
Whatsapp Attributes Hack of 1,400 Users to NSO Group Technology - vuln
https://citizenlab.ca/2019/11/whatsapp-attributes-hack-of-1400-users-to-nso-group-technology/
======
ianhawes
It will be interesting to see whether the DOJ indicts NSO Group executives in
the same way that they went after the Chinese.

If I were an NSO Group employee, I would think twice before entering the
United States, let alone venturing outside of Israel.

~~~
paganel
> It will be interesting to see whether the DOJ indicts NSO Group executives
> in the same way that they went after the Chinese.

They most probably won’t.

~~~
LurkersWillLurk
To build on this, I don't think the US government sees NSO Group the same way
they see foreign hackers. Federal law enforcement and the intelligence
community probably see the defensive losses as an acceptable casualty if it
means reaping the offensive benefits of NSO's software.

Edit: [https://www.vice.com/en_us/article/3kxk9j/dea-didnt-buy-
malw...](https://www.vice.com/en_us/article/3kxk9j/dea-didnt-buy-malware-nso-
group-too-expensive)

The Drug Enforcement Administration would have bought NSO's software, but it
was too expensive.

------
doesanyonecare
In the case of India, it is clear that its government used it to spy & also
implant false evidence on dalit activists[0] i.e. low caste people who are
still made to human waste on their heads in certain parts of the country.

If any NSO/NSA employee is reading, is this the kind of oppression you want
your talents to aid? Pimping your mom, sister or wife to your country's
leaders could be a better job.

[0]: [https://scroll.in/latest/942218/nagpur-lawyer-notified-by-
wh...](https://scroll.in/latest/942218/nagpur-lawyer-notified-by-whatsapp-of-
surveillance-says-bhima-koregaon-accused-were-also-targetted)

------
Scapeghost
Sometimes I wonder if all these hacks are a scapegoat for companies who were
giving away your data anyway.

------
brenden2
Seems like Facebook's strategy for dealing with their PR problem is to blame
someone else for the flaws in their product as a diversion tactic.

It's not a good sign when FB is unwilling to take responsibility for the mess
they've made. How can anyone trust this company ever again?

Unfortunately, I think if they can win the PR war then they'll probably be
fine. At this point the only thing that matters is public perception, and the
one thing FB has going for it is that many people don't even realize that
Facebook, WhatsApp, and Instagram are all the same company.

~~~
vkou
So, hold on.

Facebook shipped a product with a security bug. There's nothing unusual about
this. Every software with non-trivial functionality has, or has had at some
point in the past, many security bugs.

What exactly is the scandal, here? Why are you holding Facebook to a standard
that no other company, or open source project is able to meet?

~~~
brenden2
FB has enough resources to do a bit of auditing to catch these kinds of bugs.
They are quite literally one of the wealthiest companies in the world. They
have somewhere on the order of $40b in cash.

Instead they allocate most of their resources into figuring out how to get
people to click on ads.

~~~
kick
Only one person on the entire planet has demonstrated the ability to write
security hole-free software, Daniel J. Bernstein, and it's unlikely that
Facebook would be able to hire him and then get him to rewrite their entire
stack.

