59 replies
1d11h
I notice issues relating to these groups (israeli cyber groups) are very quick to be denied or delegitimised on HN
13 replies
1d12h
Interesting that they named their company after the Amazonian fish that can supposedly swim up your penis and lodge itself inside
9 replies
1d11h
Seems to be a pattern in these circles - there's at least also Palantir, named after the crystal ball that corrupted Saruman in The Lord of the Rings.
4 replies
1d10h
What on earth do you consider the common thread between those two names?
1 replies
1d7h
The common thread I'm seeing is "something you shouldn't aspire to be". That is, no one should want to be a candiru fish, nor a palantir.
0 replies
1d2h
@AlexBlechman
Sci-Fi Author: In my book I invented the Torment Nexus as a cautionary tale
Tech Company: At long last, we have created the Torment Nexus from classic sci-fi novel Don't Create The Torment Nexus
11:49 PM · 8 nov 2021
1 replies
1d10h
Both are "evil". (edit: I am not the poster you replied to)
0 replies
1d8h
But in this case the thinking went probably like
phishing -> fishing -> bad fish
3 replies
1d8h
To be fair it is a pretty cool/appropriate name for their line of work
2 replies
1d8h
If we're being fair, they're an evil company that does evil work for evil people. It's abhorrent that they're using Tolkien to give themselves nerd-appeal.
1 replies
1d7h
The uncomfortable truth is that nerds can be evil too.
0 replies
1d2h
I think that's more than obvious to any nerd who has ever played an online game.
2 replies
1d11h
Juvenile humor is rarely correlated with mature ethical development.
1 replies
1d9h
Our corporate processes have established that using "Fish That Swims Up Your Penis" as the name of the product might contribute to 1% sales decrease. Having in mind our focus on maximizing the profit by appealing to widest audience possible, this is the core reason why we're strongly against the chosen name. Instead, we suggest conducting market research which will determine the optiminal naming scheme for our products. We are very big and very serious.
0 replies
1d8h
Thanks, anal_reactor, very cool.
11 replies
1d12h
Sounds more like it missed. They sent him a link, and he was wise enough to not click on it.
5 replies
1d9h
I wonder how that was supposed to work? Am I to believe that they have exploits for every browser engine on every OS that infect my phone just by visiting a page? Chrome on Android and WebKit on iOS? That would be concerning, but how realistic is that?
0 replies
1d2h
Am I to believe that they have exploits for every browser engine on every OS that infect my phone just by visiting a page?
This has been the reality of mobile phone security for almost a decade now. Any sufficiently-complex digital system will be rife with UB and exploits.
0 replies
1d8h
I would guess/assume that work phones of MEPs are restricted to a specific set of manufacturers and models, which makes targeting different from having to consider all options.
They might also have specific software installed across most of them that could be part of the targeting.
0 replies
1d8h
Very. These companies pay good money for 0 days and invest considerable effort into finding their own.
Also these attacks are aimed at individuals and executed by state actors. They likely already knew what phone, OS, and browser the MEP was using and selected an appropriate attack from the catalog.
0 replies
1d2h
Yes, but the exploits are so valuable/expensive that they’ll only use them during targeted operations. Otherwise they risk burning the exploit. So just remain uninteresting and you should be safe.
0 replies
10h53m
Would cost a few million dollars upfront with effectively zero marginal cost. Less than buying one tank or starting a McDonalds.
4 replies
1d11h
Don’t we live in a world where zero click exploits are a thing? I thought the target didn’t have to click the links just receive them
1 replies
1d9h
That's why I disable HTML in emails
0 replies
1d8h
Just to be aware that's a start but it's not a full mitigation. Some of the prominent zeroclick exploits have been "rich content" in messaging products such as whatsapp[1] and imessage[2].
Definitely not an expert but I'm presuming they take advantage of the "helpful" behaviour those apps have to preview content and then pair that with some sort of exploit in the library that parses/displays the content. So say they have an exploit in a jpeg library that whatsapp uses then they send a specially-crafted jpeg via whatsapp, whatsapp "previews" the image and that triggers the exploit to compromise the jpeg library and pwn the user.
[1] https://www.ft.com/content/4da1117e-756c-11e9-be7d-6d846537a...
[2] https://appleinsider.com/articles/23/06/01/zero-click-ios-ma...
0 replies
1d10h
Zero click exploits are a thing, but they are very expensive and have limited shelf life (once they have been used a few times, they tend to get found out and patched). Most actors won’t use one, unless it is a very, very high value target. It seems that the EU parliament member was not high value enough, and got lucky.
