Spyware slinger NSO to Facebook: Pretty funny you're suing us in California when we have no US presence and use no American IT services... Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US. Last October, Facebook and its WhatsApp subsidiary sued the software developer and its affiliate Q Cyber Technologies in California, claiming that the …
NSO might be using a server(s) that were picked up by the U.S. government, then seconded to NSO. That wouldn't be the first time something like that was done. Avoidance of corporate liability is one of the reasons that major U.S. defense contractors and universities use the GOCO (government-owned contractor-operated) model for running various national labs and military and intelligence sites at the behest of Uncle Sam.
if the U.S. government is spying _WITHOUT_ some kind of due process (even FISA) then they can be held accountable for THAT much at least. But do we know it's the U.S. gummint behind this?
FB (and subsidiaries) needs to close their security holes, at the very least, if they do not want to be a vehicle by which such malware can be spread to targeted individuals.
(I hate to root for FB though in winning this lawsuit, but the alternative [them losing] is WORSE)
I suspect the US government in the form of one or more of its security services is already privy to much of FB's WhatsApp traffic and that it has been for some time with FB complying via their legal obligations. So NSO was likely operating for another actor such as the Saudis or even Israel, I am sure there are many outside the US who are interested in certain data within the US, so it could be anybody.
NSO say they only provide their services to governments but considering the nature of the services they offer I doubt thier moral compass and veracity.
Yeah, they say that, but where's the proof ?
And if you're going to put forward an argument of immunity, use the right one. Here, they tried sovereign immunity and that got shot down because duh, the NSO is not a country (something you'd think they should know), so now they try again with "derivative" sovereign immunity. That's going to get shot down as well because they are not acting on behalf of a government. Even I can see that and I'm not a lawyer.
The NSO is just another bunch of well-heeled clowns who think they're on top of the world and when they say something, it is the golden truth, no need to check. Well, whatever actually happened with WhatsApp, they're going to learn the hard way that judges do not take too well someone who invents new excuses every time their previous excuse gets invalidated.
NSO say they only provide their services to governments but considering the nature of the services they offer I doubt thier moral compass and veracity. .... Chris G
Should that be .... NSO say they only provide their services to governments but considering the nature of the services they offer I have no doubt of their moral compass and veracity? *
Such Offer Certain Clarity ....... you know, that which is Practically Virtually EverywhereTouted and Pimped Out as Transparency Tomorrow to Follow Cans Kicked Down the Roads Today. Such is No Way to Lead ...... Trailing Problems Left Unresolved/Unsolved/Pending:-)
Surely one only needs to further tweak a right devious moral compass to have one questioning the veracity of a significantly worthy change of direction and attention to the finest of details, for all doubts to be blasted to smithereens and kingdom come ‽ .
* ..... Is there no doubtful it is Regrettably True ?
What say you to Command and Control IT with AI Virtual Machines in Future Applications/Acceptable Realities? What do you bring to such an All-Round Table which are not already possessed and assessed there? More of the same or something excitingly different and quite terrifying in equal lusty lunatic manic measure?
Can you guess what is looked for there for immediate acceptance and outlandishly generous payment ? You don't need to be an Einstein to be perfectly right with a correct answer to that permanently abiding question ....... and unsubstantiated fear.? ....... but is sure helps if you're into Prime Premium Optimal Operations and all those sorts of Other ProgramMING AIMissions where One Can Safely Chronicle and Securely Explain Pivotal Events which has one supposedly leading something ethereal which can be thought adversely impacting something more practical and historic/prehistoric.
Fb seem a bit desparate here, wonder what the real story is. Also find it hard to believe that a spyware manufacturers software doesn't phone home, so why not just release who was operating the server (Saudis I bet, going after zucks phone like bezos, seems like an all kit no trick mistake to look like your service emits from california, kinda next level "but I used 5 proxies" other APTs tend be a bit cleaner/better at stage managing evidence)
NSO is the desperate one. Should the court rule in Facebook's favor, NSO could quickly find it can't deal with any banks & it's people can't travel outside of Israel, except direct flights to authoritarian regimes. It's hard to see how it can get out of this scott free given how US Law treats "willful blindness" which is the foundation of most of it's arguments, although it's far from certain Facebook will get what it wants either. Should the court rule in NSO's favor, it gives free license for Facebook and anyone else to target NSO software for exploitation that NSO cleared the way for.
- Pegassus spyware exists. It can be put on a smartphone to compromise the supposed privacy of Whatsapp messages.
- NSO have Pegassus so it is possible or even probable that other groups have something similar.
- Smartphones are therefore not suitable for highly private communications.
- FB are concerned that (more) people will keep private stuff off their smartphones which will damage their business model.
