
Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says - forapurpose
https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html
======
krn
NSO Group was co-founded by ex-members of Unit 8200, the Israeli Intelligence
Corps unit responsible for collecting signals intelligence. The unit relies on
selecting 16-18 year-old recruits with the ability for rapid adaptation and
speedy learning. Former soldiers of this unit have also created ICQ, Viber,
Incapsula, Onavo, and dozens of other IT companies[1]. "How Israel Rules The
World Of Cyber Security" is a short documentary by VICE[2].

[1]
[https://en.wikipedia.org/wiki/Unit_8200](https://en.wikipedia.org/wiki/Unit_8200)

[2]
[https://www.youtube.com/watch?v=ca-C3voZwpM](https://www.youtube.com/watch?v=ca-C3voZwpM)

~~~
ryanlol
It is always bizarre when people talk of "ex-Unit 8200", it is the largest
unit in the IDF.

Given that Israel has universal conscription you might just as well call them
Israeli and be done with it.

~~~
arijun
Biggest doesn’t mean big. It’s a few thousand people big, ~1% of the IDF as a
whole. And in my limited experience, it does carry clout within the tech scene
in Israel.

On the other hand, whenever people tout “ex Israeli military” as a positive or
negative, I also find it silly. That’s the vast majority of the country!

~~~
dogma1138
8200 and it’s sub units is double in size as the entire Israeli navy so they
are closer to 10% than to 1%.

99XX and 81XX are each more than 1% of the active IDF personnel and they are
much smaller than 8200.

------
chrisco255
I think it's disturbing what happened to Khashoggi...but I don't understand
what the U.S. or the West is supposed to do about it. We can't go to war over
some guy who wasn't even our citizen, killed in Turkey, by a foreign
government. I hate to say it, but don't things like this happen all the time
in certain countries?

~~~
Touche
Murdering dissidents while they are in other countries doesn't happen all of
the time, no. That's why it's news.

~~~
chrisco255
It certainly happens: [https://www.washingtonpost.com/world/europe/britain-
charges-...](https://www.washingtonpost.com/world/europe/britain-charges-two-
russians-with-attempted-murder-of-ex-spy-with-nerve-
agent/2018/09/05/db99c5c8-b0f7-11e8-a20b-5f4f84429666_story.html?noredirect=on&utm_term=.f21fb8fab484)

We're hearing more about Khashoggi because he was a journalist, I suppose.

~~~
Touche
I didn't say it doesn't happen. I said it doesn't happen all of the time. The
incident you linked to was a big story, I remember it.

If these things happened all of the time they wouldn't be reported in national
papers. A mugging in San Francisco isn't in the Washington Post.

~~~
cronix
But we only really hear about the failures, or when the mission didn't go
according to plan and someone was caught. When it does go according to plan,
no one knows about it, or at least there usually isn't enough evidence to be
able to attribute blame.

~~~
Touche
How can a person disappear from the planet without anyone knowing about it?
When it's within the guilty country that's one thing, they can suppress the
information from getting out. But to travel to another country and kill
someone that doesn't really work.

~~~
cronix
Govt's don't usually announce when a spy goes missing.

------
mikeyouse
Can you imagine being a software engineer and being okay with getting rich by
developing technology to out dissidents and have them murdered by some of the
most oppressive governments on earth? Like, that's what you _choose_ to spend
your time on.

~~~
flyinglizard
Very unlikely that it’s presented this way. People working in NSO feel they
are doing a public service by helping catch bad guys. Given the Israeli
sensitivity around terrorism, it’s an easy sell, and I’m sure NSO has success
stories around such use.

~~~
abalone
Given that Israel regularly employs deadly force against civilians, this does
not absolve NSO's software engineers from moral culpability. That is like
saying the backroom boys at Dow who developed napalm thought it was just being
used against "bad guys".

~~~
flyinglizard
Moral culpability depends on perspective. It’s not absolute. In some societies
it’s immoral to consume alcohol, in others it’s immoral to get a divorce or
use electricity on Saturdays.

