware onto random
| phones?
|
| I get the impression that Pegasus is meant to be used in a
| very targeted way, at people you have identified before, and
| have some reason to spy on. If you do that way, what are you
| chances of wanting to target somebody else, and
| _accidentally_ getting 11 US embassy employees?
|
| NSO promised oversight, they can't just weasel they way out
| by saying "there's no way would could have implemented
| effective oversight".
| pm90 wrote:
| Yeah, it looks like they used a pretty basic whitelist:
|
| > In this case, all 11 targets were using Ugandan numbers, but
| had Apple logins using their state department emails, according
| to the two US officials.
| hermes8329 wrote:
| Is that sarcasm? The Israelis spying on the us is hardly
| anything new
| yardie wrote:
| A bit of both. I assume they can spy on the US through
| 5-eyes, 9-eyes, 27eyes, etc. But to allow Uganda to do it was
| a bridge too far. If NSO had been in almost any other country
| there wouldn't be a building left standing. The US regards
| cyberattacks as an act of war.
| pc86 wrote:
| If the US _really_ regarded cyberattacks as an act of war,
| it would be actively shooting missiles and bullets at China
| _right now_. The US regards cyberattacks as acts of war
| when convenient, nothing more.
| not2b wrote:
| Nuclear powers can't make full-scale war on each other.
| If they ever do, the death toll would make WW2 look like
| a skirmish. So any attacks are at the edges (respond in
| kind, or proportionately, rather than escalate to a
| shooting war).
| pc86 wrote:
| So the US regards cyberattacks as acts of war if it comes
| from a non-nuclear country, and tomfoolery from a nuclear
| one?
|
| I don't disagree with your point, simply saying that IMO
| the US doesn't take cyberattacks seriously precisely
| _because_ it leads down a dark path with China (and
| probably Russia too if we 're being honest).
| bawolff wrote:
| There's a pretty big difference between israel, the country
| spying on somebody out of national interest, and israel
| allowing what is essentially an arms-dealer based in israel
| to help random other people spy on countries they are allied
| with.
|
| I highly doubt that israel the country wanted this turn of
| events, for the simple reason they are not stupid and the
| cost-benefit ratio of this seems bad for them.
| wayoutthere wrote:
| The state of Israel is already one of the most prolific
| arms dealers in the world. Something like 10% of weapons
| (everything from rifles and ammo to tanks and precision
| guided missiles) sold every year globally are made in
| Israel. They will sell to anyone (through intermediaries if
| the political optics don't align), and have ample
| opportunity to combat test weapons thanks to the low-grade
| civil war they've been waging against the Arabs for the
| last 70 years.
|
| They won't want to be seen as reining in Israeli military
| overreach because there's a feeder pipeline from the
| Israeli military into both politics and the weapons
| industry. It's the same people running the country that are
| selling these weapons.
| hermes8329 wrote:
| History has shown that the two are tightly involved. Plus
| it's not like they will ever really be held accountable.
| Pollard the traitor is a hero to Israel
| vkou wrote:
| > There's a pretty big difference between israel, the
| country spying on somebody out of national interest, and
| israel allowing what is essentially an arms-dealer based in
| israel to help random other people spy on countries they
| are allied with.
|
| Yes and sort of and no.
|
| The thing with weapons is that occasionally you sell them
| to people you end up fighting. Take the Falklands war -
| Argentina was using American, French, and British weapons
| to fight the British. It happens, it's a bit of egg on
| everyone's face, but it is what it is.
|
| When you're a major arms dealer, you'll eventually end up
| selling guns to an enemy of your ally, or supposed ally.
| vsareto wrote:
| Naturally, NSO will be blamed instead of the US govt for
| thinking that was actually possible. Especially after the
| shadow brokers leak.
| matthewdgreen wrote:
| It is actually possible to _not_ sell software that spies on
| US diplomats. Why, I achieve this goal every single day.
| shmatt wrote:
| US nationals have never been protected. If you make an
| international phone call the government can track it[1]. If its
| internal they can't without a warrant
|
| NSO built in a complete block of +1 phone numbers. But those US
| diplomats were not using +1. Which itself is a security issue
| that i'm sure is already being discussed at the state
| department
|
| [1]https://www.usatoday.com/story/news/2015/04/07/dea-bulk-
| tele...
