from Hacker News

Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims (2020)

by yhoiseth on 7/29/21, 8:39 PM with 14 comments

  • by motohagiography on 7/29/21, 10:18 PM

    It's like the one thing universally true about spies is they can never keep it g. As a security guy, this is why you don't get involved with dodgy companies. When the pressure is on, they will pull in everyone they ever spoke to and use you protecting your rep to try get leverage. Pretty clear how he's choosing to go out.

    However, I'd also be willing to make a huge bet there is zero chance the FB CISO at the time was aware of who these representatives allegedly were or approved what they were doing unless it was threat intelligence. I don't think this will be the last muck thrown by this company.

  • by 0xy on 7/29/21, 11:59 PM

    This isn't the first time Facebook have attempted this behavior, previously they were successful in purchasing a zero-day exploit and launching it against users. [1]

    You may think that case warrants an exception, but it sets a clear precedent and encourages the hoarding of zero-days.

    I think it's extremely easy to believe Facebook would launch exploits at users because they already have.

    [1] https://nakedsecurity.sophos.com/2020/06/12/facebook-paid-fo...

  • by pjbeam on 7/29/21, 11:00 PM

    I think FB can handle that task without NSO's help.

  • by dangerface on 7/30/21, 8:39 AM

    NSO would kill for the sort of intelligence facebook gathers from phones via messenger. I don't see how facebook would benefit from any partnership with them only NSO.

  • by annadane on 7/29/21, 10:59 PM

    I hate a lot of things about Facebook and am very critical of them but I don't trust NSO to tell the truth about this

    Thanks for the downvotes appreciate it

  • by mithusingh32 on 7/30/21, 1:34 AM

    Honestly...It sounds like FANG will own NSO one way or another.

  • by hammock on 7/29/21, 11:49 PM

    Wait... This happened in 2017.

    Facebook bought WhatsApp in 2014.

    Pegasus is built on a WhatsApp vulnerability.

    Should Facebook have patched this 4 years ago, rather than try to pay a third party to exploit it?