- If FB can show that NSO are criminals then they hope that most FB (and subsidiary) users will go back to trusting their systems.
I don't think FB's business model depends on people trusting their deepest secrets to their phones. They're in the advertising business, not espionage.
They're upset because if their tool isn't secure, people might look for others instead, and once your users start looking for alternatives to your products there's no telling what they might find.
Never attribute to conspiracy that which can be easily explained by common-or-garden greed.
I didn't express myself very well. FB want the world to know that NSO are state level espionage criminals and therefore are not to be worried about by FBs main target groups. By throwing out accusations they distract from the fact that their system (and the platform it runs on) is vulnerable. Painting NSO as 'state level' (by getting them to use that as a defence) gives fake reassurance that nobody else - who maybe just wants to gather enough information to phish or intercept your bank or credit card account details or even just know when you'll be away on holiday - is doing anything similar.
FB don't want to hush this up. By making a noise in the couirts they want everyone to 'realise' that they've done everything they could to make their system safe but that the opposition was out of their league. Which is bollocks, of course.
NSO's technology exists. I have seen no evidence to suggest it is unique.
"NSO's technology exists. I have seen no evidence to suggest it is unique."
Agreed, but irrelevant. As are the motives of Facebook. The real legal issues are (1) does NSO violate US Law, and (2) if so, whether NSO can use a defense that is denied to hackers (e.g. Marcus Hutchins) charged with violating US Law when they create & sell tools to others who commit crimes (under US Law) with those tools.
If Hutchins had sold malware but only to state actors, then he too could have made the same defence. As it is, though, the cases are not comparable.
The point is, if it's not a crime when a state does it, then you can't coherently charge someone with abetting a crime by helping them do it.
Everything and everybody is spied upon by someone and/or something. Get used to it and realise secrets are easily dangerous to have and counter-productive to use exclusively. Don't be a convenient fool and think otherwise.
This public service message is brought to you in support of your mental health.
“This public service message is brought to you in support of your mental health.”
Take it from a former/current great games play player/guinea pig, where such mental health was and is tried to the very outer limits, and agree and acknowledge in entirety the truth in such observation.
Take it from a former/current great games play player/guinea pig, where such mental health was and is tried to the very outer limits, and agree and acknowledge in entirety the truth in such observation. ..... Cliff Thorburn
And strictly for the adults in the room with no need of prisoners to seed and feed, CT. Future Survivors rather than Present Slave Masters ...... with Myriad Works in Progress to Finesse with Temporary Completions ...... Pregnant Virtual Pauses :-)
“One of these assertions relates to QuadraNet, a California-based telecommunications company," NSO's spokesperson said in an emailed statement. "As we have argued to the court, neither NSO Group nor Q Cyber ever had a contractual arrangement with QuadraNet."
A statement defined almost entirely by what it does not say.
Reminds me of a certain software company that clearly stated it did not own or use any DEC mainframes. Indeed, it had "sold" the machines to a recently organized contractor and outsourced the tasks they had been doing to said contractor. Oddly, the contractor was located in a building formerly occupied by said software company and staffed by very-recently-ex employees of that company.
Meanwhile, NSO's stance of "We just make the tools, no idea what they are used for" reminds me of "Once the rockets go up, who cares where they come down. That's not my department..."
Reminds me of a certain software company that clearly stated it did not own or use any DEC mainframes. Indeed, it had "sold" the machines to a recently organized contractor and outsourced the tasks they had been doing to said contractor. Oddly, the contractor was located in a building formerly occupied by said software company and staffed by very-recently-ex employees of that company.
I heard a similar story about AS/400s. And that came out some time after it became common knowledge (within the AS/400 community) they utterly failed to replace their 23 AS/400s with 1,200 NT servers.
Reminds me of a flight to the Middle East some years ago. There were allegations that there were British military personnel onboard. Now this was denied strenuously by the UK government who said there were no British Military onboard. However what if these people were seconded to another branch of the Government? Then you don't have to call them military personnel maybe they could be intelligence advisors or to quote Bond "Licensed Troubleshooters". Just a suggestion and I'm not implying or asserting that's what actually happened.
Don't Facebook already do this to their own users? From my understanding Facebook collects tons of information on people, even people who don't use their services. It's also my understanding Facebook collects tons of metadata from Whatsapp chats.
So all in all, effectively spying, although their users and others have agreed to this.
So what's the problem Facebook?
- Although personally, I use Signal instead.
I think you pointed out the problem already. Users agreed to Facebook's snooping. They didn't agree to NSO's. Facebook didn't agree to NSO's. Nobody agreed to NSO's. NSO's is obtained by breaking into systems including user phones and possibly including Facebook's servers. In addition, NSO's malware spies to a much greater extent than does Facebook's. NSO's can reportedly turn on cameras and microphones to record background information. Facebook isn't believed to do that, though I wouldn't put it past them to do so eventually.
