> Initially, the NSO sought to block all discovery in the lawsuit, "due to various US and Israeli restrictions," but that blanket request was denied.
Interesting approach. The court could probably care less about Israeli restrictions as it's a different country.
Officially US govt blacklisted Pegasus https://arstechnica.com/tech-policy/2021/11/us-blacklists-ma.... However, I wouldn't be surprised if some US spy agencies are still using it. If that's the case, Pegasus might try asking US intel agencies to block the case on the basis of disclose of classified info or harming national interests.
It would be interesting to see if all of the sudden "something happens" and the case is mysteriously dropped.
I doubt US spy agencies still use it in any official capacity.
Far easier to just request and obtain the resulting intelligence from partner intelligence organizations who are using it.
Arms-length collection is less legally perilous.
But which does bode poorly for any assertion of national security in US courts! "Are you using this software?" "Officially, no." "Then on what basis do you claim national security?"
The problem with FISA as I understand it is not illuminati. It's that the court probably approves almost everything the government asks for without scrutiny. In general, most courts probably have issues like this -- when their job might be oversight and scrutiny they end up as a rubber stamp for the powerful, like cops, prosecutors, etc. For FISA it's especially bad because decisions and arguments made aren't public.
I don't think I'm doing whataboutism by stating common criticisms of US criminal justice and of FISA.
Although, having considered these topics over the years, I am skeptical that we will do better. Humans are flawed. Truth and justice are hard to achieve, even with the best intentions. Anyone involved with these topics -- judges, prosecutors, lawmakers -- should have a very high sense of humility in what they are doing. Often they do not.
Who said anything about illuminatis? Does FISA effectively allow intelligence agencies to hide stuff or not? And can you show me a concrete example of IA actually getting punished from other powerful institutions in any meaningful way?
Who exactly was punished by that EO? You are proving my point, even the most "push back" IAs have seen in terms of concrete actions against them led to... a directive that forbid them from murdering people in foreign countries. No actual consequences for anyone involved, no one got even a slap on the wrist in terms of actual consequences. And that's after the church committee, which revealed some super damning stuff.
Oh, and they went back to doing it after a few decades.
Are you really asking me to cite classified operations?
And the fact that subsequent Executive Orders explicitly loosened the reigns on intelligence collection (and assassination with respect to "terrorists") indicates that yes, the original orders did restrict intelligence operations.
It sounds like you are claiming that IA’s have been punished for their abuses, but we’ll just have to trust you on it because the punishments were classified operations. Doesn’t make sense at all, unless you’re saying that the punishments were certain spy chiefs secretly murdered or something.
You make a good point. While people may have an issue with FISA being opaque they do not consider that maybe it being opaque is good for reasons that cannot be explained. With an explanation like that, how could anyone have a problem with such a thing?
I don't know much in this space, but if I'm the US Gov I'm happy that all of the attention is on Pegasus and not other (presumably) tens (hundreds) of similar programs out there.
Much as it may pain you, “could care less” is an established idiom in American English that’s been in use for 70 years, and Webster’s dictionary has a whole page about it: https://www.merriam-webster.com/grammar/could-couldnt-care-l..., in which they say:
> people who go through life expecting informal variant idioms in English to behave logically are setting themselves up for a lifetime of hurt.
I couldn't care less if there's a group of people misusing the phrase, logically "I could care less" means the exact opposite of "I couldn't care less".
The majority of the world is not American, and presumably the majority of Americans don't use the incorrect phrase, so why should the rest of the world cater for a minority within a minority by putting their butchered phrase on equal footing with the correct phrase?
Not quite. "in" here as a prefix is not a negation thing but to _do_ something like "en" in "enhance" or "encapsulate". The word's actual latin root is "inflammare" which means to put something _in_ flames. The subject is the one doing the burning and it's transitive.
Flammable on the hand comes from "flammare", which means for something to catch fire, and is intransitive instead, i.e. the subject is the one catching fire.
The actual opposite of inflammable is uninflammable, which I reckon is only in British English at this point and mostly lost in American English.