| wins32767 wrote:
| Seems silly to call it a security issue when the bulk of the
| day to day activities for many state department employees is
| working closely with local nationals. Do you really want to
| make your average Ugandan caterer make an international call
| to the US in order to coordinate food delivery for an embassy
| event?
| kingcharles wrote:
| And the fact that you're not likely to answer a call from
| an international number because it'll probably look more
| like spam.
|
| Also, for them to have a +1 number outside the USA means
| they have to be on a USA network and then roaming onto a
| local network. This presents dozens of problems, such as
| often not being able to get the best connection, not being
| able to get data connections, not being able to get any
| local support, and it costing a small fortune.
|
| All the embassy employees I have ever known have gone full
| native with all of their technology etc.
| hervature wrote:
| Having a "caterer and friends" local dumbphone and an
| international phone for actual business doesn't seem
| unreasonable.
| bobthepanda wrote:
| It's not unreasonable, but people get sloppy with cell
| phones.
|
| Like the whole business around US military bases and
| Strava.
| hervature wrote:
| To be fair, I think many (most?) people use Strava
| without a cellphone. At least in cycling. The problem
| there was everything being public by default as it is a
| social network of sorts.
| ufmace wrote:
| Presumably, linked to what the sibling said, any actual
| business probably ought to go over high-security data
| connections anyways if it's going to go over any mobile
| network at all. No telling who's tapping into telecom
| systems in third-world countries, and normal phone calls
| probably go in the clear no matter what the registered
| phone number or roaming agreement is for the device.
| shmatt wrote:
| Does the US State Department trust the local Ugandan Best
| Buy employees not to run a swim swap for $50? or $10,000?
|
| With an Ugandan sim comes the security of the Ugandan
| mobile network and its employees
| vaughnegut wrote:
| Would that imply that it would function as well for Canadian
| phone numbers, since they share a country code?
| Scoundreller wrote:
| Shhhh, don't tell them about the n in nanpa.
|
| But given the number of countries under nanpa, I bet they
| filter at the area code level. Can't turn away that sweet
| Dominican Republic opportunity.
|
| How does data work if you get NSO'd? There's gotta be some
| Canadians facing massive mobile phone bills because of NSO
| shenanigans.
| lainga wrote:
| I think you mean NANP, nanpa is somewhat different...
| Terry_Roll wrote:
| I think NSO are scapegoats, because how hard is it for a
| country to setup up a honeypot device to analyse NSO'a attack
| vectors and then copy it for their own use whilst being able to
| blame it on NSO?
|
| I say this because I've had stuff done to my phones in the
| past, one strange incident with a "hacked" phone was selecting
| an AirBnB, which I believe directed me to a few of their "safe"
| houses. Other examples, include batteries going flat over night
| when asleep despite phone being switched off, not charging but
| was fully charged before it was switched off. The phone signal
| is weak when that took place so it would have burned through
| the battery amplifying the signal, but listening in to people
| sleeping can elucidate what might be on their mind!
| azinman2 wrote:
| > but listening in to people sleeping can elucidate what
| might be on their mind!
|
| Once you go conspiracy there's no end to what seems
| possible...
| Terry_Roll wrote:
| Its not conspiracy, if you consume a few grams of lecithin
| before bed, your dreams will be based on what you saw just
| before bed. So if you can use a phone to make sounds or
| says things to someone in their sleep at pertinent moments,
| you could start having a conversation with them in their
| sleep or just trigger them to see what they say! You should
| try it, its fascinating!
| azinman2 wrote:
| I've recorded my sleep many a time. What I say is
| entirely random and garbage. To suggest someone hacked
| your phone to listen to your dreams requires
| extraordinary proof, and would also be far less effective
| than listening to your day while you're actually awake.
| And even then, you need quite a high bar of proof. This
| is only been documented to occur for high value targets,
| so unless you're one of them, I'd be far less concerned.
| jprd wrote:
| It is astounding to me that a state as paranoid as Israel has
| leaned so hard into the far-right that they would actively
| sell some of that highly sensitive tech to other states that
| not that long ago had a death wish for Israel as a main
| position of said state.
|
| A state born of hard-edged refugees escaping a world that had
| recently written them off to die, carried through several
| existential wars, and now they are EMPOWERING that same evil.
