I don't normally say this ever, but good for Meta. I'd love to see NSO banned from US business as a scourge, but...
NSO, Cellbrite, all the good spyware/malware used by governments and connected rich come from Israel companies. The FBI, CIA, and local PD's certainly keep them on speed dial when they need into someone's phone for a legal matter like someone shooting at an orange on stage. Like Diddy said, can't stop, won't stop - cops still need an easy instahack button, and they provide them readily to the highest bidders.
Lots of Israeli "Gartner-rated" "Enterprise Security" vendors like Checkpoint, Radware, Cato Networks, etc too. You wonder if they sell the sickness in one hand, and the cure in another.
> FBI, CIA, and local PD's certainly keep them on speed dial
NSO was sanctioned by Commerce in 2021. A local PD doing business with them would be akin to doing business with a sanctioned Russian or Iranian entity.
NSO ban? It should be an Israel sanction. NSO Group has committed crimes against the people of the West and directly aided their enemies. The Israeli government is complicit in this.
Sanctions against Israel? It would be a miracle to even get a slight reduction to the money and weapons the American government gifts to them every year.
If you sanction Israel for Wassenar Agreement violations (which it never signed), then the US has to do the same to similar NATO and NATO+ allies like Singapore, the UAE, all of ASEAN, PRC, and a number of Wassenar Agreement members like Turkiye, India, and South Korea.
This is why arms control agreements are basically useless.
> Lots of Israeli "Gartner-rated" "Enterprise Security" vendors like Checkpoint, Radware, Cato Networks, etc too. You wonder if they sell the sickness in one hand, and the cure in another
Not exactly.
The Offensive Security companies like NSO Group are viewed as fairly scummy as well in Israel, but damn if they don't pay good. The kind of person who would become leadership at a NSO type company wouldn't become leadership at a Cato.
Lots of Israelis dislike the culture at the offensive security companies which tends to skew very Wild West and toxic (eg. Taking out new hires to strip clubs and lounges), and these companies in turn largely exist in a legal grey area.
The moment the company becomes a liability (eg. NSO Group), it loses political aircover fairly quickly
Heck, Netenyahu's Likud lead an inquiry against NSO Group and it's founders in 2022 (though this was also because Bibi's confidants were allegedly tapped by the intelligence community in Israel by leveraging NSO [0]), though all this fell to the wayside after the Judical Reforms as well as the Oct 7th attacks.
Also, Israel is a very small country where everyone is 2nd or 3rd degree connects with each other, so professional reputations spread very quickly.
> thought they were based in Israel and basically have protection from the Israeli government
They do [1]. That doesn't affect the supremacy of U.S. law.
> so basically we're doing the ol' "going on your permanent record" treatment
Sanctions in law means punishment [2]. In civil law, "sanctions are usually monetary fines." But Meta may go further in seeking damages in equity, which could range from injunctions on NSO targeting Meta to distribution restrictions in the U.S.
Note that NSO and its leadership are already blacklisted by Commerce [3]. This is the same designation we've put on e.g. Russia and Belarus's militaries [4].
It's always funny when <american government agency> announces "sanctions" on north korean, chinese, russian state sponsored hacking groups. What are you going to do, block them from using AWS?
Uh, arrest them when they show up in a country with an extradition treaty?
Do you think relatively highly paid individuals don't take foreign vacations?
> [1] That was true for the men released Thursday. Both were arrested on vacation in countries that cooperate with the U.S. Klyushin was arrested in Sion, Switzerland — four people alleged to be co-conspirators remain at large — and Seleznev in Maldives.
I mean really the arrest warrants or sanctions are just feel good PR for the agencies issuing them to let the public they are "doing something". It's the only thing they can do. For example, they aint ever going to pop a North Korean threat actor bc they simply cant travel at will.
They do pop Russians traveling outside of the CIS country region on vacation[1].
>According to Europol, a suspected LockBit ransomware developer was arrested in August 2024 at the request of French authorities while on holiday outside of Russia.
