Not to downplay, but i would assume high profile people like EU parliment members would be targeted with phishing emails on a near daily basis.
Like presumably law makers would be target #1 for espionage.
Heck most ordinary people get phishing emails on a regular basis.
Idk, i guess i was expecting something more sophisticated based on the headline than just: spear phishing attempt foiled after user fails to click on the suspicious link.
Well, it wasn’t phishing. If the claims are correct, just opening the link would have compromised the phone. If that’s true, I find it try extraordinary. Phishing is just having a fake webpage asking for credentials, right? Infecting a phone with spyware just by visiting a webpage is much harder and much worse.
> If the claims are correct, just opening the link would have compromised the phone
I'm not sure if that is being claimed. The twitter post just said the link would have "exposed" them to spyware. One possible interpretation is that simply viewing the link in a web browser would be enough, but i think another interpretation is that the link contained some sort of malicious download. No way to know with the info we are given. I agree that a zero-day in a web browser would certainly be more interesting, i'm just not sure that is the case here.
this is exactly the kind of scenario where you’d expect to find a high-value zero-day deployed (state-level actor against a known, high-value target) so I see no reason to disregard the actual claim in favor of a lesser one.
yes, this class of exploits definitely exists (a while ago there was one that worked just receiving a text message!) and is the primary reason why apple offers the lockdown mode for these sorts of people who actually might be the target of these advanced threats. Lockdown mode severely reduces the amount of “auto” shit that happens in the background, which ruins the experience but is also more secure against this style of attack.
Most importantly, it saves the real backdoors for American intelligence partners and the Chinese government. That way, it's only the citizens being spied on and not the puritan parliament members or Congresspeople.
The first rule of iPhone security is that you do not control the attack surface against a sufficiently large government.
Palestine's PSTN is routed through Israel (at least, if any switches still exist). Of all the reasons to criticize Israel, I don't believe that wiretapping calls to/from the Palestinian Authority is one.
The implication in what you just said is that Israel having total control over Palestinian territory is taken for granted. They can wiretap with ease due to their illegal occupation. I think if the example was Canada wiretapping the US, the wrongness of it would be more apparent.
I think in western discourse it's common to treat Israel like a hurricane or some other natural disaster and not a state with agency. It is framed as Israel "just being there" and not as them choosing to occupy an area and subjugate people, so much so that they designate a huge chunk of their GDP to the endeavor and require continuous funding from the US.
Sorry if what I am saying is confusing, I am struggling to articulate the point I want to make. My point is mostly that sure, while wiretapping is several magnitudes less bad than murdering civilians and foreign aid workers, they are only capable of doing it so trivially because of their position of occupation, which is by design.
I think people commenting on here are commenting on the "Israeli" part and are ignoring the bigger issue - which country is it that attacked the MEP.
Israel is very laissez-faire about regulating the tech industry because it employs almost 10% of the country. As such, offensive security companies sell to anyone who isn't on the US Sanctions list.
The question is which buyer did the attack.
Hidden between the lines of the reporting is that it might be Hungarian intelligence [0]
Imo, the bigger question is why Hungary, Poland, Spain, Greece, and Cyprus (all countries part of the recent EU Spyware Scandal) [1] continue to allow their Interior Ministries to attack the phones of both domestic and foreign opponents, and are abusing "Spyware for political gain" [2].
>Imo, the bigger question is why Hungary, Poland, Spain, Greece, and Cyprus (all countries part of the recent EU Spyware Scandal) [1] continue to allow their Interior Ministries to attack the phones of both domestic and foreign opponents, and are abusing "Spyware for political gain" [2].
It's also a national security issue given that Israel may be piggybacking on the spying.
The management console for a lot of these products tend to be hosted on-Prem behind fairly restricted network controls with traffic closely monitored by customers.
While this doesn't mean that there probably isn't some phoning in, it's extremely difficult to obfuscate.
That said, the act of purchasing a product like this can absolutely be used as leverage, but that's any sort of weapons sale (which this functionally is)
Zero click exploits are a thing, but they are very expensive and have limited shelf life (once they have been used a few times, they tend to get found out and patched). Most actors won’t use one, unless it is a very, very high value target. It seems that the EU parliament member was not high value enough, and got lucky.