Contronyms are what you're referring to. Indeed, flammable/inflammable, also sanction/sanction (permit/punish) and other examples such as fast/fast (going quickly/held in place).
Still, I do find "I could care less" to be less of a contronym and more of an "Americanism". I'm quite used to it by now, and shall thereby sanction its use.
For a formal linguistic example, see the concept of compound words. The meaning of the compound word does not equal the meaning of any of the constituent words. Often because the definition of the constituent words has drifted over time while usage of the compound word remained fixed.
You may unilaterally think that's wrong because you wish to impose a set of rules on language that others don't share, but that's not how meaning works. A sentence is just a string of bits. Meaning comes from a shared consensus about how to parse those bits into meaning.
It does in my English though, and it really really grates when I hear it. Just because a minority of people have started abusing the language doesn't mean I have to go along with it.
> compound words
Compound words like "afternoon" where the two words themselves make sense together? "couldcare" might be a compound word, but "could care" isn't. Plus, if I start to say "after noon" to mean "mid morning" then get pissed off when people call me out on my language butchery then perhaps my minority take and desire to impose it on the rest of the world would make me the person in the wrong.
> You may unilaterally think that's wrong because you wish to impose a set of rules on language that others don't share, but that's not how meaning works.
'A set of rules' is called grammar. It may have arisen organically and out of 'shared consensus' but today languages only make sense when we maintain that grammar.
Imagine if the positions of the words in the above sentence were randomly jumbled up. It'd make no sense at all.
English is somewhat more lax than other languages about grammar (stemming from its extremely wide usage) while still being able to get the point through, but striving for correct grammar should always be a goal, even if 'the point has got through'.
Many other stricter and older Indo-European languages that haven't experienced as many changes as English has, can be machine-parsed like a programming language. Sanskrit and Latin come to mind.
> Imagine if the positions of the words in the above sentence were randomly jumbled up.
But "could care less" isn't random. It is an idiom that has the same meaning as "couldn't care less". If you fed it into a LLM it would know what you mean because meaning is created from global context. Meaning is not some kind of programming language where you input the rules of grammar and the definition of each constituent word, and then out pops the meaning of the sentence. It is impossible to derive meaning that way because meaning is constructed by shared consensus about what collections of words mean in different contexts according to common usage.
> But "could care less" isn't random. It is an idiom that has the same meaning as "couldn't care less".
That is what I meant by 'English is lax enough about its grammar that "the point still gets through"'. 'Could care less' being wrong but semantically understood is exactly along the lines of 'could of' being wrong but semantically understood as 'could've', or the frequent confusion between 'their' and 'they're', or even any other confusion between homophones in written text.
Certainly, most Anglophones know enough English to read past these sorts of mistakes and still understand the underlying meaning (i.e. semantics) from context, but they are all incorrect, full stop.
I don't agree. Correctness is strictly determined by common usage. You're viewing language through the lens of a software engineer, where there are logical rules and primitives that combine together to construct outputs from inputs. Language isn't logically airtight like this. "Could care less" shouldn't be thought of as three words. Think of it as one single new word with its own meaning that has no necessary connection to the meaning of the constituent parts that make it up. Just like compound words and other idioms.
> I don't agree. Correctness is strictly determined by common usage.
Happy to agree to disagree, especially when there is this much teeth-gnashing about how 'correct' this usage is—just within this thread. My point about 'could of' was even brought up elsewhere.
> Language isn't logically airtight like this.
But it is—or at least, people make it so. In a world where what people say or write is regularly misconstrued/misinterpreted and lands them in jail, or persecuted, or even killed, I believe clarity, accuracy, (factual and syntactic) correctness, and honesty should be something that every writer should strive toward. Someone else brought up contronyms—which I believe ought to be avoided as much as possible because of their potential to cause much confusion even with context ('sanction' is a very powerful example).
This sort of wishy-washy 'it is correct because people understand it' only reminds me of 'alternate facts'. I don't like it and I wish people wouldn't put up with it.
