[HN Gopher] UK Government Officials Infected with Pegasus ___________________________________________________________________ UK Government Officials Infected with Pegasus Author : yablak Score : 211 points Date : 2022-04-18 19:49 UTC (3 hours ago) (HTM) web link (citizenlab.ca) (TXT) w3m dump (citizenlab.ca) | Someone1234 wrote: | I'm surprised this isn't a major diplomatic incident between the | UK and Israel too, since the Israeli intelligence company was | supposedly "closely monitoring how their customers were using the | software" or akin to that. | | Like, yeah, blame the UAE _mostly_ for this but let 's also have | a discussion about why this was sold to anyone who would pay with | no oversight at all. Western countries need to do better. | ganoushoreilly wrote: | 3rd and 4th party collection are a hell of a drug | jimbob45 wrote: | >since the Israeli intelligence company was supposedly "closely | monitoring how their customers were using the software" | | If the Israelis were going to veto a country's use of the | software, it's reasonable to assume that the country was | intelligent enough not to tell them what they were doing with | it. | curiousgal wrote: | Why would that be surprising? I haven't heard about Yemen being | outraged at France for selling weapons to the UAE for example. | Western countries can't do better, it's how the world has and | always will operate. | 12907835202 wrote: | I've not heard about France but Yemen has definitely been | outraged at Britain for selling weapons to Saudi Arabia... | throwaway829 wrote: | Expecting any honest reporting on Israel is naive. That hasn't | happened for 70+ years. | eganist wrote: | Ironically, the fact that it's not playing out as a major dust- | up in public will probably only further contribute to | conspiratorial thinking in re: the Israeli gov't. | l33tbro wrote: | Israel seems to have a relative degree of immunity when it | comes to subverting UK pol. Anyone ever see the investigative | journalist piece of the Zionist group trying to subvert the | UK Labour Party? They had a journalist go undercover for 6 | months recording all kinds of things they weren't meant to: | | https://youtube.com/watch?v=ceCOhdgRBoc | | There was only minor fallout from this incident, and I | imagine it will be the same here. | usrn wrote: | inter_netuser wrote: | Numbers? | girvo wrote: | recuter wrote: | This is one of those Pepsi things, probably a bot.. | BitwiseFool wrote: | >"I'm surprised this isn't a major diplomatic incident between | the UK and Israel too." | | I think Realpolitik is the reason why and that's all I'm going | to say about that. | recuter wrote: | The realpolitik of it is that Johnson some weeks ago went to | the Saudis hat in hand asking for oil after they've stopped | responding to phone calls from _POTUS_. | | Last year: The Saudi crown prince, Mohammed | bin Salman, warned Boris Johnson in a text message that UK- | Saudi Arabian relations would be damaged if the British | government failed to intervene to "correct" the Premier | League's "wrong" decision not to allow a PS300m takeover of | Newcastle United last year. | | The takeover of the club was of course completed shortly | afterwards. As were the weapons sales. | | As for the NSO, it is rather likely that the UK government | itself is a client. In fact taking all of that into account | it isn't unlikely that the UK government is more than just a | customer and was already aware of being "hacked". But that's | all I'm going to say about that. | forum_ghost wrote: | odds are UK and UAE mutually hacked each other. | manquer wrote: | Some context/background to the deal | | the sale has been stalled for more than a year at that | point , the league had decided arbitrarily to put a fitness | check and delay(not reject) the deal. Roman, usmanov | (minority holder ) and Abu Dhabi sovereign fund are current | owners of major clubs before Saudi Arabia . | | The stalling and later approval has nothing to do with | concerns of sportswashing (PL has sold out any morality | they had long before then). The block and later approval | was mostly because Qatar was pissed . | | Qatar owns PSG , hosting 2022 World Cup and most | importantly owns lucrative PL broadcast rights in Middle | East. | | beIN with Saudi government informal support has been | streaming matches illegally. Complicating this Qatar for | last 4/5 years has been pretty much isolated in Middle East | and kicked out of many forums in unrelated diplomatic | fights. | | In the end Saudi paid 1Billion pounds to Qatar to settle | that dispute before Newcastle could be bought. | | Sovereign/government influence peddling and involving in | sports clubs is nothing new. Real