Just to be aware that's a start but it's not a full mitigation. Some of the prominent zeroclick exploits have been "rich content" in messaging products such as whatsapp[1] and imessage[2].
Definitely not an expert but I'm presuming they take advantage of the "helpful" behaviour those apps have to preview content and then pair that with some sort of exploit in the library that parses/displays the content. So say they have an exploit in a jpeg library that whatsapp uses then they send a specially-crafted jpeg via whatsapp, whatsapp "previews" the image and that triggers the exploit to compromise the jpeg library and pwn the user.
I wonder how that was supposed to work? Am I to believe that they have exploits for every browser engine on every OS that infect my phone just by visiting a page? Chrome on Android and WebKit on iOS? That would be concerning, but how realistic is that?
Very. These companies pay good money for 0 days and invest considerable effort into finding their own.
Also these attacks are aimed at individuals and executed by state actors. They likely already knew what phone, OS, and browser the MEP was using and selected an appropriate attack from the catalog.
Yes, but the exploits are so valuable/expensive that they’ll only use them during targeted operations. Otherwise they risk burning the exploit. So just remain uninteresting and you should be safe.
I would guess/assume that work phones of MEPs are restricted to a specific set of manufacturers and models, which makes targeting different from having to consider all options.
They might also have specific software installed across most of them that could be part of the targeting.
If we're being fair, they're an evil company that does evil work for evil people. It's abhorrent that they're using Tolkien to give themselves nerd-appeal.
I don't know if this needs to be stated, but the idea is that they're intentionally named after unpleasant or evil things. Presumably as a way of saying: "We're dangerous/edgy/hard-core; no skulduggery is beneath us."
I never made that connection. The Palantiri in LOTR were neither inherently good nor evil, they were "seeing stones" with both communication and remote-viewing capabilities, equivalent to a what an iPhone, CCTV cam, or spy satellite can do today. It's an appropriate and cool name for a company whose whole mission is "intelligence gathering".
(Yes, it is true that Sauron corrupted Saruman while communicating to him via his Palantir, but this would be tantamount to blaming Apple because someone called my iPhone and told me to be evil.)
> The Palantiri in LOTR were neither inherently good nor evil, they were "seeing stones" with both communication and remote-viewing capabilities, equivalent to a what an iPhone, CCTV cam, or spy satellite can do today.
Within the context of LOTR's narrative, they were tools that were corrupted by evil and employed to unambiguously evil ends.
A weapon such as a warhammer is also just a tool, and Morgoth had his hammer Grond. If a company names themselves after Grond, it's safe to surmise that they're trying to be dark/edgy and convey a certain posture or attitude. It would be silly for them to say, "well ackshually it's just a warhammer, and a warhammer is an ethically neutral tool, whether it's good or evil is down to its wielder, and ultimately it's no big deal."
To be fair, the landmark use of the Palantiri in LoTR is when Aragorn uses the stone to bait Sauron into confrontation; an action which ultimately won the war for the good guys.
Again the Palantiri were communication and surveillance devices used in times of peace. A warhammer by contrast is weapon whose sole purpose is to create violence. (Perhaps a better counterexample here is Palmer Luckey's company Anduril, named for Aragorn's sword, a "weapon clearly for good".)
Yes Sauron hijacked the communication channels, but Sauron also corrupted literally everything he touched--he would have caused the same evil if he was doing morse code on a telegraph.
Our corporate processes have established that using "Fish That Swims Up Your Penis" as the name of the product might contribute to 1% sales decrease. Having in mind our focus on maximizing the profit by appealing to widest audience possible, this is the core reason why we're strongly against the chosen name. Instead, we suggest conducting market research which will determine the optiminal naming scheme for our products. We are very big and very serious.
They get discussed a fair bit, as other commenters have pointed out. But these stories tend to blend into each other after a while. It's hard to pick out which ones are new/interesting and eventually readers respond with fatigue to the entire category.
This phenomenon is generic and happens with all repeated/related stories. People only interpret it differently in this case because they're conditioned to treat this topic as a special case. They therefore assume there must be some special thing going on. Both sides of the conflict do this, btw.
