649 comments

[ 3.8 ms ] story [ 325 ms ] thread
Huh, it looks like suing a state-sponsored malware manufacturer doesn't prevent them from continuing to hijack your devices. Live and learn, I suppose.
This is based on Apple notifying the employees based on prior behavior of NSO.
Suing is hardly the same as having the suit decided, grow up.
Okay. Let's assume they do have the suit decided, and they rule in Apple's favor. What next?
NSO is a corporation with US bank accounts and business deals; the courts take its money.
“ NSO says its intrusion system cannot work on phones with U.S. numbers beginning with the country code +1.”

Seems like they just need to add a similar patch for apple ids for emails ending in “state.gov”. Not sure why this is such a big deal.

Come on, think about it. Doesn't work for phone numbers starting with +1? So, anyone who buys the right sim card is immune? A team of professional hackers can't find the if-else in the attack binary that enforces that to disable it? They're selling software to cybersecurity teams on the assumption that they can't crack it?
My understanding is that it's not _just_ a tool, but a whole infrastructure around it that the clients use. So presumably, before deploying to a target, it would need to go through NSO infrastructure, so they could vet there.
> A team of professional hackers can't find the if-else in the attack binary that enforces that to disable it?

It's probably easier than that. Seems like the kind of thing that would be in a config file (making this up, satire):

[No Spying Allowed - please do not change]

# Really, really, don't change this setting. We are not responsible if you do.

+1 # USA

+3542 # NSO Group

> They're selling software to cybersecurity teams on the assumption that they can't crack it?

No, I think they are telling journalists that their hands are clean, and it totally isn't their fault, not in a million years, that their customer changed their software.

(comment deleted)
which is pretty absurd since there's only a vague relationship in the modern SS7/PSTN between a phone's DID and where it might be physically located. In five minutes of work I could have a New Zealand number ring on my desk phone anywhere in the world.
So it doesn’t work on US phone numbers or doesn’t work on +1 country code?

-confused Canadian because we share the +1 country code with USA under NANPA

Canadians go 'yay', finally some benefit of the big brother.

PS: I don't buy the explanation btw

As someone who doesn’t have a +1 number I find it hard to take this comment seriously. But could it be possible that some state department employees work outside the US?
Presumably those phones had Ugandan numbers.
Wait, what about that one time NSO's malware was used to hack Jeff Bezos? Pretty sure he'd have used a +1 ... number.
Is there a timetable when Apple plans to stop using memory-unsafe languages to avoid memory-bugs? If not, how can the amount of zero-days stop with constant development?
biggest issue here isn't memory safety but the dumpster fire of imessage format that calls out to privileged parts of the system
Which is exploitable primarily it by memory safety exploits.

Will it make attacks impossible? Probably not totally. But it might raise the cost of the attack by an order of magnitude or more and certain classes of vulnerabilities might disappear completely.

I'm suspicious of any messaging system that has ties into rich media / embedded-in-chat content. I even wish I could disable URL previews, gifs, and inline images in Signal.
I didn't know it was possible to disable URL previews in iMessage[1] until I read this comment. Does toggling this setting only prevent the preview from displaying or does it prevent the fetch altogether? I wish there were a way to white list the URL previews for certain contacts rather than turning it off all or nothing.

[1]https://discussions.apple.com/thread/7677834

I didn't see a way to disable URL previews in that thread. The given "solution" is wrong -- it just disables message previews in the lock screen.
It's an extremely common attack vector. PDFs, media message, etc. Would it be viable to create a dedicated processor specifically for parsing these things?
And Apple's terrible software and QA processes, like lack of CI or fuzzing, which is why Google Project Zero is discovering flaws for them.
You do know that memory-safe languages are developed using memory-unsafe languages, and eventually execute the binary code on the actual CPU?
I think it comes from that rewrite everything in Rust camp.
A memory safe language can be written in itself.
Most memory-safe languages I've used self-host their compiler and standard library (i.e. they're written in the language itself).
> Most memory-safe languages I've used self-host their compiler and standard library (i.e. they're written in the language itself).

Well, yes, but there is also (usually) a bootstrapping phase before a language is self-hosting, and if you're sufficiently paranoid the 'Trusting Trust' meta-vulnerability comes into play and isn't easily dismissed.

no question that imessage, email parsers, etc that do third party untrusted network type interactions SHOULD be memory safe. But of course they are not, and apple in particular LARDS these formats down with a million features.
Looking at the answers, seems like a NO.
>In a public response, NSO has said its technology helps stop terrorism and that they've installed controls to curb spying against innocent targets. For example, NSO says its intrusion system cannot work on phones with U.S. numbers beginning with the country code +1.

So the point is to stop terrorism and to do that they've immediately ruled that all Americans aren't terrorists. That doesn't seem like a good metric of determining if someone is a terrorist, and makes me doubt their other controls are any better.

NSO has repeatedly shown that their statements are pretty much worthless. It's just damage control. I wouldn't put any stock in the "we avoid +1 numbers" to even be real.
Seriously, they're pretty much the Mark Zuckerberg of their industry.
That is not fair to Mark Zuckerberg.
They're pretty much the General Butt Naked of their industry.
I‘d rather compare Zuckerberg to the Sackler family who knew how addictive and harmful their painkiller Oxycotin was, yet ignoring all evicence, making billions of dollars. Zuckerberg knows how bad Facebook and Instagram is, how harmful to individuals and society alike, yet ignoring that and making billions.

Edit: Replaced „social media“ with „Facebook and Instagram“

Why did you feel the need for the edit? I would agree with the blanket use of social media. Twitter is no better. Do we know enough about the inner working of TikTok to know they aren't doing similar?
> I wouldn't put any stock in the "we avoid +1 numbers" to even be real.

That part I believed. Setting up their software to not target the US seems like the kind of move they'd make. Claiming it's so they don't target innocent people is bullshit.

America (who are effectively the world police) have decided to have pretty poor metrics to determine who is a terrorist, so they set the precedent for this kind of stuff.

Random government officials in Iran cannot be considered terrorists because of a an embassy hostage situation from 50 years ago during a revolution in the country. If they can, then so can nearly every Chinese government official, every current Russian government official who was high up in the USSR, every current official in Iraq and Afghanistan, half the political leadership of Lebanon, Vietnam, etc.

So I just have to buy a US phone to evade detection from NSO? And why didn't that logic work for US State Dept phones?

I'm honestly of the opinion there is nothing that NSO can say that isn't outright lying. This isn't a normal company in anyway.

I remember reading that some Russian (private sector) computer viruses did not attack computers whose language and locale were set to Russia. It's never about ethics. It's always about making as much money as possible without pissing off powerful people and entities.
Crudely, we would say "don't shit where you eat". I've heard from the early (as in, 80's) hacking days some of the people in the US would never hit targets in their own state, as there wasn't good federal-level enforcement nor inter-state collaboration. Of course that would backfire today because you're immediately commiting crimes across state lines...
I had this with a Chinese app. Works well on a Chinese language phone, downloads an extra package if not.
>And why didn't that logic work for US State Dept phones

They had Ugandan numbers, as they lived in Uganda.

Phone hardware is not tied to any particular number.

So you just need a SIM with a US number and use that for all your evasion needs.

Yeah, this.

They started off with the arrogance of a liar who thought they were immune from consequences. Now they're looking more like the kid who is actually in trouble only now realizing nobody trusts them to identify the sky color, let alone defend themselves.

Anything and anyone coming out of that shop is tainted.

* A US Phone will route your call via NSA servers[1], so yeah thats OK from the US governments side

* Publicly at least, NSO acknowledges there are state level agreements, the latest one with France, to block entire country codes from Pegasus (in return, France has stopped all legal action against NSO)

* According to Israeli Channel 12 reporting on this tonight, the official NSO response also includes the statement that the accused numbers in the report were not +1 numbers. Their so called "customers" were targeting US government employees using African area codes. NSO claim they have completely disconnected said customers from the system

[1] https://en.wikipedia.org/wiki/Room_641A

> And why didn't that logic work for US State Dept phones?

These were Foreign Service officers stationed in Uganda, so their phones had local Ugandan phone numbers. Some of them were working out of DC but - given the nature of the State Department (which is like America's foreign affairs department) - probably traveled very frequently and so maintained a Ugandan phone number as well, to save on roaming fees when making calls in Uganda (saving money for the taxpayer) and also so Ugandan officials can contact them easily.

This is not unlike Apple hardware engineers who travel frequently to China and have a Chinese number in addition to their main US number, so people in the factory can communicate with them easily.

> So I just have to buy a US phone [number] to evade detection from NSO?

This is NSO's claim. Presumably because they want to make it difficult for anyone to sue them in a US court. It's plausible but I don't necessarily believe them either.

I want this company bankrupted out of existence, personally. Apple's lawsuit against them may well result in that outcome.

Reminds me of how some ransomware looks for if your default keyboard language is Russian. If so then it exits, doing nothing.
> the point is to stop terrorism and to do that they've immediately ruled that all Americans aren't terrorists

The alleged point is to sell software that stops terrorism. Pissing off America is a good way to stop being able to sell your software.

These people are in for a world of hurt, the State Department tells the CIA what to do.
(comment deleted)
> State Department tells the CIA what to do

Your broader point is correct, but no, it doesn't. The CIA is an independent agency [1]. It reports to the DNI [2].

[1] https://en.wikipedia.org/wiki/Independent_agencies_of_the_Un...

[2] https://en.wikipedia.org/wiki/Director_of_National_Intellige...

Yes, but who dictates where and how they can play overseas?
> who dictates where and how they can play overseas?

The Director and Deputy Director of the CIA.

I'll simply disagree.
Heh, that showdown sounds like it would make for a hell of a book decades later.
NSO has a deal with US Telecom to grow its market share throughout the world and hence the +1 statement. /s

Maybe NSA wants every important call goes through USA network (and hence a deal with NSO) - makes the job easier for three letter agencies.

Funny enough this reminds me of the ransomware that doesn't work if a cyrillic keyboard is installed. https://krebsonsecurity.com/2021/05/try-this-one-weird-trick...
Someone else linked that one, it's hilarious and unsurprising really. Lots of people purposefully avoid certain OSes (mostly linux distros) as well out of respect NOT because of population/userbase of the OS. Lots of discussion on worm/trojan development forums over the years.
If you are a Russian hacker, you probably don't want to piss off a Russian mobster who has the capability to take you out, and the contacts within Russian intelligence to identify you.
"We promise we don't work on numbers with +1" :wink: :wink:
As an obvious statement: I think this should be interpreted similarly to some ransomware not infecting devices with RU keyboards: it's just about avoiding difficult regulatory environments.

The analogy, of course, goes further. Though unlike most ransomware companies, NSO has British and American VC funding.

(comment deleted)
I'm waiting for the day that the US declares a foreign corporation as an "enemy combatant", as they have done with foreign citizen wahabbist jihadis and US citizens such as Anwar Al-Awlaki.

Given the extent and depth of US-Israeli cooperation and ties, the precedeing theoretical is probably going to remain in the realm of theoretical.

They basically declared the embargoed Iranian corporations as enemy combatants a while ago, if that's what you mean.
Didn't they get pretty close with Huawei when the previous president issued an executive order in response to state spying fears that:

* banned the sale of any of their phones or networking products in the US

* banned US companies selling product to Huawei

* cut funding to wireless carriers using Huawei equipment

...and then pressured allied countries to do the same?

The investigation into Huawei was going on for many years prior to 2016. It's not exactly an initiative of the previous president.

I sat in briefings about Huawei and ZTE in 2007. Regretfully can't say more.

Are you personally upset about the clear intelligence failures and extrfiltration of protected information?

I've grown up watching this unfold and I'm shocked that the power groups seem to be so ineffectual at times that it's laughable(but that may be by design...)

It's an absolute shitshow from top to bottom. The people who know what they're doing in intelligence/counter-intelligence agency infosec/netsec (and within major DoS and DoD contractors) have been fully aware and ringing the alarm bells for years. The technologically unsophisticated politicians have been mostly ignoring it.
how much of the ignorance is willful?
You'll know when the stock trades are released.
> Didn't they get pretty close with Huawei

No, given that jihadists were kidnapped, tortured and murdered - all of this illegally.

NSO's PE investors are big-time American and British funds.

Just sayin'.

According to Wikipedia, NSO is owned by by its two founders Omri Lavie and Shalev Hulio and Novalpina Capital. According to Sky News Novalpina Capital is getting liquidated and their stake in NSO will be sold to a third party: https://news.sky.com/story/pegasus-spyware-owner-novalpina-t...
Right. I can’t tell if you’re agreeing with me or not. :)

Prior to Novalpina, it was Francisco Partners.