I hate Facebook too. Everything about them. I refuse to use any service they run. At least people expect that Facebook will be spying on them if they do choose to use their services. NSO's is worse.
That's true, but I've never agreed to Facebooks terms, I've never registered an account with them.
Yet they attempt collect my info regardless on any website with a Facebook button, or their many other methods.
They also have pictures of me which I never uploaded, and even a fake account with my picture for its main picture.
I have to do everything I can to prevent my web browser sending info off to them.
I don't agree to any of this, but they do it anyway, so how is it any different?
ZuckFart is a spyware company. They spy on you even if you have no direct relationship with them. Like you they have all sorts of data on me even though I blocked FartBook at my firewall years and years ago. They don't care at all. All they want is data that they can sell to the highest bidder.
You have to remember that they are competing with Google for advertising $$$$$$$$$$$$. They will do anything they can legal or not to get better data on us than Google.
They didn't like this foreign upstart stepping on their toes.
Personally, I hope Zuck is made to pay for all the hurt that his creation has caused humanity.
"ZuckFart is a spyware company."
I have always maintained that a clever government agency that wanted to keep tabs on it's entire population would have invented Faecebook.
I doubt they are that clever but I have no doubt they have the wit to see the value in using Faecebook now someone has invented it and I have no doubt that they can have full access to anything if they want it.
I have always maintained that a clever government agency that wanted to keep tabs on it's entire population would have invented Faecebook.
Perhaps they were just building upon their existing systems? Try searching with DuckDuckGo for 'google nsa cia start'.
Obviously you don't want to use Google as the search tool >>========>
How is it any different? Well, they're too different bad things. Facebook's collection is unwarranted and should be illegal everywhere. There's a good case that it is illegal in some places based on how the GDPR specifies they're supposed to do this stuff, but that hasn't yet been tested. Elsewhere, it's legal though extremely odious. NSO's is clearly illegal everywhere, and there is no openness about what they're doing, which we at least have a little bit for Facebook. They both deserve to be fixed. Ideally, my schedule would look like this:
May 2020: NSO finally brought into court.
June 2020: NSO found guilty, made to pay a heavy bill.
July 2020: NSO goes bankrupt.
August 2020: Facebook simultaneously pursued with legal action by those who never agreed to data collection and by data protection authorities.
September 2020: Fines build up to catastrophic levels for Facebook.
October 2020: Facebook files for restructuring bankruptcy.
November 2020: Judge rules against petition to restructure because of illegal activity.
December 2020: Facebook starts dissolution bankruptcy process.
Unfortunately, the legal process doesn't go that fast. I can still hope, can't I?
I rather suspect that admitting that is irrelevant - wouldn't it be the case that only the owner of the mobile device would have standing (in the legal sense) in a disagreement about the specific devices?
After all, Alice can't sue Bob for Bob breaking into Candace's computer, right?
Class action suit? These greasy f*cks just admitted, in court, that they sent mal-formatted WhatsApp messages to numerous devices, at which point they DID gain unauthorized access to those devices, violating CFAA each and every time.
From the article: 'NSO's spokesperson reiterated the claim that the biz does not operate its Pegasus software for its clients. And its legal filing says as much: "If Pegasus messages did pass through QuadraNet servers, they would have been sent by NSO’s customers, not NSO."'
Of course, there's a possibility they're fibbing, but no, they did not admit it in court.
Actually, they didn't admit it. They said that one of their clients is doing this. Plus the CFAA is a U.S.A. law which does not apply to any other country. And if it is a foreign government doing this, then nobody can really do anything to them. You can sue them, but good luck collecting on it.
I fail to see how Facebook can collect on any damages since NSO apparently operates outside the jurisdiction of the United States. Of course, NSO will not name which client is doing this, but if they are correct and a foreign government is using their software to spy on certain individuals, then Facebook has bigger problems than some Israeli startup stepping on their turf. Somehow I doubt that it's the U.S. government doing this. So the way that I see it, sovereign immunity protects governments and their contractors from legal action. With that in mind, Facebook may have no standing to sue at all.
Facebook can collect by having a US court order any funds destined to or from NSO be seized that come under the control of any bank that does business in the US. It's exactly the same lever the US uses to enforce sanctions against foreign regimes even by, say, Chinese banks. The bank can comply or find it cannot do business with petty much any other bank in the world.
"having a US court order any funds destined to or from NSO be seized that come under the control of any bank that does business in the US."
Oh yeah? So you think that a US court can sieze funds from my bank just because they also have branches in the US? You can fuck right off, and so can the US courts.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
