I'm surprised this isn't a major diplomatic incident between the UK and Israel too, since the Israeli intelligence company was supposedly "closely monitoring how their customers were using the software" or akin to that.
Like, yeah, blame the UAE mostly for this but let's also have a discussion about why this was sold to anyone who would pay with no oversight at all. Western countries need to do better.
The current home secretary, Priti Patel, was forced to resign from her previous (lesser) role as Minister for International Development for secretly (and thus illegally) meeting with Israeli diplomats.
> I'm surprised this isn't a major diplomatic incident between the UK and Israel too
Are you really surprised? I'd be surprised if the UK and its media made a fuss about it. Certainly we won't be making a fuss about it here in the US that's for sure. I'd imagine russia and china wishes they had 1/10th the influence that israel has in the US/UK. Say what you want about israel, but for such a tiny country, it punches far above its weight.
> "Like, yeah, blame the UAE mostly for this but let's also have a discussion about why this was sold to anyone who would pay with no oversight at all. Western countries need to do better."
The UK itself is one of the largest weapon exporters in the world, exporting to many countries in the Middle East with dubious human rights track records. The UK government can't possibly know what happens with every single pistol, bullet, missile or drone they sell (if they could, nobody would be buying):
A private Israeli company is exporting weapons to the same countries the UK does, and when those weapons get used inappropriately, you're then "surprised this isn't a major diplomatic incident between the UK and Israel".
By the same account, are you suggesting that there should be a major diplomatic incident between every country in the world and the UK/USA every time they catch terrorists somewhere around the world using either UK/USA built-or-designed firearms?
There wouldn't be any diplomatic relationships left then:
> let's also have a discussion about why this was sold to anyone who would pay with no oversight at all.
There will always be cyberweapon brokers. If not NSO, then someone else. And money talks.
Why would there be any oversight? What you need is plausible deniability.
I’d prefer if they started selling Pegasus to absolutely anyone at all. Like, online, for $999 a month or something. Maybe then there will be actual efforts to patch the vulnerabilities that are being exploited for it to work.
Because western countries use the same services to spy on their citizens. Even if they feigned outrage, the potential blowback could topple some people.
Besides, governments also tend not to want to be scrutinized on moral ground for trading war assets of any kind.
Why should I be enraged if government officials were put under surveillance? They made abundantly clear that they are in favor of increased monitoring. Their secret surveillance programs were laid open.
Ironically, the fact that it's not playing out as a major dust-up in public will probably only further contribute to conspiratorial thinking in re: the Israeli gov't.
There are a few thousand kids (and their parents) in Yemen that became all-too-literal "end customers" for American exports of the non-cultural or Apple variety. It's fundamentally the same, except the impact was not metaphorical.
The UK sells weapons. Should they be blamed for anyone who is affected by them? Regardless of your own opinion they would argue no. So they can’t be hypocritical.
UAE on the other hand is a decrepit money laundering people smuggling cesspit and should face the full brunt of Iran/Russia style sanctions.
There's nothing to be gained by wringing our hands and kicking up a public fuss, crying to the press about it. That's not how grownups do business. We all know everyone spies on everyone else, it's a given. I'm sure GCHQ spies on Israel and UAE.
For all we know the security services already knew about this and were feeding false info to manipulate the UAE. Heck, the Israelis might have even tipped us off, I'm sure they value their relationship to us much more than with the UAE. I'd give it at least 50/50 Munk School trying to 'help' us just trashed a perfectly good MI6 counterintelligence op. That's the sort of way these things work.
Why would that be surprising? I haven't heard about Yemen being outraged at France for selling weapons to the UAE for example. Western countries can't do better, it's how the world has and always will operate.
Yeah, I agree. The western nations which built their lead through brutal colonialism and presently maintain that lead with neo-colonialism structures where brutal governments (Saudi Arabia, Israel, UAE) do the dirty work which they (western countries) ostensibly condemn.
How about this: let’s have the western countries leave the world alone. Let’s have the western countries abandon their profit by misery business models (eg western arms industries which profiteer by instigating conflict and supplying aggressors).
> surprised this isn't a major diplomatic incident
It all depends who the (UK) Government is "friends" with. Let's not forget the infamous Russian Novichok poisoning cases in Salisbury - those naughty Russians! The Saudis execute 81 citizens in a day, and Boris visits the day after to beg for oil and gas - those naughty Saudis!
