Huh, it looks like suing a state-sponsored malware manufacturer doesn't prevent them from continuing to hijack your devices. Live and learn, I suppose.
Come on, think about it. Doesn't work for phone numbers starting with +1? So, anyone who buys the right sim card is immune? A team of professional hackers can't find the if-else in the attack binary that enforces that to disable it? They're selling software to cybersecurity teams on the assumption that they can't crack it?
My understanding is that it's not _just_ a tool, but a whole infrastructure around it that the clients use. So presumably, before deploying to a target, it would need to go through NSO infrastructure, so they could vet there.
> A team of professional hackers can't find the if-else in the attack binary that enforces that to disable it?
It's probably easier than that. Seems like the kind of thing that would be in a config file (making this up, satire):
[No Spying Allowed - please do not change]
# Really, really, don't change this setting. We are not responsible if you do.
+1 # USA
+3542 # NSO Group
> They're selling software to cybersecurity teams on the assumption that they can't crack it?
No, I think they are telling journalists that their hands are clean, and it totally isn't their fault, not in a million years, that their customer changed their software.
which is pretty absurd since there's only a vague relationship in the modern SS7/PSTN between a phone's DID and where it might be physically located. In five minutes of work I could have a New Zealand number ring on my desk phone anywhere in the world.
As someone who doesn’t have a +1 number I find it hard to take this comment seriously. But could it be possible that some state department employees work outside the US?
Is there a timetable when Apple plans to stop using memory-unsafe languages to avoid memory-bugs? If not, how can the amount of zero-days stop with constant development?
Which is exploitable primarily it by memory safety exploits.
Will it make attacks impossible? Probably not totally. But it might raise the cost of the attack by an order of magnitude or more and certain classes of vulnerabilities might disappear completely.
I'm suspicious of any messaging system that has ties into rich media / embedded-in-chat content. I even wish I could disable URL previews, gifs, and inline images in Signal.
I didn't know it was possible to disable URL previews in iMessage[1] until I read this comment. Does toggling this setting only prevent the preview from displaying or does it prevent the fetch altogether? I wish there were a way to white list the URL previews for certain contacts rather than turning it off all or nothing.
It's an extremely common attack vector. PDFs, media message, etc. Would it be viable to create a dedicated processor specifically for parsing these things?
> Most memory-safe languages I've used self-host their compiler and standard library (i.e. they're written in the language itself).
Well, yes, but there is also (usually) a bootstrapping phase before a language is self-hosting, and if you're sufficiently paranoid the 'Trusting Trust' meta-vulnerability comes into play and isn't easily dismissed.
no question that imessage, email parsers, etc that do third party untrusted network type interactions SHOULD be memory safe. But of course they are not, and apple in particular LARDS these formats down with a million features.
>In a public response, NSO has said its technology helps stop terrorism and that they've installed controls to curb spying against innocent targets. For example, NSO says its intrusion system cannot work on phones with U.S. numbers beginning with the country code +1.
So the point is to stop terrorism and to do that they've immediately ruled that all Americans aren't terrorists. That doesn't seem like a good metric of determining if someone is a terrorist, and makes me doubt their other controls are any better.
NSO has repeatedly shown that their statements are pretty much worthless. It's just damage control. I wouldn't put any stock in the "we avoid +1 numbers" to even be real.
I‘d rather compare Zuckerberg to the Sackler family who knew how addictive and harmful their painkiller Oxycotin was, yet ignoring all evicence, making billions of dollars. Zuckerberg knows how bad Facebook and Instagram is, how harmful to individuals and society alike, yet ignoring that and making billions.
Edit: Replaced „social media“ with „Facebook and Instagram“
Why did you feel the need for the edit? I would agree with the blanket use of social media. Twitter is no better. Do we know enough about the inner working of TikTok to know they aren't doing similar?
> I wouldn't put any stock in the "we avoid +1 numbers" to even be real.
That part I believed. Setting up their software to not target the US seems like the kind of move they'd make. Claiming it's so they don't target innocent people is bullshit.
America (who are effectively the world police) have decided to have pretty poor metrics to determine who is a terrorist, so they set the precedent for this kind of stuff.
Random government officials in Iran cannot be considered terrorists because of a an embassy hostage situation from 50 years ago during a revolution in the country. If they can, then so can nearly every Chinese government official, every current Russian government official who was high up in the USSR, every current official in Iraq and Afghanistan, half the political leadership of Lebanon, Vietnam, etc.
I remember reading that some Russian (private sector) computer viruses did not attack computers whose language and locale were set to Russia. It's never about ethics. It's always about making as much money as possible without pissing off powerful people and entities.
Crudely, we would say "don't shit where you eat". I've heard from the early (as in, 80's) hacking days some of the people in the US would never hit targets in their own state, as there wasn't good federal-level enforcement nor inter-state collaboration. Of course that would backfire today because you're immediately commiting crimes across state lines...
They started off with the arrogance of a liar who thought they were immune from consequences. Now they're looking more like the kid who is actually in trouble only now realizing nobody trusts them to identify the sky color, let alone defend themselves.
Anything and anyone coming out of that shop is tainted.
* A US Phone will route your call via NSA servers[1], so yeah thats OK from the US governments side
* Publicly at least, NSO acknowledges there are state level agreements, the latest one with France, to block entire country codes from Pegasus (in return, France has stopped all legal action against NSO)
* According to Israeli Channel 12 reporting on this tonight, the official NSO response also includes the statement that the accused numbers in the report were not +1 numbers. Their so called "customers" were targeting US government employees using African area codes. NSO claim they have completely disconnected said customers from the system
> And why didn't that logic work for US State Dept phones?
These were Foreign Service officers stationed in Uganda, so their phones had local Ugandan phone numbers. Some of them were working out of DC but - given the nature of the State Department (which is like America's foreign affairs department) - probably traveled very frequently and so maintained a Ugandan phone number as well, to save on roaming fees when making calls in Uganda (saving money for the taxpayer) and also so Ugandan officials can contact them easily.
This is not unlike Apple hardware engineers who travel frequently to China and have a Chinese number in addition to their main US number, so people in the factory can communicate with them easily.
> So I just have to buy a US phone [number] to evade detection from NSO?
This is NSO's claim. Presumably because they want to make it difficult for anyone to sue them in a US court. It's plausible but I don't necessarily believe them either.
I want this company bankrupted out of existence, personally. Apple's lawsuit against them may well result in that outcome.
Someone else linked that one, it's hilarious and unsurprising really. Lots of people purposefully avoid certain OSes (mostly linux distros) as well out of respect NOT because of population/userbase of the OS. Lots of discussion on worm/trojan development forums over the years.
If you are a Russian hacker, you probably don't want to piss off a Russian mobster who has the capability to take you out, and the contacts within Russian intelligence to identify you.
As an obvious statement: I think this should be interpreted similarly to some ransomware not infecting devices with RU keyboards: it's just about avoiding difficult regulatory environments.
The analogy, of course, goes further. Though unlike most ransomware companies, NSO has British and American VC funding.
I'm waiting for the day that the US declares a foreign corporation as an "enemy combatant", as they have done with foreign citizen wahabbist jihadis and US citizens such as Anwar Al-Awlaki.
Given the extent and depth of US-Israeli cooperation and ties, the precedeing theoretical is probably going to remain in the realm of theoretical.
Are you personally upset about the clear intelligence failures and extrfiltration of protected information?
I've grown up watching this unfold and I'm shocked that the power groups seem to be so ineffectual at times that it's laughable(but that may be by design...)
It's an absolute shitshow from top to bottom. The people who know what they're doing in intelligence/counter-intelligence agency infosec/netsec (and within major DoS and DoD contractors) have been fully aware and ringing the alarm bells for years. The technologically unsophisticated politicians have been mostly ignoring it.
According to Wikipedia, NSO is owned by by its two founders Omri Lavie and Shalev Hulio and Novalpina Capital. According to Sky News Novalpina Capital is getting liquidated and their stake in NSO will be sold to a third party: https://news.sky.com/story/pegasus-spyware-owner-novalpina-t...
Yes, but it is not Francisco Partners now so it appears there is no "big-time American fund" involved and the British one appears to want to get rid of its stake.
- yiu: No they are not. X cleanly destroyed all the papers and officially ask we don’t talk about them. Y is a bit late but will finish cuting ties in a minute now.
This implication is about who would care if NSO gets shut down. For that, current investors are what is relevant. If someone already divested they don’t care and wouldn’t pull strings to keep the company around.
Agreed. I find many of the responses unconvincing. They are in many ways exactly what you'd expect. Sure that doesn't prove anything directly, but on these matters having direct and public proof is the exception not the rule.
reportedly, this has created havoc on NSO, since for instance none of the cloud providers can sell services to them to host their zero-days, among other logistics headaches. Their recently hired CEO resigned.
The NSO guys are in it purely for the money. IIRC there was a deal on the cards for some investors to buy the company that fell apart because of the sanctions, so the NSO founders can no longer cash out.
As for destabilizing governments, they are doing the opposite, they are helping authoritarian governments worldwide crack down on journalists and dissidents, or murder them in the case of Saudi Arabia and Jamal Khashoggi. Reportedly, after the Khashoggi murder, NSO yanked the Saudi account but was forced to reinstate it by Netanyahu who was pursuing diplomatic relations with them.
I knew about Israeli security consultancies putting out stringrays and phone cracking tools, but I did not know about NSO. He has a good interview with one of the lead devs.
Good point.
Although i think the preceding comment was using "destabilizing governments" as a catch-all for non-democratic and morally dubious activity.
Ignorant question: is Israel literally an ally of the US? I know they are not in NATO or 5 Eyes, and I don't think they have some other close agreement, like US and Japan.
They have had consecutive Memorandi of Understanding that promise security collaboration and funding. The current one is a 20 year treaty that promises $38B in spending and expires in 2036.
Despite not being in 5 eyes, Israel does get special treatment in the form of raw intelligence data from the US.
>The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.
>According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications.
>While NSA documents tout the mutually beneficial relationship of Sigint sharing, another report, marked top secret and dated September 2007, states that the relationship, while central to US strategy, has become overwhelmingly one-sided in favor of Israel.
This isn't War on Terror-adjacent - it's a local repressive government catching embassy workers in a dragnet while spying on the opposition. The full security-state treatment will not be in effect. Still bad, though!
People are notoriously bad at keeping their devices up to date, with some even intentionally disabling updates. This can be prevented by the IT department having MDM profiles with strict update enforcement in place, but I don’t have much hope that the IT department of any given US government office is particularly capable or competent.
The article doesn't say if they were personal or work provided phones. Many people living/working overseas have work and personal phones. Also, almost all of those with personal phones get a local SIM, so they'd get a local non-US (not +1) phone number. I used to be an IT admin with DOS overseas. Updates were enforced, and phones were disabled if they were not upgraded to the most recent version. Starting in about 2019, mobile device security went into overdrive and is very serious now. Additionally, the MDM profiles are quite limiting, so this pushed most people to get personal phones. A huge pain for records retention.
Exploits are now a multi-billion dollar market. And iPhones can be obtained worldwide. You just need one person with questionable morals, good hardware hacking skills and a need for some hefty payout.
There's a lot of buyers, Five Eyes, China, Russia and naturally companies like NSO.
In past exploits were used for jailbreaking. Now they can be sold for 6 figures. The incentive to report vulnerabilities or even use them casually for jailbreaking has gone way down. I think the only way would be for Apple to offer 6 figure pay outs for the exploits. Maybe they could get a tax write off.
The issues were patched in September, the exploit was being used as of February, and it took some time for someone to notice that an @state.gov Apple ID was among the compromised phones.
This is just another incident in a long list that goes back decades of Israel getting carte blanche to do whatever they want to the US with little to no repercussion. The most famous probably being USS Liberty (https://en.wikipedia.org/wiki/USS_Liberty_incident)
Really? Have you actually read the Wikipedia page you're referring to?
50 years ago during a full scale war with all surrounding countries, Israel accidentally (as determined by US investigation) hit a "spy-ship" near Egypt (one if the countries participating in the war).
Israel subsequenly paid around 70 million $ in compensation for the families.
> NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled the relevant accounts and would investigate based on the Reuters inquiry.
Why would they cancel accounts without knowledge of wrongdoing?
I think it's pretty clear by now that they have 100% visibility into the entire exploitation chain for all of their customers. Their "official statements" mean nothing.
Well since they do the exploitation on behalf of customers, yes?
NSO is very popular with governments that don't have robust domestic intelligence because all you have to do is type a phone number into a web form and in anywhere from an hour to a week you get a point and click GUI for accessing the contents of the phone.
> all you have to do is type a phone number into a web form and in anywhere from an hour to a week you get a point and click GUI for accessing the contents of the phone.
You have a source for this? I genuinely want to know if they make it that simple
My thought was that the customer runs the server provided by NSO. I though the web form is running off of a webserver in a building owned by the customer.
I used to work for an ISV in the finance industry. Most of our customers ran our stuff on their own servers in their own data centres, but we had direct logon to the application user account to manage the application config, do software upgrades, investigate issues, etc. A few of our customers preferred to support the software entirely themselves, we had no access and ran training courses for their support teams. I wouldn't be surprised if NSO offer a similar range of options depending on the client's budget and technical capabilities.
Presumably the full accusation is "Entity ABC used NSO tools for XYZ". So the reaction was to cancel ABC's account while NSO investigates whether ABC actually did use the tools for XYZ, or whether ABC was only using them for other (approved) purposes.
No, it means that NSO takes customer complaints seriously, especially a customer as important as the US. They operate under Israeli legal jurisdiction, and probably have an existing relationship with US firms, public and private, and I don't think the Israelis would hesitate to take whatever action the US wanted, because it benefits them to "play nice" and be cooperative. It kinda sucks for them in this case because chances are this is evidence of in-fighting between US agencies, and NSO tools are in the middle.
FWIW "international law" is its own thing and doesn't work like normal law; in truth every nation by default "rules over international law". When was the last time you saw an "international law" trial or saw a nation punished?
Shrödinger's moderation. NSO has this magical zero-knowledge technology that:
- When questioned about a specific malevolent client misusing their data, they cannot be held accountable because the client is running the ops and NSO has no access.
- When asked how they ensure that clients in general don't go rogue and misuse (i.e. human rights & international law abuse) their service, they assure you they monitor them and turn off their access.
I can't imagine something like this not being in the cloud. The potential for a customer to give their local NSA/8200 the tool to figure out the 0days used is too large
> I can't imagine something like this not being in the cloud. The potential for a customer to give their local NSA/8200 the tool to figure out the 0days used is too large
Heck, forget about bothering to extract 0-days; if you have access to the binary, straight-up warez techniques would be applied to nerf any restrictions (licensing or otherwise) on the operation of the software, as well as any monitoring functionality that can "phone home".
Yes you could. You could even use a fake phone which is wired to log everything. A lot of malware attempts to avoid VMs and stimulated environments but the actual 0 day would be before that point.
If a state sponsored party really wants to find these zero days I'm sure they can. I would imagine that this is more like what happened with EternalBlue: it's something they know but don't report because it's useful to them too.
In principle, America could drop Hellfire R9X sword missiles through the cars of every NSO employee. In practice, would American politicians have the nerve to go to war with NSO, when NSO probably infected all their phones years ago? How much dirt do they have on American politicians?
You think the iceberg is coincidentally only as deep as what we've presently heard? That we didn't have the full story yesterday, but today we definitely do?
Well I hope you're right, but I don't think you are.
Well how do you know the NSO hasn't replaced the sitting US President with a very convincing android?
I mean, they are a very skilled set of engineers. You seem to grant them being able to hold onto very powerful secrets and use them for active blackmail. You even believe they've been operating actively against the US government for several years.
If they can do all that, then replacing the sitting US president with a very convincing android isn't much harder! It is just as likely as the situation you propose.
