by o999 on 12/21/24, 1:38 AM with 240 comments
by sweeter on 12/21/24, 10:56 PM
One particularly grotesque case was the illegal wire tapping of Ben Suda after launching a criminal probe in to Israeli war crimes, which they used to threaten the prosecutor and used it to hide evidence that they knew was under scrutiny or take the cases to court just to drop it so they can tell the ICC that they did make an attempt to prosecute, which is a loophole that disallows the ICC to take up those cases.
I'm certain many countries do this stuff, as well as operate botnets and threaten journalists... but the uniqueness here is that these intel groups located in Israel operate under complete protection of the US without any scrutiny or oversight alongside the US government. We are living in this dystopian universe that people have warned about, for decades at this point.
by FpUser on 12/21/24, 10:43 PM
by kdbg on 12/21/24, 7:38 PM
The fact journalists were compromised seems only incidental, the ruling is about weather or not NGO Group "exceeded authorization" on WhatsApp by sending the Pegasus installation vector through WhatsApp to the victims and not weather they were unauthorized in accessing the victims. Its a bit of a subtle nuance but I think its important.
Quoting the judgement itself:
> The court reasoned that, because all Whatsapp users are authorized to send messages, defendants did not act without authorization by sending their messages, even though the messages contained spyware. Instead, the court held that the complaint’s allegations supported only an "exceeds authorization" theory.
> The nub of the fight here is semantic. Essentially, the issue is whether sending the Pegasus installation vector actually did exceed authorized access. Defendants argue that it passed through the Whatsapp servers just like any other message would, and that any information that was 'obtained' was obtained from the target users' devices (i.e., their cell phones), rather than from the Whatapp servers themselves
> [...removing more detailed defendant argument...]
> For their part, plaintiffs point to section (a)(2) itself, which imposes liability on whoever "accesses a computer" in excess of authorized access, and "thereby obtains information from any protected computer" pointing to the word "any"
> [...]
> As the parties clarified at the hearing, while the WIS does obtain information directly from the target users’ devices, it also obtains information about the target users' device via Whatsapp servers.
Adding a little more detail that comes from the prior dockets and isn't in the judgement directly but basically NSO Group scripted up a fake Whatsapp client that could send messages that the original application wouldn't be able to send. They use this fake client to send some messages that the original application wouldn't be able to send which provide information about the target users' device. In that the fake client is doing something the real client cannot do (and fake clients are prohibited by the terms) they exceeded authorization.
Think about that for a moment and what that can mean. I doubt I'm the only person here who has ever made an alternative client for something before. Whatapp (that I recall) does not claim that the fake client abused any vulnerabilities to get information just that it was a fake client and that was sufficient. Though I should note that there were some redacted parts in this area that could be relevant.
I dunno, I mean the CFAA is a pretty vague law that has had these very broad applications in the past so I'm not actually surprised I was just kinda hopeful to see that rolled back a bit after the Van Bruen case a few years ago and the supreme court had some minor push back against the broad interpretations that allowed ToS violations to become CFAA violations.
Edit: Adding a link to the judgement for anyone interested: https://storage.courtlistener.com/recap/gov.uscourts.cand.35...
Edit2: And CourtListener if you want to read the other dockets that include the arguments from both sides (with redactions) https://www.courtlistener.com/docket/16395340/facebook-inc-v...
by ilrwbwrkhv on 12/21/24, 9:24 AM
by securemepro on 12/28/24, 2:57 AM
by nico on 12/21/24, 6:52 AM
That is kinda funny, although sad at the same time
On the flip side, I guess that means META allows WhatsApp users being only “legally spied” on
by akira2501 on 12/21/24, 7:00 AM
https://www.newsnationnow.com/business/tech/fbi-warns-agains...
by dmantis on 12/21/24, 9:14 AM
There should be no "legal" hacking of someone's devices apart from extraction of data from already convicted people in public court with the right to defend themselves
by wslh on 12/21/24, 1:56 PM
by ThinkBeat on 12/21/24, 10:42 PM
Yet they are protected by the US and Israel, which I believe is the case that they have backdoors into all of it, and getting the targets to actually install this malware on their own saves a lot time.
All good, except for the actual real world victims.
by o999 on 12/21/24, 9:47 PM
https://en.wikipedia.org/wiki/NSO_Group#Relationship_with_th...
by immibis on 12/21/24, 7:11 AM
by dudeinjapan on 12/21/24, 3:01 PM
by jredwards on 12/21/24, 5:46 AM
by kindeyooweee on 12/22/24, 9:34 AM
if you are a refugee or fleeing with ambiguous rights etc it could lead to death but that is mitigated by the fact the people buying may not necessarily be able to get deep into the weeds to figure out how it works most get the leaked source follow a playbook etc
so most western journalists should be safe unless they incurred the wrath of five eyes or something at which point running would be futyl :)
by alecco on 12/21/24, 11:47 AM
31. 206 points 9 hours ago US judge finds Israel's NSO Group liable for hacking journalists via WhatsApp (reuters.com)
22. 37 points 8 hours ago My Pal, the Ancient Philosopher (nautil.us)
15. 4 points 4 hours ago Testing for Thermal Issues Becomes More Difficult (semiengineering.com)
18. 11 points 2 hours ago The Christmas story of one tube station's 'Mind the Gap' voice (2019) (theguardian.com)