Madrid has benefited a | lot over the years , west ham got a brand new stadium for | nothing , even in the U.S. favorable policies , tax breaks | are used heavily to attract sports teams at city /state | level all the time. | | Democracy or dictators sports are cheap trick to improve | ratings , it has been used at least since gladiators in | Rome as a tool. | | My intention is not defend Saudi actions just that it is | not surprising governments were involved. | | Disclaimer : I am a Newcastle fan | recuter wrote: | > Disclaimer : I am a Newcastle fan | | As-salamu alaykum | | I reckon the fans of rival clubs will absolutely | terrorize you with taunting going forth. | nickt wrote: | I'm sure the Sunderland lads have already clocked it. | Feel free to drop by... | | https://www.readytogo.net/smb/ | slickrick216 wrote: | The UK sells weapons. Should they be blamed for anyone who is | affected by them? Regardless of your own opinion they would | argue no. So they can't be hypocritical. | | UAE on the other hand is a decrepit money laundering people | smuggling cesspit and should face the full brunt of Iran/Russia | style sanctions. | axlee wrote: | I can guarantee you that if the UK was supplying weapons to a | country that was using them against its own allies, there | would be an incident, and at the very least they would stop | supplying them. There is no hypcrisy - yet. | baybal2 wrote: | baybal2 wrote: | postingposts wrote: | I really don't feel that anyone is prepared to have a _serious_ | discussion regarding Israel, and I believe that's mainly | because of the large populations which are adherents to | Abrahamic religion (i.e. Judaism, Christianity, Islam) and the | relationship that these share between wealth and propping | nations up. | | I think there are quite few people here on Earth prepared to | have a very serious discussion about the amounts of death, | violence, and in general _tolerance_ for the above that this | _particular_ religion has. That is, I think people will stick | to the broad generalizations as opposed to discussing the meat | of the topic. | runnerup wrote: | > I really don't feel that anyone is prepared to have a | serious discussion regarding Israel, and I believe that's | mainly because... | | ...Israel's intelligence finds or creates blackmail on more | than enough key politicians and their staff in the western | countries. | postingposts wrote: | "Israel's intelligence" is like a gang member calling | themselves "lil NSA" or some shit. It's the NSA and | globalist interests within the US who don't like the idea | that nations are nations and they don't control the Earth. | It's very insulting to people with compensate for a lack of | personality or wit with egotism to be told you can't just | "do whatever" when you have a billion dollars. Again, I | think no one is ready for a serious conversation about | this. We don't consider our rich mentally ill, and | therefore there can be little else to be said or done. | nonrandomstring wrote: | And what were GCHQ, MI6 and NCSC doing to protect our prime- | minister at this time? | | We have a problem in democratic nations. I've written about it | here [1]. Bruce Schneier has also addressed it in his own way. | | Our lack of any framework for civic cybersecurity is a disgrace. | People in future ages will look back on our time as a wild-west. | | A solution can only come from a ground-up awareness through | education. | | [1] http://www.icicte.org/assets/icicte2019_5.4_farnell.pdf | haltingproblem wrote: | Britain is not a democracy in any modern sense of the word. | | There is no constitution, bill of rights, and while there are | elections in the mainland, Britain had concentration camps in | Kenya as recently as 1967, where large numbers of people, who | were ruled by the British, not only could not vote but also | were tortured for asking for the right to vote. Britain even | them claimed the mantle of "World Oldest Democracy"/ "Cradle of | Democracy". | | The Queen, who is also the head of the Church of England, and | the "defender of the faith", nominates huge numbers of Bishops | to the British Parliament. Many _hereditary_ "Peers" hold title | and they cannot prevent Bills from Passing but they can hold | them up and amend them. | | Monarchy, sans constitution, with electoral exercises - but one | person, one vote, democracy Britain is not. Some votes like | that of Peers and Bishops and matter more. | | The West which endlessly criticizes China and other countries | needs to own up to what a democracy is and what is not and stop | LARPing as one. | nonrandomstring wrote: | I'm trying to understand why the toys flew out the pram when | I said "democracy". Did it offend, as if to say "Hey we live | in a democracy and by implication all other countries are | shite" ? I didn't mean that. It's a very loaded word, so | sorry if it "triggers". Notice I didn't say functional | democracy. I guess along with it goes a whole slew of hidden | values, like how we expect public figures to behave, and how | we expect institutions to work. | | respects | Veen wrote: | There's so much that's factually wrong with this comment I | don't know where to start. 