|
| Also, please please do not trot out the "NSO isn't
| Mossad/IDF" nonsense. I wouldn't be surprised if all of this
| was a facade to penetrate the infrastructure of states that
| Israel wanted to monitor.
|
| There has _never_ been a more competent, sophisticated, and
| dedicated group than that of Israeli intelligence. To imagine
| that they would allow all this as an oversight without some
| state benefit is not something my brain can comprehend.
| whizzter wrote:
| I don't doubt the Mossad/NSO link either but as for
| "empowering and giving away" I wouldn't reach that far.
|
| Rather I suspect they were selling it as hacking-as-a-
| service and the clients they had never actually got their
| hands on the software or any physical servers (apart from
| possibly NSO relays), rather everything probably passed
| through their servers hosted in Israel where they could
| control that +1 and +972 numbers were never targeted.
|
| The people they had as client only cared as long as they
| got into the iPhones,etc they wanted, I doubt they cared if
| they had control of the software or not.
| petesergeant wrote:
| > brought in between $10 million and $20 million, a fraction of
| the $243 million
|
| I mean I guess 7.5% is technically "a fraction", but I'm used to
| this phrasing meaning "a really tiny fraction"
| perlgeek wrote:
| I thought the same, but then maybe the 10mio to 20mio was also
| distributed over several years, making it less than the 7.5% of
| their revenue.
| fouc wrote:
| >when Google reverse-engineered the hack used against American
| diplomats in Uganda, they found an elegant, tiny piece of code
| that adapted software from 1990s Xerox machines to fit a so-
| called Turing machine -- essentially a complete computer -- into
| a single GIF file.
|
| LOL at describing PDFs as "adapted software from 1990s Xerox
| machines"
|
| https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...
| _jal wrote:
| They were talking about JBIG2, not PDF.
|
| JBIG2 has been in the news periodically for a different sort of
| problem - you can't trust it to accurately represent what was
| scanned:
|
| https://www.theregister.com/2013/08/06/xerox_copier_flaw_mea...
| whizzter wrote:
| The NSO exploit started by pretending to send a GIF, that was
| sent down to some decoder that did automatic file-type
| detection based on data rather than filetype and "correctly"
| detected an PDF, the Apple PDF decoder in turn supports JBIG2
| images where the actual exploit lives.
| oasisbob wrote:
| Having spent some time with OCR and scanning recently, I'd have
| to agree.
|
| A lot of news articles are describing JBIG2 as something
| archaic, when it seems to be as relevant and commonplace as
| ever. (see MRC, for a modern application)
| ciabattabread wrote:
| The article was originally written for Financial Times, whose
| audience will have a general knowledge of computing. Also,
| what the heck is MRC?
| klodolph wrote:
| Mixed raster content, I assume.
|
| Basically, you scan a paper document. It contains a mixture
| of line art, text, and photographs--"mixed" types of
| content. You can segment it and use different codecs to
| encode these different segments, and then combine the
| results in a PDF.
| 1cvmask wrote:
| There is a unclear reference to Intel in the article. Was Intel
| working with NSO?
|
| "In recent weeks, for instance, Intel asked all its employees to
| cease any ongoing business relationships with NSO, one person
| familiar with the matter said. Intel said in a statement that it
| "complies with all applicable US laws, including US export
| control regulations"."
| lazyasciiart wrote:
| They would have at least a sales account.
| cookie_monsta wrote:
| I thought the paragraph preceding that one gave the context:
|
| > The blacklisting, which came in November, means that NSO
| cannot buy any equipment, service, or intellectual property
| from US-based companies without approval, crippling a company
| whose terminals ran on servers from Dell and Intel, routers
| from Cisco, and whose desktop computers run on Windows
| operating systems, according to a spec sheet from a sale to
| Ghana, in West Africa
| motohagiography wrote:
| I commented previously that the Uganda case was the first truly
| legitimate application of NSO's tech and the first one that
| wasn't actually a scandal, as it was by a state without a mature
| domestic intelligence capability going to market to buy tools of
| one, to spy on actual spies in its borders. It seems this
| particular NSO case is being used as bargaining leverage to
| discredit Israel's position in the Iran nuclear talks. NSO is
| subject to being a pawn on that board, it's plausible they get
| sacrificed and this is the story around it. It's a very weird
| place to be even lightly defending this company based on abstract
| principles, but they weren't taken out by some of the really
| egregious things they've done, and this seems fait accompli and
| we're just waiting for the narrative to complete. I suppose
| everything within a degree of the world they operate in is smoke
| and mirrors, but accepting the sanctimony around it at face value
| makes me feel like a rube.