Point being, NSO has received huge amounts of money from the kind of people who, well, YCombinator founders seek out.

Yes, but it is not Francisco Partners now so it appears there is no "big-time American fund" involved and the British one appears to want to get rid of its stake.
From the side-lines this thread looks like:

- md: X and Y are deeply involved in this company

- yiu: No they are not. X cleanly destroyed all the papers and officially ask we don’t talk about them. Y is a bit late but will finish cuting ties in a minute now.

This implication is about who would care if NSO gets shut down. For that, current investors are what is relevant. If someone already divested they don’t care and wouldn’t pull strings to keep the company around.
Agreed. I find many of the responses unconvincing. They are in many ways exactly what you'd expect. Sure that doesn't prove anything directly, but on these matters having direct and public proof is the exception not the rule.
That's pretty much what they did with NSO, which is getting the Huawei treatment:

https://www.theregister.com/2021/11/03/us_sanctions_spyware/

reportedly, this has created havoc on NSO, since for instance none of the cloud providers can sell services to them to host their zero-days, among other logistics headaches. Their recently hired CEO resigned.

What's the consequence for destabilizing governments worldwide? Logistics headaches? Got it.
The NSO guys are in it purely for the money. IIRC there was a deal on the cards for some investors to buy the company that fell apart because of the sanctions, so the NSO founders can no longer cash out.

As for destabilizing governments, they are doing the opposite, they are helping authoritarian governments worldwide crack down on journalists and dissidents, or murder them in the case of Saudi Arabia and Jamal Khashoggi. Reportedly, after the Khashoggi murder, NSO yanked the Saudi account but was forced to reinstate it by Netanyahu who was pursuing diplomatic relations with them.

The episode of Darknet Diaries on NSO was very informative.

https://darknetdiaries.com/episode/100/

I knew about Israeli security consultancies putting out stringrays and phone cracking tools, but I did not know about NSO. He has a good interview with one of the lead devs.

correction the interview isn't a lead dev of NSO but from a third party who investigate malware attacks on reporters etc
Good point. Although i think the preceding comment was using "destabilizing governments" as a catch-all for non-democratic and morally dubious activity.
> I'm waiting for the day that the US declares a foreign corporation as an "enemy combatant"

It’s particularly interesting to watch as the company is based in a country that is a very close ally.

Ignorant question: is Israel literally an ally of the US? I know they are not in NATO or 5 Eyes, and I don't think they have some other close agreement, like US and Japan.
Israel is a client state of the USA. They are America's enforcers in the Middle East.
That's factually wrong. Israel is it's own full state.
The relations are green hearts, and the U.S. is guaranteeing independence.
Israel wouldn't last a year without the unequivocal support of the West.
They have had consecutive Memorandi of Understanding that promise security collaboration and funding. The current one is a 20 year treaty that promises $38B in spending and expires in 2036.
> They have had consecutive Memorandi of Understanding

Memoranda, AFAICT?

Lol, yeah, that's how to pluralize that correcty.
Despite not being in 5 eyes, Israel does get special treatment in the form of raw intelligence data from the US.

>The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.

>According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications.

>While NSA documents tout the mutually beneficial relationship of Sigint sharing, another report, marked top secret and dated September 2007, states that the relationship, while central to US strategy, has become overwhelmingly one-sided in favor of Israel.

https://www.theguardian.com/world/2013/sep/11/nsa-americans-...

Just declare them a terrorist organization.
This isn't War on Terror-adjacent - it's a local repressive government catching embassy workers in a dragnet while spying on the opposition. The full security-state treatment will not be in effect. Still bad, though!
I thought the exploited holes were patched by iOS at some point. How are these phones still getting hacked?
People are notoriously bad at keeping their devices up to date, with some even intentionally disabling updates. This can be prevented by the IT department having MDM profiles with strict update enforcement in place, but I don’t have much hope that the IT department of any given US government office is particularly capable or competent.
The article doesn't say if they were personal or work provided phones. Many people living/working overseas have work and personal phones. Also, almost all of those with personal phones get a local SIM, so they'd get a local non-US (not +1) phone number. I used to be an IT admin with DOS overseas. Updates were enforced, and phones were disabled if they were not upgraded to the most recent version. Starting in about 2019, mobile device security went into overdrive and is very serious now. Additionally, the MDM profiles are quite limiting, so this pushed most people to get personal phones. A huge pain for records retention.
Because there is a never-ending supply of vulnerabilities in our smartphones.

A system this complex can never be secure no matter what google/apple PR dep claims.

Exploits are now a multi-billion dollar market. And iPhones can be obtained worldwide. You just need one person with questionable morals, good hardware hacking skills and a need for some hefty payout.

There's a lot of buyers, Five Eyes, China, Russia and naturally companies like NSO.

In past exploits were used for jailbreaking. Now they can be sold for 6 figures. The incentive to report vulnerabilities or even use them casually for jailbreaking has gone way down. I think the only way would be for Apple to offer 6 figure pay outs for the exploits. Maybe they could get a tax write off.
This is being publicized only now.

The issues were patched in September, the exploit was being used as of February, and it took some time for someone to notice that an @state.gov Apple ID was among the compromised phones.

Seems like not-the-smartest move for Israel to mess with one of the few powerful entities that desires its continued existence
and the one entity that give it wagons of usd.
There is 0 popular support for Israel and their "religion of peace". Biden got in soooo much trouble for saying he would divest during the election.
This is just another incident in a long list that goes back decades of Israel getting carte blanche to do whatever they want to the US with little to no repercussion. The most famous probably being USS Liberty (https://en.wikipedia.org/wiki/USS_Liberty_incident)
Really? Have you actually read the Wikipedia page you're referring to?

50 years ago during a full scale war with all surrounding countries, Israel accidentally (as determined by US investigation) hit a "spy-ship" near Egypt (one if the countries participating in the war).

Israel subsequenly paid around 70 million $ in compensation for the families.

Everyone knows already nothing will happen, they will get slap on the wrist as usual and show goes on.
(comment deleted)
Or the smartest move. They probably own more politicians than the NRA, the pharma ind, and and the aerospace ind combined.
> NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled the relevant accounts and would investigate based on the Reuters inquiry.

Why would they cancel accounts without knowledge of wrongdoing?

Because the US government is one of the few groups that can put real pressure on them and they're in full panic mode
And simultaneusly:

- not have any indication their tools were used

- canceled the relevant accounts

Which "relevant" accounts if NSO's tools weren't used?

I think it's pretty clear by now that they have 100% visibility into the entire exploitation chain for all of their customers. Their "official statements" mean nothing.
Well since they do the exploitation on behalf of customers, yes?

NSO is very popular with governments that don't have robust domestic intelligence because all you have to do is type a phone number into a web form and in anywhere from an hour to a week you get a point and click GUI for accessing the contents of the phone.

> all you have to do is type a phone number into a web form and in anywhere from an hour to a week you get a point and click GUI for accessing the contents of the phone.

You have a source for this? I genuinely want to know if they make it that simple

Publicly? No.

Should all come out in the Apple lawsuit though.

Edit: Rereading the NSO statement they said they blocked exploitation of numbers starting with +1. Take that to mean whatever you'd like.

You should listen to darknet diaries podcast about NSO group activities
I understand that, but they have repeatedly denied that this is the case, which is simply absurd.
My thought was that the customer runs the server provided by NSO. I though the web form is running off of a webserver in a building owned by the customer.
I used to work for an ISV in the finance industry. Most of our customers ran our stuff on their own servers in their own data centres, but we had direct logon to the application user account to manage the application config, do software upgrades, investigate issues, etc. A few of our customers preferred to support the software entirely themselves, we had no access and ran training courses for their support teams. I wouldn't be surprised if NSO offer a similar range of options depending on the client's budget and technical capabilities.
Presumably the full accusation is "Entity ABC used NSO tools for XYZ". So the reaction was to cancel ABC's account while NSO investigates whether ABC actually did use the tools for XYZ, or whether ABC was only using them for other (approved) purposes.
Regardless, NSO rules over international law.
No, it means that NSO takes customer complaints seriously, especially a customer as important as the US. They operate under Israeli legal jurisdiction, and probably have an existing relationship with US firms, public and private, and I don't think the Israelis would hesitate to take whatever action the US wanted, because it benefits them to "play nice" and be cooperative. It kinda sucks for them in this case because chances are this is evidence of in-fighting between US agencies, and NSO tools are in the middle.

FWIW "international law" is its own thing and doesn't work like normal law; in truth every nation by default "rules over international law". When was the last time you saw an "international law" trial or saw a nation punished?

> When was the last time you saw an "international law" trial or saw a nation punished?

Mid-to-late 1990s, den Haag, Serbia?

Shrödinger's moderation. NSO has this magical zero-knowledge technology that:

- When questioned about a specific malevolent client misusing their data, they cannot be held accountable because the client is running the ops and NSO has no access.

- When asked how they ensure that clients in general don't go rogue and misuse (i.e. human rights & international law abuse) their service, they assure you they monitor them and turn off their access.

This is in Uganda.

NSO sells only to governments and law enforcement agencies.

Therefore, the relevant client would be the Ugandan government.

Aside from that obvious contradiction - this also indicates that the tools they deploy are either NSO hosted or use a licensing system to run.

There was a recent Darknet Diaries episode that reported evidence that at least some of the NSO tools are hosted services.

I can't imagine something like this not being in the cloud. The potential for a customer to give their local NSA/8200 the tool to figure out the 0days used is too large

Pegasus is only as good as its 0days are secret

(comment deleted)
> I can't imagine something like this not being in the cloud. The potential for a customer to give their local NSA/8200 the tool to figure out the 0days used is too large

Heck, forget about bothering to extract 0-days; if you have access to the binary, straight-up warez techniques would be applied to nerf any restrictions (licensing or otherwise) on the operation of the software, as well as any monitoring functionality that can "phone home".

Couldn’t you hack your own phone and somehow log traffic to get the exploit used?
Yes you could. You could even use a fake phone which is wired to log everything. A lot of malware attempts to avoid VMs and stimulated environments but the actual 0 day would be before that point.

If a state sponsored party really wants to find these zero days I'm sure they can. I would imagine that this is more like what happened with EternalBlue: it's something they know but don't report because it's useful to them too.

Remember that this group's tools have been used to murder journalists, which they are unapologetic about.
Dead journalists can't close them down, but the US government can.
I think that remains to be seen.
> that remains to be seen

Oh man, for purely comical purposes I would love to see NSO actually believe that.

In principle, America could drop Hellfire R9X sword missiles through the cars of every NSO employee. In practice, would American politicians have the nerve to go to war with NSO, when NSO probably infected all their phones years ago? How much dirt do they have on American politicians?
So you think because NSO breached a few state department phones that they have the deep dirt on every sitting congress member?
You think the iceberg is coincidentally only as deep as what we've presently heard? That we didn't have the full story yesterday, but today we definitely do?

Well I hope you're right, but I don't think you are.

Well how do you know the NSO hasn't replaced the sitting US President with a very convincing android?

I mean, they are a very skilled set of engineers. You seem to grant them being able to hold onto very powerful secrets and use them for active blackmail. You even believe they've been operating actively against the US government for several years.

If they can do all that, then replacing the sitting US president with a very convincing android isn't much harder! It is just as likely as the situation you propose.

NSO is skilled at hacking androids, not making them. You know that; you are arguing in bad faith.
I can believe that a foreign hacking group, who can zeroclick the most widely used personal device to obey a remote control center, who sells this service to totalitarian regimes and to corrupt governments, has exfiltrated as much data as they can. They are careful enough to cover their tracks as part of the service.

What I cannot believe is you dismiss concern over ongoing security risks, however exagerated, by suggesting a head of state might have been replaced by an android. Please don't troll.

I doubt we will see convincing androids in any of our lifetimes.

How about this senerio though.

I heard our President yak about his accomplishments this morning. I was half asleep, but felt his voice sounded different. I thought maybe just hoarse, or I was wrong about his voice.

I was thinking about his appearance. I don't know if I would recognize him if he walked up to me on the street without the suit.

Ok the Hollywood script.

Joe biden goes into a hospital. He only wants certain Secret Service personnel around.

His boy, and wife, are tragically killed in a plane accident.

Joe decides he needs grieving time.

The year before all this happens the NSO finds a lookalike Joe Biden, and performs all the necessary surgery.

A few more weeks pass, and the switch is performed. The real Joe is gone. The fake one is in power.

Then China, or Russia, have control.

(I guess if there was suspicion--the FBI could perform a dna test though? I think someone did this in a movie.)

Watch the movie "Snowden" if you're actually in disbelief and not disinformation.
>You think the iceberg is coincidentally only as deep as what we've presently heard?

