4 hours agoCreated a post • 367 points @fieryscribe
Anyone notice that this statement from NSO in the article doesn't make sense:
"NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers."
If this is true, how do we have a singular list of all phone numbers penetrated? If there was this type of "segmentation" or firewall between NSO and its clients, why was there this huge central data leak?
NSO is tracking what its clients are doing. It may not be telling its clients it is also tracking them. I wouldn't be surprised if NSO could also access every one of those penetrated devices as well independently of its clients.Reply
Perhaps NSO Group should be considered a terrorism-aiding organization. Freeze its assets, track all their employees, backers, etc.
Wonder if they are even helping to hack US government employees through China, etc. (besides just helping to torture dissidents).Reply
I wonder if Amazon kept a copy of all their images?Reply
I am willing to bet money that NSO Group has multiple AWS accounts, many under several layers of cover.
You can't really spin them up with any significant quota on short notice (ask me how I know, AWS service team) so having established ones with workable limits in advance across multiple cloud providers would be table stakes for any competent spying organization.Reply
I can imagine how an (honest) interview for NSO group would look like. ----------------------------------- So, do you consider yourself a bad person? Don't be shy, say it, we don't judge here. ... Who do you, say, "dislike" the most? Journalists? Politicians? Megacorp CEOs? Activists? Be candid, there is no wrong answer. ... What do we do here? Can't tell you before you sign these papers, or you will have to leave this building by (little) pieces. What's that? ... No, I wouldn't do it, I just do software. But it can be arranged, one of our customers does it all the time...Reply
WTF? Wasn’t it the NSO that hacked Bezos’s and Khashoggi’s phone?
I guess the customer is always right up until the point the widow of your murdered employee goes to the press.Reply
Frontline (PBS)in partnership with Forbidden Stories are doing a report  on NSO hacking the phone of Khashoggi’s fiancé and other journalist and activists around the world. Looks like her phone was compromised by NSO based on the reporting on this video.Reply
This script also pushed ads for a fake AdBlock app that was a dropper for banking trojan apps.
Amazon refused to do anything about it.
> The Amnesty report said NSO is also using services from other companies such as Digital Ocean, OVH, and Linode ...
We've been using Digital Ocean for a few years now (sqlitebrowser.org), and they've been really good. Hopefully they look into this and take some useful action. :)Reply
If someone were to use NSO paid hacking to attack Apple executives's devices and then release everything they found, I bet Apple might take this more seriously instead of having some PR flack write marketing copy. Same is true of any tech company: until it hurts them specifically they can just ignore it or make it sound innocuous. Maybe Amazon has been targeted and they found out.
If someone were to use it against US government entities, maybe the NSA/CIA/etc might decide enough is enough, no matter what country they are in. So far at least publicly it seems like a non-event. But once the phone numbers are identified from that leaked list, things might become more serious for NSO.
People used to fight real wars against adversaries who targeted their country in some way, why should commercial entities supporting such attacks not be treated the same, except via non military action? Spying has always been done, but it can lead to serious consequences.Reply
Everybody is coming down on NSO but why aren’t we asking more about the clients?
Who is spying on “CEOs, politicians, religious leaders, union bosses”? And once these people are compromised, what are they being asked to do?Reply
Shouldn’t there be an outcry against the suppression of free speech?
When Facebook or Google blocks extremist propaganda, it’s a big thing. What jurisdiction’s laws were broken by this company?Reply
Wonder if NSO was involved in that leak of Bezo's phone data awhile back.Reply
Isn't NSO just a poor-man's NSA, since the NSA can force Google/Apple/Microsoft/Amazon/[Any Carrier] to do anything to any number of devices or data, and in secret?Reply