[HN Gopher] UK Government Officials Infected with Pegasus
___________________________________________________________________
UK Government Officials Infected with Pegasus
Author : yablak
Score : 211 points
Date : 2022-04-18 19:49 UTC (3 hours ago)
(HTM) web link (citizenlab.ca)
(TXT) w3m dump (citizenlab.ca)
| Someone1234 wrote:
| I'm surprised this isn't a major diplomatic incident between the
| UK and Israel too, since the Israeli intelligence company was
| supposedly "closely monitoring how their customers were using the
| software" or akin to that.
|
| Like, yeah, blame the UAE _mostly_ for this but let 's also have
| a discussion about why this was sold to anyone who would pay with
| no oversight at all. Western countries need to do better.
| ganoushoreilly wrote:
| 3rd and 4th party collection are a hell of a drug
| jimbob45 wrote:
| >since the Israeli intelligence company was supposedly "closely
| monitoring how their customers were using the software"
|
| If the Israelis were going to veto a country's use of the
| software, it's reasonable to assume that the country was
| intelligent enough not to tell them what they were doing with
| it.
| curiousgal wrote:
| Why would that be surprising? I haven't heard about Yemen being
| outraged at France for selling weapons to the UAE for example.
| Western countries can't do better, it's how the world has and
| always will operate.
| 12907835202 wrote:
| I've not heard about France but Yemen has definitely been
| outraged at Britain for selling weapons to Saudi Arabia...
| throwaway829 wrote:
| Expecting any honest reporting on Israel is naive. That hasn't
| happened for 70+ years.
| eganist wrote:
| Ironically, the fact that it's not playing out as a major dust-
| up in public will probably only further contribute to
| conspiratorial thinking in re: the Israeli gov't.
| l33tbro wrote:
| Israel seems to have a relative degree of immunity when it
| comes to subverting UK pol. Anyone ever see the investigative
| journalist piece of the Zionist group trying to subvert the
| UK Labour Party? They had a journalist go undercover for 6
| months recording all kinds of things they weren't meant to:
|
| https://youtube.com/watch?v=ceCOhdgRBoc
|
| There was only minor fallout from this incident, and I
| imagine it will be the same here.
| usrn wrote:
| inter_netuser wrote:
| Numbers?
| girvo wrote:
| recuter wrote:
| This is one of those Pepsi things, probably a bot..
| BitwiseFool wrote:
| >"I'm surprised this isn't a major diplomatic incident between
| the UK and Israel too."
|
| I think Realpolitik is the reason why and that's all I'm going
| to say about that.
| recuter wrote:
| The realpolitik of it is that Johnson some weeks ago went to
| the Saudis hat in hand asking for oil after they've stopped
| responding to phone calls from _POTUS_.
|
| Last year: The Saudi crown prince, Mohammed
| bin Salman, warned Boris Johnson in a text message that UK-
| Saudi Arabian relations would be damaged if the British
| government failed to intervene to "correct" the Premier
| League's "wrong" decision not to allow a PS300m takeover of
| Newcastle United last year.
|
| The takeover of the club was of course completed shortly
| afterwards. As were the weapons sales.
|
| As for the NSO, it is rather likely that the UK government
| itself is a client. In fact taking all of that into account
| it isn't unlikely that the UK government is more than just a
| customer and was already aware of being "hacked". But that's
| all I'm going to say about that.
| forum_ghost wrote:
| odds are UK and UAE mutually hacked each other.
| manquer wrote:
| Some context/background to the deal
|
| the sale has been stalled for more than a year at that
| point , the league had decided arbitrarily to put a fitness
| check and delay(not reject) the deal. Roman, usmanov
| (minority holder ) and Abu Dhabi sovereign fund are current
| owners of major clubs before Saudi Arabia .
|
| The stalling and later approval has nothing to do with
| concerns of sportswashing (PL has sold out any morality
| they had long before then). The block and later approval
| was mostly because Qatar was pissed .
|
| Qatar owns PSG , hosting 2022 World Cup and most
| importantly owns lucrative PL broadcast rights in Middle
| East.
|
| beIN with Saudi government informal support has been
| streaming matches illegally. Complicating this Qatar for
| last 4/5 years has been pretty much isolated in Middle East
| and kicked out of many forums in unrelated diplomatic
| fights.
|
| In the end Saudi paid 1Billion pounds to Qatar to settle
| that dispute before Newcastle could be bought.