No, but I think the US intelligence agencies are fully aware of where they're hiding the iceberg and could destroy it before it rises to the surface.

(comment deleted)
> that they have the deep dirt on every sitting congress member

Not all but do you really believe that the NSO group wont have some blackmail material on at least some US politicians?

> In principle, America could drop Hellfire R9X sword missiles through the cars of every NSO employee.

The next step isn't to blow them up, the next step is to sue them.

I just assume the IDF and Shin Bet would like to be the only ones who blow up civilians in Israel, but I can't think of a single reason why the Israeli government would oppose an extradition request if they were presented with evidence of cyber-whatever.

> can't think of a single reason why the Israeli government would oppose an extradition request

Because they want to foster such companies, and not deter people from founding them by showing them that they will be extradited to the US?

> they want to foster such companies

If that's true (which would be disappointing when you consider what "such companies" means in context) I assume the Israeli government already have "entrepreneurs" ready to jump into that market if they haven't already. "Showing them that they will be extradited to the US" if they fuck up in a conspicuous and public manner that is problematical for Israel and her allies might be considered a win by everyone involved except the NSO executives involved.

Of course, politics is complicated and NSO might have powerful friends in government. Or the Israeli government might be complicit in some ways that they really don't want to become known. So who the hell knows?

> I can't think of a single reason why the Israeli government would oppose an extradition request if they were presented with evidence of cyber-whatever.

If an American company would get caught doing the similar, would US allow extradition request of those people to some other country?

…if they were presented with evidence that crimes were committed?

This is what extradition treaties are for. The specific laws involved and the evidence matter a lot.

> I can't think of a single reason why the Israeli government would oppose an extradition request if they were presented with evidence of cyber-whatever.

Except the really obvious detail that most normal countries won’t extradite their citizens? Israel loosened up their laws on this a bit after the Sheinbein affair, but extraditing resident-citizens remains a rather unlikely prospect.

> Except the really obvious detail that most normal countries won’t extradite their citizens?

I can’t even guess why you’d believe that. Participating in extradition treaties is the norm, not the exception.

All I can do is suggest that you look into this a bit more.
Really, all you need is a subtle suggestion to the Israeli government that the hundred billions or so dollars they receive from the US every year might be impacted by continued NSO bad publicity.
that number is way off, and the money they "receive", is specifically for use with US defence contracts and deals.. Its like Disneyland giving you Disneydollars.. You can only spend them at Disneyland.. It is a way for the US military-industrial complex to stay afloat.. And it is a drop in the bucket for Israeli Defence spending, and would make little difference if they took it out.
It somehow keeps the US military industrial complex afloat while being a drop in the bucket for Israel?? You may be biased.

Threat of removing 20% of Israeli defense budget [1] would hypothetically be plenty enough to apply serious political pressure, and thats just the money, forgetting the political support and the deterrent US support provides them.

[1] https://usafacts.org/articles/how-much-military-aid-does-the...

Pretty sure it's not a "drop in the bucket" (somewhere around 20% I read?). There's also a massive opportunity cost when you consider the profit to be made from an arms race in the middle east should the US treat all countries in the region equal when it comes to arms sales. Pretty sure that would net far more for your military industrial complex than the long standing preferential Israeli treatment. It would also obviously be disastrous for Israel, so that's some serious leverage. (Note: In case you think I'm promoting this idea, I actually believe ANY arms sales to the region, Israel included, has been a horrible policy).

The US and Israel are in bed together for better or worse. It's actually really embarrassing that Israel has allowed NSO Group to operate at this level, and influential US politicians could destroy NSO Group in a heartbeat if they actually wanted to.

>(somewhere around 20% I read?).

its closer to 3%

Again the US provides comparable military aid to Egypt and Pakistan too.. NSO is not the Israeli government

In fairness, the net result of this exchange is still something like, "Disneyland gives you a free hamburger." And by hamburger I mean "tank" or something.

Well that, and the hamburger vendor buys a big house in the DC metro area. And everybody else's ticket prices go up a little.

But still, draw a control volume, and it's just hamburgers flowing out.

Only if you can find their remains
We should have cut down our tax payer aid we give Israel if they (NSA) don't inform our FBI/CIA of every aspect of their business in excruciating detail.

Hell--we should have cut of Israel's charity years ago.

I'm beginning to wonder if we should have buddied up with Palestine.

I don't think the US really cares all that much if Saudi Arabia cracks down on dissidents. It's only bad if Russia or China does it.
It seems to me their entire repeated justification is to pass the buck to foreign governments that buy their product. It's like the 4th time I've seen this company pop up in my newsfeed in the last 6 months, every time a similar story. I wonder when enough is enough for whoever holds authority over them
They canceled them because “How about this weather, Janet?

That’s right, Bob! It’ll be a cold one this week. Sportsball is next.”

What weasel words?

Sounds like NSO Group is about to be served a subpoena.
Presumably they wouldn't want to be associated with people who do this sort of thing. (Not neccesarily for ethical reasons, its probably just bad for business)

I mean, they could also be lying, but its also pretty standard business practise to not work with people who bring your reputation into disrepute. For example, consider how hard it was for parler to get hosting.

How do they know that their tools are not used, but know which accounts hacked the phones?

Also in other stories they have claimed they do not track who does what.

Because who else is going to be plugging Ugandan phone numbers into NSO software other than the Ugandan government?
> Why would they cancel accounts without knowledge of wrongdoing?

I’m not saying that they don’t have that knowledge, and I really don’t mean to offend or be rude, but if the US government asks something of you, you tend to comply wether it’s reasonable or not.

I think it’s naive to think of ourselves as living in a just world. Post 9/11 the CIA abducted European citizens with the knowledge of our governments. In more recent years, here in Denmark we had a rather huge scandal when it was revealed that changing governments had allowed American intelligence services direct access to the backbone of our national internet. The list goes on.

Its of course unfortunate, but the world we live in is basically a huge turd of authoritarian bullshit where the users and customers have no actual enforceable rights.

I mean, even on a much smaller and much more harmless scale, just consider how many times you’ve read about someone losing their Google account here on HN.

> I think it’s naive to think of ourselves as living in a just world.

The US military entered a foreign nation without their knowledge or authorization, abducted a resident, took the resident out to sea, placed a bag over their heads, put concrete shoes on that resident, and then dumped them overboard with no witnesses other than the "Seal Team" carrying out the order.

No trial. No witnesses. Only abduction, seclusion, and murder.

That's not justice. Those are Mafia Tactics. ___

Does this remind anyone of anything? A Mr. Al. A Mr. Al Capone perhaps? That's right. One of the world's most infamous gangsters, mobsters, crimelords, did this very thing to individuals that Capone didn't want talking to the press, the government, or anyone else that would listen.

This is mob-boss behavior, and the US Government does this now.

Oh, how about the unlawful imprisonment of 100s of detainees at Guantanamo Bay in Cuba?

Secret courts, whose authority is far-reaching with no citizen oversight whatsoever.

Yeah the US Federal Government, since 9-11, is a bunch of mobsters with guns. There is no difference in the way our Federal Government acts now, and how 1920s and 1930s mobsters act.

Any human being that doesn't recognize the similarity is deluding themselves into believing so.

How did you learn about this incident which had no witnesses?
GP's obvious hyperbole and distortions are obvious.

That said, this is among the weaker rebuttals which could be offered. (See my own response in thread.)

This was in response to acts of war and unprovoked attacks against the United States mainland with both military and civillian targets by an individual who had made a specific declaration of war against the U.S.: https://scholar.dickinson.edu/faculty_publications/277/

Comparing that speific case to failure to follow proper criminal procedure and rule of law is disengenuous to the extreme. There are many criticisms which can be made of the US response to (and other actions after) the 9/11 attacks. The assassination of the leader of the irregular forces aligned against the US is not one such. Numerous other instances would have made for a vastly stronger argument.

The fact is that there is no clear dividing line between acts of war and criminal acts --- recognised among other ways in the phrase "war crimes" itself (which might be applied both by, and against, the United States).

The situation in Guantanamo is far more valid.

The case of drone warfare and strikes another instance.

It's worth noting that the US is hardly alone in these tactics, and that irregular and extrajudicial killings are in fact a major element of the considerations in the case of Al Qaeda, at least some of the Guantanamo detainees, and drone strikes.

The real world is messy.

That said, I'd disagree with your conclusion on lack of difference, moralising, invective, and hyperbole notwithstanding.

> This was in response to acts of war and unprovoked attacks against the United States mainland with both military and civillian targets by an individual who had made a specific declaration of war against the U.S.

Since when do individuals wage "war" on nation-states?

(And no, if the only counter-examples you can come up with are 18th-century pirate chiefs and tiny Carribbean islands you've failed. We're talking 21st-century USA here.)

> Comparing that speific case

Which "specific" case? The GP mentioned hundreds of Gitmo prisoners, several of which have later been shown to be completely innocent victims of mistaken identity.

> to failure to follow proper criminal procedure and rule of law is disengenuous to the extreme.

If anything is "disengenuous to the extreme" here it seems to be your defense of the USA's recent practices.

What I wrote was "acts of war" and "specific declaration of war" by the individual in quesiton, with a link to the citation. If you have any issue with established historical fact, that's your own concern.

Decapitating a specific cult of personality has been an effective method of eliminating it. Which also proved successful in the case of AQ.

(Yes, there are new emergent threats and groups, including several previously associated with AQ. I also said that the real world is messy.)

The specific case I was discussing, and I really hope I'm not so vague in my dotage that this wasn't crystal clear, was the 2 May 2011 attack on Osama bin Laden's compound resulting in his death.

What I defended was a specific instance, while acknowledging concerns and issues in other areas. Both you and imbchillyb are displaying a lack of such naunce. The US is vast and contains multitudes, some defensible, some not. It cares little for what I have to say.

Refreshing your memory: https://forum.iwethey.org/forum/post/8257/

obLRPD: Powered by sporks.

> The specific case I was discussing, and I really hope I'm not so vague in my dotage that this wasn't crystal clear, was the 2 May 2011 attack on Osama bin Laden's compound resulting in his death.

Nope, certainly not crystal clear: You were replying to a post that mentioned, among other things, the Guantanamo internment camp, and airily said "this" case. I saw no specification there of which case, exactly, that was supposed to be.

Yes, the USA may be vast and contain multitudes, but even you talk about "the US": In the end there is only one of it, and when the USA as a nation-state does stuff then it's the USA, singular, as a nation-state that gets discussed and criticized. Just like here. I hope I'll never get so fuzzy in my dotage that I'll let sich disingenuous attempts at obfuscation slip by.

Hm... Pseudo-helpful hint/ reminder; feels like about 50/50 past and current posters. I'd already concluded neither extreme of Box or Ash, for rather obvious linguistic reasons. Been considering alumni like RM, DRL, KMS et al, but this feels more like currents such as RC, SK, or SA. Or perhaps AG; I notice that his recipe -- besides the formal declaration being severely watered down -- was pretty much what the US (singular, as a nation-state) went with.

I don't have your email; you have mine.

I've told you specifically what I was referring to, and you are continuing to dispute what I was telling you. The same vagueness applies to imchillyb's comment, yet you seem to find no fault with that.
Why do you think that "told you specifically what I was referring to" defines the discussion? Who died and bequeathed it to you alone? imchillyb explicitly mentioned stuff -- yeah, lots of stuff, including among other things false internments at Guantanamo -- so pointing out that your claimed "debunking" does not at all debunk those isn't "vague" at all. Any "vagueness" in their comment is only in your head.
Of the very few topics I consider myself an ultimate authority on, my own mental state and intent is a prime instance.

I may not have communicated effectively. And in discussion with you it seems I'll never be able to.

But I know what I intended to communicate, and have stated what that is, repeatedly.

You seem bent on steering the conversation to what you wanted to hear me say. Which seems to be a premise founded on precisely the weak foundation you criticise me for.

Really, we're done here, Christian.

If anyone who seems bent here, it's you: Bent on dictating the terms not only of what you are talking about, but what everyone is.

But yeah: As long as you think you get to define what the conversation is about by what you "were referring to", yes Doug, we're done here.

Concisely: AQ runs Afghanistan, now.

So, it was difficult to finish your comment.

My understanding is that it's the Taliban, and a cursory check of credible references supports this. That's a group formally alligned with AQ, but distinct from it, again, via credible references.

Other active entities include the Islamic State (ISIL / Daesh), and various organisations largely funded / supported and/or organised around Iranian, Syrian, and Palastinian interests.

Please note that this is not an area of personal expertise.

> That's a group formally alligned with AQ, but distinct from it, again, via credible references.

Actual "formally", or "formerly" (or both)?