0 replies
1d11h
not all of them are zero click :)
6 replies
1d9h
Not to downplay, but i would assume high profile people like EU parliment members would be targeted with phishing emails on a near daily basis.
Like presumably law makers would be target #1 for espionage.
Heck most ordinary people get phishing emails on a regular basis.
Idk, i guess i was expecting something more sophisticated based on the headline than just: spear phishing attempt foiled after user fails to click on the suspicious link.
3 replies
1d8h
Well, it wasn’t phishing. If the claims are correct, just opening the link would have compromised the phone. If that’s true, I find it try extraordinary. Phishing is just having a fake webpage asking for credentials, right? Infecting a phone with spyware just by visiting a webpage is much harder and much worse.
2 replies
1d7h
Spear phishing is usually inclusive of attacks from an email that involve tricking the user into doing something unsafe. E.g. see definition https://www.trendmicro.com/vinfo/us/security/definition/spea...
If the claims are correct, just opening the link would have compromised the phone
I'm not sure if that is being claimed. The twitter post just said the link would have "exposed" them to spyware. One possible interpretation is that simply viewing the link in a web browser would be enough, but i think another interpretation is that the link contained some sort of malicious download. No way to know with the info we are given. I agree that a zero-day in a web browser would certainly be more interesting, i'm just not sure that is the case here.
1 replies
16h48m
this is exactly the kind of scenario where you’d expect to find a high-value zero-day deployed (state-level actor against a known, high-value target) so I see no reason to disregard the actual claim in favor of a lesser one.
yes, this class of exploits definitely exists (a while ago there was one that worked just receiving a text message!) and is the primary reason why apple offers the lockdown mode for these sorts of people who actually might be the target of these advanced threats. Lockdown mode severely reduces the amount of “auto” shit that happens in the background, which ruins the experience but is also more secure against this style of attack.
0 replies
4h18m
Most importantly, it saves the real backdoors for American intelligence partners and the Chinese government. That way, it's only the citizens being spied on and not the puritan parliament members or Congresspeople.
The first rule of iPhone security is that you do not control the attack surface against a sufficiently large government.
1 replies
1d8h
Why would you say not to downplay when that's literally the intention of your comment?
0 replies
1d1h
I took it as OP being aware of their comment going to sound like it but wasn’t their intention
3 replies
1d7h
the spyware and other cyberattacks get published very selectively
everybody is constantly a target of attacks but what makes it to the news is the journalist choice
2 replies
1d7h
But, who sent the attack is the news. Sure we’re always bombarded with attacks by random cyber gangs, but when you’re targeted by an organization with official credentials that tends to raise some eyebrows.
0 replies
1d5h
Also if you are profiting from spying your allies is generally frowned upon.
0 replies
1d7h
The post does not claim the EU parliament member was targeted by an organization with official credentials.
2 replies
1d6h
Why has it dropped to second page already after 5 hours and 223 points/113 comments? It's tech x politics, it's perfectly acceptable and discussion worth having. Deliberately downranked?
1 replies
23h34m
It set off the flamewar detector, plus users flagged it.
0 replies
22h35m
Thanks for the transparency!
1 replies
16h23m
This is pretty common, Israel has previously spied on the ICC and intimidated a prosecutor:
https://www.haaretz.com/israel-news/2024-05-28/ty-article/.p...
Not to mention the wiretapping of phones of members of the Palestinian authority, probably lots more that we just are not aware of.
0 replies
14h50m
Palestine's PSTN is routed through Israel (at least, if any switches still exist). Of all the reasons to criticize Israel, I don't believe that wiretapping calls to/from the Palestinian Authority is one.
1 replies
1d3h
The country that is selling that software should be sanctined. People involving in the development of that software should be charged as spyes.
0 replies
23h2m
Legally, this is very feasible. Here in Sweden we have two laws which are applicable: the law against unauthorized surveillance and the law against unauthorized computer access and the law forbidding aiding anybody in such crimes.
It's only two year's imprisonment, but there's presumably a lot of participants in the exploit development etc.
1 replies
1d7h
I think people commenting on here are commenting on the "Israeli" part and are ignoring the bigger issue - which country is it that attacked the MEP.
Israel is very laissez-faire about regulating the tech industry because it employs almost 10% of the country. As such, offensive security companies sell to anyone who isn't on the US Sanctions list.
The question is which buyer did the attack.
Hidden between the lines of the reporting is that it might be Hungarian intelligence [0]
Imo, the bigger question is why Hungary, Poland, Spain, Greece, and Cyprus (all countries part of the recent EU Spyware Scandal) [1] continue to allow their Interior Ministries to attack the phones of both domestic and foreign opponents, and are abusing "Spyware for political gain" [2].
