It's like the one thing universally true about spies is they can never keep it g. As a security guy, this is why you don't get involved with dodgy companies. When the pressure is on, they will pull in everyone they ever spoke to and use you protecting your rep to try get leverage. Pretty clear how he's choosing to go out.
However, I'd also be willing to make a huge bet there is zero chance the FB CISO at the time was aware of who these representatives allegedly were or approved what they were doing unless it was threat intelligence. I don't think this will be the last muck thrown by this company.
> there is zero chance the FB CISO at the time was aware of who these representatives allegedly were
We also have zero evidence the people this guy talked to worked for Facebook. He could have been duped. He could be lying. It could have been two curious employees acting on their own.
What we can say is this guy lacks professional integrity. Throwing potential or actual clients under the bus in public is a sleazy move.
Are you sure about that?
Facebook has been caught several times doing shady surveillance type stuff on its users.
The VPN app that is mentioned in the thread is one.
There was another incident years ago when Facebook users were forced to download antivirus software from their “trusted partners” and scan their PC’s before they were allowed to login to their FB accounts.
People that had been flagged for scanning tested some theories and found that it had nothing to do with the users computer as their partner that shared the same device could login to their FB account on the same machine without having to run an AV scan.
There’s not a lot of information out there about that incident.
This isn't the first time Facebook have attempted this behavior, previously they were successful in purchasing a zero-day exploit and launching it against users. [1]
You may think that case warrants an exception, but it sets a clear precedent and encourages the hoarding of zero-days.
I think it's extremely easy to believe Facebook would launch exploits at users because they already have.
NSO would kill for the sort of intelligence facebook gathers from phones via messenger. I don't see how facebook would benefit from any partnership with them only NSO.
It's a funny thought that FB would hire another company to exploit their own software. Because you'd think the dev wouldn't need that. But it actually makes sense, since building in an exploitable flaw (intentionally or not) is NOT the same as making real-world use of it.
Plus even soliciting a 3rd party gives you plausible deniability if someone comes asking you if you exploited the flaw yourself. Oh, to be a capitalist in the 21st century is to feel ALIVE!
However, I'd also be willing to make a huge bet there is zero chance the FB CISO at the time was aware of who these representatives allegedly were or approved what they were doing unless it was threat intelligence. I don't think this will be the last muck thrown by this company.