| kingcharles wrote:
| You're absolutely right, and I don't think anyone else has made
| that point. The problem was the spies they tried to fuck with
| were American spies and American wasn't going to stand for
| that. As you say, NSO are now just a toy, and if they are
| destroyed thanks to this, no-one is going to give a fuck.
| jprd wrote:
| I cannot see a world in which use of NSO tech is legitimate.
| Get a court order to tap the phone line, etc.
|
| How can usage of a Mossad / IDF tool be considered
| legitimate? Just because the ruling party in a state decides
| so, doesn't mean this has any bearing on human rights or
| _legitimacy_.
|
| China is eradicating Uyghur culture and running for-profit
| concentration camps. These are legitimate uses of their
| Governmental powers. Does that make them ethical? Of course
| not.
|
| Technology like this is dystopian and anti-humanity. There is
| no way that this technology is profitable, exported and
| somehow used for "legitimate" purposes. The entire enterprise
| is predicated on making vulnerable people more vulnerable.
| The end result is more Khashoggi awfulness, how could it NOT
| be?
| jimkleiber wrote:
| I'd say mostly because we don't have transnational law that
| has teeth. Most nations have laws prohibiting murder, yet
| if one nation does it to another nation, somehow it's not
| illegal.
|
| I think many of us may fear a transnational government, yet
| we have transnational organized crime, transnational
| companies, transnational communication networks, etc. at
| some point, I hope we also get more transnational
| governance to balance some of those other entities.
| jeroenhd wrote:
| In a well-functioning system (of which there are very few
| in this world), it's possible to use these tools
| responsibly.
|
| For example, you could secure access and get insight into a
| terrorist ring using encrypted messengers, once the
| necessary paperwork has been done, reviewed and approved by
| an independent judge. Phone taps and internet taps worked
| great until everything became encrypted. Hard drives that
| cannot be accessed, conversations that cannot be monitored,
| you name it; the governments of the world have a difficult
| decision to make after about 120 years of easy access to
| criminal's conspiracies.
|
| I'm not sure if there's any system of government in the
| world I'd currently trust with this power, but it's not
| inherently impossible to use these tools ethically. At the
| end of the day, governments are desperate for a solution
| for the encrypted nature of modern data and communications
| and don't think that there are any other solutions than
| either allowing the police to hack or banning/restricting
| encryption. I'm not sure which option I prefer, but I
| believe (fear) either will become the accepted norm within
| our lifetimes.
| seoaeu wrote:
| Countries conducting espionage is a well established and
| has been done for centuries. At the same time, the CIA
| doesn't get court orders when they want to listen in on FSB
| agents, nor vice versa. I don't see why Uganda should be
| held to different standards or why partnering with an
| Israeli company instead of developing the tools themselves
| should matter here.
| adventured wrote:
| > as it was by a state without a mature domestic intelligence
| capability going to market to buy tools of one, to spy on
| actual spies in its borders
|
| How do you intend to support your claim that the 11 US
| diplomats and employees from the US embassy are spies (and thus
| are supposedly legitimate targets in your view)?
|
| Nowhere does it say US spies were the targets. And no other
| story on this subject has presented evidence of that either.
| sophacles wrote:
| US intelligence organizations openly state that a common way
| for them to operate in a country is to give their agents
| cover "jobs" at the state department. When state department
| employees or "employees" work at an embassy they are
| diplomats. Apparently this is common in the intelligence
| world.
|
| Whether these particular people were spies, it seems like
| proper counter-intelligence to track all diplomats pretty
| closely because at least some of them are going to be
| intelligence operatives.
| tptacek wrote:
| I think the general idea is that the USG doubtlessly conducts
| espionage on Uganda, thus making all formal employees of the
| USG fair game for espionage. Which makes a good deal of
| sense. The reason NSO spyware on State Department phones is
| upsetting isn't that it targets the State Department
| employees, but that it targets the USG.
| vmception wrote:
| > "We always knew this thing had an expiration date," he told the
| friend
|
| after $200mm in revenue, I love the cavalier nature of that. it
| humanizes the operation more than anything I've read
|
| and NSO group is even at risk of defaulting on some loans, that
| it must have taken out for no reason aside from having extra
| totally fuckable capital to default on.
