[HN Gopher] US judge finds Israel's NSO Group liable for hacking...
___________________________________________________________________
US judge finds Israel's NSO Group liable for hacking journalists
via WhatsApp
Author : o999
Score : 320 points
Date : 2024-12-21 01:38 UTC (16 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| jredwards wrote:
| Well, good. But also: build better software.
| mrkeen wrote:
| _Ahem_ we don 't do that here. We get to market faster before
| our runway ends so we don't risk our exit.
| ChrisMarshallNY wrote:
| I support this.
|
| It's not possible to be "perfect," but if we do our best to get
| there, we'll make really good stuff.
|
| It's unlikely to happen, though, as we have a system that
| explicitly rewards writing crap, because it makes money.
|
| As long as we fail to reward good work, we will continue to get
| poor work.
| dylan604 wrote:
| > As long as we fail to reward good work, we will continue to
| get poor work.
|
| I think that's a bit off. The problem is that we continue to
| reward poor work so the poor work continues.
| nico wrote:
| > "Surveillance companies should be on notice that illegal spying
| will not be tolerated."
|
| That is kinda funny, although sad at the same time
|
| On the flip side, I guess that means META allows WhatsApp users
| being only "legally spied" on
| throwaway290 wrote:
| "Unauthorized hostility against pioneer detected"
| dylan604 wrote:
| Isn't that obvious though? Meta wants exclusive spying rights
| to its users. You spying on users with Meta's products is not
| allowed. If you want to spy on your users, build an app that's
| so popular billions of people sign up willingly to allow you to
| spy on them. Have you no decency?
| talldayo wrote:
| > Meta wants exclusive spying rights
|
| You're allowed to say "The NSA", we're all adults here. No
| need to speak in euphemisms.
| trogdor wrote:
| Every social media company allows legal spying. Warrants and
| wiretap orders are issued every day in the United States.
| akira2501 wrote:
| Which is ironic considering the FBI and CISA just today announced
| that you _should_ use WhatsApp and not use SMS for two factor
| authentication. Although they point out the biggest problem is
| mobile users click on links in SMS. We live in a mostly captured
| and anti consumer environment. I'm not sure there's any great
| advice.
|
| https://www.newsnationnow.com/business/tech/fbi-warns-agains...
| magic_hamster wrote:
| Of course there is. Always prefer an authenticator app over
| SMS. Also, Passkeys are supposed to be a big upgrade in this
| regard.
| bawolff wrote:
| Whatsapp is not still vulnerable to the hack (as far as we
| know) and SMS applications have had similar vulnerabilities in
| the past.
| immibis wrote:
| Didn't the US fund those guys to do exactly that?
| Retr0id wrote:
| The US often does unlawful things.
| dylan604 wrote:
| Especially using willing 3rd parties to allow for plausible
| deniability.
| lrvick wrote:
| It is only legal and ethical when we do it.
| dmantis wrote:
| There should be no difference with usual botnet owner/ransomware
| gangs and such companies. Management should go to prison for good
| 20-30 years for that and being extradited worldwide. Considering
| that ransomware gangs are probably less harmful to the society
| than guys who hack journalists and politicians, putting their
| lifes at literal risks, not just their pockets.
|
| There should be no "legal" hacking of someone's devices apart
| from extraction of data from already convicted people in public
| court with the right to defend themselves
| bawolff wrote:
| Its not like this is that different than traditional "weapons"
| (i hate the "cyberweapons" analogy, but if the shoe fits).
|
| Sell guns to governments, even unsavoury ones, it is very rare
| anything will happen to you except in pretty extreme cases.
| Sell guns to street gangs, well that is a different story. Like
| i don't think this situation is different because it is
| "hacking".
| Neonlicht wrote:
| All the cartels in Mexico buy their guns from America and
| nobody is going to jail over it.
| lupusreal wrote:
| People do in fact get sent to prison for that, straw
| purchases are a federal felony. Not all of them actually
| get caught, which is true of any crime.
| oaththrowaway wrote:
| Except when the ATF does it, no big deal
| onedognight wrote:
| The NSO created/ran cloud instances for each client country
| and reviewed and approved every target. The didn't sell
| weapons like in your analogy. They were effectively assassins
| for hire.