I can believe that a foreign hacking group, who can zeroclick the most widely used personal device to obey a remote control center, who sells this service to totalitarian regimes and to corrupt governments, has exfiltrated as much data as they can. They are careful enough to cover their tracks as part of the service.
What I cannot believe is you dismiss concern over ongoing security risks, however exagerated, by suggesting a head of state might have been replaced by an android. Please don't troll.
I doubt we will see convincing androids in any of our lifetimes.
How about this senerio though.
I heard our President yak about his accomplishments this morning. I was half asleep, but felt his voice sounded different. I thought maybe just hoarse, or I was wrong about his voice.
I was thinking about his appearance. I don't know if I would recognize him if he walked up to me on the street without the suit.
Ok the Hollywood script.
Joe biden goes into a hospital. He only wants certain Secret Service personnel around.
His boy, and wife, are tragically killed in a plane accident.
Joe decides he needs grieving time.
The year before all this happens the NSO finds a lookalike Joe Biden, and performs all the necessary surgery.
A few more weeks pass, and the switch is performed. The real Joe is gone. The fake one is in power.
Then China, or Russia, have control.
(I guess if there was suspicion--the FBI could perform a dna test though? I think someone did this in a movie.)
> In principle, America could drop Hellfire R9X sword missiles through the cars of every NSO employee.
The next step isn't to blow them up, the next step is to sue them.
I just assume the IDF and Shin Bet would like to be the only ones who blow up civilians in Israel, but I can't think of a single reason why the Israeli government would oppose an extradition request if they were presented with evidence of cyber-whatever.
If that's true (which would be disappointing when you consider what "such companies" means in context) I assume the Israeli government already have "entrepreneurs" ready to jump into that market if they haven't already. "Showing them that they will be extradited to the US" if they fuck up in a conspicuous and public manner that is problematical for Israel and her allies might be considered a win by everyone involved except the NSO executives involved.
Of course, politics is complicated and NSO might have powerful friends in government. Or the Israeli government might be complicit in some ways that they really don't want to become known. So who the hell knows?
> I can't think of a single reason why the Israeli government would oppose an extradition request if they were presented with evidence of cyber-whatever.
If an American company would get caught doing the similar, would US allow extradition request of those people to some other country?
> I can't think of a single reason why the Israeli government would oppose an extradition request if they were presented with evidence of cyber-whatever.
Except the really obvious detail that most normal countries won’t extradite their citizens? Israel loosened up their laws on this a bit after the Sheinbein affair, but extraditing resident-citizens remains a rather unlikely prospect.
Really, all you need is a subtle suggestion to the Israeli government that the hundred billions or so dollars they receive from the US every year might be impacted by continued NSO bad publicity.
that number is way off, and the money they "receive", is specifically for use with US defence contracts and deals.. Its like Disneyland giving you Disneydollars.. You can only spend them at Disneyland.. It is a way for the US military-industrial complex to stay afloat.. And it is a drop in the bucket for Israeli Defence spending, and would make little difference if they took it out.
It somehow keeps the US military industrial complex afloat while being a drop in the bucket for Israel?? You may be biased.
Threat of removing 20% of Israeli defense budget [1] would hypothetically be plenty enough to apply serious political pressure, and thats just the money, forgetting the political support and the deterrent US support provides them.
Pretty sure it's not a "drop in the bucket" (somewhere around 20% I read?). There's also a massive opportunity cost when you consider the profit to be made from an arms race in the middle east should the US treat all countries in the region equal when it comes to arms sales. Pretty sure that would net far more for your military industrial complex than the long standing preferential Israeli treatment. It would also obviously be disastrous for Israel, so that's some serious leverage. (Note: In case you think I'm promoting this idea, I actually believe ANY arms sales to the region, Israel included, has been a horrible policy).
The US and Israel are in bed together for better or worse. It's actually really embarrassing that Israel has allowed NSO Group to operate at this level, and influential US politicians could destroy NSO Group in a heartbeat if they actually wanted to.
In fairness, the net result of this exchange is still something like, "Disneyland gives you a free hamburger." And by hamburger I mean "tank" or something.
Well that, and the hamburger vendor buys a big house in the DC metro area. And everybody else's ticket prices go up a little.
But still, draw a control volume, and it's just hamburgers flowing out.
We should have cut down our tax payer aid we give Israel if they (NSA) don't inform our FBI/CIA of every aspect of their business in excruciating detail.
Hell--we should have cut of Israel's charity years ago.
I'm beginning to wonder if we should have buddied up with Palestine.
It seems to me their entire repeated justification is to pass the buck to foreign governments that buy their product. It's like the 4th time I've seen this company pop up in my newsfeed in the last 6 months, every time a similar story. I wonder when enough is enough for whoever holds authority over them
Presumably they wouldn't want to be associated with people who do this sort of thing. (Not neccesarily for ethical reasons, its probably just bad for business)
I mean, they could also be lying, but its also pretty standard business practise to not work with people who bring your reputation into disrepute. For example, consider how hard it was for parler to get hosting.
> Why would they cancel accounts without knowledge of wrongdoing?
I’m not saying that they don’t have that knowledge, and I really don’t mean to offend or be rude, but if the US government asks something of you, you tend to comply wether it’s reasonable or not.
I think it’s naive to think of ourselves as living in a just world. Post 9/11 the CIA abducted European citizens with the knowledge of our governments. In more recent years, here in Denmark we had a rather huge scandal when it was revealed that changing governments had allowed American intelligence services direct access to the backbone of our national internet. The list goes on.
Its of course unfortunate, but the world we live in is basically a huge turd of authoritarian bullshit where the users and customers have no actual enforceable rights.
I mean, even on a much smaller and much more harmless scale, just consider how many times you’ve read about someone losing their Google account here on HN.
> I think it’s naive to think of ourselves as living in a just world.
The US military entered a foreign nation without their knowledge or authorization, abducted a resident, took the resident out to sea, placed a bag over their heads, put concrete shoes on that resident, and then dumped them overboard with no witnesses other than the "Seal Team" carrying out the order.
No trial. No witnesses. Only abduction, seclusion, and murder.
That's not justice. Those are Mafia Tactics.
___
Does this remind anyone of anything? A Mr. Al. A Mr. Al Capone perhaps? That's right. One of the world's most infamous gangsters, mobsters, crimelords, did this very thing to individuals that Capone didn't want talking to the press, the government, or anyone else that would listen.
This is mob-boss behavior, and the US Government does this now.
Oh, how about the unlawful imprisonment of 100s of detainees at Guantanamo Bay in Cuba?
Secret courts, whose authority is far-reaching with no citizen oversight whatsoever.
Yeah the US Federal Government, since 9-11, is a bunch of mobsters with guns. There is no difference in the way our Federal Government acts now, and how 1920s and 1930s mobsters act.
Any human being that doesn't recognize the similarity is deluding themselves into believing so.
This was in response to acts of war and unprovoked attacks against the United States mainland with both military and civillian targets by an individual who had made a specific declaration of war against the U.S.: https://scholar.dickinson.edu/faculty_publications/277/
Comparing that speific case to failure to follow proper criminal procedure and rule of law is disengenuous to the extreme. There are many criticisms which can be made of the US response to (and other actions after) the 9/11 attacks. The assassination of the leader of the irregular forces aligned against the US is not one such. Numerous other instances would have made for a vastly stronger argument.
The fact is that there is no clear dividing line between acts of war and criminal acts --- recognised among other ways in the phrase "war crimes" itself (which might be applied both by, and against, the United States).
The situation in Guantanamo is far more valid.
The case of drone warfare and strikes another instance.
It's worth noting that the US is hardly alone in these tactics, and that irregular and extrajudicial killings are in fact a major element of the considerations in the case of Al Qaeda, at least some of the Guantanamo detainees, and drone strikes.
The real world is messy.
That said, I'd disagree with your conclusion on lack of difference, moralising, invective, and hyperbole notwithstanding.
> This was in response to acts of war and unprovoked attacks against the United States mainland with both military and civillian targets by an individual who had made a specific declaration of war against the U.S.
Since when do individuals wage "war" on nation-states?
(And no, if the only counter-examples you can come up with are 18th-century pirate chiefs and tiny Carribbean islands you've failed. We're talking 21st-century USA here.)
> Comparing that speific case
Which "specific" case? The GP mentioned hundreds of Gitmo prisoners, several of which have later been shown to be completely innocent victims of mistaken identity.
> to failure to follow proper criminal procedure and rule of law is disengenuous to the extreme.
If anything is "disengenuous to the extreme" here it seems to be your defense of the USA's recent practices.
What I wrote was "acts of war" and "specific declaration of war" by the individual in quesiton, with a link to the citation. If you have any issue with established historical fact, that's your own concern.
Decapitating a specific cult of personality has been an effective method of eliminating it. Which also proved successful in the case of AQ.
(Yes, there are new emergent threats and groups, including several previously associated with AQ. I also said that the real world is messy.)
The specific case I was discussing, and I really hope I'm not so vague in my dotage that this wasn't crystal clear, was the 2 May 2011 attack on Osama bin Laden's compound resulting in his death.
What I defended was a specific instance, while acknowledging concerns and issues in other areas. Both you and imbchillyb are displaying a lack of such naunce. The US is vast and contains multitudes, some defensible, some not. It cares little for what I have to say.
> The specific case I was discussing, and I really hope I'm not so vague in my dotage that this wasn't crystal clear, was the 2 May 2011 attack on Osama bin Laden's compound resulting in his death.
Nope, certainly not crystal clear: You were replying to a post that mentioned, among other things, the Guantanamo internment camp, and airily said "this" case. I saw no specification there of which case, exactly, that was supposed to be.
Yes, the USA may be vast and contain multitudes, but even you talk about "the US": In the end there is only one of it, and when the USA as a nation-state does stuff then it's the USA, singular, as a nation-state that gets discussed and criticized. Just like here. I hope I'll never get so fuzzy in my dotage that I'll let sich disingenuous attempts at obfuscation slip by.
Hm... Pseudo-helpful hint/ reminder; feels like about 50/50 past and current posters. I'd already concluded neither extreme of Box or Ash, for rather obvious linguistic reasons. Been considering alumni like RM, DRL, KMS et al, but this feels more like currents such as RC, SK, or SA. Or perhaps AG; I notice that his recipe -- besides the formal declaration being severely watered down -- was pretty much what the US (singular, as a nation-state) went with.
I've told you specifically what I was referring to, and you are continuing to dispute what I was telling you. The same vagueness applies to imchillyb's comment, yet you seem to find no fault with that.
Why do you think that "told you specifically what I was referring to" defines the discussion? Who died and bequeathed it to you alone? imchillyb explicitly mentioned stuff -- yeah, lots of stuff, including among other things false internments at Guantanamo -- so pointing out that your claimed "debunking" does not at all debunk those isn't "vague" at all. Any "vagueness" in their comment is only in your head.
Of the very few topics I consider myself an ultimate authority on, my own mental state and intent is a prime instance.
I may not have communicated effectively. And in discussion with you it seems I'll never be able to.
But I know what I intended to communicate, and have stated what that is, repeatedly.
You seem bent on steering the conversation to what you wanted to hear me say. Which seems to be a premise founded on precisely the weak foundation you criticise me for.
My understanding is that it's the Taliban, and a cursory check of credible references supports this. That's a group formally alligned with AQ, but distinct from it, again, via credible references.
Other active entities include the Islamic State (ISIL / Daesh), and various organisations largely funded / supported and/or organised around Iranian, Syrian, and Palastinian interests.
Please note that this is not an area of personal expertise.
Still, the Mossad is one of the agencies who can keep pace with the CIA when they put their mind to it. Nonetheless, if you're not directly an agent, no sense putting yourself in the middle of a spy war.
One settler colony hacks another settler colony, the one that had co-sponsored its creation along with Britain, the mothership of all settler colonies. Honor amongst thieves? No such thing.
A book came out about a year ago by a fantastic academic about the history of settler colonialism by Israel in Palestine [1]. I'd suggest anyone who wants to learn more about Israel and values referenced record of history. The book is very well written, referenced (a sixth of the book is references) and comes highly regarded.
I don't understand the focus on NSO in these stories. If U.S State Department personnel in Uganda were shot from an M-16, would the headline mention "an American arms manufacturer"? No, because it's ridiculous.
For better or worse, NSO's product is a weapon. How is it any different from an M-16? Where is the outrage towards the people who used this weapon against the State Department?
It's my understanding that NSO runs centralized command and control servers that their "clients" are granted access to, for both the on-device payload installation and also data exfiltration.
They do not give the software to their clients to go use somewhere in the world fully independently (self hosted payload dropper, C&C, etc)
They're a direct participant in the network traffic. Unlike a dumb purely offline piece of hardware like a M4 rifle or similar.
So selling an F-15 to the Saudis (like the U.S is doing in droves) is more morally justifable because what exactly..? After the plane is sold the Saudis are independent with it? (they aren't really btw. I'm sure there's maintenance and buying parts etc).
I am also not in favor of selling advanced weaponry to the saudis or pretty much any non-democratic regime. The US has a very poor historical track record of supporting strongmen that do brutal things. Pinochet. Suharto. MBS. I could write a very long list.
None one else was talking about F-15s or drones in this thread. The only mention was of weapons that even civilians can buy is some countries and do not come with a support contract attached.
IMO the US selling F-15s or drones to the Saudis is very similar. The US shouldn't be supporting the Saudis murdering civilians with F-15s, and Israel should not be supporting hacking tools that enable other governments (or private organizations) to murder people they dont like.
I find it very unlikely they knew about state department phones. Why bring up M4 rifles all the time? That's not how the U.S or any other arms seller makes money at all. The big money comes from planes, drones, etc. 350 billion worth over 10 years just to Saudi Arabia alone https://en.wikipedia.org/wiki/2017_United_States%E2%80%93Sau....
> I don't understand the focus on NSO in these stories
What's to understand ? It's an Israeli company. Enough said. If it was an American or German company no one would have cared. Why the obsession with Israel? It's a complicated phenomena. I think it has to do with the role Jews played in Christianity (Jesus' death etc) and the holocaust but that's just my 2 cents.
So I should believe the U.S thinks it's OK to sell F-15 planes but not OK to sell software? I'm gonna assume yes, there are probably other players in cyber warfare who sell to these countries, probably also the U.S.
> the U.S thinks it's OK to sell F-15 planes but not OK to sell software?
The U.S. thinks it's okay to sell F-15s that don't attack Americans and not okay to sell software that attacks Americans. As a, granted, American, I'm not seeing the incoherence.
I was delineating why the U.S. is fine with selling weapons to e.g. Saudi Arabia but would not be happy about those same weapons being sold by Russia to Iran. You seemed confused on that point. There isn't a grand philosophy. It's international relations. It's anarchy. The U.S. government promotes American and allied interests.
Separately, yes, if you're hacking the State Department, you're attacking the U.S. This is consistent with how cyberterrorism is treated by DNI since at least 2014.
This wasn't done by NSO knowingly. I have no reason not to believe them on that, they have a financial and strategic interest not to piss America off that bad. Also - Uganda is not Iran, it's a friendly country. Unfortunately someone there decided to use it against American diplomats which is unfortunate.
In the past month or so, there was a front page story on HN about NSO and a journalist, detailing evidence that NSO-controlled servers served up the exploit to the journalist's phone. This suggests that the NSO group has less of an arms-length relationship with their clients than they let on. It seems that at least for some clients, they're running some variant on exploits-as-a-service.
That still doesn't mean they knew about this. How would they even know it were American phones? Its very possible it were some IPhone with a Ugandan sim card. How do you know who's using it - do the Ugandans tell you? It's a very real possibility NSO servers simply show some Ugandan number.
I have no more knowledge on this than anyone here but I don't find it realistic NSO would take this chance.
Mitigating but not exonerating. (Also, unknown and possibly unknowable.) NSO are still selling cyberweapons hitting the United States. If they didn't give a shit about keeping an eye on their kit, that's a negligent gap in oversight by Jerusalem.