Still, the Mossad is one of the agencies who can keep pace with the CIA when they put their mind to it. Nonetheless, if you're not directly an agent, no sense putting yourself in the middle of a spy war.
The victims will be pleased to learn that they're all terrorists and criminals, as NSO keeps asserting that their spyware is only used against those.
I wonder if we would be hearing about this if NSO had paid its 30% to Apple in the first place.
One settler colony hacks another settler colony, the one that had co-sponsored its creation along with Britain, the mothership of all settler colonies. Honor amongst thieves? No such thing.
A book came out about a year ago by a fantastic academic about the history of settler colonialism by Israel in Palestine [1]. I'd suggest anyone who wants to learn more about Israel and values referenced record of history. The book is very well written, referenced (a sixth of the book is references) and comes highly regarded.

[1] https://www.amazon.com/Hundred-Years-War-Palestine-Resistanc...

Your comment has nothing to do with the article. Stop shoving your sick agenda down our throats and save your "links" to yourself
Whoa - you can't attack another user like that here, regardless of how strongly you disagree. We ban accounts that post like this.

If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.

I don't understand the focus on NSO in these stories. If U.S State Department personnel in Uganda were shot from an M-16, would the headline mention "an American arms manufacturer"? No, because it's ridiculous.

For better or worse, NSO's product is a weapon. How is it any different from an M-16? Where is the outrage towards the people who used this weapon against the State Department?

It's my understanding that NSO runs centralized command and control servers that their "clients" are granted access to, for both the on-device payload installation and also data exfiltration.

They do not give the software to their clients to go use somewhere in the world fully independently (self hosted payload dropper, C&C, etc)

They're a direct participant in the network traffic. Unlike a dumb purely offline piece of hardware like a M4 rifle or similar.

So selling an F-15 to the Saudis (like the U.S is doing in droves) is more morally justifable because what exactly..? After the plane is sold the Saudis are independent with it? (they aren't really btw. I'm sure there's maintenance and buying parts etc).
I am also not in favor of selling advanced weaponry to the saudis or pretty much any non-democratic regime. The US has a very poor historical track record of supporting strongmen that do brutal things. Pinochet. Suharto. MBS. I could write a very long list.
None one else was talking about F-15s or drones in this thread. The only mention was of weapons that even civilians can buy is some countries and do not come with a support contract attached.

IMO the US selling F-15s or drones to the Saudis is very similar. The US shouldn't be supporting the Saudis murdering civilians with F-15s, and Israel should not be supporting hacking tools that enable other governments (or private organizations) to murder people they dont like.

(comment deleted)
> I don't understand the focus on NSO in these stories

What's to understand ? It's an Israeli company. Enough said. If it was an American or German company no one would have cared. Why the obsession with Israel? It's a complicated phenomena. I think it has to do with the role Jews played in Christianity (Jesus' death etc) and the holocaust but that's just my 2 cents.

Is there another popular spyware company being used by rogue states to perform terrorist attacks?
What is your definition of rogue states? The U.S sells weapons to the Saudis in hundreds of billions https://en.wikipedia.org/wiki/2017_United_States%E2%80%93Sau....

So I should believe the U.S thinks it's OK to sell F-15 planes but not OK to sell software? I'm gonna assume yes, there are probably other players in cyber warfare who sell to these countries, probably also the U.S.

> the U.S thinks it's OK to sell F-15 planes but not OK to sell software?

The U.S. thinks it's okay to sell F-15s that don't attack Americans and not okay to sell software that attacks Americans. As a, granted, American, I'm not seeing the incoherence.

Attacks Americans? Come on now, don't go overboard sir.
> Attacks Americans?

I was delineating why the U.S. is fine with selling weapons to e.g. Saudi Arabia but would not be happy about those same weapons being sold by Russia to Iran. You seemed confused on that point. There isn't a grand philosophy. It's international relations. It's anarchy. The U.S. government promotes American and allied interests.

Separately, yes, if you're hacking the State Department, you're attacking the U.S. This is consistent with how cyberterrorism is treated by DNI since at least 2014.

This wasn't done by NSO knowingly. I have no reason not to believe them on that, they have a financial and strategic interest not to piss America off that bad. Also - Uganda is not Iran, it's a friendly country. Unfortunately someone there decided to use it against American diplomats which is unfortunate.
> This wasn't done by NSO knowingly.

In the past month or so, there was a front page story on HN about NSO and a journalist, detailing evidence that NSO-controlled servers served up the exploit to the journalist's phone. This suggests that the NSO group has less of an arms-length relationship with their clients than they let on. It seems that at least for some clients, they're running some variant on exploits-as-a-service.

That still doesn't mean they knew about this. How would they even know it were American phones? Its very possible it were some IPhone with a Ugandan sim card. How do you know who's using it - do the Ugandans tell you? It's a very real possibility NSO servers simply show some Ugandan number. I have no more knowledge on this than anyone here but I don't find it realistic NSO would take this chance.
> doesn't mean they knew about this

Mitigating but not exonerating. (Also, unknown and possibly unknowable.) NSO are still selling cyberweapons hitting the United States. If they didn't give a shit about keeping an eye on their kit, that's a negligent gap in oversight by Jerusalem.

It's a good thing we have a talking-not-shooting relationship with Israel. The U.S. would be within its rights to launch a proportional counterattack were that not the case. If Israel doesn't deal with this properly, there's a decent chance we'll see calls for criminal penalties and targeted sanctions.

Got it and we don't even mention Uganda in all of this. Makes sense.
I didn't say that they knew. I was saying "This wasn't done by NSO knowingly." isn't necessarily true. I think I was pretty clear about the fuzziness of the evidence as it relates to this specific case.
DarkMatter seems to have done basically the same as NSO, except with an even more explicit US connection.
> DarkMatter is under investigation by the F.B.I. for crimes including digital espionage services, involvement in the Jamal Khashoggi assassination, and incarceration of foreign dissidents.[28] The F.B.I. is also investigating current and former American employees of DarkMatter for possible cybercrimes.

Doesn't look like they only target Israeli companies.

The US provides substantial financial, military, and political aid to Israel, that it does not provide to Germany.
The U.S basically protects the whole of Europe by subsidizing NATO. It's probably in the trillions. Sorry but Trump had a point there. What it gives Israel is peanuts compared to that. Without U.S support to Europe who knows what happens, maybe the Russians and Chinese start looking at Europe as easy prey to pick on. Also the obsession with Israel isn't a uniquely American thing, it's the same in France and Canada and Germany and basically any Western country.
Only if you count general American military spending as supporting Germany more than Israel?

Otherwise, US absolutely provides far more military spending to Israel than to Germany, it's not really comparable.

> Only if you count general American military spending

Of course I do. Europe has no real army. France kinda has an army and the U.K got out. If America didn't provide a military umbrella Europe would need to actually build a real army (Europe's contributions to NATO are pitiful). How much would it cost the Europeans to do that? Going back since WW2 that's easily in the trillions.

Given that the US actively engages in military operations in defense of Israel, I would say that it not reasonable to attribute a larger share of the spending to Germany rather than Israel?
What military operations would those be?
Stuxnet and the intervention in Syria just off the top of my head.
The intervention in Syria? That's a military operation done by the U.S for Israel? How did you come up with that? If there's no Israel tomorrow the entire region is still messed up with possibly tens of millions of new refugees flooding Europe. It's not all about Israel.
As opposed to the absolutely massive US military presence in Germany?
The attacks on NATO are such a weird thing. US support of NATO isn't a charity operation, there are strategic and economic benefits to the US from NATO participation that greatly exceed the expenses.

If the argument is that the United States shouldn't be a global power, that it should dismantle the US military and be a demure, multilateral player in the international space, sure, attack NATO. However, attacking NATO while saying the US should be a stronger international player is contradictory.

I'm not attacking NATO. I'm saying the U.S is subsidizing Europe's defense in the trillions (if we count since WW2 end). It could be beneficial to the U.S, or not. I'm only saying U.S aid to Israel is not unique and is peanuts compared to the NATO subsidy. People here like saying they are super focused on Israel because of the 3 billion annual subsidy the U.S gives to Israel. I call bullshit on that.
The NATO relationship effectively turns Europe into vassal states - we don't have German or French bases on US soil, only the US gets that out of NATO. So it's a 'subsidy' only in the sense that the US is protecting its property.

People get angry about the Israel aid not because of the volume of funding, but because of the human rights/colonialism problems that the US subsidizes. I personally feel that way, but at the same time I understand the realpolitik deal with Israel - I believe the purpose of keeping Israel there is to prevent some version of the Ottoman Empire from re-forming.

> I believe the purpose of keeping Israel there

Here's part of the problem. Does it make sense to you Israel just disappears? Sounds like it from what you're saying. Isn't it weird though - how many nation states do you think should vanish?

> but because of the human rights/colonialism problems

If Western societies really wanted the conflict to dissolve they wouldn't keep encouraging the Palestinians to "return" to their home (75 years after). Western societies keep the conflict alive. So it makes me think human rights issues isn't really the thing here.

There is no military danger Europe would need protecting from. The only thing US is subsidising is itself: all those trillions go directly back to US and benefit US, not Europe.
no military danger aprart from Russia and China I agree. And perhaps Iran/Turkey etc. Other than that the EU is super secure.
China has no military interests in Europe at all. Russia could have, but has no economy to pull this off, and won’t have in foreseeable future.
(comment deleted)
There are currently around 35000 American service members deployed to Germany.
That's Germany providing its land, for free, to the US. Those forces are not protecting Germany from any existing military danger, they are just projecting US power and protecting its interests.
There are many Germans who would disagree with you, especially among those whose opinions actually matter.
The US rebuilt Germany and continues to support them to this day militarily.
Israel is ostensibly a Western ally, yet they sell weapons that are used to attack Western nations and their citizens. Can you see why some people might consider that a problem?

Your accusations of anti-semitism are unwelcome and without merit.

Uganda is not a US enemy. NSO is a disgusting money grab and a threat for democracies. But, they never sold to any nation which is a US enemy. Uganda is not a US enemy. Israeli government, which grants the export licenses is not that dumb.

Allies spy on eachother all the time. that's a given any sovreign state knows and takes into account.

There are also numerous instances of their intelligence forces spying on us, an ally.

- https://apnews.com/article/israel-jonathan-pollard-espionage... - https://www.politico.com/story/2019/09/12/israel-white-house...

Everyone spies on everyone, no one is actually shocked by that. The US does it too (see the interception of Angela Merkel's phone calls...)

The key is you don't get caught doing it, because it removes plausible deniability.

The important detail is to not get caught publicly, generally nobody will raise a stink if western counterintel catches spies from a friendly state.
You are being a demagogue here. It's 8 phones that were hacked, by someone in Uganda - a friendly country to the U.S, with NSO probably not knowing and Israel as a state definitely not knowing. Was any of the 8 Americans harmed physically btw?

I don't care if it's unwelcome to you...I call it as I see it and you're not doing a great job convincing me otherwise.

Since you are a two month-old account whose comment majority is about defending NSO, it may not be easy to convince you.
I dont really give a crap about NSO.
> I dont really give a crap about NSO.

Then why -- assuming for the moment that the GP is correct -- is the majority of your comments about defending them?

I have a problem with the demonization of Israel going on.
Funny, the rest of us are "demonizing" evil spyware and the evil military-industrial complex that uses it. If you see that as "demonizing Israel", that must mean that for you Israel is synonymous with evil spyware and the military-industrial complex. The rest of us can see that they're two different things.

Why do you have such a negative view of Israel; isnt that a bit anti-Semitic?

Yes, funny.
I'm happy that you at least can see the humour in your weird attitude.
> don't understand the focus on NSO in these stories. If U.S State Department personnel in Uganda were shot from an M-16, would the headline mention "an American arms manufacturer"? No, because it's ridiculous.

No, because it isn't novel, it's not wide reaching, it's not at arm's length and it cannot be stopped.

Stuxnet, a novel American-Israeli cyber weapon, purpose built to hit Iran, was absolutely billed as such. And it was received differently, by Iran, than would be e.g. an American-made gun fired by Iraqis at Iranian surrogates.

NSO is making and selling cyberweapons. They're doing it now. These weapons are hitting the U.S. government and its allies to an unknown extent. And they can be turned off, right now, if Jerusalem orders it.

U.S. persons being shot in Uganda by Kalashnikovs are none of these things. It's not novel. Nobody wonders if the Ugandans are going to show up, guns blazing, in Arlington. And Moscow can't remotely disable the guns.

(comment deleted)
U.S. weapons manufacturers receive a lot of criticism too, both domestically in the U.S. and internationally.

The comments here focus on NSO because the story is about what NSO did. This is computer tech kind of community so you’re going to see more computer weapon stories here than stories about improper use of rifles.