I'm not surprised it isn't a major diplomatic incident!
>since the Israeli intelligence company was supposedly "closely monitoring how their customers were using the software"
If the Israelis were going to veto a country's use of the software, it's reasonable to assume that the country was intelligent enough not to tell them what they were doing with it.
This is a bit of a tangent but I think reports like these strengthen the argument against electronic voting. There's basically no way of building a secure electronic voting system that can beat the security and auditability properties of old school pen and paper voting.
There is a point being totally missed in this thread and that is the UK government basically ignore all security common sense and do absolutely incomprehensible things like discuss national security over WhatsApp and Zoom, as a British citizen, in my eyes this absolutely amounts to treason as they're knowingly potentially giving away state secrets, anyone else would be instantly jailed.
UK government and any departments discussing sensitive matters (or everyone, really) should not be using a) off the shelf phones, and b) should not be using public communications networks full stop, nevermind foreign communication platforms.
I'm curious about the threat modelling of those high level officials. With all these hacking going on, if feels like it's not been a consideration.
Pegasus claims iOS and Android hacking capabilities, one would expect more specialised communications being used at that level. Car companies provide specialised vehicles for governmental use, I would have expected to see specialised iOS or Android devices at least. Nothing completely out of this world but with special software configurations and features to detect and prevent attacks.
>with special software configurations and features to detect and prevent attacks
I could imagine a special build of the OS where everything was compiled with Address Sanitizer. You'd take a bit on performance and battery, but, tradeoffs.
I would guess the best approach is to try to have as small an attack surface as possible, meaning as few applications etc, and the simplest possible operating system.
Like for example a minimalist build of the PinePhone with software that literally never updates unless there is a security issue. Maybe something like a stripped down Slackware, or I was gonna say OpenBSD where even the proprietary hardware drivers are re-written to be open source (and free), but I guess for the PinePhone, the hardware is already open anyways.
My headcanon at this point is that the spymasters know about the security binary[0], and have decided that the threat of going dark is worse than the threat of getting pwned with their own NOBUS[1] exploits. Better to have everyone be vulnerable.
I do know at one point Apple had special Korean iPhone SKUs with no physical camera installed, I have no clue if those are still being made. Samsung probably did the same thing. The problem is that, aside from just removing hardware, there's no particular special software configuration that you can do to make the device more secure. Every good idea out there is either already being done on the consumer versions of these devices, or is an optional feature you can already enable on a stock device with MDM software. The security on phones is already pretty good, albeit at the cost of freedom for enthusiasts and tinkerers.
[0] Binary as in gender, not as in untrusted.
[1] US intelligence term that stands for "NObody But US" and is equivalent to "0day".
Perhaps they hacked honeypot devices and were thus fed disinformation. UKG has mounted such operations (some with high level of sophistication) since 1945 at least.
Obviously this news is a bit embarrassing for both the UAE and the UK, but if the UK's response isn't to press the UAE for a reciprocal no-hacking treaty, then presumably the UK is trying to keep its options open. Unless I'm mistaken, the UK isn't surprised that it doesn't have any treaties with the UAE prohibiting this sort of thing... live by the hack, die by the hack.
As appalling as this intrusion is, I can't help but feel there is some measure of propriety that it should be done to a nation taking advantage of its impressive technological legacy to eavesdrop on most transatlantic communications, and scheming and hacking to subvert the communication infrastructure of friendly countries.
Not that "what goes around comes around" is going to fix anything in this regard...
UAE hacks UK give officials using Israeli cyberterrorism software and there are no consequences?
I'm sure Abraham would be proud to have had his name attached to essentially a weapons contract masquerading as a peace deal between two evil governments.
The question is then what phone exists that is immune from this? A flip phone? A Nokia 1011? I might be completely misinformed but seems like SIM card and the underlying OS is vector. What happens if I use a cell phone from late 90s and early 2000s? What is there to hack with those flip phones? JavaME over the wire? What if the cell phone dates even further?
Legitimately curious what options is there. Could If you are someone of interest then it seems like having a smartphone is an automatic liability. What then solution is possible since sending and reading a simple text message is enough to escalate privilege?