It's a good thing we have a talking-not-shooting relationship with Israel. The U.S. would be within its rights to launch a proportional counterattack were that not the case. If Israel doesn't deal with this properly, there's a decent chance we'll see calls for criminal penalties and targeted sanctions.
I didn't say that they knew. I was saying "This wasn't done by NSO knowingly." isn't necessarily true. I think I was pretty clear about the fuzziness of the evidence as it relates to this specific case.
> DarkMatter is under investigation by the F.B.I. for crimes including digital espionage services, involvement in the Jamal Khashoggi assassination, and incarceration of foreign dissidents.[28] The F.B.I. is also investigating current and former American employees of DarkMatter for possible cybercrimes.
Doesn't look like they only target Israeli companies.
The U.S basically protects the whole of Europe by subsidizing NATO. It's probably in the trillions. Sorry but Trump had a point there. What it gives Israel is peanuts compared to that.
Without U.S support to Europe who knows what happens, maybe the Russians and Chinese start looking at Europe as easy prey to pick on.
Also the obsession with Israel isn't a uniquely American thing, it's the same in France and Canada and Germany and basically any Western country.
> Only if you count general American military spending
Of course I do. Europe has no real army. France kinda has an army and the U.K got out. If America didn't provide a military umbrella Europe would need to actually build a real army (Europe's contributions to NATO are pitiful). How much would it cost the Europeans to do that? Going back since WW2 that's easily in the trillions.
Given that the US actively engages in military operations in defense of Israel, I would say that it not reasonable to attribute a larger share of the spending to Germany rather than Israel?
The intervention in Syria? That's a military operation done by the U.S for Israel? How did you come up with that? If there's no Israel tomorrow the entire region is still messed up with possibly tens of millions of new refugees flooding Europe. It's not all about Israel.
The attacks on NATO are such a weird thing. US support of NATO isn't a charity operation, there are strategic and economic benefits to the US from NATO participation that greatly exceed the expenses.
If the argument is that the United States shouldn't be a global power, that it should dismantle the US military and be a demure, multilateral player in the international space, sure, attack NATO. However, attacking NATO while saying the US should be a stronger international player is contradictory.
I'm not attacking NATO. I'm saying the U.S is subsidizing Europe's defense in the trillions (if we count since WW2 end). It could be beneficial to the U.S, or not. I'm only saying U.S aid to Israel is not unique and is peanuts compared to the NATO subsidy. People here like saying they are super focused on Israel because of the 3 billion annual subsidy the U.S gives to Israel. I call bullshit on that.
The NATO relationship effectively turns Europe into vassal states - we don't have German or French bases on US soil, only the US gets that out of NATO. So it's a 'subsidy' only in the sense that the US is protecting its property.
People get angry about the Israel aid not because of the volume of funding, but because of the human rights/colonialism problems that the US subsidizes. I personally feel that way, but at the same time I understand the realpolitik deal with Israel - I believe the purpose of keeping Israel there is to prevent some version of the Ottoman Empire from re-forming.
Here's part of the problem. Does it make sense to you Israel just disappears? Sounds like it from what you're saying.
Isn't it weird though - how many nation states do you think should vanish?
> but because of the human rights/colonialism problems
If Western societies really wanted the conflict to dissolve they wouldn't keep encouraging the Palestinians to "return" to their home (75 years after). Western societies keep the conflict alive. So it makes me think human rights issues isn't really the thing here.
There is no military danger Europe would need protecting from. The only thing US is subsidising is itself: all those trillions go directly back to US and benefit US, not Europe.
That's Germany providing its land, for free, to the US. Those forces are not protecting Germany from any existing military danger, they are just projecting US power and protecting its interests.
Israel is ostensibly a Western ally, yet they sell weapons that are used to attack Western nations and their citizens. Can you see why some people might consider that a problem?
Your accusations of anti-semitism are unwelcome and without merit.
Uganda is not a US enemy.
NSO is a disgusting money grab and a threat for democracies. But, they never sold to any nation which is a US enemy. Uganda is not a US enemy.
Israeli government, which grants the export licenses is not that dumb.
Allies spy on eachother all the time. that's a given any sovreign state knows and takes into account.
You are being a demagogue here. It's 8 phones that were hacked, by someone in Uganda - a friendly country to the U.S, with NSO probably not knowing and Israel as a state definitely not knowing. Was any of the 8 Americans harmed physically btw?
I don't care if it's unwelcome to you...I call it as I see it and you're not doing a great job convincing me otherwise.
Funny, the rest of us are "demonizing" evil spyware and the evil military-industrial complex that uses it. If you see that as "demonizing Israel", that must mean that for you Israel is synonymous with evil spyware and the military-industrial complex. The rest of us can see that they're two different things.
Why do you have such a negative view of Israel; isnt that a bit anti-Semitic?
> don't understand the focus on NSO in these stories. If U.S State Department personnel in Uganda were shot from an M-16, would the headline mention "an American arms manufacturer"? No, because it's ridiculous.
No, because it isn't novel, it's not wide reaching, it's not at arm's length and it cannot be stopped.
Stuxnet, a novel American-Israeli cyber weapon, purpose built to hit Iran, was absolutely billed as such. And it was received differently, by Iran, than would be e.g. an American-made gun fired by Iraqis at Iranian surrogates.
NSO is making and selling cyberweapons. They're doing it now. These weapons are hitting the U.S. government and its allies to an unknown extent. And they can be turned off, right now, if Jerusalem orders it.
U.S. persons being shot in Uganda by Kalashnikovs are none of these things. It's not novel. Nobody wonders if the Ugandans are going to show up, guns blazing, in Arlington. And Moscow can't remotely disable the guns.
U.S. weapons manufacturers receive a lot of criticism too, both domestically in the U.S. and internationally.
The comments here focus on NSO because the story is about what NSO did. This is computer tech kind of community so you’re going to see more computer weapon stories here than stories about improper use of rifles.
The U.S sells super sophisticated weapons such as attack drones, F-15s or nuclear submarines. The tech behind these things is probably super interesting and there's a lot of software involved. If you look at the comments here, around 90% of them don't care about the tech at all but focus on bashing Israel. This isn't a tech story.
And Israel also sells super sophisticated weapons like AWACS radars and surface-to-air missiles.
But there are clear understandings that e.g. nothing goes to China, and no fancy radars go even to untrustworthy places like Myanmar. NSO is still in a gray zone.
Unlike an M-16, hacks can be conducted remotely, they can be used to plant evidence, conduct blackmail, and lots of other things where most people would never know a hack was involved.
Also, there's outrage towards NSO because Israel is supposedly an American ally. Israel needs American support, and yet Israel freely allows Israeli corporations to sell services American enemies. And this isn't an isolated company--there are other Israeli hacking companies that target Americans, such as Black Cube.
This isn't being sold to an American enemy - in fact, the US sells and donates (!) weapons to the same government. The US doesn't care much about Israel (a Major Non-NATO Ally) or Turkey (a NATO member) selling artillery pieces and APCs to Uganda.
It's all about the specific class of weapon. There are general understandings about who can get sold what weapon without the US getting mad. No radars or surface-to-air missiles for China or Russia or for random tiny dictatorships; but it's totally okay to sell them to India or Latin America. Dumber things like artillery pieces can go anywhere, even places under US sanctions like Myanmar, without crossing any lines. But this isn't written in treaties; it's all implicit understandings and learned patterns of retaliation.
For this new class of weapon, both sides are still feeling out the rules. The US is laying down precedents that put NSO's products much closer to the rules for radars and missiles, while Israel is pushing the limits to see how far the US can live with.
Could you please stop posting unsubstantive and/or flamebait comments to HN? You've been doing it a lot, unfortunately, and we ban that sort of account.
I think your moderation here is pretty unbalanced and borderline harmful, in that you can say some pretty horrendous things on this site as long as you do it in polite phrasing using big words, and there will be zero moderation applied in that case.
You are breeding a community full of some pretty extreme opinions, generally right-wing and regressive, and I think it's a damn shame. And I will not stop calling it out when I see it.
> And I will not stop calling it out when I see it.
None of my business, but it seems to me that you are perfectly free to call out anything, the point, as I see it, is that:
> Is it really.
is not "calling out" or actually "anything else" that adds anything to the discussion, only a (BTW of difficult interpretation) unsubstantiated comment.
Every passionate ideologue thinks that both the community and the moderators are biased in favor of their opponents. Your counterparts are just as certain that it's all biased in favor of you:
> Every passionate ideologue thinks that both the community and the moderators are biased in favor of their opponents
I don't think you are explicitly biased. I don't think you are trying to promote one political ideology over another.
I do think, that due to the way your rules are set up, and how you enforce them, you unintentionally end up attracting one, and driving away the other. And I think this process has been going on slowly for a long time, and that you may not be noticing it, but that HN has turned into a home for some pretty extreme viewpoints in the process, that are just hidden behind a thin veneer of respectability.
In National Security contexts, the "get angry at the weapon seller" response is very strongly correlated with how advanced (in technology, power, and scarcity) the weapon is perceived to be.
For an "average soldier" weapon, such as an M-16 - $Company isn't likely to catch much grief - unless they're selling a considerable quantity of them, or to an extremely notorious buyer. Similar for a cyberweapon - but an "everyday" one, which wouldn't be a big surprise for a C-list ransomware group to use.
Vs. NSO's stuff seems to be the sort of top-tech goodies which A-list nation states use to maintain & enjoy their A-list status. Whether any actual harm results from this incident... publicly letting a bunch of "the wrong sorts" into that exclusive clubhouse is getting NSO into really deep do-do with "the regulars".
Yup. If decently up to date surface-to-air missiles were fired at State Department helicopters in X country, the US would be very very angry at whoever let those get sold so loosely.
Nope, that’s a bad analogy. A manufacturer that produces and sells thousands if not millions of items won’t be deemed as complicit as one building a nuke that somehow lands in your enemies’ lap.
That’s pretty obvious and it’s disingenuous that you’re trying to steer the conversation in that direction
It being Israeli is definitely a big part of why this story is so huge. Why do you think it's making huge headlines then - what's your theory? The fact that 8 American diplomats got their phones hacked?
Because they are amoral pieces of shit who'll sell to dictatorships and use state export regulations as a fig leaf. Because they fight back, lobbying in an attempt at regulatory capture. Because of how many innocent people's phones their software has provably ended up on. Because it's so closely connected with state funded and trained hackers from Unit 8200. Because they lie, simultaneously denying involvement, yet, disabling the relevant accounts. Just a theory.
Follow the industry long enough and you'll know how Hacking Team (Italy), Finfisher (Germany), Gamma International (UK), smaller and larger firms have rightfully attracted their fair share of condemnation. Journalists pile on when a story gains momentum, this round was started by the published list of targets and Citizen Lab. We can't call this anti-semitism yet.
Defending it just because it's Israeli would be as unjustifiable as attacking it just because it's Israeli.
I'm in agreement with you. I don't see any indication that the Israelis specifically made this weapon to target US interests, nor do I see any indication that the Israelis are discriminating between the US and any other nation, nor do I see anything that leads me to believe that we aren't potentially using this ourselves against other nations.
Fuck NSO, for sure. But I'm just not sure Israel should be held accountable for the actions of a private corporation with no apparent political motivations, just as in your M-16 example.
If it's specifically, then I'd agree with you. If it's just broadly (such as how the US unilaterally doesn't trade with countries currently in the midst of war), then I'm not so sure.
NSO doesn't "sell" cyberweapons - they lease them and provide logistical support (including running the cloud infrastructure). This confers a lot more knowledge on where and how the weapons are used, and adds a lot more culpability.
The situation is less "M-16 and rounds sold once-off", and more of a turnkey armed drone (or surveillance drone, if you're charitable) service provided to governments, where the missiles, fuel, and airbases are provided by a private party on an ongoing basis. It's more of a tailored service, than a sale of goods.
Weapon merchants get flack all the time for selling their wares to... we'll call them "rivals," but it could be any state or organization not in the US's sphere of influence.
NSO gets particular flack because they're inextricable from the weapon they sell. If an M-16 is used to shoot someone, provenance is probably harder to prove; weapons change hands all the time, or are smuggled to ne're-do-wells via the black market. But everyone using Pegasus, as far as we know, is an NSO client; NSO made the choice to provide that software, including NSO support and NSO services.
> For better or worse, NSO's product is a weapon. How is it any different from an M-16? Where is the outrage towards the people who used this weapon against the State Department?
It is highly unlikely that NSO group actually gives out their exploits, based on what we know about previous exploitations that have become known. It's more like they offer an interface to execute their exploits on a given target. The fact that they can block entities from using their service, after having had access to it (like they supposedly did in this case), very strongly supports this hypothesis. Hence they're offering a service, to use weapons for (or rather, in the name of) some (government) entity that pays them money to do so.
Imagine bombing-as-a-service, as an instance. That's much more like it, and your argument doesn't hold in that case.
Perhaps you are unaware of the nature of global arms control and how much work goes in to prevent scenarios exactly like this.
Small arms proliferation is much harder to control, but yes there has been extensive reporting on Operation Fast and Furious where US gun sellers were allowed to sell to Mexican cartels under ATF supervision. [0] Those guns were used against both US and Mexican citizens, including fatally against 1 US Border Patrol Agent in 2010.
Looking farther back, during the Falklands war in the early 80s there was much controversy over the Exocet anti-ship missile, which was manufactured and sold by France. When these missiles were successfully used against British warships near the Falklands, Britian successfully lobbied for France to stop selling them to the Argentinians.[1]
So yes, it's actually very common to put the responsibility of how their products are used on arms manufacturers. It's a good thing and it keeps the world safer.
The Israel government gets a pass for anything they do. Whether it is lying about nukes or what they've done to Palestine. NSO is a feather in their cap.
These export controls for weapons exist in much of the western world. Once granted a license, Israel has no legal say in how the product is used by the end user.
It’s all very routine and standard, not sure why people need basic explanations of what government export regulation is when the discussion is on Israel.
Why not flag the article itself? There's nothing technical to be discussed here. If the article was talking about the technology, that's one thing, but its talking about state-sponsored espionage. Flagging my post is a bit like closing the barn door after the horses have left the building.
HN isn't just for technical discussion. That ought to be clear both from the site guidelines (https://news.ycombinator.com/newsguidelines.html) and the front page every day. HN has had articles about this kind of thing pretty much since the beginning and there are often interesting details and twists to discuss. Moreover, the ongoing NSO/Pegasus story is one that a lot of the community has been following with genuine interest. So I think it's ok (I admit I didn't read the article though!)
Most importantly: no matter what the topic is, it doesn't make it ok for commenters to break the guidelines. Just the opposite, in fact—that's why we have this one:
"Comments should get more thoughtful and substantive, not less, as a topic gets more divisive."
Your comment obviously broke that, as well as several others, which is why I replied as I did.
Slapping down the NSO doesn't fix the problem. We should be glad we even know that their software exists, imagine if it was completely hidden from the public? The problem is that Apple needs to fix this. Security is an arms race, and the more visibility we have into where it is weak, the better for everyone. To paraphrase the motorcycle repair episode of Winter Steele, "You are stronger now for having been fixed." IMHO.
Apple has demonstrated complacency on security issues. Stiffing security researchers on bug bounties is just one symptom, but so is the fact the market price for iOS exploits has cratered compared to Android ones.
Great commentary. The US is hopefully looking into why these employees are using iPhones + local SIM. And if that has been approved in the past, maybe re-think that
"A State Department spokesperson declined to comment on the intrusions, instead pointing to the Commerce Department's recent decision to place the Israeli company on an entity list, making it harder for U.S. companies to do business with them.
NSO Group and another spyware firm were "added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," the Commerce Department said in an announcement last month."
