8 thoughts on “Microsoft Denounces NSO Group as 21st Century Cyber-Mercenary, Its New “Zero-Click” Exploit Targets Al Jazeera – Tikun Olam תיקון עולם إصلاح العالم
task-attention.png
Comments are published at the sole discretion of the owner.
 

  1. Human Rights Don’t Exist in Brazil

    There is a criminal organization in Brazil using NSO Group’s Pegasus to infect devices for hack for hire, to incite terrorism, blackmail people, produce illegal pornography and assist in assassinations. They also have other advanced malware, like UEFI implants and even persistent implants for Kindle and Raspberry Pi. Plus face/voice recognition on every camera and microphone they can get into, in public or private places.

    Brazil won’t do anything to stop them. Only the FBI, CIA and NSA can stop them.

    There is also the possibility that they were engaged on the hack of Bezos’ smartphone.

    If you know of any security researcher who wants to reverse engineer the exploits they are using, I am more than willing to help them.

    If you want a story about how they operate, I am willing to work with you to expose them. 

  2. Let me see if I’ve got this right.

    NSO is regulated by Israel’s Ministry of Defence which grants or denies licences between NSO and its foreign-sovereign customers and NSO acted in compliance with Israel’s MOD.

    NSO is an agent of various dodgey States that target dissidents but who are themselves shielded against lawsuits by the doctrine of “foreign sovereign immunity”.

    Hardly seems fair to me.

    1. @ Forrest: No, of course you don’t have this right. The operative words in your comment are “regulated” and “compliance.” Is NSO “regulated” in any sense that a western democratic society would recognize? No. Has MoD ever denied an export license to a military or cyber-tech exporter? No. So in what sense does NSO “comply” with anything? You can make up so-called regulations which prohibit so-called violations of so-called export rules. But if you don’t enforce them, you’re making a laughingstock out of the term “regulation.” Which Israel does of course.

      As for so-called “dodgey states,” I don’t call kleptocratic murderers “dodgey.” I call them by the terms I used above. And thanks for exposing your role as a shill for NSO. The argument about sovereign immunity fails because NSO cannot claim it is both independent of its clients and an agent of them, at the same time. It is either one or the other. And if you or NSO’s lawyers believe this argument will fly, you either have wings yourself or you’re fools (or both).

      1. I don’t see Raytheon, Boeing and General Dynamics getting haled into Court over arms sales to the same dodgey States that NSO does business with; which, arms sales that have resulted in massive civilian deaths in Yemen, Libya, etc.

        But more to the point, how can NSO get a fair trial when ‘required parties’, their sovereign clients, are shielded by the FISA? 

        NSO’s sovereign clients hacked and injured WhatsApp, and as such, they are ‘required parties’ and should be joined to the lawsuit pursuant to Rule 19. 

        https://casetext.com/statute/united-states-code/title-28-appendix/federal-rules-of-civil-procedure/rules-of-civil-procedure-for-the-united-states-district-courts-1/title-iii-pleadings-and-motions/rule-19-required-joinder-of-parties

        Without these sovereign governments as parties, this suit, as a matter of basic fairness, should be dismissed. 

        Don’t you agree?

        1. @ Forrest: Unfortunately, selling weapons that kill millions isn’t a crime, though it should be. As for Yemen, the main problem is that our government has permitted the weapons to flow to Saudi Arabia. If we refused to fuel this war, then it wouldn’t matter what Raytheon made or sold. It wouldn’t be killing Yemenis. I don’t know where you got information that the US is arming either side in Libya. I strongly doubt this.

          But hacking people’s private communications and damaging the intellectual property of major companies like WhatsApp and others IS a crime. Not to mention being an accessory to the murder of journalists–it too is a crime.

          As for adding the Saudis as defendants in the case: why? NSO produced the malware. It sold the malware. It knows what use was made of the malware. It didn’t stop or control the use. It’s liable. Plain and simple. All this is easy to prove. As for making Saudi Arabia or MBS a defendant, why should a court do anything that benefits NSO, as you suggest?

          MBS will be held accountable in other ways for other crimes. THere are lawsuits pending against him for the murder of Jamal Khashoggi. He will get his due.

          Don’t you agree?

          The day you and I agree on anything will be a cold day in hell.

  3. Your animus toward NSO notwithstanding, NSO’s lawyers are not fools, as you claim.

    NSO’s lawyers will assert a claim of ‘derivative immunity’, under common law, as well as FISA.

    Common law derivative immunity is frequently asserted by domestic contractors working with the U.S. government, but it is less clear, whether derivative immunity can be applied to contractors working for foreign governments.

    NSO will cite the U.S. Court of Appeals for the Fourth Circuit’s opinion in Butters v. Vance International.
    In Butters, the court found that Vance International, a security firm working with the Saudi government, was derivatively immune from suit—not under common law doctrine, but under the FSIA.

    NSO will rely on a parallel analysis by the Butters court, wherein, before holding that Vance International was derivatively immune under the FSIA, the court also suggested that derivative sovereign law under common law—already available to private contractors for the U.S. government—should be extended to private contractors for foreign governments.

    Pundits, Richard.
    We are all pundits.
    Are we not?

    1. @ Forrest: Please don’t regurgitate NSO’s legal strategy. I outlined it already in my post and you’re essentially repeating it. Repetition is borning. No foreign company will get away with claiming immunity due to being a vendor for a foreign government. Sovereign immunity is meant to protect foreign states. Derivative immunity is meant to protect contractors working for the US government, not foreign governments. There is reason to protect sovereign states. But no reason to protect third party vendors for those states who violate both US domestic and international law. Especially when the vendor does extenstive damage not only to individual US citizens, but to companies which are the backbone of the US economy.

      You are done in this thread. And don’t bother pimping for NSO here.

  4. Unluckily, to sell weapons that kill millions isn’t a crime, there should be a law to stop selling weapons that kill civilians.

Leave a Reply

Your email address will not be published. Required fields are marked *