The U.S sells super sophisticated weapons such as attack drones, F-15s or nuclear submarines. The tech behind these things is probably super interesting and there's a lot of software involved. If you look at the comments here, around 90% of them don't care about the tech at all but focus on bashing Israel. This isn't a tech story.
It would certainly be a news story if someone used a U.S. built submarine to attack the U.S. State Department.
You do realize it was Ugandans who actually ordered the hack yes?
Uganda used a US submarine to hack the US State Department?
And Israel also sells super sophisticated weapons like AWACS radars and surface-to-air missiles.

But there are clear understandings that e.g. nothing goes to China, and no fancy radars go even to untrustworthy places like Myanmar. NSO is still in a gray zone.

An Israeli company selling hacking services to every dictatorship and or corporation willing to pay? I hope you can see why that's bad.

And yes I'm acutely aware that the CIA literally ran torture training camps in the 1970s but two wrong don't make something right.

Unlike an M-16, hacks can be conducted remotely, they can be used to plant evidence, conduct blackmail, and lots of other things where most people would never know a hack was involved.

Also, there's outrage towards NSO because Israel is supposedly an American ally. Israel needs American support, and yet Israel freely allows Israeli corporations to sell services American enemies. And this isn't an isolated company--there are other Israeli hacking companies that target Americans, such as Black Cube.

Uganda is not an American enemy.
This isn't being sold to an American enemy - in fact, the US sells and donates (!) weapons to the same government. The US doesn't care much about Israel (a Major Non-NATO Ally) or Turkey (a NATO member) selling artillery pieces and APCs to Uganda.

It's all about the specific class of weapon. There are general understandings about who can get sold what weapon without the US getting mad. No radars or surface-to-air missiles for China or Russia or for random tiny dictatorships; but it's totally okay to sell them to India or Latin America. Dumber things like artillery pieces can go anywhere, even places under US sanctions like Myanmar, without crossing any lines. But this isn't written in treaties; it's all implicit understandings and learned patterns of retaliation.

For this new class of weapon, both sides are still feeling out the rules. The US is laying down precedents that put NSO's products much closer to the rules for radars and missiles, while Israel is pushing the limits to see how far the US can live with.

> No, because it's ridiculous.

Is it really.

Could you please stop posting unsubstantive and/or flamebait comments to HN? You've been doing it a lot, unfortunately, and we ban that sort of account.

https://news.ycombinator.com/newsguidelines.html

To be honest? No.

I think your moderation here is pretty unbalanced and borderline harmful, in that you can say some pretty horrendous things on this site as long as you do it in polite phrasing using big words, and there will be zero moderation applied in that case.

You are breeding a community full of some pretty extreme opinions, generally right-wing and regressive, and I think it's a damn shame. And I will not stop calling it out when I see it.

> And I will not stop calling it out when I see it.

None of my business, but it seems to me that you are perfectly free to call out anything, the point, as I see it, is that:

> Is it really.

is not "calling out" or actually "anything else" that adds anything to the discussion, only a (BTW of difficult interpretation) unsubstantiated comment.

Every passionate ideologue thinks that both the community and the moderators are biased in favor of their opponents. Your counterparts are just as certain that it's all biased in favor of you:

Typical modern leftist ideology. Very disappointed with HN lately. https://news.ycombinator.com/item?id=25955953

Hacker News has a progressive Silicon Valley bias https://news.ycombinator.com/item?id=26402235

this site is heavily biased towards the left https://news.ycombinator.com/item?id=26610757

the status quo here is California liberalism https://news.ycombinator.com/item?id=26719247

HN, where the SV/SJW group think prevail https://news.ycombinator.com/item?id=26731079

a mod who curates comments based on what's politically expedient according to leftist valley dweebs https://news.ycombinator.com/item?id=26866955

Ssshh.. You can't say that on HN. You might anger the WOKE mob! https://news.ycombinator.com/item?id=27227591

HN is best thought of as a machine for deepening the delusions of the left https://news.ycombinator.com/item?id=27242324

pure commie propaganda https://news.ycombinator.com/item?id=27269114

Democrat cultists https://news.ycombinator.com/item?id=27308327

HN is very, very authoritarian left https://news.ycombinator.com/item?id=27507112

90% of the HN audience supports communism https://news.ycombinator.com/item?id=27816841

HN is populated by the very liberal types https://news.ycombinator.com/item?id=27939890

this website (like most of the internet), is controlled by the far left https://news.ycombinator.com/item?id=28037354

This site is sadly run by militant commies https://news.ycombinator.com/user?id=k33n

This site is ran by the most radical socialist lefties San Francisco has to offer https://news.ycombinator.com/item?id=28203889

all non-leftie viewpoints are banned here https://news.ycombinator.com/item?id=28237072

HN moderation got outsourced to affiliates of the Democratic Party https://news.ycombinator.com/item?id=28291108

a total invasion of commies to HN over the past ...

> Every passionate ideologue thinks that both the community and the moderators are biased in favor of their opponents

I don't think you are explicitly biased. I don't think you are trying to promote one political ideology over another.

I do think, that due to the way your rules are set up, and how you enforce them, you unintentionally end up attracting one, and driving away the other. And I think this process has been going on slowly for a long time, and that you may not be noticing it, but that HN has turned into a home for some pretty extreme viewpoints in the process, that are just hidden behind a thin veneer of respectability.

(comment deleted)
In National Security contexts, the "get angry at the weapon seller" response is very strongly correlated with how advanced (in technology, power, and scarcity) the weapon is perceived to be.

For an "average soldier" weapon, such as an M-16 - $Company isn't likely to catch much grief - unless they're selling a considerable quantity of them, or to an extremely notorious buyer. Similar for a cyberweapon - but an "everyday" one, which wouldn't be a big surprise for a C-list ransomware group to use.

Vs. NSO's stuff seems to be the sort of top-tech goodies which A-list nation states use to maintain & enjoy their A-list status. Whether any actual harm results from this incident... publicly letting a bunch of "the wrong sorts" into that exclusive clubhouse is getting NSO into really deep do-do with "the regulars".

Yup. If decently up to date surface-to-air missiles were fired at State Department helicopters in X country, the US would be very very angry at whoever let those get sold so loosely.
Nope, that’s a bad analogy. A manufacturer that produces and sells thousands if not millions of items won’t be deemed as complicit as one building a nuke that somehow lands in your enemies’ lap.

That’s pretty obvious and it’s disingenuous that you’re trying to steer the conversation in that direction

Speak plainly. Are you suggesting this is a company being unfairly singled out just because it's Israeli?
It being Israeli is definitely a big part of why this story is so huge. Why do you think it's making huge headlines then - what's your theory? The fact that 8 American diplomats got their phones hacked?
Because they are amoral pieces of shit who'll sell to dictatorships and use state export regulations as a fig leaf. Because they fight back, lobbying in an attempt at regulatory capture. Because of how many innocent people's phones their software has provably ended up on. Because it's so closely connected with state funded and trained hackers from Unit 8200. Because they lie, simultaneously denying involvement, yet, disabling the relevant accounts. Just a theory.

Follow the industry long enough and you'll know how Hacking Team (Italy), Finfisher (Germany), Gamma International (UK), smaller and larger firms have rightfully attracted their fair share of condemnation. Journalists pile on when a story gains momentum, this round was started by the published list of targets and Citizen Lab. We can't call this anti-semitism yet.

Defending it just because it's Israeli would be as unjustifiable as attacking it just because it's Israeli.

I'm in agreement with you. I don't see any indication that the Israelis specifically made this weapon to target US interests, nor do I see any indication that the Israelis are discriminating between the US and any other nation, nor do I see anything that leads me to believe that we aren't potentially using this ourselves against other nations.

Fuck NSO, for sure. But I'm just not sure Israel should be held accountable for the actions of a private corporation with no apparent political motivations, just as in your M-16 example.

Unlike a firearm which has no intelligence or software, NSO retains significant control over their product.
NSO doesn't "sell" cyberweapons - they lease them and provide logistical support (including running the cloud infrastructure). This confers a lot more knowledge on where and how the weapons are used, and adds a lot more culpability.

The situation is less "M-16 and rounds sold once-off", and more of a turnkey armed drone (or surveillance drone, if you're charitable) service provided to governments, where the missiles, fuel, and airbases are provided by a private party on an ongoing basis. It's more of a tailored service, than a sale of goods.

It's more like a PMC ala Wagner than selling an M-16. They essentially run the technical side of operations and provide the talent.
Ah, I like this analogy. NSO's role isn't so much selling a weapon as it is selling "cyberwarfare as a service."
Weapon merchants get flack all the time for selling their wares to... we'll call them "rivals," but it could be any state or organization not in the US's sphere of influence.

NSO gets particular flack because they're inextricable from the weapon they sell. If an M-16 is used to shoot someone, provenance is probably harder to prove; weapons change hands all the time, or are smuggled to ne're-do-wells via the black market. But everyone using Pegasus, as far as we know, is an NSO client; NSO made the choice to provide that software, including NSO support and NSO services.

> For better or worse, NSO's product is a weapon. How is it any different from an M-16? Where is the outrage towards the people who used this weapon against the State Department?

It is highly unlikely that NSO group actually gives out their exploits, based on what we know about previous exploitations that have become known. It's more like they offer an interface to execute their exploits on a given target. The fact that they can block entities from using their service, after having had access to it (like they supposedly did in this case), very strongly supports this hypothesis. Hence they're offering a service, to use weapons for (or rather, in the name of) some (government) entity that pays them money to do so.

Imagine bombing-as-a-service, as an instance. That's much more like it, and your argument doesn't hold in that case.

Hacking as a service is a good way to put it
Perhaps you are unaware of the nature of global arms control and how much work goes in to prevent scenarios exactly like this.

Small arms proliferation is much harder to control, but yes there has been extensive reporting on Operation Fast and Furious where US gun sellers were allowed to sell to Mexican cartels under ATF supervision. [0] Those guns were used against both US and Mexican citizens, including fatally against 1 US Border Patrol Agent in 2010.

Looking farther back, during the Falklands war in the early 80s there was much controversy over the Exocet anti-ship missile, which was manufactured and sold by France. When these missiles were successfully used against British warships near the Falklands, Britian successfully lobbied for France to stop selling them to the Argentinians.[1]

So yes, it's actually very common to put the responsibility of how their products are used on arms manufacturers. It's a good thing and it keeps the world safer.

[0]https://en.wikipedia.org/wiki/ATF_gunwalking_scandal [1]https://www.bbc.com/news/magazine-17256975

(comment deleted)
Isn't the actual problem that a private company is using security holes that presumably Apple opened for three letter agencies to use?
The Israel government gets a pass for anything they do. Whether it is lying about nukes or what they've done to Palestine. NSO is a feather in their cap.
Why are you conflating Israel (a state) and NSO (a fully private company, owned by American private equity at some point)?
(comment deleted)
The Israeli Ministry of Defense licenses the export of Pegasus to foreign governments, but not to private entities.

https://en.wikipedia.org/wiki/NSO_Group#Pegasus

These export controls for weapons exist in much of the western world. Once granted a license, Israel has no legal say in how the product is used by the end user.

It’s all very routine and standard, not sure why people need basic explanations of what government export regulation is when the discussion is on Israel.

(comment deleted)
> Why are you conflating Israel (a state) and NSO (a fully private company, owned by American private equity at some point)?

Because Jerusalem has the power to stop, or at the very least regulate, NSO.

Sounds like you and some other "clever" souls have an axe to grind with Israel.
> "clever"

This is offensive. They outlined how they disagree with the Israeli government pretty clearly in their comment.

Please don't virtue signal, or state flame wars, or use this to posture some kind of agenda.
Please don't mistake yourself for dang
These political flame comments don't belong on HN.
Please do not take HN threads further into generic flamewar hell. It's not what this site is for, and it destroys what it is for.

We detached this subthread from https://news.ycombinator.com/item?id=29432721.

Why not flag the article itself? There's nothing technical to be discussed here. If the article was talking about the technology, that's one thing, but its talking about state-sponsored espionage. Flagging my post is a bit like closing the barn door after the horses have left the building.
HN isn't just for technical discussion. That ought to be clear both from the site guidelines (https://news.ycombinator.com/newsguidelines.html) and the front page every day. HN has had articles about this kind of thing pretty much since the beginning and there are often interesting details and twists to discuss. Moreover, the ongoing NSO/Pegasus story is one that a lot of the community has been following with genuine interest. So I think it's ok (I admit I didn't read the article though!)

Most importantly: no matter what the topic is, it doesn't make it ok for commenters to break the guidelines. Just the opposite, in fact—that's why we have this one:

"Comments should get more thoughtful and substantive, not less, as a topic gets more divisive."