[+] [-] Someone1234|3 years ago|reply
Like, yeah, blame the UAE mostly for this but let's also have a discussion about why this was sold to anyone who would pay with no oversight at all. Western countries need to do better.
[+] [-] Jenk|3 years ago|reply
https://www.bbc.co.uk/news/uk-politics-41923007
It is completely unsurprising that there is little care shown by our government.
[+] [-] qiskit|3 years ago|reply
Are you really surprised? I'd be surprised if the UK and its media made a fuss about it. Certainly we won't be making a fuss about it here in the US that's for sure. I'd imagine russia and china wishes they had 1/10th the influence that israel has in the US/UK. Say what you want about israel, but for such a tiny country, it punches far above its weight.
[+] [-] BitwiseFool|3 years ago|reply
I think Realpolitik is the reason why and that's all I'm going to say about that.
[+] [-] csmpltn|3 years ago|reply
The UK itself is one of the largest weapon exporters in the world, exporting to many countries in the Middle East with dubious human rights track records. The UK government can't possibly know what happens with every single pistol, bullet, missile or drone they sell (if they could, nobody would be buying):
[1] https://commonslibrary.parliament.uk/research-briefings/cbp-... [2] https://en.wikipedia.org/wiki/UK_arms_export
A private Israeli company is exporting weapons to the same countries the UK does, and when those weapons get used inappropriately, you're then "surprised this isn't a major diplomatic incident between the UK and Israel".
By the same account, are you suggesting that there should be a major diplomatic incident between every country in the world and the UK/USA every time they catch terrorists somewhere around the world using either UK/USA built-or-designed firearms?
There wouldn't be any diplomatic relationships left then:
[3] https://en.wikipedia.org/wiki/List_of_most-produced_firearms
[+] [-] sgjohnson|3 years ago|reply
There will always be cyberweapon brokers. If not NSO, then someone else. And money talks.
Why would there be any oversight? What you need is plausible deniability.
I’d prefer if they started selling Pegasus to absolutely anyone at all. Like, online, for $999 a month or something. Maybe then there will be actual efforts to patch the vulnerabilities that are being exploited for it to work.
[+] [-] raxxorraxor|3 years ago|reply
Besides, governments also tend not to want to be scrutinized on moral ground for trading war assets of any kind.
Why should I be enraged if government officials were put under surveillance? They made abundantly clear that they are in favor of increased monitoring. Their secret surveillance programs were laid open.
So how do you propose they should do better?
[+] [-] eganist|3 years ago|reply
[+] [-] ajsnigrutin|3 years ago|reply
If russia did that, they would be treated a lot differently than israel or eg. USA.
[+] [-] KarlKemp|3 years ago|reply
[+] [-] markus_zhang|3 years ago|reply
Actually Yes Minster joked about surveillance put on certain ministers. Can watch for fun. Sitcoms nowadays rarely talk about political issues.
[+] [-] slickrick216|3 years ago|reply
UAE on the other hand is a decrepit money laundering people smuggling cesspit and should face the full brunt of Iran/Russia style sanctions.
[+] [-] simonh|3 years ago|reply
For all we know the security services already knew about this and were feeding false info to manipulate the UAE. Heck, the Israelis might have even tipped us off, I'm sure they value their relationship to us much more than with the UAE. I'd give it at least 50/50 Munk School trying to 'help' us just trashed a perfectly good MI6 counterintelligence op. That's the sort of way these things work.
[+] [-] curiousgal|3 years ago|reply
[+] [-] DSingularity|3 years ago|reply
Yeah, I agree. The western nations which built their lead through brutal colonialism and presently maintain that lead with neo-colonialism structures where brutal governments (Saudi Arabia, Israel, UAE) do the dirty work which they (western countries) ostensibly condemn.
How about this: let’s have the western countries leave the world alone. Let’s have the western countries abandon their profit by misery business models (eg western arms industries which profiteer by instigating conflict and supplying aggressors).
[+] [-] FerretFred|3 years ago|reply
It all depends who the (UK) Government is "friends" with. Let's not forget the infamous Russian Novichok poisoning cases in Salisbury - those naughty Russians! The Saudis execute 81 citizens in a day, and Boris visits the day after to beg for oil and gas - those naughty Saudis!
I'm not surprised it isn't a major diplomatic incident!