As an American, it's becoming harder for me to muster sympathy for an entity that actively discovers and exploits technological flaws to use against their adversaries while simultaneously purposefully not alerting the manufacturers in order to correct the flaws so they can continue to exploit them and then those flaws are subsequently discovered by others and used against them. Poor you.
> As an American, it's becoming harder for me to muster sympathy for an entity that actively discovers and exploits technological flaws to use against their adversaries while simultaneously purposefully not alerting the manufacturers in order to correct the flaws so they can continue to exploit them and then those flaws are subsequently discovered by others and used against them.
It is worth distinguishing between the State Department and the NSA. The US government is hardly monolithic, even if we restrict our discussion to just the executive branch:
While I find it interesting that focus in comments appears to be on Israel, NSO and the complicated ( or not really that complicated if you look at it from a different angle ) relationship between them and US. I did not see a mention a broader discussion of, you know, hoarding zero days, exploits and whether using those can be worse than conventional weaponry.
The reason I find it interesting is because it is clear that US government supports Israel ( and NSO ) practically unconditionally ( recent vote on Iron Dome being a more amusing example of bipartisanship ).
Why is Reuters, an old guard by any account, concerned? Or are they simply following what sells and government is really at odds with its people when it comes to policy in ME.
Arguably, this is the real use case Pegasus was designed for. A government (Uganda) that does not have a large and mature civil service that would support a G7 level technical domestic intelligence agency went to market for the tools of one (NSO), so they can keep tabs on foreign intelligence agents (state department staff) in their country. I am not a fan of NSO at all, but this case sounds like they're providing sovereignty or statecraft as a service to a government that prefers to buy instead of build their security capability.
When the game is defined as a competition for how to break its rules in the most unexpected ways and with the fewest consequences, Uganda appears to have joined in with aplomb. To me it's the first time an NSO story doesn't seem like a scandal.
The "oh, but everyone is doing it!" argument. I don't for a second believe that other countries install spyware on foreign diplomats and other peoples phones. What NSO and the Israeli government is doing is rotten to the core and unless you have evidence of the contrary you cannot assert that other actors are doing the same thing.
Wow! You found one instance of the US spying on a friendly government. That totally justifies NSO leasing spyware to authoritarian third world regimes! Carry on folks, nothing to see here.
It doesn't justify it, but if we're going to take a stance against spyware, we have to take a stance against all spyware. That includes the home-rolled stuff that the NSA pushes out to Apple and Google.
It seems if Israel is receiving money from the US government and Israel controls the usage of NSO group weapons that are being targeted at the American government then there are problems yea?
What alternative do you propose? Give up? Naively hope every other world leaders (all sociopaths by nature, with intelligence agencies managed by yet more sociopaths) will understand and hold up their end of a deal they don’t even know exists? This is geopolitics, you take every advantage you can get, every time, forever. Spying is how you prevent wars by avoiding misunderstandings and miscalculations.
You’re taking this all too literally. It’s politics, it’s all a performance.
When France was “angry” about Australia buying US nuclear subs and canceling their French contract do you really think that was real?
It’s all for show, just like being “angry” at another country spying on you. You do something like “kick out their embassy employees”, then turn around and let new ones come in.
There was no need to just do this for show. Most members of the public don't care about submarine deals. It doesn't make their government more popular.
Nahh… from what I’ve read, Australia had made it abundantly clear they were pulling out of the French deal. Maybe France was pissed they were excluded, but the “angry” was entirely for show.
The public may not care about submarine deals but France certainly cares about how they are perceived on the world stage.
Totally agree. There is a difference still between totalitarian countries against its own people with no theoretical way out even, vs USA that still have some way out.
Kind of? It seems like the main use case isn't a country that needs the tools of state-on-state spying; it's a country that needs the tools of Chinese-style domestic surveillance of the political opposition. In most cases where US persons have been targeted with NSO software, it's as part of operations against domestic dissidents, including in this case, where most of the usage was against Ugandan protesters.
If you are a state, NSO is what you get when you don't have Stingrays, PRISM, and a pipeline into domestic enforcement for paralell construction. Imo, in this specific case, it's equivalent.
This is a typical "shadow government" symptom. You have forces working within the government that 1) have their own agendas; 2) have connection to international communities, usually military-intelligence ones; 3) have almost zero regulation; 4) even many high ranking government officials don't know about them because they are brotherhood-like closed circles.
This reminds me of Operation Gladio or Propaganda Due but domestic. Same playbook, different players.
> Imagine how much society would improve if all the dirt got aired.
Depends on the dirt. Some of it might be private and personal stuff, such as infidelity. That type of stuff, while blackmailable, doesn't really benefit the public much.
Everyone has dirty laundry they would prefer not be aired, and if they don't then their friends, family, or partners do. I don't think we want to live in a world where absolute moral purity (as determined by the most vocal, biased critics of a given person) is required to hold public office.
>I don't think we want to live in a world where absolute moral purity (as determined by the most vocal, biased critics of a given person) is required to hold public office.
Don't worry, you live in a world where a man with a well documented decades-long laundry list of scandals and faux-pas can brag on tape about how he can get away with molesting young women because of how rich he is and still get elected President.
I'm actually wondering what you could effectively blackmail an American politician with, given how little Americans seem to care about the morality of their leaders. Maybe just the eponymous "dead girl or live boy," but then you have the Kennedys...
> I'm actually wondering what you could effectively blackmail an American politician with, given how little Americans seem to care about the morality of their leaders.
Well, in general anything that would get them prosecuted for a felony should be an effective stick. Add in a carrot and now they're on the hook for bribery too.
> I don't think we want to live in a world where absolute moral purity (as determined by the most vocal, biased critics of a given person) is required to hold public office.
Well lucky you, we have the exact 100% polar opposite of that system currently. I think it would be fine to move toward it a little.
> Well lucky you, we have the exact 100% polar opposite of that system currently. I think it would be fine to move toward it a little.
I'm skeptical of the notion that outing public officials (when the blackmail material is personal in nature as posited by the GP) would move toward that goal.
I don't even think an exception should be made for material that would expose hypocrisy in policy-making (eg. 'pro-life' lawmakers that have had or facilitated an abortion).
Straight-up crimes though (bribery, corruption, theft, insider trading, etc.), sure.
Moral purity isn’t required, just some honesty. I don’t care if politicians cheat on their spouses or even if they rail coke out of hookers’ asses on the weekend. Just don’t pretend you don’t do someone has power over you if they find out you do.
Don't believe representatives are elected because of their integrity and their willingness to serve.
They represent groups of interest. And being blackmailable is, in my opinion, a handy leash to keep them in check, for those groups which propose the candidates
The public is not concerned with corruption until they feel affected by it.
It sounds more like you're asserting that corruption has been redifined, because we expect elected officials to represent a group of interests... But this is quite circular.
It would be better for us to maintain our high expectations of our leaders, even if those expectations are not currently being met. It doesn't mean that they cannot be met. It feels so damned gamed that I cannot imagine what a genuine political candidate would look like, a member of the public deciding, yes, I will run for office, and then speaking to their friends and neighbors about it, and submitting the paperwork to make it official.
Can you imagine if that's what politics was? Wouldn't it be amazing? Sometimes I feel like there's too many smart people with way too much time on their hands, and they create these political storms as a way to generate money. I hope they all go into the gaming industry and make a tone of money without undermining a functional democracy. The problems we have don't always have money behind them. In fact, it's usually a trade-off we want someone with money to take, that they don't want to take. And the way we coerce an organization is through legislation. So it makes sense for orgs to take that control back and spend on PR campaigns and pundits to argue in their favor. Payola for sophists. But I digress...
remember when the cia interfered with the congressional investigation of their torture program, by getting the FBI to investigate senators for viewing the documents that the CIA provided them, and spying on the senate investigation activities, and then nothing happened
Yes, I remember! But I just got up to 2011 on my todo list and am playing through Borderlands 2. I'll follow up on 2014 matters which will hopefully take less than 3 more years.
I can believe there are shadow organizations that lack oversight. In fact, it seems likely.
But that these shadow organizations are maintaining power by surveiling and blackmailing congress people is a whole other ballgame and seems highly unlikely to me.
For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able. And pissing off the only group of people that could cut your funding and expose your shadow organization as well as bring oversight is not the group that you want to be pissing off.
I think game theory would indicate that your only chance of maintaining a shadow organization in the US gov for any length of time is going to be secrecy and maybe some heavily funded lobbying.
> For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able.
I'd be more than willing to bet that they do. "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." and that only covers "honest" men who wouldn't have illegal coordination with PACs, bribes with lobbyists, personal communications filled with racism, or evidence of sexual activities that might upset their base. When "6 lines" becomes a record of everything you've ever done online, all of your communications, your GPS coordinates and the data of anyone around you it's going to get easier to find a noose around your neck.
Even if there managed to exist a single person in congress who wasn't screwing over the American people somehow for personal gain, or didn't have some skeleton in their closet they didn't want exposed to voters/campaign contributors when a group is capable of compromising your system and inserting whatever offensive material they want to use against you it's incentive enough to back off.
> But that these shadow organizations are maintaining power by surveiling and blackmailing congress people is a whole other ballgame and seems highly unlikely to me.
Why is it so hard to believe that a few powerful indivisuals at the top, with common interests and agendas, are banded together?
There's no official organization but a few indivisuals that streer things their way because they can.
I think there are enough hornery (and incidentally patriotic) congresspeople that they'd be okay exposing the CIA for blackmail even at the expense of exposing the secret.
The funny thing is that the worst of it is already exposed, and no-one seems to care. money-in-politics, the most serious problem of our time, is a "meh" issue to most folks, even though money poisons discourse on literally every other issues! And we know the precise mechanism and how to stop it (a law overturning Citizens United), and yet we do nothing.
Politics is a funny business. I have spent alot of time dealing with political people ranging from staffers to actual officials.
Many are very well meaning public servants, others careerists, some are… insane on various scales. Politics is a business with uncertain outcomes where “friends” are important and personal stakes are high.
From a blackmail perspective, you have people like the bartender turned member of congress who got their GED to run who are obvious puppets with a wheelbarrow of odious behavior behind them. But even the most boring congressman has a legal escrow account with irregularities, a kid with emotional problems that caused trouble, a campaign finance violation, etc.
I don’t think there is a shadow cabal, but some executive branch entities wield tremendous power.
> From a blackmail perspective, you have people like the bartender turned member of congress who got their GED to run who are obvious puppets with a wheelbarrow of odious behavior behind them.
I'd like to visit the Museum of Counterproductivity in the area of your brain that downgraded Bobert from business owner to bartender.
how would you cut the budget of the CIA for example, an organization that doesn't really answer to anyone but itself ? an organization that can self fund when it wants.
Eisenhower, a general called out the so called military industrial complex in a way that befits a prophet
it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able
You don't need to control every congresscritter directly, just to control them by proxy is enough. The nomination committees have a lot of power on who stays and who goes, for example, and so do subcommittee chairs.
> But that these shadow organizations are maintaining power by surveiling and blackmailing congress people is a whole other ballgame and seems highly unlikely to me.
There's a long history of illegal domestic surveillance since at least the 1940s - why would it have stopped?
> For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able. And pissing off the only group of people that could cut your funding and expose your shadow organization as well as bring oversight is not the group that you want to be pissing off.
Secret blackmail files worked for J. Edgar Hoover[0].
Congress has blocked inquiries into their split loyalty as far as them having multiple citizenship in other countries. If you were McDonald's board of directors would you allow someone to be on both the McDonald's board and Wendy's?
Congress isn't personally harmed by a surveillance state unless you consider they may all be being blackmailed but that is another conversation. In fact mass surveillance widens the barrier to new entries into politics as they can use whatever dirty they find and give it to federally funded media mouthpieces.
This week we saw articles of sexual crimes against children being swept under the rug to "protect our country" do we really think that congress would actively pursuit this line of inquiry?
I'm all for sorting the problem out, but isn't the reality a little more complex given other countries? Doesn't cutting your intelligence / signals budgets give your "enemies" an advantage? By "enemies" I'm referring predominantly to foreign nation states.
It's difficult, you have to break down those brotherhoods who will fight to death to be "independent". And then you have to find a way to prevent them from spawning again. I don't have any idea how to do it properly.
I'd expect if we lived in the sort of society that would execute the head of the NSA for treason or something similar when the Snowden revelations came out, it would have societally beneficial chilling effect on intelligence organization brazenness.
Unfortunately, it seems intelligence is mostly immune from liability, and lack of consequences lets the rot fester.
Once the system is setup who is in control is going to be irrelevant. I believe the best approach is to educate the citizens so that 1) They follow scientific methods; 2) They are more resistant to advertisement/propaganda; 3) They are keen to corruption and willing to protest.
"1) They follow scientific methods.
2) They are more resistant to advertisement/propaganda;
3) They are keen to corruption and willing to protest."
You are asking way too much of people. "Normal" people can't fulfill any of those 3 requests. Not that they don't want to (most don't), or that they aren't taught to (this is conflicting through life)
They can't. #1 and #2 sound like something an autist would tend to do.
The types of societies that execute high level civil servants don't actually execute them for the reason given - the reason is an excuse for the masses, the real reason is they fell out of power or were a threat to someone important.
Implying that Israeli spying on the US is some fringe "shadow government" sub-group of the Israeli government is strange given a long, long history of high profile Israeli spying incidents against the US.
Then there's the time they slaughtered several dozen US navy and NSA personnel with repeated attacks on an unarmed vessel because they didn't like that we were watching them: https://en.wikipedia.org/wiki/USS_Liberty_incident
By saying "shadow government" I mean groups within the US government that has connection to say NOS.
Again I don't have concrete proofs so I could be 100% wrong. But reading world history especially cold war history makes me be sceptical to certain things.
>because they didn't like that we were watching them
That is the American conspiracy theorist interpretation of the incident that (understandably) also gained traction among a few of the survivors. The Israelis disagree.
It was most likely a case of mistaken identity. Just like friendly fire incidents. Friendly fire incidents happen all the time, including between US forces in the recent Iraq and Afghanistan conflict.
The quote "I was actually able to wave to the co-pilot, a fellow on the right-hand side of the plane. He waved back, and actually smiled at me" is attributed to Larry Weaver, a crewmember on the Liberty. It was allegedly originally written in a book called "Assault on the Liberty" by James M. Ennes, but I ordered a copy to confirm
The Liberty was also very far from where the Americans had told the Israelis where it would be. Finding the ship there was unexpected and calls to confirm its identity were not being answered.
Why would the tail wag the dog? America benefits so much from all the R&D (in e.g. encryption) that can't happen on US soil. They are not our enemy in any way :)
> Why would the tail wag the dog? America benefits so much from all the R&D (in e.g. encryption) that can't happen on US soil.
As far as I know there are few (if any) restrictions on encryption R&D (and even publication) in the US.
What is restricted (due to encryption being classed as a 'munition') is the export of robust encryption products to specific countries.
Broadly speaking, circumventing the export controls wouldn't be in the interest of the US Intelligence Community, unless those products have backdoors or vulnerabilities known to the IC.
The US spies on its European allies all the time, and I'm sure they spy on Israel too, so that's not super surprising.
As for the USS Liberty, some do argue that it was intentional, but both the Israelis and Americans ended up agreeing that it was a mistake. The US is no stranger to such mistakes either, even more egregious ones like when they killed close to 300 civilians aboard a regular passenger flight following an approved route and in contact with ATC (Iran Air 655).
In the end both the US and Israel are amoral states that act only according to their economic and strategic interests and I feel that this unites them. I wish it didn't, though.
If you can't prove that you probably shouldn't make such unqualified statements. There is plenty of proof for the opposite, afaik none whatsoever for the reverse.
Reminder that France vacuumed up messages on Enrochat after deploying malware globally, and they have clear text messages from users in any arbitrary country and have not disclosed what they will do with it or what they have.
The specific claim here is that EU countries spy on the US. I do not believe they have that capability, so if you have some proof that would come in handy.