One of my favorite quotes about these hackers in CIS is, "Who cares if you have hundreds of millions of dollars, you are still stuck in Russia or the CIS region for the rest of your life".
> they aint ever going to pop a North Korean threat actor bc they simply cant travel at will.
True, but the USG has a long memory and holds grudges. Even if they never travel, they have to be confident every future government of the country will have their back. What's the odds the North Korean or Russian regime substantially changes in their lifetimes? Probably higher than the chance a future US administration will stop caring about an outstanding warrant.
Russians get got, but Israelis? I don't see the US government pulling many strings to get them.
Malware companies have openly operated in Israel for decades: https://en.wikipedia.org/wiki/Download_Valley How many extraditions of those guys to America from anywhere have there ever been?
And do you ever hear American politicians make a stink about it? Hell no, they're too busy bragging about how they love Israel much more than their opponent.
There is often a sizeable non public component to some of these things that is firmly more in the gray zone.
For example knowing that there are few legal options to deal with Russian groups who were doing ransomware attacks on hospitals there was recently a public name and shame campaign that lots of people had this exact kind of response to but the actual way they were looking to impose costs on these groups was by making sure that other crime groups in the country were very aware of who these people were, that they didn’t have any meaningful protection but they did have a lot of crypto money that would be very easy to rob from them. The idea was to put them in harms way since as the theory goes it would cause others to think twice.
Tactics differ obviously depending on the target and what options make sense but this was for a non state backed group who didn’t have anything other than a cyber component to them.
Did you miss the legislatiin requiring KYC programs for IaaS providers? Basically adds AWS and all othe American clouds to the bucket of companies having to surveil for people on OFAC.
Exactly, it just results in misguided measures like IP-range bans. Yeah, sure, that's going to stop a group dedicated to finding zero days and other technical flaws.
> the NSA/CIA and maybe even FBI are likely also customers
Probably not, given NSO has been blacklisted since 2021 [1].
That doesn't mean they don't use NSO's products. But they're buying it secondhand or reverse engineering it. Same as we'd do for e.g. an Iranian drone innovation.
The sanctions the court is talking about are monetary sanctions against the lawyers/defendants, not sanctions, as in the Treasury Department style of sanctions. Two different things.
> want the option where NSO loses but the money goes to the actual victims instead of Zuckerberg
"Punishment has five recognized purposes: deterrence, incapacitation, rehabilitation, retribution, and restitution" [1].
You're describing restitution. We're still on deterrence and incapacitation, i.e. fining NSO so it stays away from America and possibly putting it out of business so it can't keep selling its wares.
We are seeing justice from the many ways. There aren't many people who appreciate waiting on justice in crimes that are ruining a lot to steal a little.
I don't normally say this ever, but good for Meta. I'd love to see NSO banned from US business as a scourge, but...
NSO, Cellbrite, all the good spyware/malware used by governments and connected rich come from Israel companies. The FBI, CIA, and local PD's certainly keep them on speed dial when they need into someone's phone for a legal matter like someone shooting at an orange on stage. Like Diddy said, can't stop, won't stop - cops still need an easy instahack button, and they provide them readily to the highest bidders.
Lots of Israeli "Gartner-rated" "Enterprise Security" vendors like Checkpoint, Radware, Cato Networks, etc too. You wonder if they sell the sickness in one hand, and the cure in another.
> FBI, CIA, and local PD's certainly keep them on speed dial
NSO was sanctioned by Commerce in 2021. A local PD doing business with them would be akin to doing business with a sanctioned Russian or Iranian entity.
NSO ban? It should be an Israel sanction. NSO Group has committed crimes against the people of the West and directly aided their enemies. The Israeli government is complicit in this.
Sanctions against Israel? It would be a miracle to even get a slight reduction to the money and weapons the American government gifts to them every year.