No they're not. You're the top comment on this post, despite contributing very little to this discussion. Israel and the geopolitics around mercenary spyware coming out of that country is a very regular occurrence on this site. Despite a few instances of people trying to downplay the connection or redirect the conversation, there is ample discussion of this topic. I know this because I follow this topic closely and read discussion of almost every single one. I have yet to see any evidence of any widespread or coordinated effort to brush away these issues.
It obviously wasn't the top comment when I posted it. When I came into the discussion most were about not attributing it to the state in question despite no evidence either way, and downplaying it. And, the fact that my comment has come to the top means that it has seemingly resonated with a lot of users with similar experiences (~+70pts).
If you do actually follow the topic very closely, or read one or two comments further down in this thread you would have come across this link to pro-israeli astro turfing zoom call tutorials by the idf https://www.leefang.com/p/inside-the-pro-israel-information and many other examples
It doesn't matter the country. When any country is accused of hacking its always "how do you know, it can all be faked, its a flase flag". It's weird deflections and pretending hacking is a ghostly nightmare done by geniuses never seen by the light of day. The reality is so much more humble: it's a desk job done by above average workers with a couple smart ones captured by nation states. They make mistakes and thus can be tracked. But nope, each time every discussion has to rehash a sophomoric discussion on the nature of truth and knowledge.
Unless it's the US as hacker. Then no one is inpressed.
There is a large difference between "Israel participates in online propaganda" and "Hacker News conversation about spyware shies away from discussing the country it originated from".
To adequately address this claim, we (the general HN public) would need to be able to access all of the metrics regarding censored/downvoted-into-oblivion articles on HN related to Israel/Mossad/Gaza/War Crimes/etc., and we all know that there is only one individual with such power, and its not exactly in their job description to reveal to this audience just how far and wide the obfuscation/censorship goes ..
Again: I keep track of mercenary spyware pretty closely. Almost all major stories in this area end up on the front page within hours or days of them breaking, especially if they have significant new information in them. I am not an expert on any topic that touches Israel but this is the one I watch and I see no reason to believe there is suppression of this topic. If someone is acting to try to keep this away from the site, then they are evidently fairly ineffective at it.
>might I also suggest that sufficiently skilled efforts to direct a conversation will not be detected by most conversation participants.
.. and, even more importantly, the censorship cannot be considered successful on the part of the agency doing the censorship unless a) the victim audience do not know the censored information, and b) never know that things were censored.
It would appear that attempted obfuscation over this very issue can be observed in a multitude of forms ...
It’s a minor effort compared to the hundreds of millions Iran, China, and Russia have spent for a decade on influence operations.
Those get little air time in hard progressive or far right spaces since these anti liberal influence operations mostly promote hard progressive and far right perspectives.
America literally produces movies about "Captain America", a heroic do-gooder who has superhuman strength, speed and endurance and who wears a flag as an outfit. In these movies he saves the entire planet. America spends like a hundred million dollars every year on that alone.
If by "America" you mean private companies rather than government, by private decision rather than at government direction, and paid for by private citizens voluntarily purchasing the results rather than government contract, then sure.
So methods and tools developed to combat global extremism during the War on Terror weren't used by US tech companies at the behest of an in-power political party against opposition speech?
Is that not what the senate subcommittee has been discussing for the past two years?
Domestic lobbying by domestic interests is vastly different than the (foreign) influence operations we were discussing. You can't look at the total spend on lobbying and claim to be making a relevant comparison.
How is that relevant in a discussion about Israel enabling cyber crimes and also having a massive propaganda wing that is working over time online?
Also, Russia and China aren't seen as allies by basically anyone in the west. But yeah, sure then we should treat Israel like we do Russia and China though, but I'm not sure you would.
Wild guess: they could because the best way to make people more conservative is to make liberals look more and more extreme. These things go in cycles, when the pendulum shifts too far to the left or to the right, it tends to swiftly move back the other way, and so the cycle continues.
Example: the far right tries to depict the left as degenerates who want to make all children gay just because they support introducing LGBT+ friendly material to the school education. I'm sure some people buy that and hence become more inclined to reject the left, as who wants to "force" children to become homosexual, or transgender, right?!