The majority of the world doesn't speak English, so why care about using correct English at all right? Btw American English is still the most common variant on the internet. More so than British English.
To paraphrase David Mitchell (https://www.youtube.com/watch?v=om7O0MFkmpw), the problem is not so much the prevelance of American English, which in a lot of situations makes sense. eg. "sidewalk" makes a lot of sense, perhaps more, than "pavement" for the place that a pedestrian walks at the side of a road. "Parking lot" for a lot of land that is reserved for parking etc. The issue is that "could care less" means the opposite of what people intend them to mean, and they're just expecting the people listening to interpret what they mean.
It’s not grammar and it’s not a correction. The phrase “I could care less” has only one meaning and that meaning is “I don’t care”. It is being used correctly.
Does it? I decode it instantly and understand the meaning just like I know what a "fishbowl" is. There is no "decoding" or even nonsensical input in this case.
You are just being stubborn and trying to adhere to an outdated standard. Upgrade or get replaced.
I agree. I've learned to not care when people say 'expresso' instead of 'espresso', and 'ex cetera' instead of 'et cetera'. I know what they mean, you know what they mean, and correcting everyone only serves to alienate others.
The examples in that article do not actually argue for the point being made (that this has been going on for 70 years):
> His bearing towards male acquaintances, of whom he knew little or nothing and could care less, ...
Here, "could care less" refers to how little he knows about the male acquaintances, and is effectively saying he cares even less than the little he knows. When we see people write "could care less', they don't write it in the same context, at all.
And then:
> It is impossible that he could care less.
This is clearly a different way to write "couldn't care less", and is again not how we see people use the phrase "could care less".
That being said, "could care less" is definitely a thing of the last 10-20 years and is not going anywhere.
Why do they do this instead of just maintaining the correct usage? The redefining of the word “literal” to mean “potentially not literal” really grinds my gears.
Per my "troll metric" / rage bait/"le reddit quantification", formalized as a response's comment's conversational entropy divided by parent comment length, this is a fantastic comment.
Exactly, that's pretty odd. They could be delusional, just bluffing, or they really expect someone from the US government to put their finger on the scales for them, or make the scale disappear altogether.
Snowden revelations were years ago. And what we saw back then was unbelievable. I can’t even imqgine what the agencies are using these days. So what’s Pegasus anyway compared to what the agencies might have and use.
If they didn't respond, they'd lose by default, and the court could order any assets the US can get their hands on seized. If they're getting paid in NIS by countries outside of Israel, the currency conversion happens with dollars as the intermediary. There's the US's window.
It doesn’t matter that they use US dollars. It matters that they need to do business with entities and in countries that will cooperate with US law. The U.S. government is perfectly capable of putting in an intergovernmental request to seize euros, not too mention yachts.
Israel able to get away with being a frenemy to the West but there are limits.
How is "Because the NSO group handles dollars" related to "the court could order any assets the US can get their hands on seized"? Presumably, if they were getting paid in bars of gold, the US could seize those too, if they could get their hands on them, no?
On the other hand, if they were paid in US dollars, but in cash, that wouldn't establish jurisdiction, nor could it be seized, if the transfer happened outside US territory?
How would they get paid? Almost every bank in every us-allied countries would have to comply to hand over the money. The US banking regulations apply overseas because those banks want to interact with US entities. That's the nature of the US-Dollar economy.
Are you a French wine maker that wants to sell to America? You better be using USD with a friendly bank to pay for things like import fees/tariffs (or the American company you work with better do that). Sure you can deal only in Euros if you want, but at some point there's a conversion to USD when you sell to Americans. Middle Eastern Oil Company? Same thing. German Car company? Same. Brazilian fruit farm? Same. How about importing your Coca Cola products, and iPhones? Buying ads from Google? USD and a US-friendly banks are everywhere in the global economy because the US is such a big market.
Those banks will be banned from US commerce if they work with the NSO and don't hand over the NSO's money, and will lose tons of "innocent" business (like those nice wine makers in France). Their governments probably have treaties with the US, so they don't have a legal choice anyways. The US influence is viral.