|
| The problem with selling exploits is you want to maintain
| "ownership" of the exploit details, lest your customer just
| take the exploit and sell/use it without paying more or use
| it to attack you or your friends. This means you end up with
| veto power. I.e. culpability.
| tehwebguy wrote:
| Certainly the ones that hack _journalists_ should go to prison.
| lifestyleguru wrote:
| Why should journalist badge provide some kind of protection
| shield? [1]
|
| [1]
| https://en.wikipedia.org/wiki/Pablo_Gonz%C3%A1lez_Yag%C3%BCe
| talldayo wrote:
| In Israel's opinion? It shouldn't: https://en.wikipedia.org
| /wiki/List_of_journalists_killed_in_...
|
| Israeli forces killed 38x more journalists than Hamas did
| on October 7th.
| ilbeeper wrote:
| I agree with the first part, at least in spirit.
|
| The second part though doesn't make sense. If the US president
| can send drones to kill terrorists without taking them to
| court, surely he can order hacking their phones. If you think
| that there's no case where the latter is ok you shouldn't you
| fight against the former first?
| ignoramous wrote:
| > _send drones to kill terrorists_
|
| The part that you miss is, are they only killing "terrorists"
| extrajudicially? To take that propaganda at its face value is
| to ask, what else could they be killing _brown_ people for,
| if not terrorism?
| ilbeeper wrote:
| I didn't say if I think that drone killing is justified or
| not, since I have no opinion on that - I don't know enough
| to form an opinion. I only say that since the government
| have the right to send killing drone it doesn't make sense
| to raise pitchforks against phone hacking
| ignoramous wrote:
| > _I have no opinion ... I don 't know enough to form an
| opinion._
|
| Why speak in hypotheticals supporting some phantom
| opinion? Concern trolling is even worse.
| ilbeeper wrote:
| It is not hypothetical, the fact is that killing drones
| are used in practice, and it just doesn't make sense to
| oppose lesser measures that are being used without
| judgement when killing is allowed.
| ignoramous wrote:
| > _killing is allowed_
|
| You said it is okay / allowed because "terrorists".
| Otherwise, it is a heinous crime. Just like the Pegasus
| one.
| ilbeeper wrote:
| I have no idea what you are talking about. Ok is a value
| judgment which I didn't state. Allowed is a fact. Are you
| arguing with what I'm saying or with an opponent in your
| mind?
| ignoramous wrote:
| > _I have no idea ..._
|
| This is what you wrote: "The second part
| though doesn't make sense."
|
| The _second part_ being: If the US
| president can send drones to kill terrorists without
| taking them to court, surely he can order hacking their
| phones. If you think that there's no case where the
| latter is ok you shouldn't you fight against the former
| first?"
|
| Pretty clear from your rhetoric what your position is.
| Folks here are not dumb.
| o999 wrote:
| Imagine if they chase NSO as hard as they chased Wikileaks
| ilrwbwrkhv wrote:
| I thought Whatsapp and signal share the same encryption
| bawolff wrote:
| The attack wasn't targeting the encryption part of whatsapp
| (afaik).
|
| Encryption is important but it often is not the weakest link in
| the security chain.
| mjg59 wrote:
| The encryption isn't alleged to have been compromised. The app
| itself deals with a lot of untrusted input (eg, thumbnailing
| video files you've been sent) so there's a meaningful attack
| surface outside the protocol itself.
| NolF wrote:
| The group exploited a bug in WhatsApp to deliver the spyware.
| It wasn't an E2E issue.
|
| > A U.S. judge ruled on Friday in favor of Meta Platforms'
| (META.O), opens new tab WhatsApp in a lawsuit accusing Israel's
| NSO Group of exploiting a bug in the messaging app to install
| spy software allowing unauthorized surveillance.
| kjkjadksj wrote:
| People have to start assuming that any communication method in
| use is compromised. There's just no way on earth orgs like the
| NSA would throw their hands up in the air and not find multiple
| different avenues into an app like signal. Its one of the most
| downloaded messaging apps. Investment into compromising it is
| very worth while. People should just assume everything
| involving a cell phone or computer is inherently insecure.
| Meanwhile for some analog methods (one time pads, even cupping
| a hand and whispering into anothers ear, etc), the power
| balance isn't so lopsided between the state and the individual
| as it is with digital communications where everything is
| probably compromised in some way by now.