If you sanction Israel for Wassenar Agreement violations (which it never signed), then the US has to do the same to similar NATO and NATO+ allies like Singapore, the UAE, all of ASEAN, PRC, and a number of Wassenar Agreement members like Turkiye, India, and South Korea.
This is why arms control agreements are basically useless.
> Lots of Israeli "Gartner-rated" "Enterprise Security" vendors like Checkpoint, Radware, Cato Networks, etc too. You wonder if they sell the sickness in one hand, and the cure in another
Not exactly.
The Offensive Security companies like NSO Group are viewed as fairly scummy as well in Israel, but damn if they don't pay good. The kind of person who would become leadership at a NSO type company wouldn't become leadership at a Cato.
Lots of Israelis dislike the culture at the offensive security companies which tends to skew very Wild West and toxic (eg. Taking out new hires to strip clubs and lounges), and these companies in turn largely exist in a legal grey area.
The moment the company becomes a liability (eg. NSO Group), it loses political aircover fairly quickly
Heck, Netenyahu's Likud lead an inquiry against NSO Group and it's founders in 2022 (though this was also because Bibi's confidants were allegedly tapped by the intelligence community in Israel by leveraging NSO [0]), though all this fell to the wayside after the Judical Reforms as well as the Oct 7th attacks.
Also, Israel is a very small country where everyone is 2nd or 3rd degree connects with each other, so professional reputations spread very quickly.
[0] - https://www.reuters.com/world/middle-east/top-israeli-cop-re...
Wait Meta is suing the NSO group in U.S. courts? I thought they were based in Israel and basically have protection from the Israeli government.
> the court warned it would not feel reluctant to impose sanctions
Ah okay so basically we're doing the ol' "going on your permanent record" treatment. That means nothing to a state sanctioned malware team.
> thought they were based in Israel and basically have protection from the Israeli government
They do [1]. That doesn't affect the supremacy of U.S. law.
> so basically we're doing the ol' "going on your permanent record" treatment
Sanctions in law means punishment [2]. In civil law, "sanctions are usually monetary fines." But Meta may go further in seeking damages in equity, which could range from injunctions on NSO targeting Meta to distribution restrictions in the U.S.
Note that NSO and its leadership are already blacklisted by Commerce [3]. This is the same designation we've put on e.g. Russia and Belarus's militaries [4].
[1] https://www.theguardian.com/news/article/2024/jul/25/israel-...
[2] https://en.wikipedia.org/wiki/Sanctions_(law)
[3] https://www.reuters.com/technology/us-blacklists-four-compan...
[4] https://www.commerce.gov/news/press-releases/2022/04/commerc...
> I thought they were based in Israel and basically have protection from the Israeli government.
NSO does business via various parent corps, subsidiaries, and other entities around the globe. https://en.wikipedia.org/wiki/NSO_Group#Overview
It's always funny when <american government agency> announces "sanctions" on north korean, chinese, russian state sponsored hacking groups. What are you going to do, block them from using AWS?
Uh, arrest them when they show up in a country with an extradition treaty?
Do you think relatively highly paid individuals don't take foreign vacations?
> [1] That was true for the men released Thursday. Both were arrested on vacation in countries that cooperate with the U.S. Klyushin was arrested in Sion, Switzerland — four people alleged to be co-conspirators remain at large — and Seleznev in Maldives.
[1]: https://www.nbcnews.com/tech/security/us-releases-russian-ha...
I mean really the arrest warrants or sanctions are just feel good PR for the agencies issuing them to let the public they are "doing something". It's the only thing they can do. For example, they aint ever going to pop a North Korean threat actor bc they simply cant travel at will.
They do pop Russians traveling outside of the CIS country region on vacation[1].
>According to Europol, a suspected LockBit ransomware developer was arrested in August 2024 at the request of French authorities while on holiday outside of Russia.
https://www.bleepingcomputer.com/news/security/police-arrest...
One of my favorite quotes about these hackers in CIS is, "Who cares if you have hundreds of millions of dollars, you are still stuck in Russia or the CIS region for the rest of your life".