1. The UK does have a Bill of | Rights (It's different in England and Scotland). The English | one pre-dates the US Bill of rights by a century[0]. 2. It | does have a constitution, but not a written constitution in | the American sense[1]. 3. The Queen doesn't nominate Bishops; | she rubber stamps nominations by a committee who are approved | by the PM. 4. The Queen does not vote in elections. | | [0]: https://en.wikipedia.org/wiki/Bill_of_Rights_1689 | | [1]: https://en.wikipedia.org/wiki/Constitution_of_the_United | _Kin... | orf wrote: | > There is no constitution, bill of rights, and while there | are elections in the mainland | | The UK is a constitutional monarchy and does have a bill of | rights. | | > nominates huge numbers of Bishops to the British Parliament | | It's a bit more nuanced than that. The Queen doesn't nominate | anyone to Parliament, at least not in the way you're | implying. Just like she has to sign a bill into law before it | has any effect, she does so as a ceremonial function rather | than with a critical eye which is exactly the same as with | nominations like this. | | To take any action _but_ that which is recommended to her by | relevant (elected) parties would result in a pretty big | crisis that would ultimately see her ceremonial roles | stripped. | | > Many hereditary "Peers" hold title and they cannot prevent | Bills from Passing but they can hold them up and amend them. | | The house of lords is a pretty good check on the house of | commons. Implying it's purely a thing that functions to "hold | up" bills is rather incorrect. | | > Britain even them claimed the mantle of "World Oldest | Democracy"/ "Cradle of Democracy". | | I've never seen such a thing, have you got a source? | nonrandomstring wrote: | Dude I live there, it's a green and pleasant land, especially | on summer Fridays after a beer by the beach. Quite good | enough for me. | dundarious wrote: | The Johnson government has been widely but toothlessly | criticized for using WhatsApp on personal devices to conduct | affairs of state (and deleting messages, failing to hand over | messages to investigations, etc.). My personal opinion is that | they don't care too much about this type of thing (being hacked | by UAE, etc.), and are preoccupied with more selfish matters. | It can be quite profitable to be the butler to Gulf, Russian, | and UK billionaires. | pydry wrote: | >And what were GCHQ, MI6 and NCSC doing to protect our prime- | minister at this time? | | Preparing an advertising campaign against E2E encryption: | https://www.engadget.com/the-uk-government-is-reportedly-pla... | jll29 wrote: | > And what were GCHQ, MI6 and NCSC doing to protect our prime- | minister at this time? | | Nobody is perfect - but there are people who blatantly ignore | ITSEC best practices and are therefore almost unprotectable. | forum_ghost wrote: | >Bruce Schneier has also addressed it in his own way. | | very interesting, can you link to it? tia! | nonrandomstring wrote: | Sure I guess this one [1] is fairly typical of Bruce's | psoition. He identifes as (coined the phrase?) working as a | "public interest technologist". He mentions this throughout | his writing. I took to using the term "civic cybersecurity" | and "digital self defence" after about 2014. I think we're on | the same page, loosely. | | [1] https://www.schneier.com/essays/archives/2019/02/public- | inte... | drexlspivey wrote: | Can't phone vendors have people pose as a client to NSO to get | access to the latest RCE and patch it? | tomatowurst wrote: | The question is then what phone exists that is immune from this? | A flip phone? A Nokia 1011? I might be completely misinformed but | seems like SIM card and the underlying OS is vector. What happens | if I use a cell phone from late 90s and early 2000s? What is | there to hack with those flip phones? JavaME over the wire? What | if the cell phone dates even further? | | Legitimately curious what options is there. Could If you are | someone of interest then it seems like having a smartphone is an | automatic liability. What then solution is possible since sending | and reading a simple text message is enough to escalate | privilege? | EwanToo wrote: | No technology is