Your comment obviously broke that, as well as several others, which is why I replied as I did.

Slapping down the NSO doesn't fix the problem. We should be glad we even know that their software exists, imagine if it was completely hidden from the public? The problem is that Apple needs to fix this. Security is an arms race, and the more visibility we have into where it is weak, the better for everyone. To paraphrase the motorcycle repair episode of Winter Steele, "You are stronger now for having been fixed." IMHO.
I don't think most Apple customers know or care so despite being ostensibly "privacy focused" Apple doesn't have much of an incentive to take action.
Apple has demonstrated complacency on security issues. Stiffing security researchers on bug bounties is just one symptom, but so is the fact the market price for iOS exploits has cratered compared to Android ones.
Great commentary. The US is hopefully looking into why these employees are using iPhones + local SIM. And if that has been approved in the past, maybe re-think that
Are you implying there is a way to use an iPhone with a prophylactic defense against Pegasus? I was unaware one existed...
Imagine that sinking feeling in the NSO offices. Uncle Sam's coming...
You sure about that?
Yes.

"A State Department spokesperson declined to comment on the intrusions, instead pointing to the Commerce Department's recent decision to place the Israeli company on an entity list, making it harder for U.S. companies to do business with them.

NSO Group and another spyware firm were "added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," the Commerce Department said in an announcement last month."

As an American, it's becoming harder for me to muster sympathy for an entity that actively discovers and exploits technological flaws to use against their adversaries while simultaneously purposefully not alerting the manufacturers in order to correct the flaws so they can continue to exploit them and then those flaws are subsequently discovered by others and used against them. Poor you.
> As an American, it's becoming harder for me to muster sympathy for an entity that actively discovers and exploits technological flaws to use against their adversaries while simultaneously purposefully not alerting the manufacturers in order to correct the flaws so they can continue to exploit them and then those flaws are subsequently discovered by others and used against them.

It is worth distinguishing between the State Department and the NSA. The US government is hardly monolithic, even if we restrict our discussion to just the executive branch:

https://www.washingtonpost.com/news/the-switch/wp/2013/10/05...

While I find it interesting that focus in comments appears to be on Israel, NSO and the complicated ( or not really that complicated if you look at it from a different angle ) relationship between them and US. I did not see a mention a broader discussion of, you know, hoarding zero days, exploits and whether using those can be worse than conventional weaponry.

The reason I find it interesting is because it is clear that US government supports Israel ( and NSO ) practically unconditionally ( recent vote on Iron Dome being a more amusing example of bipartisanship ).

Why is Reuters, an old guard by any account, concerned? Or are they simply following what sells and government is really at odds with its people when it comes to policy in ME.

> Why is Reuters, an old guard by any account, concerned?

Meta-concerns about "the media" are not relevant to every story that is ever published.

They shouldn't have anything to worry about, unless they have something to hide
Arguably, this is the real use case Pegasus was designed for. A government (Uganda) that does not have a large and mature civil service that would support a G7 level technical domestic intelligence agency went to market for the tools of one (NSO), so they can keep tabs on foreign intelligence agents (state department staff) in their country. I am not a fan of NSO at all, but this case sounds like they're providing sovereignty or statecraft as a service to a government that prefers to buy instead of build their security capability.

When the game is defined as a competition for how to break its rules in the most unexpected ways and with the fewest consequences, Uganda appears to have joined in with aplomb. To me it's the first time an NSO story doesn't seem like a scandal.

The "oh, but everyone is doing it!" argument. I don't for a second believe that other countries install spyware on foreign diplomats and other peoples phones. What NSO and the Israeli government is doing is rotten to the core and unless you have evidence of the contrary you cannot assert that other actors are doing the same thing.
I know you're joking but for anyone that's not in on the joke:

https://www.bbc.com/news/world-europe-24690055

Wow! You found one instance of the US spying on a friendly government. That totally justifies NSO leasing spyware to authoritarian third world regimes! Carry on folks, nothing to see here.
It doesn't justify it, but if we're going to take a stance against spyware, we have to take a stance against all spyware. That includes the home-rolled stuff that the NSA pushes out to Apple and Google.
No, we don’t.
What makes that kind of hypocrisy okay?
It seems if Israel is receiving money from the US government and Israel controls the usage of NSO group weapons that are being targeted at the American government then there are problems yea?
It's a catch-22. Telling other countries not to spy on us while we happily spy on others is a double standard.
What alternative do you propose? Give up? Naively hope every other world leaders (all sociopaths by nature, with intelligence agencies managed by yet more sociopaths) will understand and hold up their end of a deal they don’t even know exists? This is geopolitics, you take every advantage you can get, every time, forever. Spying is how you prevent wars by avoiding misunderstandings and miscalculations.
You’re taking this all too literally. It’s politics, it’s all a performance.

When France was “angry” about Australia buying US nuclear subs and canceling their French contract do you really think that was real?

It’s all for show, just like being “angry” at another country spying on you. You do something like “kick out their embassy employees”, then turn around and let new ones come in.

Yeah I think France was pretty pissed actually.

There was no need to just do this for show. Most members of the public don't care about submarine deals. It doesn't make their government more popular.

Nahh… from what I’ve read, Australia had made it abundantly clear they were pulling out of the French deal. Maybe France was pissed they were excluded, but the “angry” was entirely for show.

The public may not care about submarine deals but France certainly cares about how they are perceived on the world stage.

Presumably no bigger problems than arose when the US wiretapped the Israeli prime minister’s phone…
Politics is not about fairness or the truth, it all about getting people to buy the ideas your selling.
Dude, the "state department" is blaming Israel because they're just embarassed your guys got owned by Uganda.
Totally agree. There is a difference still between totalitarian countries against its own people with no theoretical way out even, vs USA that still have some way out.
Kind of? It seems like the main use case isn't a country that needs the tools of state-on-state spying; it's a country that needs the tools of Chinese-style domestic surveillance of the political opposition. In most cases where US persons have been targeted with NSO software, it's as part of operations against domestic dissidents, including in this case, where most of the usage was against Ugandan protesters.
If you are a state, NSO is what you get when you don't have Stingrays, PRISM, and a pipeline into domestic enforcement for paralell construction. Imo, in this specific case, it's equivalent.
Let's cancel their foreign aid, 3 Billion and change, and put a trade embargo until they pay back all their foreign aid.
(comment deleted)
This is a typical "shadow government" symptom. You have forces working within the government that 1) have their own agendas; 2) have connection to international communities, usually military-intelligence ones; 3) have almost zero regulation; 4) even many high ranking government officials don't know about them because they are brotherhood-like closed circles.

This reminds me of Operation Gladio or Propaganda Due but domestic. Same playbook, different players.

> 3) have almost zero regulation;

What would shadow government regulation look like?

Maybe stop funding them, for a start?

Congressional oversight used to be a thing.

Snowden showed the NSA lied to congress. No heads rolled.

Imagine all the dirt the NSA has on congress.
Imagine how much society would improve if all the dirt got aired.

Hiding this information is trading the wellbeing of the country for the NSA's own internal goals and power.

> Imagine how much society would improve if all the dirt got aired.

Depends on the dirt. Some of it might be private and personal stuff, such as infidelity. That type of stuff, while blackmailable, doesn't really benefit the public much.

The public's elected representatives being easily blackmailable is obviously of great concern to the public, I don't know why you're downplaying this.
Everyone has dirty laundry they would prefer not be aired, and if they don't then their friends, family, or partners do. I don't think we want to live in a world where absolute moral purity (as determined by the most vocal, biased critics of a given person) is required to hold public office.
>I don't think we want to live in a world where absolute moral purity (as determined by the most vocal, biased critics of a given person) is required to hold public office.

Don't worry, you live in a world where a man with a well documented decades-long laundry list of scandals and faux-pas can brag on tape about how he can get away with molesting young women because of how rich he is and still get elected President.

I'm actually wondering what you could effectively blackmail an American politician with, given how little Americans seem to care about the morality of their leaders. Maybe just the eponymous "dead girl or live boy," but then you have the Kennedys...

I don't think "eponymous" is the word you meant there.
You're probably right, but I'm too lazy to care.
A person with no reputation to lose is hard to blackmail. I don't think trump generalizes in this context.
> I'm actually wondering what you could effectively blackmail an American politician with, given how little Americans seem to care about the morality of their leaders.

Well, in general anything that would get them prosecuted for a felony should be an effective stick. Add in a carrot and now they're on the hook for bribery too.

> I don't think we want to live in a world where absolute moral purity (as determined by the most vocal, biased critics of a given person) is required to hold public office.

Well lucky you, we have the exact 100% polar opposite of that system currently. I think it would be fine to move toward it a little.

> Well lucky you, we have the exact 100% polar opposite of that system currently. I think it would be fine to move toward it a little.

I'm skeptical of the notion that outing public officials (when the blackmail material is personal in nature as posited by the GP) would move toward that goal.

I don't even think an exception should be made for material that would expose hypocrisy in policy-making (eg. 'pro-life' lawmakers that have had or facilitated an abortion).

Straight-up crimes though (bribery, corruption, theft, insider trading, etc.), sure.

Moral purity isn’t required, just some honesty. I don’t care if politicians cheat on their spouses or even if they rail coke out of hookers’ asses on the weekend. Just don’t pretend you don’t do someone has power over you if they find out you do.
Don't believe representatives are elected because of their integrity and their willingness to serve.

They represent groups of interest. And being blackmailable is, in my opinion, a handy leash to keep them in check, for those groups which propose the candidates

The public is not concerned with corruption until they feel affected by it.

It sounds more like you're asserting that corruption has been redifined, because we expect elected officials to represent a group of interests... But this is quite circular.

It would be better for us to maintain our high expectations of our leaders, even if those expectations are not currently being met. It doesn't mean that they cannot be met. It feels so damned gamed that I cannot imagine what a genuine political candidate would look like, a member of the public deciding, yes, I will run for office, and then speaking to their friends and neighbors about it, and submitting the paperwork to make it official.

Can you imagine if that's what politics was? Wouldn't it be amazing? Sometimes I feel like there's too many smart people with way too much time on their hands, and they create these political storms as a way to generate money. I hope they all go into the gaming industry and make a tone of money without undermining a functional democracy. The problems we have don't always have money behind them. In fact, it's usually a trade-off we want someone with money to take, that they don't want to take. And the way we coerce an organization is through legislation. So it makes sense for orgs to take that control back and spend on PR campaigns and pundits to argue in their favor. Payola for sophists. But I digress...

> That type of stuff, while blackmailable, doesn't really benefit the public much.

Sure it does. There is no longer leverage of whoever is holding that blackmail, who may easily have interests opposite the public.

The problem is that the existence of the secret and its power over the subject, not the actual content of it.

Making it public benefits the public just because it’s no longer a secret.

Dangerously based and you’re-about-to-commit-suicide-with-two-gunshots-to-the-head pilled
remember when the cia interfered with the congressional investigation of their torture program, by getting the FBI to investigate senators for viewing the documents that the CIA provided them, and spying on the senate investigation activities, and then nothing happened

https://www.cnn.com/2014/03/18/politics/cia-senate-dispute-f...

https://www.reuters.com/article/us-cia-senate-idUSKBN0KN2Q82...

I do remember that one. I can't believe they got away with it with zero consequences.
Yes, I remember! But I just got up to 2011 on my todo list and am playing through Borderlands 2. I'll follow up on 2014 matters which will hopefully take less than 3 more years.
I can believe there are shadow organizations that lack oversight. In fact, it seems likely.

But that these shadow organizations are maintaining power by surveiling and blackmailing congress people is a whole other ballgame and seems highly unlikely to me.

For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able. And pissing off the only group of people that could cut your funding and expose your shadow organization as well as bring oversight is not the group that you want to be pissing off.

I think game theory would indicate that your only chance of maintaining a shadow organization in the US gov for any length of time is going to be secrecy and maybe some heavily funded lobbying.

> For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able.

I'd be more than willing to bet that they do. "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." and that only covers "honest" men who wouldn't have illegal coordination with PACs, bribes with lobbyists, personal communications filled with racism, or evidence of sexual activities that might upset their base. When "6 lines" becomes a record of everything you've ever done online, all of your communications, your GPS coordinates and the data of anyone around you it's going to get easier to find a noose around your neck.

Even if there managed to exist a single person in congress who wasn't screwing over the American people somehow for personal gain, or didn't have some skeleton in their closet they didn't want exposed to voters/campaign contributors when a group is capable of compromising your system and inserting whatever offensive material they want to use against you it's incentive enough to back off.