But that's because they're doing business with banks that want to remain friendly with the US, not because they're doing business specifically in US dollars. If they got paid in Turkish liras, but through a bank under US influence, those liras would also get seized, wouldn't they?
On the other hand, if someone used a local bank in their country to transact with an entity in China, and China demanded their assets in that bank be seized because they defamed a revolutionary hero [1], I would expect that country to block that seizure, regardless of how the bank itself might feel. I.e. they would demand any seizures comply with their local laws, similar to how extraditions (are supposed to) work, and not let other countries essentially steal from their citizens. Or looking at it a bit different, a bank can't take from its customers on behalf of a foreign country, since locals laws, unless they explicitly allow that taking, would consider it theft.
Edit as reply because "I'm posting too fast" (thanks HN for not telling when I can post again by the way):
> Discussion about the US dollar misses the point. They do it because they can
I'd argue it doesn't miss the point, but rather, hides the true cause - that as you say, they do it because they can (as quickly becomes obvious when no other currency has this viral jurisdictional effect).
But I'm curious if anyone has ever tried suing their bank, in a non-US court, alleging that their seizure of their assets was illegal under local law. I can understand a bank rolling over for the US government, but it would be interesting to see if and how their legal system would justify it. Especially for something that is not a crime in their country.
I think a similar situation you can look into is the sanctions on Carrie Lam. While they are sanctions instead of a lawsuit, they did result in her losing access to all banking facilities in HK and China regardless of the fact they probably didn't think she didn't anything wrong. I think for most countries, keeping their banks working trumps almost all other considerations.
There are very few FOREX currency pairs that aren’t USD to whatever. Most cross currency trades are currency A to USD and then USD to currency B. So USD is involved and thus the US Government has jurisdiction.
Again, that's only for foreign orgs that want to comply with foreign US law. The involvement of USD in and of itself is not relevant to whether the US government has jurisdiction.
They do it because they can, basically we all live under the influence of the US empire, they can put pressure on most banks of they really want to, and if they really want to, details like which currency was used will not stop them.
If someone tried transacting with USD cash in a foreign country it’d probably be fine. (Who knows, some countries probably have laws that limit the validity of transactions in foreign denominationed currencies, but that’s beside the point). Banks are among the most regulated institutions in the world. I doubt there are many banks that have USD-denominated depository accounts that also don’t touch the US banking system (because what good would it be), so the pragmatic reality is that USD requires the Us government blessing. Even if, yes, the government can’t do anything about a few sheets of paper in your wallet. Banks can’t really do currency conversion to/from USD without open access to American-influenced finance markets. So any hypothetical situation that’s not real but totally an imaginable edge case could exist- but it’s not very practical.
> If they got paid in Turkish liras, but through a bank under US influence, those liras would also get seized, wouldn't they?
Yea except no one wants Liras. They want USD (and sometimes Euros). So whoever accepts those liras will want USD, and they’ll transfer them to the USD-backed banking system, and back to the original points. Because again, how do you have access to high-volume USD/lira forex markets without using a US-blessed banking system.
The reality is that international finance largely runs on USD, and orbits US banks. One of the main international influence efforts the Us considers is a stable currency. So much so that other nations use USD as a formal currency. The US exerts significant political pressure and political capital to ensure that everyone needs USD in their economy. America literally made international treaties with every oil producing nations requiring oil to be sold in USD just to ensure that every country needed to inject USD into their economy.
> I can understand a bank rolling over for the US government, but it would be interesting to see if and how their legal system would justify it.
They’d justify it by having laws that say they’d reciprocate and recognize US crimes. It’s what the international community does.
The overwhelming majority of dollars are not physical cash, and the overwhelming majority of dollar transactions by volume happen in a fashion which New York claims jurisdiction over (and, ultimately, has a big army that will back them on, which is what really matters in international law), even when neither party has any obvious connection to the US.
