Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims (2020) (opens in new tab)

(vice.com)

147 pointsyhoiseth4y ago14 comments

14 comments

It's like the one thing universally true about spies is they can never keep it g. As a security guy, this is why you don't get involved with dodgy companies. When the pressure is on, they will pull in everyone they ever spoke to and use you protecting your rep to try get leverage. Pretty clear how he's choosing to go out.

However, I'd also be willing to make a huge bet there is zero chance the FB CISO at the time was aware of who these representatives allegedly were or approved what they were doing unless it was threat intelligence. I don't think this will be the last muck thrown by this company.

JumpCrisscross4y ago

> there is zero chance the FB CISO at the time was aware of who these representatives allegedly were

We also have zero evidence the people this guy talked to worked for Facebook. He could have been duped. He could be lying. It could have been two curious employees acting on their own.

What we can say is this guy lacks professional integrity. Throwing potential or actual clients under the bus in public is a sleazy move.

nicce4y ago

This article is from the last year, so that is also good to note. The most recent issues weren’t that public yet.

dwd4y ago

Also that Facebook's response was that NSO is misrepresenting the conversations, rather than denying that they occurred.

Unless NSO reached out to Facebook to try and sell them something, that is highly suspect.

smashah4y ago

Recent NSO story isn't new. The leaked numbers are new.

sloshnmosh4y ago

Are you sure about that? Facebook has been caught several times doing shady surveillance type stuff on its users. The VPN app that is mentioned in the thread is one. There was another incident years ago when Facebook users were forced to download antivirus software from their “trusted partners” and scan their PC’s before they were allowed to login to their FB accounts. People that had been flagged for scanning tested some theories and found that it had nothing to do with the users computer as their partner that shared the same device could login to their FB account on the same machine without having to run an AV scan.

There’s not a lot of information out there about that incident.

0xy4y ago

This isn't the first time Facebook have attempted this behavior, previously they were successful in purchasing a zero-day exploit and launching it against users. [1]

You may think that case warrants an exception, but it sets a clear precedent and encourages the hoarding of zero-days.

I think it's extremely easy to believe Facebook would launch exploits at users because they already have.

[1] https://nakedsecurity.sophos.com/2020/06/12/facebook-paid-fo...

saltedonion4y ago

Wow. I’ve heard of this case before but did not know FB bought a zero day to crack his phone.

pjbeam4y ago

I think FB can handle that task without NSO's help.

dangerface4y ago

NSO would kill for the sort of intelligence facebook gathers from phones via messenger. I don't see how facebook would benefit from any partnership with them only NSO.

annadane4y ago

I hate a lot of things about Facebook and am very critical of them but I don't trust NSO to tell the truth about this

Thanks for the downvotes appreciate it

mithusingh324y ago

Honestly...It sounds like FANG will own NSO one way or another.

hammock4y ago

Wait... This happened in 2017.

Facebook bought WhatsApp in 2014.

Pegasus is built on a WhatsApp vulnerability.

Should Facebook have patched this 4 years ago, rather than try to pay a third party to exploit it?

javajosh4y ago

It's a funny thought that FB would hire another company to exploit their own software. Because you'd think the dev wouldn't need that. But it actually makes sense, since building in an exploitable flaw (intentionally or not) is NOT the same as making real-world use of it.

Plus even soliciting a 3rd party gives you plausible deniability if someone comes asking you if you exploited the flaw yourself. Oh, to be a capitalist in the 21st century is to feel ALIVE!

j / k navigate · click thread line to collapse