We have plenty of proof of the US spying on allies in spite of those being secret foreign intelligence operations, there is afaik none whatsoever of say the Germans, the Belgians or the French doing something similar to the US.
Spying is intelligence collection. There many ways to collect intelligence. Some completely innocuous like going to a defense trade show and taking pictures. Or using satellites to capture imagery of sensitive locations or developments [1]. Military attaches at embassies who observe their host country’s military developments and operations [2]. These are capabilities that every developed nation has access to. For them not to use it puts them at a disadvantage.
You don’t think the French would love to have known about AUKUS submarine deal before it was made? It’s detrimental to not attempt to spy. The French were blindsided and I’m sure they don’t want to be blindsided again.
Aside from capability, the relationship between the US and European countries is so biased towards the US that, politically, I just don't think they'd risk it.
The US spies on everyone because they can, and because they have prepared to do basically anything they think might be in their interests; when Germany discovers the US spying on them, what can they really do about it? Whereas if it was the other way, all hell would break loose.
They officially decided it was a mistake, as it did neither government any good to officially announce that it was intentional. But the sailors that were on the ship say otherwise.
> They officially decided it was a mistake, as it did neither government any good to officially announce that it was intentional. But the sailors that were on the ship say otherwise.
How would the sailors on the ship being attacked be able to know anything like that (e.g. know if the Israeli pilots thought they were attacking an Egyptian ship or an American one)?
> e.g. know if the Israeli pilots thought they were attacking an Egyptian ship or an American one
The sailors would know because they have access to the same information that you do, but a greater incentive to actually do the reading. The Israeli pilots knew it as a US ship, their radio traffic questioning their attack orders - after visually identifying the USS Liberty as a US ship, was recorded and the transcripts widely known about. This happened several times, so unless the Israeli command center had the memory of a goldfish - they intentionally kept sending attack aircraft until they eventually got a pilot to pull the trigger. Why would they do such a thing? Because the US wasn't onboard with the Israeli preemptive strike and they didn't want a signals intelligence boat tipping off the Egyptians. Israel doesn't appear to reciprocate the fond feelings expressed by American politicians - the mere idea of the "Samson Option" is proof enough of that.
> This happened several times, so unless the Israeli command center had the memory of a goldfish - they intentionally kept sending attack aircraft until they eventually got a pilot to pull the trigger. Why would they do such a thing?
To that point, it's worth noting here friendly fire incidents happen all the time in war, as well as attacks against neutral parties. For instance: the US has bombed its own troops probably more times than anyone can count, and it also bombed the Chinese embassy in Belgrade and shot down an Iranian airliner. Why would they do such things? Honestly, it's plausible they they may actually have had the memory of a goldfish, at least occasionally.
While I'm not aware of any formal study on the matter, I do remember them going over the subject at length in a forward observer course: the blame for the majority of airstrike blue on blue falling on the grunt calling for fire. It matched my experience as well - to the point that I'd avoid calling in close air support for anything short of a Custard's last stand scenario. This isn't anything like that, a command center continuously calling in attack aircraft on a target repeatedly identified as non-hostile - being put on and taken off of the situation board... unprecedented. Even if my opinion of the command staff was so low as to grant them a "well, maybe you are just that dangerously incompetent" - the lying makes that even harder to believe (technically impossible claims wrt speed and offshore shelling capability).
The Israeli government had strong incentive to do this, and accounts on the ship were that this was clearly intentional. Why is this so hard for you to believe?
> The Israeli government had strong incentive to do this, and accounts on the ship were that this was clearly intentional. Why is this so hard for you to believe?
Because an imputed motive is not proof of anything, and there's no way "accounts on the ship" could provide the information you claim they do (knowledge of the attackers mental state).
I don't think anyone disputes that the Israelis attacked the ship intentionally, but you can say the same about most friendly fire incidents. The question is if the people who made the attack deliberately decided to attack what they know to be an American ship.
Actually, both Israel and the US have a long history of fighting terrorism.
Just this past May, terrorists from adjoining Gaza shot 4,300 missiles towards Israeli cities over a 10 day period. Thankfully they were almost all shot down by the Israeli anti-missile defense system, Iron Dome (which the US is now evaluating for use in our Guam base). But still 13 died and 300 injuries occurred during that 10 day period at the hands of terrorists.
Israel has been dealing with terrorists hijacking planes for decades. In fact, 2 former Israeli Prime Ministers, Netanyahu and Barak were members of a 16 man special forces team that rescued hostages from Sabena Flight 571. Barak was the leader, Netanyahu was injured.
Of course, with 9/11 and other incidents the US has, like Israel, been the target of terrorists.
Both the US and Israel have had to deal with terrorists much more than any other developed OECD countries.
Anyone who doesn't think the USA and Israel don't spy on each other 24/7 is living in a dream world. Israel is an ally but I don't think that they are our friends.
To me it looks like your comment is very biased and misrepresenting. While you say:
> Then there's the time they slaughtered several dozen US navy and NSA personnel with repeated attacks on an unarmed vessel because they didn't like that we were watching them"
At the same time the wikipedia article that you linked says:
"Both the Israeli and U.S. governments conducted inquiries and issued reports that concluded the attack was a mistake due to Israeli confusion about the ship's identity"
The sentiment of this part of your comment seems to be so openly and blatantly full of unsubstantiated hatred towards Israel, that my hope is it will be heavy downvoted.
> to me it seems that OP comment was just pushing for agenda using some hyperbole and hate.
The operative word in that sentence is seems, and you can't know that for sure so you shouldn't respond as though you do. HN has some pretty specific instructions about that.
I come from a country which US intelligence has many times been caught spying on its officials as recently as 2009[1]. A more recent scheme involved recruiting a convicted criminal with proven antisocial personality disorder[2] to spy on Julian Assanges friends. This has been known about since the 1960s at least among Icelandic communists and other left wing individuals. But until really recently (like 10 years ago) the government has been very sympathetic to this spying.
For some reason I feel like the US government officials probably share the sentiment of their Icelandic colleagues of old. These immoral activists that obviously step out of line, but the only thing that bothers the US officials is that they got caught. But even then it is not such a big deal.
The parent comment doesn't imply that it was the Israeli government that was doing the spying (and neither does the article), only that Israel delivered the tools. Who's to say this wasn't the CIA keeping tabs on the NSA, or the NSA using foreign tools for plausible deniability?
What are you trying to suggest? It's just a typical reflexive reactive response to any comment that the government acts in ways other than presented to you by corporate media.
It only takes 3 minutes of google searches or even a daily scan of Hacker News to see endless examples of government corruption and malfeasance. Government employees are only human after all, and there are millions of them. To think this sort of activity ends once you become an agent of the government is absurd.
This weekend I was traveling and I put the stray $20 from my pocket in the bin at the TSA checkpoint. An agent quickly pulled it out and handed it back to me. He then said "a lot of good people work here, but they're still human". It's kind of wild that we endure that level of complacency here in the States.
That's a pretty weird statement, if one of his colleagues would swipe cash that travelers put in the bins then they should fire their ass and move them to the 'not good people' column. Stealing isn't something that defines you as human.
I think the point the employee was making was that there is a lot of financial desperation among TSA employees, and also minimal supervision. This is pretty well-documented in the news media as well.
I don't think he has the power to fire his colleagues. I think that's reading too much into it, for a lot of people 20 is a lot and for a lot of people you just don't trust others with stray cash laying around. It doesn't say much about humans, except that a small portion of people are willing to commit crime and that's why we have to protect ourselves
Trying to suggest nothing, I am explicitly saying there is nothing in the article to lead a reasonable person down the shadow government and deep state path
It seems vanilla spying or vanilla state backed industrial espionage
I think it is more likely that 5) many high ranking government officials have sympathetic views with said forces and don’t mind the “occasional incident” as long as said forces are working towards their common goal (whatever that goal might be; but it is probably Islamophobia, settler colonialism and exploitative capitalism).
I won't contest that. I recognize that my post was a bit dramatic but it doesn't seem entirely unreasonable knowing what we do know about past behaviors.
They're both somewhat vague phrases that are heavily context-dependent and have somewhat different connotations, but yes.
There's nothing wrong with the phrase "deep state". If you're concerned about associations with Trump (which I think you should not be), you can use a former Obama official's favored term, "the blob". Both, and many other similar phrases, are common in the foreign policy literature.
I think the first time I heard the phrase "shadow government" was in connection to Iran-Contra, where it described Oliver North and the small group in charge or those operations, but it's a phrase with many uses. I can't remember when I first heard of the "deep state", but I'd be fairly certain it was before Trump or anyone connected to him started using it.
Regardless of the terminology, the supposed "deep state" is often a fill-in for one's own personal misunderstanding of institutional momentum and basic functions of the government.
"The Government" isn't really a single institution, but a surprisingly loose collection of various institutions that all have some level of momentum guiding the direction they move in. It's critical to note that these institutions may have interests that harshly conflict with one another. Even the intelligence community, insular as it is, cannot be thought of as a monolith, but as various institutions with various priorities, some which conflict with the interests of other government institutions.
When the government does something we dislike politically, or does something we don't understand, it's "the deep state" or "the shadow government" which betrays a deep misunderstanding of what the government is. There's no central, shadowy cabal controlling the affairs of "the government" from behind the scenes, the various institutions that comprise the government maintain momentum and do what is in furtherance of their particular interests.
You’re projecting your own interpretation of “deep state” onto a straw man and then tearing it down.
J. Edgar Hoover was a perfect example of what people are talking about with the deep state. You can claim that’s just “institutional inertia”, but it’s still some unelected official with massive power wielding it in nefarious ways.
Ghost in the Shell: Stand Alone Complex is one of the few pieces of media that gets this right vis-a-vis conspiracy being conflated with the loosely coupled nature of government whose components are sometimes adversarial even in the face of external threat
"Deep state" is used extremely often to mean something non-centralized, and in a sense, aligned with what you describe as "a surprisingly loose collection of various institutions that all have some level of momentum". The reason it's a useful phrase is that much of that momentum was built in completely undemocratic and unaccountable ways, by groups that are illegitimately secretive and deceptive in their activities, and who feel free to use extreme means such as torture and terrorism.
It's a very imprecise term covering bureaucratic norms and blindspots, to unsanctioned domestic and international terrorism, so it's not really useful except as shorthand with ideological bedfellows, so-to-speak, and you're right that it's often used to mean "the government guys I don't like but am too lazy/ill-informed to describe". But OP mentioned Gladio -- I think that's context enough for this thread. Do some reading on the topic (beyond Wikipedia) if you haven't already, and you might get a sense of what this non-centralized deep state can do.
And I didn't make it clear, but I brought up the North et al "shadow government" as an example far on the small-scale end of the spectrum of meaning of "deep state/shadow government". It _was_ a centralized shadowy cabal doing a now-documented conspiracy. People argue about how much authority they "seized" and how much was delegated by Reagan (and how much capacity he had to delegate much of anything), but regardless, it was not democratic to illegal go around Congress. What I've described as the "deep state" is the more common usage, and it's on the "amorphous, non-centralized, competing institutions, largely free of any democratic accountability" end.
> There's nothing wrong with the phrase "deep state". If you're concerned about associations with Trump (which I think you should not be), you can use a former Obama official's favored term, "the blob".
To me, 'deep state' implies an illegal conspiracy against democracy. 'The blob' is a large organization that is hard to change, which describes every such organization. Ask an executive at a Fortune 500 company about blobs. The executive branch has the added complication that the CEO has limited powers and doesn't make the rules, Congress does. At work, you follow the boss's instructions. In the executive branch, you follow the Constitution first, then the laws made by the American people via Congress (accumulated over centuries), then the President's instructions - including instructions of prior presidents that haven't been changed.
Maybe 'deep state' was used before Trump, but the meaning has changed.
> To me, 'deep state' implies an illegal conspiracy against democracy.
This is a very new, post-Trump/QAnon interpretation. The “deep state” has, for at least many decades prior, meant those aspects of government which persist from administration to administration, largely unaffected by those in power. E.g. the CIA keeps doing its thing regardless of whether a Democrat or Republican is in office.
Now in as much as these aspects of government are controlled by unelected officials who are willing to work against the elected representatives (think: J Edgar Hoover), that constitutes a shadow government.
If you can operate without democratic control and do things that would be illegal for anyone else to do, are you an "illegal conspiracy against democracy"? I think every intelligent US president since Eisenhower (which makes sense, as the relevant institutions largely came into being after WW2) has recognized that such a thing exists, with varying degrees of openness (Eisenhower), paranoia (Nixon), and glee (HW Bush).
Yes, basically a state organization that the public has no control over it and is following its own goals, often against the goals of organizations under the control of the public.
It's often taught in political classes and it isn't a conspiracy that there exists a "deep state" or "shadow goverment".
For example, the roman elite troop, the Praetorian Guards, can be classified as a "deep state", as they had their own goals and if they were not meet, then they would just kill the emperor. At the same time, the emporer and the senat had almost no control over the Praetorian Guard.
Israel has zero interest in spying on random embassy employees in Uganda who are working with protesters there. This is purely mercenary stuff, and the US is annoyed that a podunk nowhere country got its hands on first-rate tools.
649 comments
[ 3.8 ms ] story [ 325 ms ] threadSeems like they just need to add a similar patch for apple ids for emails ending in “state.gov”. Not sure why this is such a big deal.
It's probably easier than that. Seems like the kind of thing that would be in a config file (making this up, satire):
[No Spying Allowed - please do not change]
# Really, really, don't change this setting. We are not responsible if you do.
+1 # USA
+3542 # NSO Group
> They're selling software to cybersecurity teams on the assumption that they can't crack it?
No, I think they are telling journalists that their hands are clean, and it totally isn't their fault, not in a million years, that their customer changed their software.
-confused Canadian because we share the +1 country code with USA under NANPA
PS: I don't buy the explanation btw
https://news.ycombinator.com/item?id=29401454
Will it make attacks impossible? Probably not totally. But it might raise the cost of the attack by an order of magnitude or more and certain classes of vulnerabilities might disappear completely.
[1]https://discussions.apple.com/thread/7677834
"Jeff Bezos was hacked by a file sent from the WhatsApp account of the crown prince of Saudi Arabia, Mohammed bin Salman"
https://en.wikipedia.org/wiki/Jeff_Bezos_phone_hacking
Well, yes, but there is also (usually) a bootstrapping phase before a language is self-hosting, and if you're sufficiently paranoid the 'Trusting Trust' meta-vulnerability comes into play and isn't easily dismissed.
So the point is to stop terrorism and to do that they've immediately ruled that all Americans aren't terrorists. That doesn't seem like a good metric of determining if someone is a terrorist, and makes me doubt their other controls are any better.
Edit: Replaced „social media“ with „Facebook and Instagram“
That part I believed. Setting up their software to not target the US seems like the kind of move they'd make. Claiming it's so they don't target innocent people is bullshit.
Random government officials in Iran cannot be considered terrorists because of a an embassy hostage situation from 50 years ago during a revolution in the country. If they can, then so can nearly every Chinese government official, every current Russian government official who was high up in the USSR, every current official in Iraq and Afghanistan, half the political leadership of Lebanon, Vietnam, etc.
I'm honestly of the opinion there is nothing that NSO can say that isn't outright lying. This isn't a normal company in anyway.
They had Ugandan numbers, as they lived in Uganda.
So you just need a SIM with a US number and use that for all your evasion needs.
They started off with the arrogance of a liar who thought they were immune from consequences. Now they're looking more like the kid who is actually in trouble only now realizing nobody trusts them to identify the sky color, let alone defend themselves.
Anything and anyone coming out of that shop is tainted.