Even for physical cash, they might claim jurisdiction. Dollars are sometimes best understood as a particularly degenerate form of US government bonds.
And yet it is exactly this that allows major criminal organizations like the NSO Group to be prosecuted. "Liberty [from powerful factions]" is explicitly the whole purpose of governments being instituted with the consent of the governed.
I for one would trend toward banning cryptocurrency even if it weren't a complete waste of energy.
Of course criminal organizations would prefer a currency not controlled by an unfriendly government. “Reason to exist” alone doesn't make it a good idea.
> Even for physical cash, they might claim jurisdiction. Dollars are sometimes best understood as a particularly degenerate form of US government bonds.
If you do business in the US you're subject to jurisdiction. If you're a foreign bank, to transact with anyone in the US you have to do business in the US. The court orders the bank to fork over somebody's cash, they do because they have to and the alternative is disconnecting themselves from the rest of the financial system. Several Swiss banks got the death penalty because they failed to be quite as isolated and secretive as advertised (i.e. they had agents in the US doing business)
To seize somebody's gold you'd have to go physically get it. To seize their dollars you just go say hi to their bank. Unless you're an "enemy combatant" the US isn't going to go do extraordinary rendition on your assets, so you're pile of foreign gold is safe.
The reach of the American legal system is long, you don't have to do much as a foreign entity to put you under our umbrella.
Geez, no? Sanctions work only if the sanctioning entity has power. If the US govt sanctions you, they can tell all banks in the world that if they touch your (virtual) money they'll be sanctioned too. If some podunk dictatorship no one did business with announced "Any bank doing business with xxpor will be barred from working in our country!" then many banks will probably say "Fine, you're a tiny economy that we don't have anyone that does business with a business in your country anyway, so you can take that sanctions and shove it".
Ironically paper money is the way to "escape" sanctions, because anyone around the world knows that that 100 dollar bill can be exchanged for goods and services. And it doesn't even have to involve a bank, just another person who recognizes the value of that paper, in a chain of transactions. Depending on the hassle you may need to pay more..
If I bring a suitcase full of dollars home with me from a trip to the US (assuming I make it through border control with that much cash), I don't see what kind of jurisdiction the USA would have over me for simply owning dollars.
These are just pieces of paper, they don't provide any kind of jurisdiction. The American banking system may refuse to serve me perhaps, but it's not the dollars that give the American government any control. Hell, several countries outdid e the USA use American dollars as an official currency, but that doesn't make them vassal states to the USA.
Your local bank won't protect you from the American judicial system. If they get a court order they'll just fork over your assets. Your bank wants to maintain it's ability to exchange funds with American banks. The American banking system will refuse to serve your bank if they refuse to comply. Or more like they'll just order JP Morgan or whomever to fork over your bank's cash because that's how banks interact with each other.
If you got a pile of dollars in the US, you did business in the US and if that business has any tenuous connection to what the courts are after you about, we have jurisdiction.
If you don't like it you have to run to China, Russia, Iran, etc.
> which entity gives those pieces of paper their value
The USA can print and lend dollars to control the value of the currency on the global marketplace. When trading outside of the USA, people give the bills their value.
You can substitute a suitcase with a million dollars for a suitcase full of gold or a suitcase full of diamonds, or a suitcase full of Pokémon cards. Outside the official banking system, the value of paper money is whatever the people trading perceive it to be. In some cases, that value can be larger than a million dollars (i.e. in countries where their own currency is in a free-fall, where the government is trying to limit the supply of foreign currency, but people want to exchange their local currency for something more stable; people in Argentina, Lebanon, Sri Lanka, and Turkey might want to do that).
If, for whatever reason, Russia pays for North Korean drones to murder Ukrainians, there's absolutely nothing the American government can do about that.
The US and most of the world may recognise those pieces of paper as worth some of their currency. This doesn't mean I can't recognise them as toilet paper.
Not really. If you want to end up with money you can actually use for things other than paying ransomware, you have to end up with a bank account somewhere. And as banks wants to transact in USD, they play nice with the US government.