|
| Sovereign/government influence peddling and involving in
| sports clubs is nothing new. Real Madrid has benefited a
| lot over the years , west ham got a brand new stadium for
| nothing , even in the U.S. favorable policies , tax breaks
| are used heavily to attract sports teams at city /state
| level all the time.
|
| Democracy or dictators sports are cheap trick to improve
| ratings , it has been used at least since gladiators in
| Rome as a tool.
|
| My intention is not defend Saudi actions just that it is
| not surprising governments were involved.
|
| Disclaimer : I am a Newcastle fan
| recuter wrote:
| > Disclaimer : I am a Newcastle fan
|
| As-salamu alaykum
|
| I reckon the fans of rival clubs will absolutely
| terrorize you with taunting going forth.
| nickt wrote:
| I'm sure the Sunderland lads have already clocked it.
| Feel free to drop by...
|
| https://www.readytogo.net/smb/
| slickrick216 wrote:
| The UK sells weapons. Should they be blamed for anyone who is
| affected by them? Regardless of your own opinion they would
| argue no. So they can't be hypocritical.
|
| UAE on the other hand is a decrepit money laundering people
| smuggling cesspit and should face the full brunt of Iran/Russia
| style sanctions.
| axlee wrote:
| I can guarantee you that if the UK was supplying weapons to a
| country that was using them against its own allies, there
| would be an incident, and at the very least they would stop
| supplying them. There is no hypcrisy - yet.
| baybal2 wrote:
| baybal2 wrote:
| postingposts wrote:
| I really don't feel that anyone is prepared to have a _serious_
| discussion regarding Israel, and I believe that's mainly
| because of the large populations which are adherents to
| Abrahamic religion (i.e. Judaism, Christianity, Islam) and the
| relationship that these share between wealth and propping
| nations up.
|
| I think there are quite few people here on Earth prepared to
| have a very serious discussion about the amounts of death,
| violence, and in general _tolerance_ for the above that this
| _particular_ religion has. That is, I think people will stick
| to the broad generalizations as opposed to discussing the meat
| of the topic.
| runnerup wrote:
| > I really don't feel that anyone is prepared to have a
| serious discussion regarding Israel, and I believe that's
| mainly because...
|
| ...Israel's intelligence finds or creates blackmail on more
| than enough key politicians and their staff in the western
| countries.
| postingposts wrote:
| "Israel's intelligence" is like a gang member calling
| themselves "lil NSA" or some shit. It's the NSA and
| globalist interests within the US who don't like the idea
| that nations are nations and they don't control the Earth.
| It's very insulting to people with compensate for a lack of
| personality or wit with egotism to be told you can't just
| "do whatever" when you have a billion dollars. Again, I
| think no one is ready for a serious conversation about
| this. We don't consider our rich mentally ill, and
| therefore there can be little else to be said or done.
| nonrandomstring wrote:
| And what were GCHQ, MI6 and NCSC doing to protect our prime-
| minister at this time?
|
| We have a problem in democratic nations. I've written about it
| here [1]. Bruce Schneier has also addressed it in his own way.
|
| Our lack of any framework for civic cybersecurity is a disgrace.
| People in future ages will look back on our time as a wild-west.
|
| A solution can only come from a ground-up awareness through
| education.
|
| [1] http://www.icicte.org/assets/icicte2019_5.4_farnell.pdf
| haltingproblem wrote:
| Britain is not a democracy in any modern sense of the word.
|
| There is no constitution, bill of rights, and while there are
| elections in the mainland, Britain had concentration camps in
| Kenya as recently as 1967, where large numbers of people, who
| were ruled by the British, not only could not vote but also
| were tortured for asking for the right to vote. Britain even
| them claimed the mantle of "World Oldest Democracy"/ "Cradle of
| Democracy".
|
| The Queen, who is also the head of the Church of England, and
| the "defender of the faith", nominates huge numbers of Bishops
| to the British Parliament. Many _hereditary_ "Peers" hold title
| and they cannot prevent Bills from Passing but they can hold
| them up and amend them.
|
| Monarchy, sans constitution, with electoral exercises - but one
| person, one vote, democracy Britain is not. Some votes like
| that of Peers and Bishops and matter more.
|
| The West which endlessly criticizes China and other countries
| needs to own up to what a democracy is and what is not and stop
| LARPing as one.