Now, whether China/Russia are doing it or not, I have no idea, and I suspect no one here does. But even if they do, I have trouble seeing how they would be more capable than Europe and the US, who clearly also try pretty hard to promote their own values elsewhere, so they can hardly complain about others doing it.
Russia actually works both sides to become more heated. During the 2016 election they created facebook groups for pro and anti abortion groups and organised them to be in the same city at the same time.
I think they're also trying to break the wests spirit in terms of faith in democracy and the state of the world right now for policy and political/military advantage. In my eyes the US is currently one big foreign infleunce experiment right now via facebook
What would Russia gain from a US that is split and lack of faith in democracy? I don't doubt you're right, I just don't see what's the motivation here?
It's not like the USA will stop interfering with the world if they succeed, which I suppose may be their motivation? To the contrary, a messed up USA is incredibly dangerous. It could end up in the hands of extremists (well, it kind of already did before) who have no qualms starting a war against Russia, which would be completely devastating for Russia (maybe also for the USA, but from Russia's point of view, that wouldn't matter much).
The media makes it look like Russia is some teenager hooligan in the world stage, doing destructive things without motivation just for the sake of it, which just doesn't make sense to me at all.
I'm pro-Israel, but the current Israel government is widely called far right by the mainstream media, so I don't not know what to make of your comment at all.
If you talk about general influencing: It has been known for decades that the USSR and its successors have influence operations. No need to mention it. It would be interesting though to follow the money: Perhaps your innocent "liberal" mainstream operation that is anti-meritocracy and therefore undermines the West is financed by Russia.
It's the new world we live in. Every power group has their army of adherents they can tap to kill a story they don't like. Even those we generally consider "goodies" do this now.
This applies to any Western government interest group, at least for small submissions or individual comments that relate to those organizations. Large ones like the Assange release cannot be suppressed, but are full of pro-government comments that would not have been made by any software engineer before 2015.
So either the engineers have changed fundamentally, or ...
I can see that there is way less interest in Russia China stuff with additional positions against these countries. There where usually is rationally irrationality takes place and most people avoid to say anything.
Why couldn't the software engineers change? The geopolitical scene is much different today, and it's easy to see threats coming from your opposite pole
As we speak the US is in breach of international law per the ICJ's legal conclusion that enabling and / or supporting "the transfer by Israel of settlers to the West Bank and Jerusalem as well as Israel’s maintenance of their presence, is contrary to article 49 of the 4th Geneva convention”.
Prior to which the US very publicly issued threats and sanctions on the ICJ and Judges in hopes of avoiding the judgement being published.
Israel, despite being a small country, has a very successful tech/IT sector, esp in the security space. Probably IDF acolytes bridging over to the private sector. Israel is widely known to participate in social psyop campaigns as well. It is not farfetched to think they have a pulse on popular tech forums like HN.
The actions of Israel cyber defense / hacker groups is pretty much a footnote in the history of Israel.
They allowed 9/11 to happen (they knew because they spied on Americans through a company called Amdocs)
They stole nuclear weapons from USA through a company called NUMEC
They killed JFK when he tried to investigate them for stealing nuclear material,
To this day, Israel maintains an arsenal of nuclear weapons, which they use to threaten other countries, while simultaneously preventing other nations from procuring nuclear weapons
They perpetuated a genocide, with the secret objective of setting conditions for a religious ritual involving a red heifer sacrifice leading to the destruction of the Al Aqsa mosque ( seriously)
They sold US electronic warfare technology to China,
They deliberarely sunk the USS liberty killing US sailors, and then had their corrupt US politicians try to cover it up,
The level of systemic insitutional corruption that permits this is scary, I've never been so uneasy to present personal stances on issues that I knew to be the moral ones, such as the equality of all human lives, in my country (Australia) before this in my life.
A piece of advice: Avoid using general and indirect terms like "Them" when referring to the state of Israel and/or it's government.
Antisemites deliberately use such language to conflate the Israeli government with the global Jewish population, in order to blame & slander the latter for the actions of the former.
If you use similar language, you'll sound like an antisemite.
That comment was sarcastically saying the opposite of what you took it to mean—at least I believe so, based on the account's history.
