And why aren't countries that host these companies sanctioned?
What it comes down to is that with NSO group:
1. Israel has access to the best 0-days it needs
2. The knowledge to develop further exploits is maintained within the Israeli intelligence apparatus
3. Israel is able to dominate the digital intelligence apparatus of autocratic regimes and, as a consequence, be able to defend itself against those tools
4. Israel is able to use it as a back channel for establishing and maintaining relationships, as well as exerting power and leverage on those nations
Given that it is an Israeli-government entity, much like the rest of the Israeli government, it is politically untouchable and buried under layers of denial. It's a direct, toxic exploitation of the relationship that Western countries maintain with Israel.
That's a valid question, because hosting such a company is a major diplomatic liability. Why would you consider this question, as you said, a slander?
While the article decries NSO for being nefarious and selling to suspect “authoritarian” countries, high schools here in our democratic US have been buying hacking solutions to spy on students:
https://gizmodo.com/u-s-schools-are-buying-phone-hacking-tec...
This was an iOS 0-day that appears to have targeted iMessage [1] and worked via zero-click, meaning user interaction wasn’t necessary. CitizenLabs says that in one case, the initial vector appears to be Apple’s own servers.
So you’ve got people with modern (if not the latest) phones running the latest software on what is considered to be the most secure mobile operating system and you have highly-targeted attacks that appear to be state-sponsored, with high precision, going after these individuals.
What could education do to help in this case? Literally every single person I know, and this includes some extremely sophisticated security experts, would have been victims here too.
In the abstract, I agree with more training — though I’ll offer that these resources are widely available already in many newsrooms — but in this case, it would have done nothing.
[1]: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hac...
I presume AJ, just like the others, tends to use a lot of freelancers - in fact, they pay out some of the highest commissions to freelancers. Most freelancers are responsible for their own lives.
> Researchers at Citizen Lab said the apparent malicious code they discovered, which they claim is used by clients of Israel’s NSO Group, made “almost all” iPhone devices vulnerable if users were using an operating system that pre-dated Apple’s iOS 14 system, which appears to have fixed the vulnerability.
Edit: and that's almost not relevant to my point - what I'm saying is that journalists aren't inherently technical people, and that the work of reading reports on the latest exploits and vulnerabilities and developing countermeasures should probably go to someone else in their org
They wouldn’t have and they didn’t. This isn’t a scenario where you can blame lack of information or talk about who is or is not inherently technical. It was state-sponsored targeted hacking.
Also it's definitely not slander, they always just seem to get pissy anytime one calls them out.
Should we assume that comments and logs for Hacker News are all shared with the UK Intelligence Community because Paul Graham was born in Weymouth, UK?
Yes, Novalpina Capital purchased a majority stake in NSO Group in February 2019. NSO Group was and still is an Israeli company, with headquesters in Herzliya, Israel. The company will cease to be an Israeli company, when it stops being under the jurisdiction of Israel.
Again, I don't understand how any of this made my question a slander. And why are you mocking the author of the article?
> Should we assume that comments and logs for Hacker News are all shared with the UK Intelligence Community because Paul Graham was born in Weymouth, UK?
HN and Paul Graham are not in the weapons trade business, but yes, you should assume that all of this is monitored, though not because of Paul Graham's place of birth.
Is ARM a Japanese company because it's (currently) owned by SoftBank? Will it be American when Nvidia takes over? Or are they a British company because they are based in the UK?