[0] - https://www.politico.eu/newsletter/brussels-playbook/orban-c...
[1] - https://www.politico.eu/article/parliament-defense-subcommit...
[2] - https://www.politico.eu/article/eu-spyware-probe-slams-gover...
0 replies
16h41m
Imo, the bigger question is why Hungary, Poland, Spain, Greece, and Cyprus (all countries part of the recent EU Spyware Scandal) [1] continue to allow their Interior Ministries to attack the phones of both domestic and foreign opponents, and are abusing "Spyware for political gain" [2].
It's also a national security issue given that Israel may be piggybacking on the spying.
0 replies
1d7h
That C-word was a great joke in seventh grade.
0 replies
1d8h
Link to the newsletter that the tweet screenshots: https://www.politico.eu/newsletter/brussels-playbook/orban-c... No paywall/login wall at least for me right now.
This piece might be relevant: https://www.leefang.com/p/inside-the-pro-israel-information
It’s a minor effort compared to the hundreds of millions Iran, China, and Russia have spent for a decade on influence operations.
Those get little air time in hard progressive or far right spaces since these anti liberal influence operations mostly promote hard progressive and far right perspectives.
Whatever Iran, China, and Russia have done is also a minor effort compared to the billions spent by the US on influence operations.
Doubtful.
So methods and tools developed to combat global extremism during the War on Terror weren't used by US tech companies at the behest of an in-power political party against opposition speech?
Is that not what the senate subcommittee has been discussing for the past two years?
Correct, they weren't. It's ridiculous paranoia.
Depends how broadly you define it.
America literally produces movies about "Captain America", a heroic do-gooder who has superhuman strength, speed and endurance and who wears a flag as an outfit. In these movies he saves the entire planet. America spends like a hundred million dollars every year on that alone.
If by "America" you mean private companies rather than government, by private decision rather than at government direction, and paid for by private citizens voluntarily purchasing the results rather than government contract, then sure.
Doubtful how? They have a legal system for it and they do it in the open... They're at 4.26 billions now(*), plus whatever they spend under the table.
(*) https://www.statista.com/statistics/257337/total-lobbying-sp...
Domestic lobbying by domestic interests is vastly different than the (foreign) influence operations we were discussing. You can't look at the total spend on lobbying and claim to be making a relevant comparison.
anti liberal influence operations do not promote hard progressive perspectives.
Wild guess: they could because the best way to make people more conservative is to make liberals look more and more extreme. These things go in cycles, when the pendulum shifts too far to the left or to the right, it tends to swiftly move back the other way, and so the cycle continues.
Example: the far right tries to depict the left as degenerates who want to make all children gay just because they support introducing LGBT+ friendly material to the school education. I'm sure some people buy that and hence become more inclined to reject the left, as who wants to "force" children to become homosexual, or transgender, right?!
Now, whether China/Russia are doing it or not, I have no idea, and I suspect no one here does. But even if they do, I have trouble seeing how they would be more capable than Europe and the US, who clearly also try pretty hard to promote their own values elsewhere, so they can hardly complain about others doing it.
Russia actually works both sides to become more heated. During the 2016 election they created facebook groups for pro and anti abortion groups and organised them to be in the same city at the same time.
I think they're also trying to break the wests spirit in terms of faith in democracy and the state of the world right now for policy and political/military advantage. In my eyes the US is currently one big foreign infleunce experiment right now via facebook
What would Russia gain from a US that is split and lack of faith in democracy? I don't doubt you're right, I just don't see what's the motivation here?
It's not like the USA will stop interfering with the world if they succeed, which I suppose may be their motivation? To the contrary, a messed up USA is incredibly dangerous. It could end up in the hands of extremists (well, it kind of already did before) who have no qualms starting a war against Russia, which would be completely devastating for Russia (maybe also for the USA, but from Russia's point of view, that wouldn't matter much).
The media makes it look like Russia is some teenager hooligan in the world stage, doing destructive things without motivation just for the sake of it, which just doesn't make sense to me at all.
Their main goal is to break the wests spirit and culture. Russia is very culture driven in its policy and goals, with ukraine being largely ideological https://www.thesaturdaypaper.com.au/comment/topic/2024/06/29...
Struggling to imagine what a "hard progressive" space might look like or even why this is a bad thing.
(Twitter tankies are annoying, but mostly on their own initiative)
Lemmy ml. Go there and you will understand why it might be a bad thing.