Of course, it was still a bad HN comment and rightly flagged by users—but if it's evidence of anything, it's evidence that other HN commenters agree with you.
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and we have to ban accounts that keep doing it.
In this case you triggered another commenter into a complete misunderstanding (https://news.ycombinator.com/item?id=41066935), taking your comment to be not only serious but also representative of the community. Given the high level of inflammation around this topic (everywhere, including on HN), that is seriously not cool.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and sticking to the rules in the future, we'd appreciate it. It looks like you've been breaking them for quite a long time, not just with drive-by flamebait like the above and https://news.ycombinator.com/item?id=41066717, but also with ideological battle comments generally. If you want to keep posting here, we need you (as with any other user) to drop that.
One reason could be that it quickly devolves into Jew hatred, as the replies to your comment already has. I rarely see stories about the US getting any comments on how Americans make bread out of babies. I would much rather not have that on HN. This is not 4chan.
You're referring to https://news.ycombinator.com/item?id=41066729. That comment was rightly flagkilled by users, but I believe you misread it. It was sarcastic and meant the opposite of what it appeared to be saying. In other words, it was more or less agreeing with your own view.
HN does get some genuinely antisemitic comments, most of which get posted by one or two serial trolls who keep making new accounts. We ban those whenever we see their latest incarnations—it's a whack-a-mole thing.
You're right this is HN not 4chan, because none of the things you said have actually happened here and people can easily have good respectful debate. It feels like you're attempting to use this as a way to silence debate around the country of origin rather than anything else
It did happen: https://archive.ph/KT4q8 and to be quite frank, that is just the most egregious example and this thread is anything but respectful debate with statements like "I've taken to using it because i feel uncomfortable even naming them a lot of the time" and implying that HN is somehow afflicted by institutional corruption.
All: if you turn 'showdead' on, please don't forget that you did so, because we sometimes get emails from people asking "how can you possibly condone $horrible-comment appearing on HN?" when in reality the account has been banned for years.
But, who sent the attack is the news. Sure we’re always bombarded with attacks by random cyber gangs, but when you’re targeted by an organization with official credentials that tends to raise some eyebrows.
Inaction is an action. Facilitating the development and sale of malware while benefiting from it through tax revenue and hard power with full awareness is, to me, enablement. The action taken against such vendors proved nominal, as they still continue to operate with no shortage of news stories like this one.
It would be naive to think the government itself would not use such a powerful source of intel. Regardless of your political affiliation, states act according to their self-interest. In international politics, the only constraints are what you can do, and how much you can get away with. If one can find a reasonable motive and prove a possible causal link, absent of further evidence, the prior is guilty.
it's much more prosaic than that - it's just A LOT of money.
Israel isn't a signatory of the Wassenar Arrangement, which helped Israeli startups rapidly corner the 0-Day and Exploit Market.
Before the 2010s, the Israeli software scene was largely targeting commodity use cases by trying to undercut existing vendors like Cisco or Arista in price.
Israeli companies saw a market opening that could differentiate them and decided to take it.
It's a segment that would have existed in the US, France, or CEE but regulations prevented it from emerging.
i agree. Often these are also specifically said to be 'ex militairy' types or founders etc. it's actually really hard to be anything else but 'ex militairy' in a country which has everyone forced in the army a few years... - all these useless points of information show u it's propaganda. maybe not 'official' but then indirect. someone infected with the disease and spreading it.
These mercenary corporations are widely known to sell their product to anybody, including Israel's biggest enemies. This is an attempt at guilt by association, or propaganda using the association fallacy.
The government of Israel may be guilty of many things, but this is probably not one of them.
> In both cases, we are left with the question: Why are we letting this country develop malware with our approval and funding?
Because Western governments are the biggest customers of these companies.
Using Israeli companies makes it much more difficult for criminal defense lawyers to challenge the findings of investigations, additionally Israeli companies aren't bound by ethics codes and whatnot. Our governments can turn a blind eye what these companies are actually doing - we pay them money and get access to a target's device, no questions needed/asked.
Indeed. Its the same reasoning behind the utterly repugnant 5-eyes apparatus, which allows Western governments to violate the human rights of their own citizens with impunity.