USA basically sent Alstom, a huge French company, to bankruptcy, then bought it for pennies, and then they tried to destroy Airbus. In both cases they used this right they gave themselves they call extraterritoriality.
The video used to be available on YouTube at the following url : https://youtu.be/Sa22eu1FWyo but it seems it was set to private. Annoying revelations?
What is there to explain? There are reciprocal treaties that the us signs with their allies. "The international liberal order" that the govt is always bleating about. Israel has signed a treaty that says we will respect US court decisions and enforce them. The US has also signed a treaty that says "we will respect and enforce israeli court decisions."
So if a US judge signs and an order and sends the order to an Israeli judge, the israeli judge enforces it (and vice versa).
Because they are being sued in the US over conduct that happened in the US? It’s really not very difficult or special.
They can of course choose to ignore the lawsuit, if their principals want to never enter the US again, which is frankly recommended for all their employees given their operations are prima facie criminal in nature.
I think they mention every platform for marketing because once the device is rooted, they can extract data from any app. That doesn’t mean the vulnerability was in the app mentioned, nor that it was the fault of an app at all.
At the end of the day, it’s between platforms (specifically iOS and Apple) and these exploit devs/traders, afaiu. That’s why Apple hates them. For better or worse, putting a torch under Apple’s ass is probably a good thing for the rest of us.
OTOH, you could argue that Apple should be more of top of these things and reward the security researchers better. Things are better than 20y ago, but still it’s probably more lucrative to sell exploits to these shady actors than to scrape the floor for peanuts in hope that mega corps will reward their discoveries.
I guess that once the device is rooted, they can just take screenshots/record the screen without the user knowing, so the specifics of how any particular app works don't matter?
> than to scrape the floor for peanuts in hope that mega corps will reward their discoveries.
Security researchers capable of finding these exploits aren't exactly starving for food. They could easily land a $500k+ job at any big tech company or make a similar amount bug bounty hunting.
Isn't this a red herring though? If some spyware has ring0 level access on device, security properties of apps like Signal don't really matter since the spyware can trivially access them(?)
I don't get why Pegasus should send their real source code to WhatsApp, even if they lose this case. They could just send over some nonsense, or am I missing something?
Couldn't they rip out the sensitive stuff and if it's noticed nobody from Israels government will know about it? Or is the power of the US too big to cover such thing? I guess it is, but really?
I don't understand why the NSO Group, and by extension Israel, has not been sanctioned over this spyware. It's a dangerous company that sells tools ripe for abuse to some of the West's worst anti-democractic enemies.
Israel has long served a kind of cut-out role for delivering weapons to states with atrocious 'Western values' records but which are compliant with US corporate interests. Equatorial Guinea was one such example, with dictator Obiang and his ExxonMobil contract. Steve Coll mentions this in "Private Empire: ExxonMobil and American Power" (2012):
> "Fortunately for Obiang, coup-prone African governments rolling in oil but lacking in arms and intelligence to defend their bounty had a discrete alternative to the Pentagon and C.I.A. for defense support: Israel. Quietly, the Bush Administration encouraged Obiang to enter into security and commercial ties with Tel Aviv."
Azerbaijan is a similar example as US weapons sales were banned for human rights abuse reasons. A Wikileaked US State Dept cable stated (2009) "Through its close relations with Israel, Azerbaijan gets a level of access to the quality weapon systems it needs to develop its army that it can not obtain from the U.S. and Europe due to various legal limitations..."
If the dictatorial government funnels the oil money into the Western banking system, then the US turns a blind eye to this kind of thing (e.g. Saudi and UAE use of Pegasus to persecute pro-democracy activists) and if not, it's sanctions and regime change time.
I’d guess there are some deep benefits in having a strong partner selling this stuff compared to a rival. Not great for the target countries at all, but good for the Israeli and US intelligence apparatus.
-1 because this comment made me feel bad. The US and its client states have never done anything to deserve this reputation, and to suggest that they have is frankly nothing short of unpatriotic. The Lavon Affair never happened.
