Announcement

Collapse
No announcement yet.

This WhatsApp hack

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    #26
    Well there are 3 issues
    1. That these vulnerabilities exist in the first place (which raises the questions as to what extent WhatsApp/Fb were already aware of this up until this point)
    2. That this company developed a way of hacking into it, weaponising it and therefore turning a profit (knowingly turning a profit on human rights abuses)
    3. That a bunch of state actors (presumably sold this directly by the company, perhaps through state involvement) used this

    So, your issue is number 3. I think they are at least two other very major issues here.

    Comment


      #27
      On the other hand, are we expecting too much from free online communications platforms?

      Before the internet, phone calls, faxes and post could be intercepted. Yet now we are all demanding super duper encryption. Maybe we need to dial down our expectations.

      Comment


        #28
        Originally posted by anton pulisov View Post
        On the other hand, are we expecting too much from free online communications platforms?

        Before the internet, phone calls, faxes and post could be intercepted. Yet now we are all demanding super duper encryption. Maybe we need to dial down our expectations.
        I think that is fair enough. We should never assume that communication that is happening on something like Whatsapp or Instagram or Gmail or whatever is super secure. However i do think we have a right to assume that through these applications nefarious actors can turn on the microphone and camera in our hardware and use it to directly spy on everything we say and do.

        Comment


          #29
          Originally posted by ad hoc View Post
          Well there are 3 issues
          1. That these vulnerabilities exist in the first place (which raises the questions as to what extent WhatsApp/Fb were already aware of this up until this point)
          2. That this company developed a way of hacking into it, weaponising it and therefore turning a profit (knowingly turning a profit on human rights abuses)
          3. That a bunch of state actors (presumably sold this directly by the company, perhaps through state involvement) used this

          So, your issue is number 3. I think they are at least two other very major issues here.
          #1 is conjecture. As for #2, agencies and governments buy vulnerabilities, often from nefarious groups on the dark web. Including your own government.

          Comment


            #30
            So, it's all alright then? Suit yourself.

            Comment


              #31
              1. isn't conjecture - we know that these vulnerabilities exist
              2. And if my government or any other is involved in this incredibly dodgy stuff we should just accept it. "well they're all at it?"*

              *It occurs that this hack may have been used both by the Saudi government in getting Khashoggi to come to the embassy, and by the Turkish government in listening in while they murdered him and cut up his body. Do you really have no problem with any of that?

              Comment


                #32
                Originally posted by ad hoc View Post
                Do you really have no problem with any of that?
                If your worldview is completely binary, then that's the conclusion you're going to leap to.

                I'm not jumping to conclusions on the hack, because I don't know how the attack was carried out. And neither do you.

                Comment


                  #33
                  Originally posted by Stumpy Pepys View Post

                  If your worldview is completely binary, then that's the conclusion you're going to leap to.
                  I don;t follow your argument here at all. But anyway, go ahead and do your usual supercilious patronising bit
                  I'm not jumping to conclusions on the hack, because I don't know how the attack was carried out. And neither do you.
                  To me it is enough to know that it was carried out, the exact details of "how" are not that important. I don;t really need to know exactly "how" depleted uranium works as a weapon, but I can know enough about its effects to stick it into my binary "bad stuff" column.

                  Comment


                    #34
                    Originally posted by anton pulisov View Post
                    On the other hand, are we expecting too much from free online communications platforms?

                    Before the internet, phone calls, faxes and post could be intercepted. Yet now we are all demanding super duper encryption. Maybe we need to dial down our expectations.
                    I would be hesitant to make the case that because previous telecommunications were very vulnerable to interception and espionage we shouldn't expect anything different from the latest technology. Phone calls could be intercepted in the previous century but it normally required the resources and expertise of large organisations or people acting on behalf of the state. That no longer applies. There are many more people now that can exploit security vulnerabilities in the technology we use every day. Smartphones are essentially the greatest surveillance devices ever designed. They're with us all the time, everywhere we go. That's far too dangerous to allow unsecured access.

                    Comment


                      #35
                      The Israeli state uses software companies spin off from their army as proxies. If both the Financial Times and the bbc consider this Israeli action thatís good enough for me.

                      no doubt you will claim the use of traditional antisemitic tropes D the Israeli Government has no track record whatsoever in this field.

                      The BBC- very careful about what it says about Israel- is about as explicit as you can be

                      The Israeli army takes in every youngster, assesses their greatest strength and parks them where they can do the most national good.

                      The computer nerds who would otherwise be locked in their mum's basement are forced out into the light and into doing their national service in cyber-warfare.