* Publicly at least, NSO acknowledges there are state level agreements, the latest one with France, to block entire country codes from Pegasus (in return, France has stopped all legal action against NSO)
* According to Israeli Channel 12 reporting on this tonight, the official NSO response also includes the statement that the accused numbers in the report were not +1 numbers. Their so called "customers" were targeting US government employees using African area codes. NSO claim they have completely disconnected said customers from the system
[1] https://en.wikipedia.org/wiki/Room_641A
These were Foreign Service officers stationed in Uganda, so their phones had local Ugandan phone numbers. Some of them were working out of DC but - given the nature of the State Department (which is like America's foreign affairs department) - probably traveled very frequently and so maintained a Ugandan phone number as well, to save on roaming fees when making calls in Uganda (saving money for the taxpayer) and also so Ugandan officials can contact them easily.
This is not unlike Apple hardware engineers who travel frequently to China and have a Chinese number in addition to their main US number, so people in the factory can communicate with them easily.
> So I just have to buy a US phone [number] to evade detection from NSO?
This is NSO's claim. Presumably because they want to make it difficult for anyone to sue them in a US court. It's plausible but I don't necessarily believe them either.
I want this company bankrupted out of existence, personally. Apple's lawsuit against them may well result in that outcome.
0: https://news.ycombinator.com/item?id=28616683
The alleged point is to sell software that stops terrorism. Pissing off America is a good way to stop being able to sell your software.
Your broader point is correct, but no, it doesn't. The CIA is an independent agency [1]. It reports to the DNI [2].
[1] https://en.wikipedia.org/wiki/Independent_agencies_of_the_Un...
[2] https://en.wikipedia.org/wiki/Director_of_National_Intellige...
The Director and Deputy Director of the CIA.
Maybe NSA wants every important call goes through USA network (and hence a deal with NSO) - makes the job easier for three letter agencies.
The analogy, of course, goes further. Though unlike most ransomware companies, NSO has British and American VC funding.
Given the extent and depth of US-Israeli cooperation and ties, the precedeing theoretical is probably going to remain in the realm of theoretical.
* banned the sale of any of their phones or networking products in the US
* banned US companies selling product to Huawei
* cut funding to wireless carriers using Huawei equipment
...and then pressured allied countries to do the same?
I sat in briefings about Huawei and ZTE in 2007. Regretfully can't say more.
I've grown up watching this unfold and I'm shocked that the power groups seem to be so ineffectual at times that it's laughable(but that may be by design...)
No, given that jihadists were kidnapped, tortured and murdered - all of this illegally.
Just sayin'.
Prior to Novalpina, it was Francisco Partners.
Point being, NSO has received huge amounts of money from the kind of people who, well, YCombinator founders seek out.
- md: X and Y are deeply involved in this company
- yiu: No they are not. X cleanly destroyed all the papers and officially ask we don’t talk about them. Y is a bit late but will finish cuting ties in a minute now.
https://www.theregister.com/2021/11/03/us_sanctions_spyware/
reportedly, this has created havoc on NSO, since for instance none of the cloud providers can sell services to them to host their zero-days, among other logistics headaches. Their recently hired CEO resigned.
As for destabilizing governments, they are doing the opposite, they are helping authoritarian governments worldwide crack down on journalists and dissidents, or murder them in the case of Saudi Arabia and Jamal Khashoggi. Reportedly, after the Khashoggi murder, NSO yanked the Saudi account but was forced to reinstate it by Netanyahu who was pursuing diplomatic relations with them.
https://darknetdiaries.com/episode/100/
I knew about Israeli security consultancies putting out stringrays and phone cracking tools, but I did not know about NSO. He has a good interview with one of the lead devs.
It’s particularly interesting to watch as the company is based in a country that is a very close ally.
Memoranda, AFAICT?
>The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.
>According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications.
>While NSA documents tout the mutually beneficial relationship of Sigint sharing, another report, marked top secret and dated September 2007, states that the relationship, while central to US strategy, has become overwhelmingly one-sided in favor of Israel.
https://www.theguardian.com/world/2013/sep/11/nsa-americans-...
A system this complex can never be secure no matter what google/apple PR dep claims.
There's a lot of buyers, Five Eyes, China, Russia and naturally companies like NSO.
The issues were patched in September, the exploit was being used as of February, and it took some time for someone to notice that an @state.gov Apple ID was among the compromised phones.
50 years ago during a full scale war with all surrounding countries, Israel accidentally (as determined by US investigation) hit a "spy-ship" near Egypt (one if the countries participating in the war).
Israel subsequenly paid around 70 million $ in compensation for the families.
Why would they cancel accounts without knowledge of wrongdoing?
- not have any indication their tools were used
- canceled the relevant accounts
Which "relevant" accounts if NSO's tools weren't used?
NSO is very popular with governments that don't have robust domestic intelligence because all you have to do is type a phone number into a web form and in anywhere from an hour to a week you get a point and click GUI for accessing the contents of the phone.
You have a source for this? I genuinely want to know if they make it that simple
Should all come out in the Apple lawsuit though.
Edit: Rereading the NSO statement they said they blocked exploitation of numbers starting with +1. Take that to mean whatever you'd like.
FWIW "international law" is its own thing and doesn't work like normal law; in truth every nation by default "rules over international law". When was the last time you saw an "international law" trial or saw a nation punished?
Mid-to-late 1990s, den Haag, Serbia?
- When questioned about a specific malevolent client misusing their data, they cannot be held accountable because the client is running the ops and NSO has no access.
- When asked how they ensure that clients in general don't go rogue and misuse (i.e. human rights & international law abuse) their service, they assure you they monitor them and turn off their access.
NSO sells only to governments and law enforcement agencies.
Therefore, the relevant client would be the Ugandan government.
There was a recent Darknet Diaries episode that reported evidence that at least some of the NSO tools are hosted services.
Pegasus is only as good as its 0days are secret
Heck, forget about bothering to extract 0-days; if you have access to the binary, straight-up warez techniques would be applied to nerf any restrictions (licensing or otherwise) on the operation of the software, as well as any monitoring functionality that can "phone home".
If a state sponsored party really wants to find these zero days I'm sure they can. I would imagine that this is more like what happened with EternalBlue: it's something they know but don't report because it's useful to them too.
Oh man, for purely comical purposes I would love to see NSO actually believe that.
Well I hope you're right, but I don't think you are.
I mean, they are a very skilled set of engineers. You seem to grant them being able to hold onto very powerful secrets and use them for active blackmail. You even believe they've been operating actively against the US government for several years.
If they can do all that, then replacing the sitting US president with a very convincing android isn't much harder! It is just as likely as the situation you propose.
What I cannot believe is you dismiss concern over ongoing security risks, however exagerated, by suggesting a head of state might have been replaced by an android. Please don't troll.
How about this senerio though.
I heard our President yak about his accomplishments this morning. I was half asleep, but felt his voice sounded different. I thought maybe just hoarse, or I was wrong about his voice.
I was thinking about his appearance. I don't know if I would recognize him if he walked up to me on the street without the suit.
Ok the Hollywood script.
Joe biden goes into a hospital. He only wants certain Secret Service personnel around.
His boy, and wife, are tragically killed in a plane accident.
Joe decides he needs grieving time.
The year before all this happens the NSO finds a lookalike Joe Biden, and performs all the necessary surgery.
A few more weeks pass, and the switch is performed. The real Joe is gone. The fake one is in power.
Then China, or Russia, have control.
(I guess if there was suspicion--the FBI could perform a dna test though? I think someone did this in a movie.)
No, but I think the US intelligence agencies are fully aware of where they're hiding the iceberg and could destroy it before it rises to the surface.
Not all but do you really believe that the NSO group wont have some blackmail material on at least some US politicians?
The next step isn't to blow them up, the next step is to sue them.
I just assume the IDF and Shin Bet would like to be the only ones who blow up civilians in Israel, but I can't think of a single reason why the Israeli government would oppose an extradition request if they were presented with evidence of cyber-whatever.
Because they want to foster such companies, and not deter people from founding them by showing them that they will be extradited to the US?
If that's true (which would be disappointing when you consider what "such companies" means in context) I assume the Israeli government already have "entrepreneurs" ready to jump into that market if they haven't already. "Showing them that they will be extradited to the US" if they fuck up in a conspicuous and public manner that is problematical for Israel and her allies might be considered a win by everyone involved except the NSO executives involved.
Of course, politics is complicated and NSO might have powerful friends in government. Or the Israeli government might be complicit in some ways that they really don't want to become known. So who the hell knows?
If an American company would get caught doing the similar, would US allow extradition request of those people to some other country?
This is what extradition treaties are for. The specific laws involved and the evidence matter a lot.
Except the really obvious detail that most normal countries won’t extradite their citizens? Israel loosened up their laws on this a bit after the Sheinbein affair, but extraditing resident-citizens remains a rather unlikely prospect.
I can’t even guess why you’d believe that. Participating in extradition treaties is the norm, not the exception.
https://usafacts.org/articles/how-much-military-aid-does-the...
Threat of removing 20% of Israeli defense budget [1] would hypothetically be plenty enough to apply serious political pressure, and thats just the money, forgetting the political support and the deterrent US support provides them.
[1] https://usafacts.org/articles/how-much-military-aid-does-the...
The US and Israel are in bed together for better or worse. It's actually really embarrassing that Israel has allowed NSO Group to operate at this level, and influential US politicians could destroy NSO Group in a heartbeat if they actually wanted to.
its closer to 3%
Again the US provides comparable military aid to Egypt and Pakistan too.. NSO is not the Israeli government
Well that, and the hamburger vendor buys a big house in the DC metro area. And everybody else's ticket prices go up a little.
But still, draw a control volume, and it's just hamburgers flowing out.
Hell--we should have cut of Israel's charity years ago.
I'm beginning to wonder if we should have buddied up with Palestine.
That’s right, Bob! It’ll be a cold one this week. Sportsball is next.”
What weasel words?
I mean, they could also be lying, but its also pretty standard business practise to not work with people who bring your reputation into disrepute. For example, consider how hard it was for parler to get hosting.
Also in other stories they have claimed they do not track who does what.
I’m not saying that they don’t have that knowledge, and I really don’t mean to offend or be rude, but if the US government asks something of you, you tend to comply wether it’s reasonable or not.
I think it’s naive to think of ourselves as living in a just world. Post 9/11 the CIA abducted European citizens with the knowledge of our governments. In more recent years, here in Denmark we had a rather huge scandal when it was revealed that changing governments had allowed American intelligence services direct access to the backbone of our national internet. The list goes on.
Its of course unfortunate, but the world we live in is basically a huge turd of authoritarian bullshit where the users and customers have no actual enforceable rights.
I mean, even on a much smaller and much more harmless scale, just consider how many times you’ve read about someone losing their Google account here on HN.
The US military entered a foreign nation without their knowledge or authorization, abducted a resident, took the resident out to sea, placed a bag over their heads, put concrete shoes on that resident, and then dumped them overboard with no witnesses other than the "Seal Team" carrying out the order.
No trial. No witnesses. Only abduction, seclusion, and murder.
That's not justice. Those are Mafia Tactics. ___
Does this remind anyone of anything? A Mr. Al. A Mr. Al Capone perhaps? That's right. One of the world's most infamous gangsters, mobsters, crimelords, did this very thing to individuals that Capone didn't want talking to the press, the government, or anyone else that would listen.
This is mob-boss behavior, and the US Government does this now.
Oh, how about the unlawful imprisonment of 100s of detainees at Guantanamo Bay in Cuba?
Secret courts, whose authority is far-reaching with no citizen oversight whatsoever.
Yeah the US Federal Government, since 9-11, is a bunch of mobsters with guns. There is no difference in the way our Federal Government acts now, and how 1920s and 1930s mobsters act.
Any human being that doesn't recognize the similarity is deluding themselves into believing so.
That said, this is among the weaker rebuttals which could be offered. (See my own response in thread.)
Comparing that speific case to failure to follow proper criminal procedure and rule of law is disengenuous to the extreme. There are many criticisms which can be made of the US response to (and other actions after) the 9/11 attacks. The assassination of the leader of the irregular forces aligned against the US is not one such. Numerous other instances would have made for a vastly stronger argument.
The fact is that there is no clear dividing line between acts of war and criminal acts --- recognised among other ways in the phrase "war crimes" itself (which might be applied both by, and against, the United States).
The situation in Guantanamo is far more valid.
The case of drone warfare and strikes another instance.
It's worth noting that the US is hardly alone in these tactics, and that irregular and extrajudicial killings are in fact a major element of the considerations in the case of Al Qaeda, at least some of the Guantanamo detainees, and drone strikes.
The real world is messy.
That said, I'd disagree with your conclusion on lack of difference, moralising, invective, and hyperbole notwithstanding.
Since when do individuals wage "war" on nation-states?
(And no, if the only counter-examples you can come up with are 18th-century pirate chiefs and tiny Carribbean islands you've failed. We're talking 21st-century USA here.)
> Comparing that speific case
Which "specific" case? The GP mentioned hundreds of Gitmo prisoners, several of which have later been shown to be completely innocent victims of mistaken identity.
> to failure to follow proper criminal procedure and rule of law is disengenuous to the extreme.
If anything is "disengenuous to the extreme" here it seems to be your defense of the USA's recent practices.
Decapitating a specific cult of personality has been an effective method of eliminating it. Which also proved successful in the case of AQ.
(Yes, there are new emergent threats and groups, including several previously associated with AQ. I also said that the real world is messy.)
The specific case I was discussing, and I really hope I'm not so vague in my dotage that this wasn't crystal clear, was the 2 May 2011 attack on Osama bin Laden's compound resulting in his death.
What I defended was a specific instance, while acknowledging concerns and issues in other areas. Both you and imbchillyb are displaying a lack of such naunce. The US is vast and contains multitudes, some defensible, some not. It cares little for what I have to say.
Refreshing your memory: https://forum.iwethey.org/forum/post/8257/
obLRPD: Powered by sporks.
Nope, certainly not crystal clear: You were replying to a post that mentioned, among other things, the Guantanamo internment camp, and airily said "this" case. I saw no specification there of which case, exactly, that was supposed to be.
Yes, the USA may be vast and contain multitudes, but even you talk about "the US": In the end there is only one of it, and when the USA as a nation-state does stuff then it's the USA, singular, as a nation-state that gets discussed and criticized. Just like here. I hope I'll never get so fuzzy in my dotage that I'll let sich disingenuous attempts at obfuscation slip by.
Hm... Pseudo-helpful hint/ reminder; feels like about 50/50 past and current posters. I'd already concluded neither extreme of Box or Ash, for rather obvious linguistic reasons. Been considering alumni like RM, DRL, KMS et al, but this feels more like currents such as RC, SK, or SA. Or perhaps AG; I notice that his recipe -- besides the formal declaration being severely watered down -- was pretty much what the US (singular, as a nation-state) went with.
I don't have your email; you have mine.
I may not have communicated effectively. And in discussion with you it seems I'll never be able to.
But I know what I intended to communicate, and have stated what that is, repeatedly.
You seem bent on steering the conversation to what you wanted to hear me say. Which seems to be a premise founded on precisely the weak foundation you criticise me for.
Really, we're done here, Christian.
But yeah: As long as you think you get to define what the conversation is about by what you "were referring to", yes Doug, we're done here.
So, it was difficult to finish your comment.
Other active entities include the Islamic State (ISIL / Daesh), and various organisations largely funded / supported and/or organised around Iranian, Syrian, and Palastinian interests.
Please note that this is not an area of personal expertise.
Actual "formally", or "formerly" (or both)?
[1] https://www.amazon.com/Hundred-Years-War-Palestine-Resistanc...
If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.
https://news.ycombinator.com/newsguidelines.html
For better or worse, NSO's product is a weapon. How is it any different from an M-16? Where is the outrage towards the people who used this weapon against the State Department?
They do not give the software to their clients to go use somewhere in the world fully independently (self hosted payload dropper, C&C, etc)
They're a direct participant in the network traffic. Unlike a dumb purely offline piece of hardware like a M4 rifle or similar.