You only need the capture the party leadership, they can keep everyone else in line via fundraising initiatives.
> But that these shadow organizations are maintaining power by surveiling and blackmailing congress people is a whole other ballgame and seems highly unlikely to me.

Why is it so hard to believe that a few powerful indivisuals at the top, with common interests and agendas, are banded together?

There's no official organization but a few indivisuals that streer things their way because they can.

I think there are enough hornery (and incidentally patriotic) congresspeople that they'd be okay exposing the CIA for blackmail even at the expense of exposing the secret.

The funny thing is that the worst of it is already exposed, and no-one seems to care. money-in-politics, the most serious problem of our time, is a "meh" issue to most folks, even though money poisons discourse on literally every other issues! And we know the precise mechanism and how to stop it (a law overturning Citizens United), and yet we do nothing.

Politics is a funny business. I have spent alot of time dealing with political people ranging from staffers to actual officials.

Many are very well meaning public servants, others careerists, some are… insane on various scales. Politics is a business with uncertain outcomes where “friends” are important and personal stakes are high.

From a blackmail perspective, you have people like the bartender turned member of congress who got their GED to run who are obvious puppets with a wheelbarrow of odious behavior behind them. But even the most boring congressman has a legal escrow account with irregularities, a kid with emotional problems that caused trouble, a campaign finance violation, etc.

I don’t think there is a shadow cabal, but some executive branch entities wield tremendous power.

AOC is an obvious puppet?
Not quite. Different educational dynamic. Polarizing figure for sure, but whomped an old school political machine candidate.
> From a blackmail perspective, you have people like the bartender turned member of congress who got their GED to run who are obvious puppets with a wheelbarrow of odious behavior behind them.

I'd like to visit the Museum of Counterproductivity in the area of your brain that downgraded Bobert from business owner to bartender.

There’s no dishonor in bartending. Failed business owner turned agent provocateur on the other hand…
how would you cut the budget of the CIA for example, an organization that doesn't really answer to anyone but itself ? an organization that can self fund when it wants. Eisenhower, a general called out the so called military industrial complex in a way that befits a prophet
it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able

You don't need to control every congresscritter directly, just to control them by proxy is enough. The nomination committees have a lot of power on who stays and who goes, for example, and so do subcommittee chairs.

> But that these shadow organizations are maintaining power by surveiling and blackmailing congress people is a whole other ballgame and seems highly unlikely to me.

There's a long history of illegal domestic surveillance since at least the 1940s - why would it have stopped?

> For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able. And pissing off the only group of people that could cut your funding and expose your shadow organization as well as bring oversight is not the group that you want to be pissing off.

Secret blackmail files worked for J. Edgar Hoover[0].

[0] https://www.thedailybeast.com/fbi-director-hoovers-dirty-fil...

> For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able.

Well, if blackmail won't do the trick, there is always extortion…

Why would heads roll?

Congress has blocked inquiries into their split loyalty as far as them having multiple citizenship in other countries. If you were McDonald's board of directors would you allow someone to be on both the McDonald's board and Wendy's?

Congress isn't personally harmed by a surveillance state unless you consider they may all be being blackmailed but that is another conversation. In fact mass surveillance widens the barrier to new entries into politics as they can use whatever dirty they find and give it to federally funded media mouthpieces.

This week we saw articles of sexual crimes against children being swept under the rug to "protect our country" do we really think that congress would actively pursuit this line of inquiry?

Isn't it pretty common to sit on the boards of multiple companeis?
I'm all for sorting the problem out, but isn't the reality a little more complex given other countries? Doesn't cutting your intelligence / signals budgets give your "enemies" an advantage? By "enemies" I'm referring predominantly to foreign nation states.
> Maybe stop funding them, for a start?

I tried, they sent men with guns to my house when I stopped paying taxes

More light and transparency = less shadows
Enforce our laws would be a good start.
It's difficult, you have to break down those brotherhoods who will fight to death to be "independent". And then you have to find a way to prevent them from spawning again. I don't have any idea how to do it properly.
I'd expect if we lived in the sort of society that would execute the head of the NSA for treason or something similar when the Snowden revelations came out, it would have societally beneficial chilling effect on intelligence organization brazenness.

Unfortunately, it seems intelligence is mostly immune from liability, and lack of consequences lets the rot fester.

Once the system is setup who is in control is going to be irrelevant. I believe the best approach is to educate the citizens so that 1) They follow scientific methods; 2) They are more resistant to advertisement/propaganda; 3) They are keen to corruption and willing to protest.
"1) They follow scientific methods. 2) They are more resistant to advertisement/propaganda; 3) They are keen to corruption and willing to protest."

You are asking way too much of people. "Normal" people can't fulfill any of those 3 requests. Not that they don't want to (most don't), or that they aren't taught to (this is conflicting through life)

They can't. #1 and #2 sound like something an autist would tend to do.

The types of societies that execute high level civil servants don't actually execute them for the reason given - the reason is an excuse for the masses, the real reason is they fell out of power or were a threat to someone important.
Implying that Israeli spying on the US is some fringe "shadow government" sub-group of the Israeli government is strange given a long, long history of high profile Israeli spying incidents against the US.

https://en.wikipedia.org/wiki/Lawrence_Franklin_espionage_sc...

https://en.wikipedia.org/wiki/Jonathan_Pollard

https://en.wikipedia.org/wiki/Ben-Ami_Kadish

https://en.wikipedia.org/wiki/Jack_Parsons_(rocket_engineer)

Then there's the time they stole nuclear material from us https://en.wikipedia.org/wiki/The_Apollo_Affair

Then there's the time they slaughtered several dozen US navy and NSA personnel with repeated attacks on an unarmed vessel because they didn't like that we were watching them: https://en.wikipedia.org/wiki/USS_Liberty_incident

By saying "shadow government" I mean groups within the US government that has connection to say NOS.

Again I don't have concrete proofs so I could be 100% wrong. But reading world history especially cold war history makes me be sceptical to certain things.

Hilarious that anyone thought you were talking about an Israeli shadow government.
So you are making blind accusations when there is a better explanation, i.e., it was the Israelis.
The USS Liberty incident happened 52 years ago.

>because they didn't like that we were watching them

That is the American conspiracy theorist interpretation of the incident that (understandably) also gained traction among a few of the survivors. The Israelis disagree.

It was most likely a case of mistaken identity. Just like friendly fire incidents. Friendly fire incidents happen all the time, including between US forces in the recent Iraq and Afghanistan conflict.

The survivors said that the pilots were waving at them before they carried out the attack
can you provide the source?
Have you tried to look and had no luck?
Its the obligation of the person making the claim to provide a source (or other evidence), not the other way around.
Do you have a source for that?
The quote "I was actually able to wave to the co-pilot, a fellow on the right-hand side of the plane. He waved back, and actually smiled at me" is attributed to Larry Weaver, a crewmember on the Liberty. It was allegedly originally written in a book called "Assault on the Liberty" by James M. Ennes, but I ordered a copy to confirm
Oy vey what an antisemtic statement, assuming Israeli forces are incapable of knowing friend from foe.
It’s not in the least bit anti-semitic and to suggest so is inflammatory
You suggesting me pointing out antisemitism online being inflammatory is actually deeply antisemtic and a white supremacist dog whistle.
The Liberty was also very far from where the Americans had told the Israelis where it would be. Finding the ship there was unexpected and calls to confirm its identity were not being answered.
> Israeli pilot to IDF war room: This is an American ship. Do you still want us to attack?

> IDF war room to Israeli pilot: Yes, follow orders.

> Israeli pilot to IDF war room: But sir, it’s an American ship - I can see the flag!

> IDF war room to Israeli pilot: Never mind; hit it.

https://archive.md/KNYBR/again?url=https://www.haaretz.com/u...

That’s apparently a “story” recounted by a former ambassador?
> Then there's the time they stole nuclear material from us https://en.wikipedia.org/wiki/The_Apollo_Affair

On a related note, JFK was trying to shut down Israel's nuclear weapons program in the months before his murder.

https://www.jewishvirtuallibrary.org/kennedy-letter-to-ben-g...

Why would the tail wag the dog? America benefits so much from all the R&D (in e.g. encryption) that can't happen on US soil. They are not our enemy in any way :)

https://en.wikipedia.org/wiki/Report_to_the_Secretary_on_the...

https://www.nybooks.com/articles/2001/09/20/the-truth-about-...

> Why would the tail wag the dog? America benefits so much from all the R&D (in e.g. encryption) that can't happen on US soil.

As far as I know there are few (if any) restrictions on encryption R&D (and even publication) in the US.

What is restricted (due to encryption being classed as a 'munition') is the export of robust encryption products to specific countries.

Broadly speaking, circumventing the export controls wouldn't be in the interest of the US Intelligence Community, unless those products have backdoors or vulnerabilities known to the IC.

The US spies on its European allies all the time, and I'm sure they spy on Israel too, so that's not super surprising.

As for the USS Liberty, some do argue that it was intentional, but both the Israelis and Americans ended up agreeing that it was a mistake. The US is no stranger to such mistakes either, even more egregious ones like when they killed close to 300 civilians aboard a regular passenger flight following an approved route and in contact with ATC (Iran Air 655).

In the end both the US and Israel are amoral states that act only according to their economic and strategic interests and I feel that this unites them. I wish it didn't, though.

And the European allies spy on the USA, rinse and repeat.
I don’t think so. If they do, it is either a) not nearly on they same scale, or they b) are way more competent about it and less likely to get caught.

Given the general incompetence of governments in general (Europe is no exception) I doubt it is (b).

Or (c) announcing this now furthers some unknown usa political goal but there would be no political win for publisizing whatever europe does.
If you can't prove that you probably shouldn't make such unqualified statements. There is plenty of proof for the opposite, afaik none whatsoever for the reverse.
Everyone spies on everyone else.

Reminder that France vacuumed up messages on Enrochat after deploying malware globally, and they have clear text messages from users in any arbitrary country and have not disclosed what they will do with it or what they have.

https://www.vice.com/en/article/3aza95/how-police-took-over-...

The specific claim here is that EU countries spy on the US. I do not believe they have that capability, so if you have some proof that would come in handy.
Just to clarify, you're asking for evidence of secret foreign intelligence operations?

Establishing mere capability is pretty trivial: they have diplomats in the United States who can talk to people.

We have plenty of proof of the US spying on allies in spite of those being secret foreign intelligence operations, there is afaik none whatsoever of say the Germans, the Belgians or the French doing something similar to the US.
Spying is intelligence collection. There many ways to collect intelligence. Some completely innocuous like going to a defense trade show and taking pictures. Or using satellites to capture imagery of sensitive locations or developments [1]. Military attaches at embassies who observe their host country’s military developments and operations [2]. These are capabilities that every developed nation has access to. For them not to use it puts them at a disadvantage.

You don’t think the French would love to have known about AUKUS submarine deal before it was made? It’s detrimental to not attempt to spy. The French were blindsided and I’m sure they don’t want to be blindsided again.

[1] https://www.space.com/arianespace-soyuz-rocket-launches-cso-...

[2] https://franceintheus.org/spip.php?article10460

Desire does not equate capability.
Aside from capability, the relationship between the US and European countries is so biased towards the US that, politically, I just don't think they'd risk it.

The US spies on everyone because they can, and because they have prepared to do basically anything they think might be in their interests; when Germany discovers the US spying on them, what can they really do about it? Whereas if it was the other way, all hell would break loose.

They officially decided it was a mistake, as it did neither government any good to officially announce that it was intentional. But the sailors that were on the ship say otherwise.
> They officially decided it was a mistake, as it did neither government any good to officially announce that it was intentional. But the sailors that were on the ship say otherwise.

How would the sailors on the ship being attacked be able to know anything like that (e.g. know if the Israeli pilots thought they were attacking an Egyptian ship or an American one)?

> e.g. know if the Israeli pilots thought they were attacking an Egyptian ship or an American one

The sailors would know because they have access to the same information that you do, but a greater incentive to actually do the reading. The Israeli pilots knew it as a US ship, their radio traffic questioning their attack orders - after visually identifying the USS Liberty as a US ship, was recorded and the transcripts widely known about. This happened several times, so unless the Israeli command center had the memory of a goldfish - they intentionally kept sending attack aircraft until they eventually got a pilot to pull the trigger. Why would they do such a thing? Because the US wasn't onboard with the Israeli preemptive strike and they didn't want a signals intelligence boat tipping off the Egyptians. Israel doesn't appear to reciprocate the fond feelings expressed by American politicians - the mere idea of the "Samson Option" is proof enough of that.

> This happened several times, so unless the Israeli command center had the memory of a goldfish - they intentionally kept sending attack aircraft until they eventually got a pilot to pull the trigger. Why would they do such a thing?