| nonrandomstring wrote:
| I'm trying to understand why the toys flew out the pram when
| I said "democracy". Did it offend, as if to say "Hey we live
| in a democracy and by implication all other countries are
| shite" ? I didn't mean that. It's a very loaded word, so
| sorry if it "triggers". Notice I didn't say functional
| democracy. I guess along with it goes a whole slew of hidden
| values, like how we expect public figures to behave, and how
| we expect institutions to work.
|
| respects
| Veen wrote:
| There's so much that's factually wrong with this comment I
| don't know where to start. 1. The UK does have a Bill of
| Rights (It's different in England and Scotland). The English
| one pre-dates the US Bill of rights by a century[0]. 2. It
| does have a constitution, but not a written constitution in
| the American sense[1]. 3. The Queen doesn't nominate Bishops;
| she rubber stamps nominations by a committee who are approved
| by the PM. 4. The Queen does not vote in elections.
|
| [0]: https://en.wikipedia.org/wiki/Bill_of_Rights_1689
|
| [1]: https://en.wikipedia.org/wiki/Constitution_of_the_United
| _Kin...
| orf wrote:
| > There is no constitution, bill of rights, and while there
| are elections in the mainland
|
| The UK is a constitutional monarchy and does have a bill of
| rights.
|
| > nominates huge numbers of Bishops to the British Parliament
|
| It's a bit more nuanced than that. The Queen doesn't nominate
| anyone to Parliament, at least not in the way you're
| implying. Just like she has to sign a bill into law before it
| has any effect, she does so as a ceremonial function rather
| than with a critical eye which is exactly the same as with
| nominations like this.
|
| To take any action _but_ that which is recommended to her by
| relevant (elected) parties would result in a pretty big
| crisis that would ultimately see her ceremonial roles
| stripped.
|
| > Many hereditary "Peers" hold title and they cannot prevent
| Bills from Passing but they can hold them up and amend them.
|
| The house of lords is a pretty good check on the house of
| commons. Implying it's purely a thing that functions to "hold
| up" bills is rather incorrect.
|
| > Britain even them claimed the mantle of "World Oldest
| Democracy"/ "Cradle of Democracy".
|
| I've never seen such a thing, have you got a source?
| nonrandomstring wrote:
| Dude I live there, it's a green and pleasant land, especially
| on summer Fridays after a beer by the beach. Quite good
| enough for me.
| dundarious wrote:
| The Johnson government has been widely but toothlessly
| criticized for using WhatsApp on personal devices to conduct
| affairs of state (and deleting messages, failing to hand over
| messages to investigations, etc.). My personal opinion is that
| they don't care too much about this type of thing (being hacked
| by UAE, etc.), and are preoccupied with more selfish matters.
| It can be quite profitable to be the butler to Gulf, Russian,
| and UK billionaires.
| pydry wrote:
| >And what were GCHQ, MI6 and NCSC doing to protect our prime-
| minister at this time?
|
| Preparing an advertising campaign against E2E encryption:
| https://www.engadget.com/the-uk-government-is-reportedly-pla...
| jll29 wrote:
| > And what were GCHQ, MI6 and NCSC doing to protect our prime-
| minister at this time?
|
| Nobody is perfect - but there are people who blatantly ignore
| ITSEC best practices and are therefore almost unprotectable.
| forum_ghost wrote:
| >Bruce Schneier has also addressed it in his own way.
|
| very interesting, can you link to it? tia!
| nonrandomstring wrote:
| Sure I guess this one [1] is fairly typical of Bruce's
| psoition. He identifes as (coined the phrase?) working as a
| "public interest technologist". He mentions this throughout
| his writing. I took to using the term "civic cybersecurity"
| and "digital self defence" after about 2014. I think we're on
| the same page, loosely.
|
| [1] https://www.schneier.com/essays/archives/2019/02/public-
| inte...
| drexlspivey wrote:
| Can't phone vendors have people pose as a client to NSO to get
| access to the latest RCE and patch it?
| tomatowurst wrote:
| The question is then what phone exists that is immune from this?
| A flip phone? A Nokia 1011? I might be completely misinformed but
| seems like SIM card and the underlying OS is vector. What happens
| if I use a cell phone from late 90s and early 2000s? What is
| there to hack with those flip phones? JavaME over the wire? What
| if the cell phone dates even further?