IMO the US selling F-15s or drones to the Saudis is very similar. The US shouldn't be supporting the Saudis murdering civilians with F-15s, and Israel should not be supporting hacking tools that enable other governments (or private organizations) to murder people they dont like.
What's to understand ? It's an Israeli company. Enough said. If it was an American or German company no one would have cared. Why the obsession with Israel? It's a complicated phenomena. I think it has to do with the role Jews played in Christianity (Jesus' death etc) and the holocaust but that's just my 2 cents.
So I should believe the U.S thinks it's OK to sell F-15 planes but not OK to sell software? I'm gonna assume yes, there are probably other players in cyber warfare who sell to these countries, probably also the U.S.
The U.S. thinks it's okay to sell F-15s that don't attack Americans and not okay to sell software that attacks Americans. As a, granted, American, I'm not seeing the incoherence.
I was delineating why the U.S. is fine with selling weapons to e.g. Saudi Arabia but would not be happy about those same weapons being sold by Russia to Iran. You seemed confused on that point. There isn't a grand philosophy. It's international relations. It's anarchy. The U.S. government promotes American and allied interests.
Separately, yes, if you're hacking the State Department, you're attacking the U.S. This is consistent with how cyberterrorism is treated by DNI since at least 2014.
In the past month or so, there was a front page story on HN about NSO and a journalist, detailing evidence that NSO-controlled servers served up the exploit to the journalist's phone. This suggests that the NSO group has less of an arms-length relationship with their clients than they let on. It seems that at least for some clients, they're running some variant on exploits-as-a-service.
Mitigating but not exonerating. (Also, unknown and possibly unknowable.) NSO are still selling cyberweapons hitting the United States. If they didn't give a shit about keeping an eye on their kit, that's a negligent gap in oversight by Jerusalem.
It's a good thing we have a talking-not-shooting relationship with Israel. The U.S. would be within its rights to launch a proportional counterattack were that not the case. If Israel doesn't deal with this properly, there's a decent chance we'll see calls for criminal penalties and targeted sanctions.
Doesn't look like they only target Israeli companies.
Otherwise, US absolutely provides far more military spending to Israel than to Germany, it's not really comparable.
Of course I do. Europe has no real army. France kinda has an army and the U.K got out. If America didn't provide a military umbrella Europe would need to actually build a real army (Europe's contributions to NATO are pitiful). How much would it cost the Europeans to do that? Going back since WW2 that's easily in the trillions.
If the argument is that the United States shouldn't be a global power, that it should dismantle the US military and be a demure, multilateral player in the international space, sure, attack NATO. However, attacking NATO while saying the US should be a stronger international player is contradictory.
People get angry about the Israel aid not because of the volume of funding, but because of the human rights/colonialism problems that the US subsidizes. I personally feel that way, but at the same time I understand the realpolitik deal with Israel - I believe the purpose of keeping Israel there is to prevent some version of the Ottoman Empire from re-forming.
Here's part of the problem. Does it make sense to you Israel just disappears? Sounds like it from what you're saying. Isn't it weird though - how many nation states do you think should vanish?
> but because of the human rights/colonialism problems
If Western societies really wanted the conflict to dissolve they wouldn't keep encouraging the Palestinians to "return" to their home (75 years after). Western societies keep the conflict alive. So it makes me think human rights issues isn't really the thing here.
Your accusations of anti-semitism are unwelcome and without merit.
Allies spy on eachother all the time. that's a given any sovreign state knows and takes into account.
- https://apnews.com/article/israel-jonathan-pollard-espionage... - https://www.politico.com/story/2019/09/12/israel-white-house...
The key is you don't get caught doing it, because it removes plausible deniability.
I don't care if it's unwelcome to you...I call it as I see it and you're not doing a great job convincing me otherwise.
Then why -- assuming for the moment that the GP is correct -- is the majority of your comments about defending them?
Why do you have such a negative view of Israel; isnt that a bit anti-Semitic?
No, because it isn't novel, it's not wide reaching, it's not at arm's length and it cannot be stopped.
Stuxnet, a novel American-Israeli cyber weapon, purpose built to hit Iran, was absolutely billed as such. And it was received differently, by Iran, than would be e.g. an American-made gun fired by Iraqis at Iranian surrogates.
NSO is making and selling cyberweapons. They're doing it now. These weapons are hitting the U.S. government and its allies to an unknown extent. And they can be turned off, right now, if Jerusalem orders it.
U.S. persons being shot in Uganda by Kalashnikovs are none of these things. It's not novel. Nobody wonders if the Ugandans are going to show up, guns blazing, in Arlington. And Moscow can't remotely disable the guns.
The comments here focus on NSO because the story is about what NSO did. This is computer tech kind of community so you’re going to see more computer weapon stories here than stories about improper use of rifles.
But there are clear understandings that e.g. nothing goes to China, and no fancy radars go even to untrustworthy places like Myanmar. NSO is still in a gray zone.
And yes I'm acutely aware that the CIA literally ran torture training camps in the 1970s but two wrong don't make something right.
Also, there's outrage towards NSO because Israel is supposedly an American ally. Israel needs American support, and yet Israel freely allows Israeli corporations to sell services American enemies. And this isn't an isolated company--there are other Israeli hacking companies that target Americans, such as Black Cube.
It's all about the specific class of weapon. There are general understandings about who can get sold what weapon without the US getting mad. No radars or surface-to-air missiles for China or Russia or for random tiny dictatorships; but it's totally okay to sell them to India or Latin America. Dumber things like artillery pieces can go anywhere, even places under US sanctions like Myanmar, without crossing any lines. But this isn't written in treaties; it's all implicit understandings and learned patterns of retaliation.
For this new class of weapon, both sides are still feeling out the rules. The US is laying down precedents that put NSO's products much closer to the rules for radars and missiles, while Israel is pushing the limits to see how far the US can live with.
Is it really.
https://news.ycombinator.com/newsguidelines.html
I think your moderation here is pretty unbalanced and borderline harmful, in that you can say some pretty horrendous things on this site as long as you do it in polite phrasing using big words, and there will be zero moderation applied in that case.
You are breeding a community full of some pretty extreme opinions, generally right-wing and regressive, and I think it's a damn shame. And I will not stop calling it out when I see it.
None of my business, but it seems to me that you are perfectly free to call out anything, the point, as I see it, is that:
> Is it really.
is not "calling out" or actually "anything else" that adds anything to the discussion, only a (BTW of difficult interpretation) unsubstantiated comment.
Typical modern leftist ideology. Very disappointed with HN lately. https://news.ycombinator.com/item?id=25955953
Hacker News has a progressive Silicon Valley bias https://news.ycombinator.com/item?id=26402235
this site is heavily biased towards the left https://news.ycombinator.com/item?id=26610757
the status quo here is California liberalism https://news.ycombinator.com/item?id=26719247
HN, where the SV/SJW group think prevail https://news.ycombinator.com/item?id=26731079
a mod who curates comments based on what's politically expedient according to leftist valley dweebs https://news.ycombinator.com/item?id=26866955
Ssshh.. You can't say that on HN. You might anger the WOKE mob! https://news.ycombinator.com/item?id=27227591
HN is best thought of as a machine for deepening the delusions of the left https://news.ycombinator.com/item?id=27242324
pure commie propaganda https://news.ycombinator.com/item?id=27269114
Democrat cultists https://news.ycombinator.com/item?id=27308327
HN is very, very authoritarian left https://news.ycombinator.com/item?id=27507112
90% of the HN audience supports communism https://news.ycombinator.com/item?id=27816841
HN is populated by the very liberal types https://news.ycombinator.com/item?id=27939890
this website (like most of the internet), is controlled by the far left https://news.ycombinator.com/item?id=28037354
This site is sadly run by militant commies https://news.ycombinator.com/user?id=k33n
This site is ran by the most radical socialist lefties San Francisco has to offer https://news.ycombinator.com/item?id=28203889
all non-leftie viewpoints are banned here https://news.ycombinator.com/item?id=28237072
HN moderation got outsourced to affiliates of the Democratic Party https://news.ycombinator.com/item?id=28291108
a total invasion of commies to HN over the past ...
I don't think you are explicitly biased. I don't think you are trying to promote one political ideology over another.
I do think, that due to the way your rules are set up, and how you enforce them, you unintentionally end up attracting one, and driving away the other. And I think this process has been going on slowly for a long time, and that you may not be noticing it, but that HN has turned into a home for some pretty extreme viewpoints in the process, that are just hidden behind a thin veneer of respectability.
For an "average soldier" weapon, such as an M-16 - $Company isn't likely to catch much grief - unless they're selling a considerable quantity of them, or to an extremely notorious buyer. Similar for a cyberweapon - but an "everyday" one, which wouldn't be a big surprise for a C-list ransomware group to use.
Vs. NSO's stuff seems to be the sort of top-tech goodies which A-list nation states use to maintain & enjoy their A-list status. Whether any actual harm results from this incident... publicly letting a bunch of "the wrong sorts" into that exclusive clubhouse is getting NSO into really deep do-do with "the regulars".
That’s pretty obvious and it’s disingenuous that you’re trying to steer the conversation in that direction
Follow the industry long enough and you'll know how Hacking Team (Italy), Finfisher (Germany), Gamma International (UK), smaller and larger firms have rightfully attracted their fair share of condemnation. Journalists pile on when a story gains momentum, this round was started by the published list of targets and Citizen Lab. We can't call this anti-semitism yet.
Defending it just because it's Israeli would be as unjustifiable as attacking it just because it's Israeli.
Fuck NSO, for sure. But I'm just not sure Israel should be held accountable for the actions of a private corporation with no apparent political motivations, just as in your M-16 example.
https://www.haaretz.com/israel-news/tech-news/israel-will-re...
The situation is less "M-16 and rounds sold once-off", and more of a turnkey armed drone (or surveillance drone, if you're charitable) service provided to governments, where the missiles, fuel, and airbases are provided by a private party on an ongoing basis. It's more of a tailored service, than a sale of goods.
NSO gets particular flack because they're inextricable from the weapon they sell. If an M-16 is used to shoot someone, provenance is probably harder to prove; weapons change hands all the time, or are smuggled to ne're-do-wells via the black market. But everyone using Pegasus, as far as we know, is an NSO client; NSO made the choice to provide that software, including NSO support and NSO services.
It is highly unlikely that NSO group actually gives out their exploits, based on what we know about previous exploitations that have become known. It's more like they offer an interface to execute their exploits on a given target. The fact that they can block entities from using their service, after having had access to it (like they supposedly did in this case), very strongly supports this hypothesis. Hence they're offering a service, to use weapons for (or rather, in the name of) some (government) entity that pays them money to do so.
Imagine bombing-as-a-service, as an instance. That's much more like it, and your argument doesn't hold in that case.
Small arms proliferation is much harder to control, but yes there has been extensive reporting on Operation Fast and Furious where US gun sellers were allowed to sell to Mexican cartels under ATF supervision. [0] Those guns were used against both US and Mexican citizens, including fatally against 1 US Border Patrol Agent in 2010.
Looking farther back, during the Falklands war in the early 80s there was much controversy over the Exocet anti-ship missile, which was manufactured and sold by France. When these missiles were successfully used against British warships near the Falklands, Britian successfully lobbied for France to stop selling them to the Argentinians.[1]
So yes, it's actually very common to put the responsibility of how their products are used on arms manufacturers. It's a good thing and it keeps the world safer.
[0]https://en.wikipedia.org/wiki/ATF_gunwalking_scandal [1]https://www.bbc.com/news/magazine-17256975
https://en.wikipedia.org/wiki/NSO_Group#Pegasus
It’s all very routine and standard, not sure why people need basic explanations of what government export regulation is when the discussion is on Israel.
https://www.theguardian.com/world/2021/jul/20/pegasus-projec...
https://foreignpolicy.com/podcasts/foreign-policy-playlist/h...
https://www.nytimes.com/2021/11/08/world/middleeast/nso-isra...
https://www.haaretz.com/israel-news/tech-news/.premium.HIGHL...
https://www.irishtimes.com/news/world/middle-east/how-israel...
https://www.ft.com/content/24f22b28-56d1-4d66-8f76-c9020b1b5...
https://www.jpost.com/jpost-tech/what-does-the-nso-hacking-s...
Because Jerusalem has the power to stop, or at the very least regulate, NSO.
This is offensive. They outlined how they disagree with the Israeli government pretty clearly in their comment.
We detached this subthread from https://news.ycombinator.com/item?id=29432721.
Most importantly: no matter what the topic is, it doesn't make it ok for commenters to break the guidelines. Just the opposite, in fact—that's why we have this one:
"Comments should get more thoughtful and substantive, not less, as a topic gets more divisive."
Your comment obviously broke that, as well as several others, which is why I replied as I did.
"A State Department spokesperson declined to comment on the intrusions, instead pointing to the Commerce Department's recent decision to place the Israeli company on an entity list, making it harder for U.S. companies to do business with them.
NSO Group and another spyware firm were "added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," the Commerce Department said in an announcement last month."
It is worth distinguishing between the State Department and the NSA. The US government is hardly monolithic, even if we restrict our discussion to just the executive branch:
https://www.washingtonpost.com/news/the-switch/wp/2013/10/05...
The reason I find it interesting is because it is clear that US government supports Israel ( and NSO ) practically unconditionally ( recent vote on Iron Dome being a more amusing example of bipartisanship ).
Why is Reuters, an old guard by any account, concerned? Or are they simply following what sells and government is really at odds with its people when it comes to policy in ME.
Meta-concerns about "the media" are not relevant to every story that is ever published.
When the game is defined as a competition for how to break its rules in the most unexpected ways and with the fewest consequences, Uganda appears to have joined in with aplomb. To me it's the first time an NSO story doesn't seem like a scandal.
https://www.bbc.com/news/world-europe-24690055
When France was “angry” about Australia buying US nuclear subs and canceling their French contract do you really think that was real?
It’s all for show, just like being “angry” at another country spying on you. You do something like “kick out their embassy employees”, then turn around and let new ones come in.
There was no need to just do this for show. Most members of the public don't care about submarine deals. It doesn't make their government more popular.
The public may not care about submarine deals but France certainly cares about how they are perceived on the world stage.
This reminds me of Operation Gladio or Propaganda Due but domestic. Same playbook, different players.
What would shadow government regulation look like?
Congressional oversight used to be a thing.
Snowden showed the NSA lied to congress. No heads rolled.
Hiding this information is trading the wellbeing of the country for the NSA's own internal goals and power.
Depends on the dirt. Some of it might be private and personal stuff, such as infidelity. That type of stuff, while blackmailable, doesn't really benefit the public much.
Don't worry, you live in a world where a man with a well documented decades-long laundry list of scandals and faux-pas can brag on tape about how he can get away with molesting young women because of how rich he is and still get elected President.
I'm actually wondering what you could effectively blackmail an American politician with, given how little Americans seem to care about the morality of their leaders. Maybe just the eponymous "dead girl or live boy," but then you have the Kennedys...
Well, in general anything that would get them prosecuted for a felony should be an effective stick. Add in a carrot and now they're on the hook for bribery too.
Well lucky you, we have the exact 100% polar opposite of that system currently. I think it would be fine to move toward it a little.
I'm skeptical of the notion that outing public officials (when the blackmail material is personal in nature as posited by the GP) would move toward that goal.
I don't even think an exception should be made for material that would expose hypocrisy in policy-making (eg. 'pro-life' lawmakers that have had or facilitated an abortion).
Straight-up crimes though (bribery, corruption, theft, insider trading, etc.), sure.
They represent groups of interest. And being blackmailable is, in my opinion, a handy leash to keep them in check, for those groups which propose the candidates
The public is not concerned with corruption until they feel affected by it.