To that point, it's worth noting here friendly fire incidents happen all the time in war, as well as attacks against neutral parties. For instance: the US has bombed its own troops probably more times than anyone can count, and it also bombed the Chinese embassy in Belgrade and shot down an Iranian airliner. Why would they do such things? Honestly, it's plausible they they may actually have had the memory of a goldfish, at least occasionally.

While I'm not aware of any formal study on the matter, I do remember them going over the subject at length in a forward observer course: the blame for the majority of airstrike blue on blue falling on the grunt calling for fire. It matched my experience as well - to the point that I'd avoid calling in close air support for anything short of a Custard's last stand scenario. This isn't anything like that, a command center continuously calling in attack aircraft on a target repeatedly identified as non-hostile - being put on and taken off of the situation board... unprecedented. Even if my opinion of the command staff was so low as to grant them a "well, maybe you are just that dangerously incompetent" - the lying makes that even harder to believe (technically impossible claims wrt speed and offshore shelling capability).
The Israeli government had strong incentive to do this, and accounts on the ship were that this was clearly intentional. Why is this so hard for you to believe?
> The Israeli government had strong incentive to do this, and accounts on the ship were that this was clearly intentional. Why is this so hard for you to believe?

Because an imputed motive is not proof of anything, and there's no way "accounts on the ship" could provide the information you claim they do (knowledge of the attackers mental state).

I don't think anyone disputes that the Israelis attacked the ship intentionally, but you can say the same about most friendly fire incidents. The question is if the people who made the attack deliberately decided to attack what they know to be an American ship.

All states act according to their economic and strategic interests right?
Actually, both Israel and the US have a long history of fighting terrorism.

Just this past May, terrorists from adjoining Gaza shot 4,300 missiles towards Israeli cities over a 10 day period. Thankfully they were almost all shot down by the Israeli anti-missile defense system, Iron Dome (which the US is now evaluating for use in our Guam base). But still 13 died and 300 injuries occurred during that 10 day period at the hands of terrorists.

Israel has been dealing with terrorists hijacking planes for decades. In fact, 2 former Israeli Prime Ministers, Netanyahu and Barak were members of a 16 man special forces team that rescued hostages from Sabena Flight 571. Barak was the leader, Netanyahu was injured.

Of course, with 9/11 and other incidents the US has, like Israel, been the target of terrorists.

Both the US and Israel have had to deal with terrorists much more than any other developed OECD countries.

Anyone who doesn't think the USA and Israel don't spy on each other 24/7 is living in a dream world. Israel is an ally but I don't think that they are our friends.
Spying between friendly countries happens all the time. It make diplomacy happen much smoother!
Israel even sinked a US navy ship and got away with it.

It gives you an idea how powerful their lobby is.

NSO should be declared a terrorist organization.

Wow should this comment belong to HN?

To me it looks like your comment is very biased and misrepresenting. While you say:

> Then there's the time they slaughtered several dozen US navy and NSA personnel with repeated attacks on an unarmed vessel because they didn't like that we were watching them"

At the same time the wikipedia article that you linked says:

"Both the Israeli and U.S. governments conducted inquiries and issued reports that concluded the attack was a mistake due to Israeli confusion about the ship's identity"

The sentiment of this part of your comment seems to be so openly and blatantly full of unsubstantiated hatred towards Israel, that my hope is it will be heavy downvoted.

GP may be simply wrong about some of the facts but you are crossing the HN guidelines in multiple ways at once.
Thank you, I'm sorry for the harsh response and you're right about my phrasing, I improve next time.

But I can hardly see how the quoted part of the OP comment maybe explains by

> simply wrong about some of the facts

to me it seems that OP comment was just pushing for agenda using some hyperbole and hate.

> to me it seems that OP comment was just pushing for agenda using some hyperbole and hate.

The operative word in that sentence is seems, and you can't know that for sure so you shouldn't respond as though you do. HN has some pretty specific instructions about that.

I come from a country which US intelligence has many times been caught spying on its officials as recently as 2009[1]. A more recent scheme involved recruiting a convicted criminal with proven antisocial personality disorder[2] to spy on Julian Assanges friends. This has been known about since the 1960s at least among Icelandic communists and other left wing individuals. But until really recently (like 10 years ago) the government has been very sympathetic to this spying.

For some reason I feel like the US government officials probably share the sentiment of their Icelandic colleagues of old. These immoral activists that obviously step out of line, but the only thing that bothers the US officials is that they got caught. But even then it is not such a big deal.

1: https://www.theguardian.com/technology/2013/nov/19/nsa-surve...

2: https://en.wikipedia.org/wiki/Sigurdur_Thordarson

The parent comment doesn't imply that it was the Israeli government that was doing the spying (and neither does the article), only that Israel delivered the tools. Who's to say this wasn't the CIA keeping tabs on the NSA, or the NSA using foreign tools for plausible deniability?
There is nothing supporting the theory or conclusion
What are you trying to suggest? It's just a typical reflexive reactive response to any comment that the government acts in ways other than presented to you by corporate media.

It only takes 3 minutes of google searches or even a daily scan of Hacker News to see endless examples of government corruption and malfeasance. Government employees are only human after all, and there are millions of them. To think this sort of activity ends once you become an agent of the government is absurd.

> Government employees are only human after all

This weekend I was traveling and I put the stray $20 from my pocket in the bin at the TSA checkpoint. An agent quickly pulled it out and handed it back to me. He then said "a lot of good people work here, but they're still human". It's kind of wild that we endure that level of complacency here in the States.

That's a pretty weird statement, if one of his colleagues would swipe cash that travelers put in the bins then they should fire their ass and move them to the 'not good people' column. Stealing isn't something that defines you as human.
I think pretty much everyone has stolen something before, right?
That says more about you than it does about humans in general.
True, but what I've done should say a lot about humans in general right? I'm told I'm human, after all.
No, you can't generalize like that.
I think the point the employee was making was that there is a lot of financial desperation among TSA employees, and also minimal supervision. This is pretty well-documented in the news media as well.
I don't think he has the power to fire his colleagues. I think that's reading too much into it, for a lot of people 20 is a lot and for a lot of people you just don't trust others with stray cash laying around. It doesn't say much about humans, except that a small portion of people are willing to commit crime and that's why we have to protect ourselves
Trying to suggest nothing, I am explicitly saying there is nothing in the article to lead a reasonable person down the shadow government and deep state path It seems vanilla spying or vanilla state backed industrial espionage
5) many high ranking government officials do nothing about this because they're being blackmailed by the spooks.

Tinfoil hat territory? Sure. Plausible and possible? Sure.

I think it is more likely that 5) many high ranking government officials have sympathetic views with said forces and don’t mind the “occasional incident” as long as said forces are working towards their common goal (whatever that goal might be; but it is probably Islamophobia, settler colonialism and exploitative capitalism).
I won't contest that. I recognize that my post was a bit dramatic but it doesn't seem entirely unreasonable knowing what we do know about past behaviors.

So you can be #5 and I'll be #6 :-)

What happened to the “spooks” that hacked the intelligence oversight committee computers? You know, the people who are supposed to watch them?
I know some spooks called the Church of Scientology.

I seriously have no damn clue what those buggers have gotten up to that they’ve bullied the government into leaving them alone.

That’s a great point. They supposedly “beat” the IRS… which is horrifying.
> Plausible and possible?

By that standard, we should post every conspiracy theory ever created.

“Shadow government” = “Deep state”?
They're both somewhat vague phrases that are heavily context-dependent and have somewhat different connotations, but yes.

There's nothing wrong with the phrase "deep state". If you're concerned about associations with Trump (which I think you should not be), you can use a former Obama official's favored term, "the blob". Both, and many other similar phrases, are common in the foreign policy literature.

I think the first time I heard the phrase "shadow government" was in connection to Iran-Contra, where it described Oliver North and the small group in charge or those operations, but it's a phrase with many uses. I can't remember when I first heard of the "deep state", but I'd be fairly certain it was before Trump or anyone connected to him started using it.

Regardless of the terminology, the supposed "deep state" is often a fill-in for one's own personal misunderstanding of institutional momentum and basic functions of the government.

"The Government" isn't really a single institution, but a surprisingly loose collection of various institutions that all have some level of momentum guiding the direction they move in. It's critical to note that these institutions may have interests that harshly conflict with one another. Even the intelligence community, insular as it is, cannot be thought of as a monolith, but as various institutions with various priorities, some which conflict with the interests of other government institutions.

When the government does something we dislike politically, or does something we don't understand, it's "the deep state" or "the shadow government" which betrays a deep misunderstanding of what the government is. There's no central, shadowy cabal controlling the affairs of "the government" from behind the scenes, the various institutions that comprise the government maintain momentum and do what is in furtherance of their particular interests.

You’re projecting your own interpretation of “deep state” onto a straw man and then tearing it down.

J. Edgar Hoover was a perfect example of what people are talking about with the deep state. You can claim that’s just “institutional inertia”, but it’s still some unelected official with massive power wielding it in nefarious ways.

Ghost in the Shell: Stand Alone Complex is one of the few pieces of media that gets this right vis-a-vis conspiracy being conflated with the loosely coupled nature of government whose components are sometimes adversarial even in the face of external threat
"Deep state" is used extremely often to mean something non-centralized, and in a sense, aligned with what you describe as "a surprisingly loose collection of various institutions that all have some level of momentum". The reason it's a useful phrase is that much of that momentum was built in completely undemocratic and unaccountable ways, by groups that are illegitimately secretive and deceptive in their activities, and who feel free to use extreme means such as torture and terrorism.

It's a very imprecise term covering bureaucratic norms and blindspots, to unsanctioned domestic and international terrorism, so it's not really useful except as shorthand with ideological bedfellows, so-to-speak, and you're right that it's often used to mean "the government guys I don't like but am too lazy/ill-informed to describe". But OP mentioned Gladio -- I think that's context enough for this thread. Do some reading on the topic (beyond Wikipedia) if you haven't already, and you might get a sense of what this non-centralized deep state can do.

And I didn't make it clear, but I brought up the North et al "shadow government" as an example far on the small-scale end of the spectrum of meaning of "deep state/shadow government". It _was_ a centralized shadowy cabal doing a now-documented conspiracy. People argue about how much authority they "seized" and how much was delegated by Reagan (and how much capacity he had to delegate much of anything), but regardless, it was not democratic to illegal go around Congress. What I've described as the "deep state" is the more common usage, and it's on the "amorphous, non-centralized, competing institutions, largely free of any democratic accountability" end.

> There's nothing wrong with the phrase "deep state". If you're concerned about associations with Trump (which I think you should not be), you can use a former Obama official's favored term, "the blob".

To me, 'deep state' implies an illegal conspiracy against democracy. 'The blob' is a large organization that is hard to change, which describes every such organization. Ask an executive at a Fortune 500 company about blobs. The executive branch has the added complication that the CEO has limited powers and doesn't make the rules, Congress does. At work, you follow the boss's instructions. In the executive branch, you follow the Constitution first, then the laws made by the American people via Congress (accumulated over centuries), then the President's instructions - including instructions of prior presidents that haven't been changed.

Maybe 'deep state' was used before Trump, but the meaning has changed.

> To me, 'deep state' implies an illegal conspiracy against democracy.

This is a very new, post-Trump/QAnon interpretation. The “deep state” has, for at least many decades prior, meant those aspects of government which persist from administration to administration, largely unaffected by those in power. E.g. the CIA keeps doing its thing regardless of whether a Democrat or Republican is in office.

Now in as much as these aspects of government are controlled by unelected officials who are willing to work against the elected representatives (think: J Edgar Hoover), that constitutes a shadow government.

If you can operate without democratic control and do things that would be illegal for anyone else to do, are you an "illegal conspiracy against democracy"? I think every intelligent US president since Eisenhower (which makes sense, as the relevant institutions largely came into being after WW2) has recognized that such a thing exists, with varying degrees of openness (Eisenhower), paranoia (Nixon), and glee (HW Bush).
Yes, basically a state organization that the public has no control over it and is following its own goals, often against the goals of organizations under the control of the public.

It's often taught in political classes and it isn't a conspiracy that there exists a "deep state" or "shadow goverment".

For example, the roman elite troop, the Praetorian Guards, can be classified as a "deep state", as they had their own goals and if they were not meet, then they would just kill the emperor. At the same time, the emporer and the senat had almost no control over the Praetorian Guard.

Pretty much. Not sure why the terminology changed between the Bush years and the Trump administration.
(comment deleted)
No.

Israel has zero interest in spying on random embassy employees in Uganda who are working with protesters there. This is purely mercenary stuff, and the US is annoyed that a podunk nowhere country got its hands on first-rate tools.