Well it probably sells those same tools to the West as well. Gotta stalk those pesky journalists covering genocide somehow. Plus it helps if someone other than you is seen with the dirty hands.
Meh. The same goes for police work and even more so for military.
And cyber is a very wide range. A lot of roles are simply about training personnel in security principles and procedures, implementing data classification etc. Not everyone deals directly with attacks. Most of the work is preventative. In our company probably less than 20% of people who technically work in cyber, although that's in part because our SOC is outsourced.
Current work culture is bizarre in cyber security. I am not personally very fan of it.
Nobody wants to work on defensive side. You are not getting either fame or money if you do your work well. The expectation is that you do your work perfectly. There is no actually measurements in place to prove that your good code prevented 100 data breaches!
But on the other hand, if you are on offensive side, sometimes find cool bugs, you get fame and money. Does not matter if there is a long break sometimes. Your goodness is measures based on how much money you got.
What does it mean? People start doing bug bounties. They hoard tools only for themselves to make more money, instead of releasing them to improve general security. They keep small bugs themselves so that they can be used in exploit chains to get bigger bounties.
If the reputation of the company is based on the participations of the bug bounty program, they start doing less and less in-house engineering and outsource the cyber security testing for bug bounty platforms.
Plenty of people working on the defensive side are famous, sometimes even more famous than those who do offensive work. Take, for example, Google Project Zero, or the numerous people on “infosec Twitter” who are almost invariably doing defensive work. People who do exploit development tend to be a lot more quiet about what they do and where they work.
I think Project Zero would count as offensive work in this regard; they are actively trying to find problems in other systems, rather than trying to stop other people trying to find problems in their systems.
But their work is essentially penetration testing and exploit development. That usually counts as offensive side. They are not designing and building secure-by-design stuff, for example.
They are known for breaking stuff, and everyone wants to be the same.
Goal might be defensive in everything cyber security researchers do, but that was not my point.
Project Zero is not defensive. Infosec Twitter has both sides.
I do agree with you that defense is a large part of the industry. My perspective is even that most organizations are looking for “defense” roles. The field is very wide (e.g., folks working on cryptography to sec ops).
It is defensive, but for the best guys out there, the carrot is on offensive side. You are not getting rewarded for doing perfectly secure systems, unless you work in very big company.
It means that most of the average guys build defense, and then the best guys test them and pick the money when something is found. While we could prevent most issues if those best guys help on building the systems instead.
But they have no motivation, because they get more money from other things.
I think that you might actually observe that finding attacks on systems is common, while developing a “perfectly secure system” is much harder to do, if not impossible.
Your view on cyber security seems to be painted by bug bounty programs. But I agree that the offensive side is more sexy than the defensive side, but it easy to forget that in the end, we are all really working on defense
I hope so, the fact that attackers can hide behind international borders is an eternal thorn in the side of us blue teamers. Anyone who commits a crime in another country should be subject to that country seeking legal redress.
That is typically the case. If you commit a crime and flee to a different country, where you go will arrest you and turn you over to the country that you did the crime in.
there are many treaties on this. It gets complex, some countries will not turn criminals over if the death pentalty is would be used for example. However in general if you commit a crime you can't flee to a different country.
countries like north Korea and Russia are exceptions. Which is why malware so often comes from them. Anyone else and you are likely to be caught.
The one that gets me is when someone does something on the internet that is legal in their country, but not in another, and the other tries to extradite and charge the person as a criminal.
If I run an Internet-facing server, where is it deemed to be? Everywhere?
Interesting approach. The court could probably care less about Israeli restrictions as it's a different country.
Officially US govt blacklisted Pegasus https://arstechnica.com/tech-policy/2021/11/us-blacklists-ma.... However, I wouldn't be surprised if some US spy agencies are still using it. If that's the case, Pegasus might try asking US intel agencies to block the case on the basis of disclose of classified info or harming national interests.
It would be interesting to see if all of the sudden "something happens" and the case is mysteriously dropped.