entirely secure today, we haven't built it in | a provably secure way | | The most secure today is probably a Pixel 6 running a secure | messaging app with a limited attack surface, no image support, | no emoji, etc. Removing all the standard apps including the | browser and Webview engine would significantly help. | | If you could switch an iPhone into a secure mode which removed | large chunks of messaging functionality then it would be the | preferred option. | xiphias2 wrote: | Probably PGP encryption / authentication using files on an SD | card with a computer separated from internet is your best bet | for secure communication. An ,,easier to use'' version can use | a firewall that only allows the PGP emails through, at least in | that case the firewall can be made simple and secure. | usrn wrote: | I would be shocked if people couldn't find an RCE in an early | 2000s flip phone. I had a friend who had hers since 2010 and | MMS crashed it all the time. | b33f wrote: | If you're talking about flip phones and trying to protect | against an eavesdropper of a phone call or SMS, then there's | no point. The network that these phones used is full of holes | already https://en.wikipedia.org/wiki/Signalling_System_No._7 | #Protoc... | mrtksn wrote: | I'm curious about the threat modelling of those high level | officials. With all these hacking going on, if feels like it's | not been a consideration. | | Pegasus claims iOS and Android hacking capabilities, one would | expect more specialised communications being used at that level. | Car companies provide specialised vehicles for governmental use, | I would have expected to see specialised iOS or Android devices | at least. Nothing completely out of this world but with special | software configurations and features to detect and prevent | attacks. | pomian wrote: | Time to revamp the black berry. | mardifoufs wrote: | The RCMP had access to all the encryption keys for the | blackberry messaging back end :). They could basically access | any message that was sent through RIM servers, and used that | access pretty often (sometimes at the request of foreign | governments). | postingposts wrote: | Well, they certainly _won't do it again_! Therefore, this | should be ignored and not logically used to infer that | governments spy on citizens! | xanthrax wrote: | I'm pretty sure its just accepted it is government by WhatsApp | groups. | dillondoyle wrote: | ;) always a scandal. When Dems do it.. Politicians of both | parties routinely use apps like wickr and signal. often | illegally not following records keeping laws. | | I know obama had a special blackberry made so he could use | email on mobile. | | I'd be surprised if the federal government hasn't created a | mobile version of SIPRNet yet? | | I work in politics (low level compared to these elected s). | most of the committees use signal + email 2fa or similar now. | But that does nothing against sate sponsored hackers with 0 | days. Maybe rotating burner phones and chat platforms would | work better, but probably not worth it for the vast majority | unless doing something sketchy. | dboreham wrote: | Perhaps they hacked honeypot devices and were thus fed | disinformation. UKG has mounted such operations (some with high | level of sophistication) since 1945 at least. | KMag wrote: | Obviously this news is a bit embarrassing for both the UAE and | the UK, but if the UK's response isn't to press the UAE for a | reciprocal no-hacking treaty, then presumably the UK is trying to | keep its options open. Unless I'm mistaken, the UK isn't | surprised that it doesn't have any treaties with the UAE | prohibiting this sort of thing... live by the hack, die by the | hack. | nickdothutton wrote: | UK has been through a period of getting very cosy with the | Qataris, which began during the Cameron era and has since (I | believe) cooled a bit. | etiam wrote: | As appalling as this intrusion is, I can't help but feel there is | some measure of propriety that it should be done to a nation | taking advantage of its impressive technological legacy to | eavesdrop on most transatlantic communications, and scheming and | hacking to subvert the communication infrastructure of friendly | countries. Not that "what goes around comes around" is going to | fix anything in this regard... | yaa_minu wrote: | This is a bit of a tangent but I think reports like these | strengthen the argument against electronic voting. There's | basically no way of building a secure electronic voting system | that can beat the security and auditability properties of old | school pen and paper voting. ___________________________________________________________________ (page generated 2022-04-18 23:00 UTC)