[+] [-] ganoushoreilly|3 years ago|reply
[+] [-] throwaway829|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] dreen|3 years ago|reply
[+] [-] baybal2|3 years ago|reply
[deleted]
[+] [-] postingposts|3 years ago|reply
[deleted]
[+] [-] jimbob45|3 years ago|reply
If the Israelis were going to veto a country's use of the software, it's reasonable to assume that the country was intelligent enough not to tell them what they were doing with it.
[+] [-] yaa_minu|3 years ago|reply
[+] [-] nonrandomstring|3 years ago|reply
We have a problem in democratic nations. I've written about it here [1]. Bruce Schneier has also addressed it in his own way.
Our lack of any framework for civic cybersecurity is a disgrace. People in future ages will look back on our time as a wild-west.
A solution can only come from a ground-up awareness through education.
[1] http://www.icicte.org/assets/icicte2019_5.4_farnell.pdf
[+] [-] throwaway67743|3 years ago|reply
UK government and any departments discussing sensitive matters (or everyone, really) should not be using a) off the shelf phones, and b) should not be using public communications networks full stop, nevermind foreign communication platforms.
[+] [-] mrtksn|3 years ago|reply
Pegasus claims iOS and Android hacking capabilities, one would expect more specialised communications being used at that level. Car companies provide specialised vehicles for governmental use, I would have expected to see specialised iOS or Android devices at least. Nothing completely out of this world but with special software configurations and features to detect and prevent attacks.
[+] [-] 1over137|3 years ago|reply
I could imagine a special build of the OS where everything was compiled with Address Sanitizer. You'd take a bit on performance and battery, but, tradeoffs.
[+] [-] xanthrax|3 years ago|reply
[+] [-] russnes|3 years ago|reply
Like for example a minimalist build of the PinePhone with software that literally never updates unless there is a security issue. Maybe something like a stripped down Slackware, or I was gonna say OpenBSD where even the proprietary hardware drivers are re-written to be open source (and free), but I guess for the PinePhone, the hardware is already open anyways.
edit: A stripped down Slackware I should say
[+] [-] kmeisthax|3 years ago|reply
I do know at one point Apple had special Korean iPhone SKUs with no physical camera installed, I have no clue if those are still being made. Samsung probably did the same thing. The problem is that, aside from just removing hardware, there's no particular special software configuration that you can do to make the device more secure. Every good idea out there is either already being done on the consumer versions of these devices, or is an optional feature you can already enable on a stock device with MDM software. The security on phones is already pretty good, albeit at the cost of freedom for enthusiasts and tinkerers.
[0] Binary as in gender, not as in untrusted.
[1] US intelligence term that stands for "NObody But US" and is equivalent to "0day".
[+] [-] dboreham|3 years ago|reply
[+] [-] pomian|3 years ago|reply
[+] [-] sgjohnson|3 years ago|reply
I actually see this as a good thing. Getting a taste of their own medicine.
[+] [-] LatteLazy|3 years ago|reply
* If you have nothing to hide, you have nothing to fear is official policy
* We aggressively use "tools" like this both domestically and abroad, both for military/intel and for law enforcement with basically no oversight
* Our government are basically technic-illiterate. And proud of that in many cases.
So this is a train wreck of their own making.
The only thing making me sad is that it will have zero effect.
[+] [-] KMag|3 years ago|reply
[+] [-] nickdothutton|3 years ago|reply
[+] [-] karolsputo|3 years ago|reply
https://www.newyorker.com/magazine/2022/04/25/how-democracie...
[+] [-] etiam|3 years ago|reply
[+] [-] dekhn|3 years ago|reply
[+] [-] drexlspivey|3 years ago|reply
[+] [-] smashah|3 years ago|reply
I'm sure Abraham would be proud to have had his name attached to essentially a weapons contract masquerading as a peace deal between two evil governments.
[+] [-] tomatowurst|3 years ago|reply
Legitimately curious what options is there. Could If you are someone of interest then it seems like having a smartphone is an automatic liability. What then solution is possible since sending and reading a simple text message is enough to escalate privilege?
[+] [-] gm3dmo|3 years ago|reply
If it’s the first then security services have a problem. If it’s the second then those individuals have a problem.
[+] [-] stakkur|3 years ago|reply
[+] [-] dirtylowprofile|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] danielktdoranie|3 years ago|reply
[+] [-] wly_cdgr|3 years ago|reply