                      When they leave the army, they take the skills and the connections they made into the industrial sector and they form companies like the NSO Group.

                      The NSO Group makes hacking tools to sell to governments to fight crime and terrorism.

                      But - and it is a big but - they'll only get an export licence from the Israeli government if it deems that the sale does not harm the national interest.
                      So a more interesting question to me is why are you so insistent on muddying what is comparatively clear water, Mr Pepys?
                      Last edited by Nefertiti2; 15-05-2019, 09:28.

                      Comment


                        #36
                        Originally posted by Nefertiti2 View Post
                        So a more interesting question to me is why are you so insistent on muddying what is comparatively clear water, Mr Pepys?
                        I'm questioning the assertion on this thread that NGO Group is a branch of the Israeli state.

                        Comment


                          #37
                          Because there is no way that these get made available for open sale without the Israeli Government knowing about it. And if they are on open sale, then there are others that the public aren't aware of.

                          Comment


                            #38
                            Int addition how did this come to light?
                            The FT seems to have broken the story, and they cite a "spyware dealer", with confirmation from Facebook/Whatsapp.Facebook apparently knew about it last week (ie before the Sunday attack on the human rights lawyer) as they notified the DoJ then. I've not seen any indication of how they became aware of it. El Reg says:
                            Miscreants were first spotted exploiting the bug in early May to infect and compromise victims' smartphones, and changes were made in WhatsApp's backend software to block further attacks prior to the team rolling out fully patched versions of the app to users.
                            Incidentally, the same Register article says the attack on the lawyer was thwarted, though that's coming from Facebook, so I'd take it with a pinch of salt.

                            Comment


                              #39
                              Originally posted by Stumpy Pepys View Post

                              I'm questioning the assertion on this thread that NGO Group is a branch of the Israeli state.
                              "Branch of" probably not. "Unable to function without the approval of..." would be more accurate.

                              Comment


                                #40
                                The software has been classified by Israel as a weapon, which usually means that the state can go around selling it (the arms industry in general seems - everywhere - to have an unhealthily close relationship with government). They probably bundle it in with training in killing unarmed protesters and white phosphorus bombs.

                                Comment


                                  #41
                                  ad hoc, the reporting I've seen has been pretty clear (while not explicit) that the Turks had bugged the Saudi embassy in the time-honoured fashion of planting devices in the building. Similarly, I don't think that there was any hack involved in getting Khashoggi into the embassy. He had to go there to get his visa.

                                  Though it is the case[URL=https://www.middleeastmonitor.com/20190514-israel-spyware-firm-linked-to-khashoggi-case-used-to-hack-whatsapp]that other NSO Group products were used by the Saudis to monitor other dissidents' conversations with Khashoggi.

                                  Comment


                                    #42
                                    Originally posted by ursus arctos View Post
                                    ad hoc, the reporting I've seen has been pretty clear (while not explicit) that the Turks had bugged the Saudi embassy in the time-honoured fashion of planting devices in the building. Similarly, I don't think that there was any hack involved in getting Khashoggi into the embassy. He had to go there to get his visa.
                                    There were a number of stories back then that somehow implied that Turkey had recorded the conversation via Khashoggi's iPhone, I think. Though I suspect the standard bugging option seems more likely. On Khashoggi, if they knew his movements and were pretty effectively spying on him (to the point of listening in on his personal conversations with his fiancee) it seems to me there is a chance they could have at least nudged him into the direction of going to the consulate to get this paperwork done. Perhaps I'm being overly paranoid there.

                                    Comment


                                      #43
                                      Those were the Turkish government's initial attempts to square the existence of the recordings with their insistence that they hadn't bugged the embassy.

                                      It is difficult to be overly paranoid in these circumstances; they certainly strongly encouraged him to come at the time when the assassination squad was there.

                                      Comment


                                        #44
                                        Originally posted by ad hoc View Post
                                        The software has been classified by Israel as a weapon, which usually means that the state can go around selling it (the arms industry in general seems - everywhere - to have an unhealthily close relationship with government). They probably bundle it in with training in killing unarmed protesters and white phosphorus bombs.
                                        I thought it was children and unarmed journalists they killed


                                        Or foreign nationals in acts of piracy on the high seas.

                                        Comment


                                          #45
                                          The links between Turkey and Israel, despite the public rhetoric, are incredibly strong so nothing would surprise me here.

                                          Comment


                                            #46
                                            Richard Silverstein in the Nation - much of it about the connections between NSO and BlackCube and the Israeli State https://www.thenation.com/article/is...ts-repression/

                                            Comment

                                            Working...
                                            X