|
| honestly, hope I run into this guy in Monaco and have a drink.
| just won't exchange contact information
| guytv wrote:
| Advanced technology was once held mainly in the hands of
| governments. In recent years, corps and mega-corps are getting
| far more advanced technology than the government has. For
| governments, this means loss of power. So governments around the
| world use whatever means they have to prevent such technologies
| to prolifirate. US govm't tried to stop the export of strong
| encryption. The it shutdown Facebooks crypto-currency - to
| prevent FB to have its own global-dollar. That's why the US just
| waited for the right time to end the party where dollars could
| buy you cyber abilities only reserved to the NSA and CIA.
|
| It's not about civil rights, it's ont about money laundring, its
| just about the US trying to keep ahead of everyone else.
| cycomanic wrote:
| The difference in response from the US to hacking of their
| diplomat phones compared to the response in Germany to the US
| listening on calls from Merkel and others is really telling. It
| makes you question how independent European countries really are
| from the US.
| selimthegrim wrote:
| This wasn't what Herzl meant by the Uganda option I take it
| optimalsolver wrote:
| Were the US officials that Uganda was spying on diplomats, or
| "diplomats"?
| seoaeu wrote:
| Quite likely, answering that question was one of the top
| reasons why Uganda did this in the first place!
| kingcharles wrote:
| LOL, all diplomats are "diplomats" when push comes to shove.
| stefan_ wrote:
| Surely if they were "diplomats" we shouldn't need Apple to send
| them a mail to know their phones are compromised (by such an
| obvious trojan, even)?
| qnsi wrote:
| Right now we have mini crisis in Poland connected with this
| US/NSO war.
|
| One prosecutor, who is fighting for indepenend judiciary and
| against her political boss, head prosecutor Minister of Justice,
| smaller party Coalition member, got notification her iPhone has
| been hacked multiple time by Pegasus. She angried the rulling
| coalition, after she wanted to investigate illegal vote by mail
| election, that didnt take place at the end but cost Poland 23 mil
| USD.
|
| The other person that was hacked more than ten times, is famous
| attorney, previous politician. He was an attorney of
| opositionfuhrer Donald Tusk, former PM. He was representing
| multiple high level clients that were suing the government,
| including one that was scammed by the head of rulling party Law
| and Justice. Hacking took place in times of campaign before
| elections.
|
| Poland is such a crazy country right now. If you can write an
| email to ur congressman to fight for biggest US investment in
| Poland, TVN tv station that sheds light on this corrupt
| government. They are trying to make the owner (Discovery) sell
| TVN, worth one billion USD
| mzs wrote:
| Could you please name:
|
| > One prosecutor, who is fighting for
|
| > The other person that was hacked more than ten times, is
| famous attorney
|
| edit: https://news.ycombinator.com/item?id=29648072
| qnsi wrote:
| as mentioned by a sibling. You can read about it here
| https://www.politico.eu/article/polish-spyware-scandal-
| stoke...
| artek wrote:
| Roman Giertych is the attorney and Ewa Wrzosek is the
| prosecutor whose smartphones were hacked.
| dylan604 wrote:
| >Looks like Uganda tried to hack 11 US diplomats, which ended up
| giving away the game, and getting everyone upset -- and for but a
| pittance in revenue.
|
| Isn't this why most spy agencies are very afraid to use their
| most prized assets in fear of revealing the assets?
| fennecfoxen wrote:
| https://archive.md/At4rC
|
| > In February 2019, an Israeli woman sat across from the son of
| Uganda's president, and made an audacious pitch -- would he want
| to secretly hack any phone in the world? [ ... ] for NSO, the
| Israeli company that created Pegasus, this dalliance into east
| Africa would prove to be the moment it crossed a red line,
| infuriating US diplomats and triggering a chain of events that
| would see it blacklisted by the commerce department, pursued by
| Apple, and driven to the verge of defaulting on its loans,
| according to interviews with US and Israeli officials, industry
| insiders and NSO employees.
|
| Looks like Uganda tried to hack 11 US diplomats, which ended up
| giving away the game, and getting everyone upset -- and for but a
| pittance in revenue.
___________________________________________________________________
(page generated 2021-12-22 23:00 UTC)