Hundreds of millions, you say?
https://www.theguardian.com/us-news/2020/feb/10/sheldon-adel...
https://www.reuters.com/world/us/republican-mega-donor-adels...
I'm pro-Israel, but the current Israel government is widely called far right by the mainstream media, so I don't not know what to make of your comment at all.
If you talk about general influencing: It has been known for decades that the USSR and its successors have influence operations. No need to mention it. It would be interesting though to follow the money: Perhaps your innocent "liberal" mainstream operation that is anti-meritocracy and therefore undermines the West is financed by Russia.
Does the current government seem to be the one its voter base voted for? I'm acutely aware of the backlash it's getting but I'm interested to know.
And anti meritocracy seems to be a very effective idea to push, I was more considering shattering faith in the future and changing policy personally.
Also account created 2 hours ago and only comment is on this israel post^
Can you give some examples or “hard progressive” influence ops that have come out of China, Russia or Iran?
That’s really in direct opposition to their stated aims and it just seems like a false equivalence.
How is that relevant in a discussion about Israel enabling cyber crimes and also having a massive propaganda wing that is working over time online?
Also, Russia and China aren't seen as allies by basically anyone in the west. But yeah, sure then we should treat Israel like we do Russia and China though, but I'm not sure you would.
No they're not. You're the top comment on this post, despite contributing very little to this discussion. Israel and the geopolitics around mercenary spyware coming out of that country is a very regular occurrence on this site. Despite a few instances of people trying to downplay the connection or redirect the conversation, there is ample discussion of this topic. I know this because I follow this topic closely and read discussion of almost every single one. I have yet to see any evidence of any widespread or coordinated effort to brush away these issues.
might I suggest that 'allowed discussion' isn't at all a metric by which to judge whether or not there are efforts to delegitimize a topic.
might I also suggest that sufficiently skilled efforts to direct a conversation will not be detected by most conversation participants.
In that case I would suggest that 't0lo provide us with receipts considering that most of us are not skilled enough to detect these efforts
To adequately address this claim, we (the general HN public) would need to be able to access all of the metrics regarding censored/downvoted-into-oblivion articles on HN related to Israel/Mossad/Gaza/War Crimes/etc., and we all know that there is only one individual with such power, and its not exactly in their job description to reveal to this audience just how far and wide the obfuscation/censorship goes ..
Again: I keep track of mercenary spyware pretty closely. Almost all major stories in this area end up on the front page within hours or days of them breaking, especially if they have significant new information in them. I am not an expert on any topic that touches Israel but this is the one I watch and I see no reason to believe there is suppression of this topic. If someone is acting to try to keep this away from the site, then they are evidently fairly ineffective at it.
Keeping away, no. But they are trying hard and mostly succeed to deviate the discussion.
.. and, even more importantly, the censorship cannot be considered successful on the part of the agency doing the censorship unless a) the victim audience do not know the censored information, and b) never know that things were censored.
It would appear that attempted obfuscation over this very issue can be observed in a multitude of forms ...
It obviously wasn't the top comment when I posted it. When I came into the discussion most were about not attributing it to the state in question despite no evidence either way, and downplaying it. And, the fact that my comment has come to the top means that it has seemingly resonated with a lot of users with similar experiences (~+70pts).
If you do actually follow the topic very closely, or read one or two comments further down in this thread you would have come across this link to pro-israeli astro turfing zoom call tutorials by the idf https://www.leefang.com/p/inside-the-pro-israel-information and many other examples
It doesn't matter the country. When any country is accused of hacking its always "how do you know, it can all be faked, its a flase flag". It's weird deflections and pretending hacking is a ghostly nightmare done by geniuses never seen by the light of day. The reality is so much more humble: it's a desk job done by above average workers with a couple smart ones captured by nation states. They make mistakes and thus can be tracked. But nope, each time every discussion has to rehash a sophomoric discussion on the nature of truth and knowledge.
Unless it's the US as hacker. Then no one is inpressed.
There is a large difference between "Israel participates in online propaganda" and "Hacker News conversation about spyware shies away from discussing the country it originated from".
This applies to any Western government interest group, at least for small submissions or individual comments that relate to those organizations. Large ones like the Assange release cannot be suppressed, but are full of pro-government comments that would not have been made by any software engineer before 2015.
So either the engineers have changed fundamentally, or ...
Or what? Your comment was truncated for me.
...or it's non-software-engineers writing those pro-government comments.
(just the logical conclusion of the statement, intentionally made blank)
Why couldn't the software engineers change? The geopolitical scene is much different today, and it's easy to see threats coming from your opposite pole
Can you elaborate what in your opinion changed in the geopolitical scene?