From the perspective of NSO developers, they are helping prevent the next
attack against civilians somewhere. I can’t fault them for that.

~~~
objektif
Killing people is immoral in any society. If you have an average IQ you
understand eventually what your product will be used for.

~~~
14
I wonder if the Sentinelese find it immoral?

~~~
objektif
Looks like they find it less immoral than manipulating people into believing
fake religious stuff.

------
abhishekjha
Can somebody explain how was it possible to get whatsapp messages when it
applies E2E encryption?

Did they have physical access to the devices? Was it all remote? Is it even
feasible on an individual level and what would be the alternative(Signal?
Telegram?)?

~~~
fossuser
It's unclear, but from the article it seems to suggest that his phone had bad
software running on it and was recording keystrokes at the OS level.

Encryption wouldn't help you in this case since you can just record the
strokes (maybe see the screen) like the regular user would see.

Not sure how they'd do this though, maybe he was using Android?

~~~
TheForumTroll
It was an iPhone. They aren't safer than android you know. Just different.

~~~
fossuser
I think they generally are safer - Apple has a better security posture and
tighter control over both the hardware and OS. Though not perfect clearly.

------
nudgeee
Citizen Lab [0] has an excellent writeup, it got installed by exploiting a
vuln in iOS which jailbroke the device from a fake DHL parcel tracking link
(screenshot included).

[0] [https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-
how...](https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-
linked-digital-espionage-reached-canadian-soil/)

------
Bucephalus355
For what it’s worth, the Saudi’s also went to www.sinister.ly and paid $200
bucks a pop for certain spywares.

~~~
londons_explore
If by 'The Saudis', you mean 'someone from Saudi Arabia', then sure. The
Americans did it too. As did pretty much every other nation.

~~~
ryanlol
By 'The Saudis' he probably meant 'A fixer for the highest levels of Saudi
leadership'

------
isoskeles
NYTimes: It is anti-semitic and scandalous that Facebook hired someone else to
point out that George Soros' money helped groups critical of Facebook.

Also NYTimes: Israeli Software Helped Saudis...

~~~
tuxxy
I'm not really sure I see your point. Are you suggesting that this headline is
anti-Semitic?

~~~
isoskeles
I've seen the FB / Soros story so much in the past couple of weeks that I
wanted to point out a funny double-standard: Facebook isn't allowed to hire
someone else to mention a famous Jewish person, but NYT is allowed to pin
blame on Israel for the assassination of a journalist. Both seem trivial to
me, but one is an anti-semitic dog-whistle and the other is, meh, let's
pretend it's n.b.d. to involve Israel (i.e. _Jews_ ).

Personally, I'm saying it's roughly as anti-semitic as Sheryl Sandberg hiring
someone to say something true about George Soros -- as in, neither is anti-
semitic. But I think the bigger issue is the double-standard.

------
forapurpose
Aside from the much more important core issues in the article, I found this
bit interesting:

> Because of those sweepingly invasive capabilities, Israel classifies the
> spyware as a weapon. The company must obtain approval from the Defense
> Ministry for its sale to foreign governments.

Does the U.S. use such classification for spyware and similar tools? What are
the standards which determine whether or not it's a weapon?

------
smsm42
Given how much of the software development happens in Israel, there is
probably some Israeli software in every phone. So describing it as "Israeli
software" (as if it's the only software ever made in Israel or Israel is
exclusively known for developing spyware) is extremely misleading.

------
guelo
Can't Apple sue them for hacking the iphones?

~~~
abhishekjha
I think that depends on if there is enough tracable proof and if a case gets
registered.

------
onetimemanytime
>> _Saudi Arabia paid $55 million last year for its use_

They are going to ask questions after the Saudis splashing $55m? As if they
needed to ask questions. It's known why Russia, China, SA, UAE, Sudan and the
likes want these programs

~~~
TheForumTroll
To use it the same way the US does?