It would be better for us to maintain our high expectations of our leaders, even if those expectations are not currently being met. It doesn't mean that they cannot be met. It feels so damned gamed that I cannot imagine what a genuine political candidate would look like, a member of the public deciding, yes, I will run for office, and then speaking to their friends and neighbors about it, and submitting the paperwork to make it official.
Can you imagine if that's what politics was? Wouldn't it be amazing? Sometimes I feel like there's too many smart people with way too much time on their hands, and they create these political storms as a way to generate money. I hope they all go into the gaming industry and make a tone of money without undermining a functional democracy. The problems we have don't always have money behind them. In fact, it's usually a trade-off we want someone with money to take, that they don't want to take. And the way we coerce an organization is through legislation. So it makes sense for orgs to take that control back and spend on PR campaigns and pundits to argue in their favor. Payola for sophists. But I digress...
Sure it does. There is no longer leverage of whoever is holding that blackmail, who may easily have interests opposite the public.
Making it public benefits the public just because it’s no longer a secret.
https://www.cnn.com/2014/03/18/politics/cia-senate-dispute-f...
https://www.reuters.com/article/us-cia-senate-idUSKBN0KN2Q82...
But that these shadow organizations are maintaining power by surveiling and blackmailing congress people is a whole other ballgame and seems highly unlikely to me.
For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able. And pissing off the only group of people that could cut your funding and expose your shadow organization as well as bring oversight is not the group that you want to be pissing off.
I think game theory would indicate that your only chance of maintaining a shadow organization in the US gov for any length of time is going to be secrecy and maybe some heavily funded lobbying.
I'd be more than willing to bet that they do. "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." and that only covers "honest" men who wouldn't have illegal coordination with PACs, bribes with lobbyists, personal communications filled with racism, or evidence of sexual activities that might upset their base. When "6 lines" becomes a record of everything you've ever done online, all of your communications, your GPS coordinates and the data of anyone around you it's going to get easier to find a noose around your neck.
Even if there managed to exist a single person in congress who wasn't screwing over the American people somehow for personal gain, or didn't have some skeleton in their closet they didn't want exposed to voters/campaign contributors when a group is capable of compromising your system and inserting whatever offensive material they want to use against you it's incentive enough to back off.
Why is it so hard to believe that a few powerful indivisuals at the top, with common interests and agendas, are banded together?
There's no official organization but a few indivisuals that streer things their way because they can.
The funny thing is that the worst of it is already exposed, and no-one seems to care. money-in-politics, the most serious problem of our time, is a "meh" issue to most folks, even though money poisons discourse on literally every other issues! And we know the precise mechanism and how to stop it (a law overturning Citizens United), and yet we do nothing.
Many are very well meaning public servants, others careerists, some are… insane on various scales. Politics is a business with uncertain outcomes where “friends” are important and personal stakes are high.
From a blackmail perspective, you have people like the bartender turned member of congress who got their GED to run who are obvious puppets with a wheelbarrow of odious behavior behind them. But even the most boring congressman has a legal escrow account with irregularities, a kid with emotional problems that caused trouble, a campaign finance violation, etc.
I don’t think there is a shadow cabal, but some executive branch entities wield tremendous power.
I'd like to visit the Museum of Counterproductivity in the area of your brain that downgraded Bobert from business owner to bartender.
You don't need to control every congresscritter directly, just to control them by proxy is enough. The nomination committees have a lot of power on who stays and who goes, for example, and so do subcommittee chairs.
There's a long history of illegal domestic surveillance since at least the 1940s - why would it have stopped?
> For one, it's likely that not every Congressperson has some deep dark secret that makes them blackmail-able. And pissing off the only group of people that could cut your funding and expose your shadow organization as well as bring oversight is not the group that you want to be pissing off.
Secret blackmail files worked for J. Edgar Hoover[0].
[0] https://www.thedailybeast.com/fbi-director-hoovers-dirty-fil...
Well, if blackmail won't do the trick, there is always extortion…
Congress has blocked inquiries into their split loyalty as far as them having multiple citizenship in other countries. If you were McDonald's board of directors would you allow someone to be on both the McDonald's board and Wendy's?
Congress isn't personally harmed by a surveillance state unless you consider they may all be being blackmailed but that is another conversation. In fact mass surveillance widens the barrier to new entries into politics as they can use whatever dirty they find and give it to federally funded media mouthpieces.
This week we saw articles of sexual crimes against children being swept under the rug to "protect our country" do we really think that congress would actively pursuit this line of inquiry?
I tried, they sent men with guns to my house when I stopped paying taxes
Unfortunately, it seems intelligence is mostly immune from liability, and lack of consequences lets the rot fester.
You are asking way too much of people. "Normal" people can't fulfill any of those 3 requests. Not that they don't want to (most don't), or that they aren't taught to (this is conflicting through life)
They can't. #1 and #2 sound like something an autist would tend to do.
https://en.wikipedia.org/wiki/Lawrence_Franklin_espionage_sc...
https://en.wikipedia.org/wiki/Jonathan_Pollard
https://en.wikipedia.org/wiki/Ben-Ami_Kadish
https://en.wikipedia.org/wiki/Jack_Parsons_(rocket_engineer)
Then there's the time they stole nuclear material from us https://en.wikipedia.org/wiki/The_Apollo_Affair
Then there's the time they slaughtered several dozen US navy and NSA personnel with repeated attacks on an unarmed vessel because they didn't like that we were watching them: https://en.wikipedia.org/wiki/USS_Liberty_incident
Again I don't have concrete proofs so I could be 100% wrong. But reading world history especially cold war history makes me be sceptical to certain things.
>because they didn't like that we were watching them
That is the American conspiracy theorist interpretation of the incident that (understandably) also gained traction among a few of the survivors. The Israelis disagree.
It was most likely a case of mistaken identity. Just like friendly fire incidents. Friendly fire incidents happen all the time, including between US forces in the recent Iraq and Afghanistan conflict.
> IDF war room to Israeli pilot: Yes, follow orders.
> Israeli pilot to IDF war room: But sir, it’s an American ship - I can see the flag!
> IDF war room to Israeli pilot: Never mind; hit it.
https://archive.md/KNYBR/again?url=https://www.haaretz.com/u...
On a related note, JFK was trying to shut down Israel's nuclear weapons program in the months before his murder.
https://www.jewishvirtuallibrary.org/kennedy-letter-to-ben-g...
[1] - https://nsarchive2.gwu.edu/NSAEBB/NSAEBB103/index.htm
https://en.wikipedia.org/wiki/Report_to_the_Secretary_on_the...
https://www.nybooks.com/articles/2001/09/20/the-truth-about-...
As far as I know there are few (if any) restrictions on encryption R&D (and even publication) in the US.
What is restricted (due to encryption being classed as a 'munition') is the export of robust encryption products to specific countries.
Broadly speaking, circumventing the export controls wouldn't be in the interest of the US Intelligence Community, unless those products have backdoors or vulnerabilities known to the IC.
As for the USS Liberty, some do argue that it was intentional, but both the Israelis and Americans ended up agreeing that it was a mistake. The US is no stranger to such mistakes either, even more egregious ones like when they killed close to 300 civilians aboard a regular passenger flight following an approved route and in contact with ATC (Iran Air 655).
In the end both the US and Israel are amoral states that act only according to their economic and strategic interests and I feel that this unites them. I wish it didn't, though.
Given the general incompetence of governments in general (Europe is no exception) I doubt it is (b).
Reminder that France vacuumed up messages on Enrochat after deploying malware globally, and they have clear text messages from users in any arbitrary country and have not disclosed what they will do with it or what they have.
https://www.vice.com/en/article/3aza95/how-police-took-over-...
Establishing mere capability is pretty trivial: they have diplomats in the United States who can talk to people.
You don’t think the French would love to have known about AUKUS submarine deal before it was made? It’s detrimental to not attempt to spy. The French were blindsided and I’m sure they don’t want to be blindsided again.
[1] https://www.space.com/arianespace-soyuz-rocket-launches-cso-...
[2] https://franceintheus.org/spip.php?article10460
The US spies on everyone because they can, and because they have prepared to do basically anything they think might be in their interests; when Germany discovers the US spying on them, what can they really do about it? Whereas if it was the other way, all hell would break loose.
How would the sailors on the ship being attacked be able to know anything like that (e.g. know if the Israeli pilots thought they were attacking an Egyptian ship or an American one)?
The sailors would know because they have access to the same information that you do, but a greater incentive to actually do the reading. The Israeli pilots knew it as a US ship, their radio traffic questioning their attack orders - after visually identifying the USS Liberty as a US ship, was recorded and the transcripts widely known about. This happened several times, so unless the Israeli command center had the memory of a goldfish - they intentionally kept sending attack aircraft until they eventually got a pilot to pull the trigger. Why would they do such a thing? Because the US wasn't onboard with the Israeli preemptive strike and they didn't want a signals intelligence boat tipping off the Egyptians. Israel doesn't appear to reciprocate the fond feelings expressed by American politicians - the mere idea of the "Samson Option" is proof enough of that.
To that point, it's worth noting here friendly fire incidents happen all the time in war, as well as attacks against neutral parties. For instance: the US has bombed its own troops probably more times than anyone can count, and it also bombed the Chinese embassy in Belgrade and shot down an Iranian airliner. Why would they do such things? Honestly, it's plausible they they may actually have had the memory of a goldfish, at least occasionally.
Because an imputed motive is not proof of anything, and there's no way "accounts on the ship" could provide the information you claim they do (knowledge of the attackers mental state).
I don't think anyone disputes that the Israelis attacked the ship intentionally, but you can say the same about most friendly fire incidents. The question is if the people who made the attack deliberately decided to attack what they know to be an American ship.
Just this past May, terrorists from adjoining Gaza shot 4,300 missiles towards Israeli cities over a 10 day period. Thankfully they were almost all shot down by the Israeli anti-missile defense system, Iron Dome (which the US is now evaluating for use in our Guam base). But still 13 died and 300 injuries occurred during that 10 day period at the hands of terrorists.
Israel has been dealing with terrorists hijacking planes for decades. In fact, 2 former Israeli Prime Ministers, Netanyahu and Barak were members of a 16 man special forces team that rescued hostages from Sabena Flight 571. Barak was the leader, Netanyahu was injured.
Of course, with 9/11 and other incidents the US has, like Israel, been the target of terrorists.
Both the US and Israel have had to deal with terrorists much more than any other developed OECD countries.
It gives you an idea how powerful their lobby is.
NSO should be declared a terrorist organization.
To me it looks like your comment is very biased and misrepresenting. While you say:
> Then there's the time they slaughtered several dozen US navy and NSA personnel with repeated attacks on an unarmed vessel because they didn't like that we were watching them"
At the same time the wikipedia article that you linked says:
"Both the Israeli and U.S. governments conducted inquiries and issued reports that concluded the attack was a mistake due to Israeli confusion about the ship's identity"
The sentiment of this part of your comment seems to be so openly and blatantly full of unsubstantiated hatred towards Israel, that my hope is it will be heavy downvoted.
But I can hardly see how the quoted part of the OP comment maybe explains by
> simply wrong about some of the facts
to me it seems that OP comment was just pushing for agenda using some hyperbole and hate.
The operative word in that sentence is seems, and you can't know that for sure so you shouldn't respond as though you do. HN has some pretty specific instructions about that.
For some reason I feel like the US government officials probably share the sentiment of their Icelandic colleagues of old. These immoral activists that obviously step out of line, but the only thing that bothers the US officials is that they got caught. But even then it is not such a big deal.
1: https://www.theguardian.com/technology/2013/nov/19/nsa-surve...
2: https://en.wikipedia.org/wiki/Sigurdur_Thordarson
It only takes 3 minutes of google searches or even a daily scan of Hacker News to see endless examples of government corruption and malfeasance. Government employees are only human after all, and there are millions of them. To think this sort of activity ends once you become an agent of the government is absurd.
This weekend I was traveling and I put the stray $20 from my pocket in the bin at the TSA checkpoint. An agent quickly pulled it out and handed it back to me. He then said "a lot of good people work here, but they're still human". It's kind of wild that we endure that level of complacency here in the States.
Tinfoil hat territory? Sure. Plausible and possible? Sure.
So you can be #5 and I'll be #6 :-)
I seriously have no damn clue what those buggers have gotten up to that they’ve bullied the government into leaving them alone.
By that standard, we should post every conspiracy theory ever created.
There's nothing wrong with the phrase "deep state". If you're concerned about associations with Trump (which I think you should not be), you can use a former Obama official's favored term, "the blob". Both, and many other similar phrases, are common in the foreign policy literature.
I think the first time I heard the phrase "shadow government" was in connection to Iran-Contra, where it described Oliver North and the small group in charge or those operations, but it's a phrase with many uses. I can't remember when I first heard of the "deep state", but I'd be fairly certain it was before Trump or anyone connected to him started using it.
"The Government" isn't really a single institution, but a surprisingly loose collection of various institutions that all have some level of momentum guiding the direction they move in. It's critical to note that these institutions may have interests that harshly conflict with one another. Even the intelligence community, insular as it is, cannot be thought of as a monolith, but as various institutions with various priorities, some which conflict with the interests of other government institutions.
When the government does something we dislike politically, or does something we don't understand, it's "the deep state" or "the shadow government" which betrays a deep misunderstanding of what the government is. There's no central, shadowy cabal controlling the affairs of "the government" from behind the scenes, the various institutions that comprise the government maintain momentum and do what is in furtherance of their particular interests.
J. Edgar Hoover was a perfect example of what people are talking about with the deep state. You can claim that’s just “institutional inertia”, but it’s still some unelected official with massive power wielding it in nefarious ways.
It's a very imprecise term covering bureaucratic norms and blindspots, to unsanctioned domestic and international terrorism, so it's not really useful except as shorthand with ideological bedfellows, so-to-speak, and you're right that it's often used to mean "the government guys I don't like but am too lazy/ill-informed to describe". But OP mentioned Gladio -- I think that's context enough for this thread. Do some reading on the topic (beyond Wikipedia) if you haven't already, and you might get a sense of what this non-centralized deep state can do.
And I didn't make it clear, but I brought up the North et al "shadow government" as an example far on the small-scale end of the spectrum of meaning of "deep state/shadow government". It _was_ a centralized shadowy cabal doing a now-documented conspiracy. People argue about how much authority they "seized" and how much was delegated by Reagan (and how much capacity he had to delegate much of anything), but regardless, it was not democratic to illegal go around Congress. What I've described as the "deep state" is the more common usage, and it's on the "amorphous, non-centralized, competing institutions, largely free of any democratic accountability" end.
To me, 'deep state' implies an illegal conspiracy against democracy. 'The blob' is a large organization that is hard to change, which describes every such organization. Ask an executive at a Fortune 500 company about blobs. The executive branch has the added complication that the CEO has limited powers and doesn't make the rules, Congress does. At work, you follow the boss's instructions. In the executive branch, you follow the Constitution first, then the laws made by the American people via Congress (accumulated over centuries), then the President's instructions - including instructions of prior presidents that haven't been changed.
Maybe 'deep state' was used before Trump, but the meaning has changed.
This is a very new, post-Trump/QAnon interpretation. The “deep state” has, for at least many decades prior, meant those aspects of government which persist from administration to administration, largely unaffected by those in power. E.g. the CIA keeps doing its thing regardless of whether a Democrat or Republican is in office.
Now in as much as these aspects of government are controlled by unelected officials who are willing to work against the elected representatives (think: J Edgar Hoover), that constitutes a shadow government.
It's often taught in political classes and it isn't a conspiracy that there exists a "deep state" or "shadow goverment".
For example, the roman elite troop, the Praetorian Guards, can be classified as a "deep state", as they had their own goals and if they were not meet, then they would just kill the emperor. At the same time, the emporer and the senat had almost no control over the Praetorian Guard.
Israel has zero interest in spying on random embassy employees in Uganda who are working with protesters there. This is purely mercenary stuff, and the US is annoyed that a podunk nowhere country got its hands on first-rate tools.