Russian invasion of Ukraine?
I can see that there is way less interest in Russia China stuff with additional positions against these countries. There where usually is rationally irrationality takes place and most people avoid to say anything.
One reason could be that it quickly devolves into Jew hatred, as the replies to your comment already has. I rarely see stories about the US getting any comments on how Americans make bread out of babies. I would much rather not have that on HN. This is not 4chan.
EDIT: I have receipts, https://archive.ph/KT4q8
You're right this is HN not 4chan, because none of the things you said have actually happened here and people can easily have good respectful debate. It feels like you're attempting to use this as a way to silence debate around the country of origin rather than anything else
It did happen: https://archive.ph/KT4q8 and to be quite frank, that is just the most egregious example and this thread is anything but respectful debate with statements like "I've taken to using it because i feel uncomfortable even naming them a lot of the time" and implying that HN is somehow afflicted by institutional corruption.
I think you misread that post. See https://news.ycombinator.com/item?id=41071644.
Btw, you don't need screenshots of HN comments. Anyone with 'showdead' turned on in their profile can read the original: https://news.ycombinator.com/item?id=41066729.
All: if you turn 'showdead' on, please don't forget that you did so, because we sometimes get emails from people asking "how can you possibly condone $horrible-comment appearing on HN?" when in reality the account has been banned for years.
So if I find a lunatic IDF member saying kill all Palestinians you would agree to stop debating this issue out of safety risks against arabs?
If any discussion of it includes Jew hatred, then HN is not the place for it.
You're referring to https://news.ycombinator.com/item?id=41066729. That comment was rightly flagkilled by users, but I believe you misread it. It was sarcastic and meant the opposite of what it appeared to be saying. In other words, it was more or less agreeing with your own view.
HN does get some genuinely antisemitic comments, most of which get posted by one or two serial trolls who keep making new accounts. We ban those whenever we see their latest incarnations—it's a whack-a-mole thing.
Edit: please see https://news.ycombinator.com/item?id=41071782 and https://news.ycombinator.com/item?id=41071809 also. I've replied in each place you posted this because people often jump to wrong conclusions about the community and it's important not to do that.
Are there sites like HN out of EU covering EU related news?
There's nothing exactly like HN out there. But EU tech. news sites exist (most have a linux focus though and you'll need to use machine translation):
https://www.theregister.com/
https://linuxnews.de/
https://www.root.cz/
https://www.golem.de/
https://www.heise.de/ct
https://www.computerbase.de/
https://gnulinux.ch/
https://www.linux-magazin.de/
Thanks!
English is required for IT.
Israel, despite being a small country, has a very successful tech/IT sector, esp in the security space. Probably IDF acolytes bridging over to the private sector. Israel is widely known to participate in social psyop campaigns as well. It is not farfetched to think they have a pulse on popular tech forums like HN.
Exactly, it's far more likely than not. It's just a question of how much. I wish this influence was catalogued and publicised like russia.
Where is Russian influence catalogued and publicised?
Well, this site is a bit more general than only Russian disinformation but has a fairly interesting database too:
https://euvsdisinfo.eu/
(It’s from the EU’s diplomatic service so it should be considered geopolitically self-interested)
It’s the octopus, clearly (and they make bread out of babies, as my grandmother used to say)
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and we have to ban accounts that keep doing it.
In this case you triggered another commenter into a complete misunderstanding (https://news.ycombinator.com/item?id=41066935), taking your comment to be not only serious but also representative of the community. Given the high level of inflammation around this topic (everywhere, including on HN), that is seriously not cool.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and sticking to the rules in the future, we'd appreciate it. It looks like you've been breaking them for quite a long time, not just with drive-by flamebait like the above and https://news.ycombinator.com/item?id=41066717, but also with ideological battle comments generally. If you want to keep posting here, we need you (as with any other user) to drop that.
Not my impression, can you share an example?
It's the new world we live in. Every power group has their army of adherents they can tap to kill a story they don't like. Even those we generally consider "goodies" do this now.
They get discussed a fair bit, as other commenters have pointed out. But these stories tend to blend into each other after a while. It's hard to pick out which ones are new/interesting and eventually readers respond with fatigue to the entire category.
This phenomenon is generic and happens with every cluster of repeated-related stories. The only reason people are interpreting it differently in this case is that they are already conditioned to treat that topic as a special case and therefore assume there must be some special thing going on. Both sides of the conflict do this, btw.
Anything attributed to Russia or China also is, but usually the grammatical mistakes give the game away.