The article you're limiting your assessment to, doesn't say anything about who is using it, but there are very clear links to Mossad if you dig further:
Well, do you have anything interesting to say about the political implications?
Because i'm not sure what they are.
If we knew who was responsible, we could talk about motive and implications of that, but we don't.
I guess we could consider the broader picture of if this represents an increase on spying on civil society leaders (a bad thing, certainly), but without a base rate to compare with, it seems like conjecture on this is pointless. Does this represent something new, or is it just a continuation of the age old practise of keeping an eye on your enemies? I have no idea. I suppose there is something to be said that hacking a modern cell phone is much more invasive than watergate-style survelience, but that is not exactly a new observation.
So what are the political implications we should be talking about?
1. That the legislative stranglehold on the eu and other bodies by this country is so strong that they do next to nothing to criticise/sanction israel despite literally being hacked by them? Post-pegasus as well.
2. This states lack of care and oftentimes facilitation of these groups, and their close ties to its military
3. The sense of neo mccarthyism that this creates with the idea of constant surveilance through these types of vulnerabilities.
I'm full of ideas tonight
Same problem, but different lens and conception, and the circumstances and differences are >very< worth disucssing
Seriously, let's start talking about those points in this thread
Or alternatively, there isn't really any evidence that the Israeli government was involved in this, which is probably why its not getting very much flak for this.
Maybe you could make the argument there should be better export restrictions on private companies to treat so called "cyber-weapons" like real weapons. There are a bunch of efforts on this front. You kind of have to have the treaties in place before you can start exerting diplomatic pressure in regards to them. There are plenty of people working on that, but the wheels of the UN move slowly. Anyways, this particular incident doesn't change much in that regard.
For 3, i dont really think this incident (a failed hacking attempt of a type that is pretty typical) really changes or says anything about constant surveilence. We are already way into the era of constant surveilence.
>Maybe you could make the argument there should be better export restrictions on private companies to treat so called "cyber-weapons" like real weapons.
As far as what is known with NSO group, Israel does categorize and control the cyber weapons as weapons, and have restrictions in place. But those restrictions are not based on any ethical code, rather only if the said client is not against or subservient to the interests of the State of Israel. Just like it does with IMI exports.
The article talks about a German MEP who was most likely targeted by Hungarian intelligence [0] due to his very vocal anti-Orban stance and how he was recently pushing against Hungary and Orban after his recent visits to Russia.
The perpetrator was most likely Hungarian intelligence who used a product they bought from an Israeli company.
Imo, the bigger question is why Hungary, Poland, Spain, Greece, and Cyprus (all countries part of the recent EU Spyware Scandal) [1] continue to allow their Interior Ministries to attack the phones of both domestic and foreign opponents.
More to the point, there actually is evidence of a connection to the Israeli government, inasmuch as "Candiru" was financed by the same people behind NSO, "Founders Group", and both of these entities have very clear ties to Mossad:
"TheMarker Claims that NSO is also a customer of Candiru as it is often seen contacting the surreptitious firm for some espionage-related projects. Two industry sources said the main Candiru financial backer was Founders Group, cofounded by one of the three men who set up NSO, Omri Lavie."
And then, there is its Board of Directors:
"As surveillance industry sources also told Forbes, one of the lead investors is Founders Group managing partner Isaac Zack. According to Pitchbook, Zack is also a board member at wireless charging startup Humavox and at Sepio Systems. The latter is a cybersecurity company, focused on doing the exact opposite of Candiru: protecting hardware from being turned into silent surveillance devices. Its board also includes Tamir Pardo, the former head of the Mossad, Israel’s intelligence agency."
Almost all startups in Israel are cybersecurity oriented.
There is almost no dealflow for a non-Security startup in the Israeli market because Israeli VCs demand a short exit window, Cybersecurity startups are very M&A friendly, and Israeli VCs don't have as much experience with GTMing B2C and B2B2C compared to Enterprise.
Cybersecurity is the right mix of easy but niche (only Israel, CEE, India have a thriving low level development scene because American universities increasingly moved OS and Kernel classes into "Computer Engineering" instead of "Computer Science"), easy exits (there are enough F1000 cybersecurity and enterprise companies to sell a startup to), large dealsize (cybersecurity/infra ACV tends to be mid-to-high 5 figures), and pre-existing network (the Israeli and Indian scenes started thanks to Palo Alto Network's successful IPO, and the founding team at PANW became VCs funding similar startups across Israel and India since the mid-2000s).