|
| Legitimately curious what options is there. Could If you are
| someone of interest then it seems like having a smartphone is an
| automatic liability. What then solution is possible since sending
| and reading a simple text message is enough to escalate
| privilege?
| EwanToo wrote:
| No technology is entirely secure today, we haven't built it in
| a provably secure way
|
| The most secure today is probably a Pixel 6 running a secure
| messaging app with a limited attack surface, no image support,
| no emoji, etc. Removing all the standard apps including the
| browser and Webview engine would significantly help.
|
| If you could switch an iPhone into a secure mode which removed
| large chunks of messaging functionality then it would be the
| preferred option.
| xiphias2 wrote:
| Probably PGP encryption / authentication using files on an SD
| card with a computer separated from internet is your best bet
| for secure communication. An ,,easier to use'' version can use
| a firewall that only allows the PGP emails through, at least in
| that case the firewall can be made simple and secure.
| usrn wrote:
| I would be shocked if people couldn't find an RCE in an early
| 2000s flip phone. I had a friend who had hers since 2010 and
| MMS crashed it all the time.
| b33f wrote:
| If you're talking about flip phones and trying to protect
| against an eavesdropper of a phone call or SMS, then there's
| no point. The network that these phones used is full of holes
| already https://en.wikipedia.org/wiki/Signalling_System_No._7
| #Protoc...
| mrtksn wrote:
| I'm curious about the threat modelling of those high level
| officials. With all these hacking going on, if feels like it's
| not been a consideration.
|
| Pegasus claims iOS and Android hacking capabilities, one would
| expect more specialised communications being used at that level.
| Car companies provide specialised vehicles for governmental use,
| I would have expected to see specialised iOS or Android devices
| at least. Nothing completely out of this world but with special
| software configurations and features to detect and prevent
| attacks.
| pomian wrote:
| Time to revamp the black berry.
| mardifoufs wrote:
| The RCMP had access to all the encryption keys for the
| blackberry messaging back end :). They could basically access
| any message that was sent through RIM servers, and used that
| access pretty often (sometimes at the request of foreign
| governments).
| postingposts wrote:
| Well, they certainly _won't do it again_! Therefore, this
| should be ignored and not logically used to infer that
| governments spy on citizens!
| xanthrax wrote:
| I'm pretty sure its just accepted it is government by WhatsApp
| groups.
| dillondoyle wrote:
| ;) always a scandal. When Dems do it.. Politicians of both
| parties routinely use apps like wickr and signal. often
| illegally not following records keeping laws.
|
| I know obama had a special blackberry made so he could use
| email on mobile.
|
| I'd be surprised if the federal government hasn't created a
| mobile version of SIPRNet yet?
|
| I work in politics (low level compared to these elected s).
| most of the committees use signal + email 2fa or similar now.
| But that does nothing against sate sponsored hackers with 0
| days. Maybe rotating burner phones and chat platforms would
| work better, but probably not worth it for the vast majority
| unless doing something sketchy.
| dboreham wrote:
| Perhaps they hacked honeypot devices and were thus fed
| disinformation. UKG has mounted such operations (some with high
| level of sophistication) since 1945 at least.
| KMag wrote:
| Obviously this news is a bit embarrassing for both the UAE and
| the UK, but if the UK's response isn't to press the UAE for a
| reciprocal no-hacking treaty, then presumably the UK is trying to
| keep its options open. Unless I'm mistaken, the UK isn't
| surprised that it doesn't have any treaties with the UAE
| prohibiting this sort of thing... live by the hack, die by the
| hack.
| nickdothutton wrote:
| UK has been through a period of getting very cosy with the
| Qataris, which began during the Cameron era and has since (I
| believe) cooled a bit.
| etiam wrote:
| As appalling as this intrusion is, I can't help but feel there is
| some measure of propriety that it should be done to a nation
| taking advantage of its impressive technological legacy to
| eavesdrop on most transatlantic communications, and scheming and
| hacking to subvert the communication infrastructure of friendly
| countries. Not that "what goes around comes around" is going to
| fix anything in this regard...
| yaa_minu wrote:
| This is a bit of a tangent but I think reports like these
| strengthen the argument against electronic voting. There's
| basically no way of building a secure electronic voting system
| that can beat the security and auditability properties of old
| school pen and paper voting.
___________________________________________________________________
(page generated 2022-04-18 23:00 UTC)