> they aint ever going to pop a North Korean threat actor bc they simply cant travel at will.
True, but the USG has a long memory and holds grudges. Even if they never travel, they have to be confident every future government of the country will have their back. What's the odds the North Korean or Russian regime substantially changes in their lifetimes? Probably higher than the chance a future US administration will stop caring about an outstanding warrant.
Even if their country has their back, that protection racket can come at a cost.
“So and so is looking to arrest you, it would really suck if you got deported or put on this ‘vacation’ to France, wouldn’t it?”
Worth paying up, but if you’re willing to pay anything…
Maybe I deceive myself when I think its too early to know if the Marshall plan through Glasnost was the intelligent half of an eternal cycle.
What’s CIS?
Commonwealth of Independent States - the former Soviet Union
Russians get got, but Israelis? I don't see the US government pulling many strings to get them.
Malware companies have openly operated in Israel for decades: https://en.wikipedia.org/wiki/Download_Valley How many extraditions of those guys to America from anywhere have there ever been?
Israelis have impunity as you can see on TV these days
For everything from war crimes to child rape, Israel is a safe haven for criminals: https://www.cbsnews.com/news/how-jewish-american-pedophiles-...
And do you ever hear American politicians make a stink about it? Hell no, they're too busy bragging about how they love Israel much more than their opponent.
There is often a sizeable non public component to some of these things that is firmly more in the gray zone.
For example knowing that there are few legal options to deal with Russian groups who were doing ransomware attacks on hospitals there was recently a public name and shame campaign that lots of people had this exact kind of response to but the actual way they were looking to impose costs on these groups was by making sure that other crime groups in the country were very aware of who these people were, that they didn’t have any meaningful protection but they did have a lot of crypto money that would be very easy to rob from them. The idea was to put them in harms way since as the theory goes it would cause others to think twice.
Tactics differ obviously depending on the target and what options make sense but this was for a non state backed group who didn’t have anything other than a cyber component to them.
Did you miss the legislatiin requiring KYC programs for IaaS providers? Basically adds AWS and all othe American clouds to the bucket of companies having to surveil for people on OFAC.
So yes. That's exactly what they'll do.
Exactly, it just results in misguided measures like IP-range bans. Yeah, sure, that's going to stop a group dedicated to finding zero days and other technical flaws.
Not to mention the NSA/CIA and maybe even FBI are likely also customers.
> the NSA/CIA and maybe even FBI are likely also customers
Probably not, given NSO has been blacklisted since 2021 [1].
That doesn't mean they don't use NSO's products. But they're buying it secondhand or reverse engineering it. Same as we'd do for e.g. an Iranian drone innovation.
[1] https://www.reuters.com/technology/us-blacklists-four-compan...
You think NSA needs to go to NSO for exploits and implants? There's a whole market for this stuff, NSO is just one actor, and far from the best.
The sanctions the court is talking about are monetary sanctions against the lawyers/defendants, not sanctions, as in the Treasury Department style of sanctions. Two different things.
I want the option where NSO loses but the money goes to the actual victims instead of Zuckerberg
> want the option where NSO loses but the money goes to the actual victims instead of Zuckerberg
"Punishment has five recognized purposes: deterrence, incapacitation, rehabilitation, retribution, and restitution" [1].
You're describing restitution. We're still on deterrence and incapacitation, i.e. fining NSO so it stays away from America and possibly putting it out of business so it can't keep selling its wares.
[1] https://open.lib.umn.edu/criminallaw/chapter/1-5-the-purpose...
Lots of those victims are dead
By this logic, maybe we shouldn't charge murders because the murdered party is not around to see justice?
Every victim has family or friends or things they cared about publicly (usually the public presence is the reason they became a victim).
Justice can be found in many ways.
We are seeing justice from the many ways. There aren't many people who appreciate waiting on justice in crimes that are ruining a lot to steal a little.