| alecco wrote:
| Aaaaand it's flagged out of the front page. @dang, so early in
| the day this is obviously some coordinated manipulation.
| 31. 206 points 9 hours ago US judge finds Israel's NSO Group
| liable for hacking journalists via WhatsApp (reuters.com)
| 22. 37 points 8 hours ago My Pal, the Ancient Philosopher
| (nautil.us) 15. 4 points 4 hours ago Testing for Thermal
| Issues Becomes More Difficult (semiengineering.com) 18. 11
| points 2 hours ago The Christmas story of one tube station's
| 'Mind the Gap' voice (2019) (theguardian.com)
| sabbaticaldev wrote:
| Probably done by the same NSO Group. But for US americans they
| are the good criminals, the chosen criminals
| layer8 wrote:
| "@dang" doesn't do anything. Email hn@ycombinator.com.
| stonesthrowaway wrote:
| I'm shocked! But don't worry, I'm sure the nytimes, wsj, ap,
| etc will run hit pieces on this outrageous behavior by israel.
| myth_drannon wrote:
| From reading other in depth sources it looks more like anti
| competitive business practices. Certain former politician who is
| well connected in democratic party cycles basically shutdown the
| whole Israeli offensive cyber industry except his company which
| is the main competitor of NSO. This whole drama wouldn't happened
| otherwise. With Republicans moving in, we might never hear about
| those issues again.
| wslh wrote:
| There are many other companies beyond NSO Group, if I were a
| journalist I would write a more comprehensive list of them and
| educate about this whole "industry".
| talldayo wrote:
| NSO Group is unique in that they are entirely sheltered from
| (largely due) criticism by their government, creating an
| unaccountable and injust basis of relations between the United
| States and Israel that many readers are concerned by. There
| simply aren't any other comparably corrupt "cybersecurity"
| outfits in the world.
|
| Kinda similar to how the IDF has never been charged with war
| crimes despite several of their service-members being recorded
| breaking the law in their Israeli fatigues. It's not that
| international law was never broken, it's that Israel considers
| themselves above the rule of law and international bases of
| morality. That type of behavior absolutely must be called out
| in it's lonesome, such that no nation ever repeats Israel's
| embarrassing mistake.
| wslh wrote:
| Media and international scrutiny often focus
| disproportionately on Israel, compared to countless global
| issues that remain unreported. Israel's news density, given
| its small size, is incredibly high.
|
| This may partly stem from Israel's democratic framework,
| which provides transparency and fosters political diversity,
| enabling more detailed examination of its internal affairs.
| For example, the new documentary The Bibi Files [1] showcases
| a level of scrutiny not as commonly observed in less
| transparent regimes.
|
| [1] https://jolt.film/watch/the-bibi-files
| Bilal_io wrote:
| The number of crimes they've committed is also
| disproportional to their size.
| wslh wrote:
| You might not have enough data points to draw a
| definitive conclusion. As I mentioned, unless you are
| directly witnessing events on a global scale, your
| observations are largely shaped by the information you
| consume.
| kotaKat wrote:
| Like Verint, who tried to buy the NSO group, and has security
| DVRs in Walmarts all over the world...
| dudeinjapan wrote:
| You have to be really bad if Meta are somehow the good guys in
| the article.
| Bilal_io wrote:
| The victims are the good guys. Meta is just not happy that
| their platform was exploited. Even if you consider them to be
| the bad guys, they needed to sue to curtail the bad PR
| nothercastle wrote:
| It should be accessory to murder but just a fine
| zhengiszen wrote:
| The same people are behind the current genocide against
| Palestinians in Gaza
| solumunus wrote:
| Get out of your algorithm you're in too deep.
| stonesthrowaway wrote:
| Amazing how the same people who whine nonstop about the
| holocaust are the quickest to dismiss actual ongoing
| genocide.
| solumunus wrote:
| Which same people exactly?
| rexpop wrote:
| No sensible adult could refer to any reference to the
| holocaust as "whining".
| Bilal_io wrote:
| Agreed. And no sensible adult should refer to the
| genecide in Gaza as being deep in the algorithm.
___________________________________________________________________
(page generated 2024-12-21 18:01 UTC)