Also, Israel is TINY (both in area and population). Everyone is at most 3 degrees of separation from Netanyahu or any other dignitary in the country - it's barely 9 million people.
It’s funny how I’m doing biological research that’s beneficial to humanity and there’re so many hurdles in the path of progress (numerous ethics committees).
And there’s spy software that’s sold to whoever can buy it. But somehow Israel isn’t scrutinized for such company existing in their jurisdiction.
But you know what “Israelis” used in this context means? In the same way, the cities of “Washington” and “Moscow” also don’t have any opinions and don’t release press statements, contrary to frequent media reports. Are you going to point that out too?
Not for defence stuff. For war/defence stuff, you must have approval; and systems for acquiring information from phones and computers intended to be secure from that is war/defence stuff.
If this weren't state-approved spying by Israel, then these people would be in jail.
If someone is spying on high level officials using Palantir malware, there is a good chance that the US at least tacitly approves of said spying. Same as if someone is using Lockheed-Martin planes to fight an insurrection, there is a very good chance that the USA approves of that fight.
Well, the title makes it sound like Israel deployed it (see other comments - at least a few people seems to have jumped to this conclusion), while it's software that has been purchased and deployed by many countries around the world.
This is a misleading question because we're not talking about any kind of software. This kind of spyware is generally treated like a weapon and only sold to befriended government entities on an expensive per-seat basis. It often falls under arms-control exporting conditions, though I don't know about the specific regulations in Israel.
> "freund was alerted by parliament that the link contained sypware likely made by the israeli company candiru, which was blacklisted by the u.s. government in 2021, according to an email from a parliament official seen by playbook."
"He said, she said" is a common phrase used in English when there are conflicting opinions with little fact. The gender is largely irrelevant. The phrase may also be applied in situations where the conflicting opinions don't come from individuals but instead from ungendered organizations!
The point wasn't about gender, it was that there don't seem to be any conflicting opinions. At least so far, no one is denying that the link was spyware, or that the spyware in question was made by Candiru, or that Candiru is an Israeli company that makes spyware. So there is no he said, she said.
If Candiru were to issue a statement saying "this was not spyware made by us", then yes, it would be a case of he said, she said.
Annex 2 of the 2022 "Pegasus and surveillance spyware" report for the EU parliament lists a number of software names.[1] By looking up the companies or countries who make them you can probably find out more.
For your convenience, I quote the Annex:
Among the various spyware and surveillance products that are on the market, the following are mentioned in publicly available reports: Pegasus by NSO group, Cobwebs Technologies, Cognyte, Black Cube, Blue Hawk CI, BellTroX, Cytrox107, Predator, Candiru, Reign / QuaDream, Paragon108; Dark Basin, Circles system, SS7 attack, Cobalt Strike, FinSpy, NetWire, P6 intercept, Galileo, PC 360, Karma, Epeius, StealthAgent, Crimson, Invisible Man, Unlimited Interception System, Skylock, Windshield, Phoreal, Soundbite, OceanLotus tester, Ocean Lotus encryptor, Ocean Lotus Cloudrunner, Ocean Lotus MAC, Komprogo. Among the companies mentioned : Cellebrite, FinFisher, Blue Coat, Hacking Team, CyberPoint, L3 Technologies, Verint and of course NSO Group.
Why has it dropped to second page already after 5 hours and 223 points/113 comments? It's tech x politics, it's perfectly acceptable and discussion worth having. Deliberately downranked?
Legally, this is very feasible. Here in Sweden we have two laws which are applicable: the law against unauthorized surveillance and the law against unauthorized computer access and the law forbidding aiding anybody in such crimes.
It's only two year's imprisonment, but there's presumably a lot of participants in the exploit development etc.
Like presumably law makers would be target #1 for espionage.
Heck most ordinary people get phishing emails on a regular basis.
Idk, i guess i was expecting something more sophisticated based on the headline than just: spear phishing attempt foiled after user fails to click on the suspicious link.