Comment by tptacek
2 days ago
This is my irritating reminder that there is a whole marketplace of implant/CNE products, most of which you have never heard of, produced in basically every jurisdiction in the world.
It used to be NSO Group that got all the press, now it's Paragon, and I think it's all for the good that the spotlight gets shone on these companies, but do keep in mind that this is not an "Israeli" phenomenon. There are American companies selling tooling that is more effective than "Graphite"; they're just more careful about publicity. Wherever it is you live that you feel is morally superior to America and Israel on commercialized CNE, you're likely to end up surprised.
The issue isn't the mere existence of spyware companies globally. The issue is that Israeli companies in particular have cornered the market on selling to the world's worst human rights abusers, with catastrophic consequences.
Let's be specific: NSO Group sold Pegasus to Saudi Arabia, who used it to track Jamal Khashoggi's inner circle before his assassination. They sold to Mexico, where it was used to target journalists' families within days of their murders. To Rwanda, to hunt dissidents abroad after imprisoning their family. The list goes on.
This isn't cherry-picking. When Citizen Lab analyzes global sypware operations, Israeli companies dominate: NSO, Candiru, Paragon, QuaDream, and arguably Cytrox (Macedonian, but Israeli leadership and investors). The common thread? Former Unit 8200 personnel, who've turned state cyber-warfare capabilities into a business model explicitly built on selling to authoritarians.
Your "but everyone does it" framing fundamentally misrepresents the issue. Yes, other countries have surveillance companies. But there's a massive difference between developing capabilities and systematically selling them to regimes that murder journalists. WHen was the last time a German or French company's tools were found on a murdered journalist's or imprisoned political dissident's phone?
The data shows Israeli companies don't just happen to have "bad PR" (or uniquely terrible luck in choosing their clients) - they actively court authoritarian clients because that's where the money is if you have no morals.
For some context: Israel has a population of less than 10 Million - less than 0.1% of the world's population. If you have a persuasive argument for why Israeli spyware is routinely found by organizations like Citizen Lab, why their products seem so uniquely popular and successful with fascists and authoritarians, I'd love to hear it. Because from where I'm standing, the clear and obvious explanation is that there is a deep, systemic issue in the Israeli private intelligence and cybersecurity sector that is entirely unconcerned with how their tools will be used, or by whom, as long as the money's right. All enabled by the Israeli authorities, who need to approve of these exports.
You're right that spyware companies exist elsewhere. But when researchers keep finding the same tiny country's products in the phones of murdered journalists and jailed activists, dismissing scrutiny as bias is itself a bias. The question isn't why Israeli companies get attention - it's why they keep selling to regimes that use their tools to crush dissent, and worse.
It's not the only market they've cornered.
If you are paying for a VPN, the odds are good that it's owned by Kape Technologies, another Israeli company staffed by former Unit 8200 personnel. PIA and a bunch of others are now under their purview.
They'll say they don't keep logs, but only an idiot would trust that.
Cellebrite also does questionable shit with phone forensics; newer products upload phone images to "the cloud." Supposedly it is instanced and law enforcement is just supposed to trust that yet another function the Justice Department outsources to Israel isn't backdoored by them, like Inslaw/PROMIS.
I wonder how they find extremely talented exploit developers. The exploits they produce probably takes years to develop at minimum
Short and sweet: Unit 8200.
Unit 8200 is Israel's elite military intelligence cyber unit - think NSA but with mandatory military service. Israelis serve in their late teens/early twenties, the most tech-savvy and promising recruits land in Unit 8200 where they develop world-class offensive cyber capabilities on the state's dime.
When they finish their service, they take those skills directly to companies like NSO, Candiru and Paragon. It's not a secret - these companies are often funded, and actively recruit Unit 8200 alumni. The talent isn't necessarily found, it's manufactured by the state and then handed off to the private sector.
That's why Israeli spyware is so effective. Arguably, it's not commercial R&D - it's military grade capabilities with a profit motive and little, if any, ethics oversight.
Probably mostly the same way everybody finds extremely talented exploit developers? By bidding for them? Why do people think exploit developers are a strategic resource like rare earth metals? They're probably uniformly distributed across the world --- including in developing countries.
Just about every single Israeli citizen is required to complete mandatory military service. In effect this means that both the local baker and the stay-at-home programmer have likely worked for the IDF in some capacity.
The only reason you're making a big deal about NSO Group is that you've heard of them.
[dead]
> Wherever it is you live that you feel is morally superior to America and Israel on commercialized CNE
It's not the tech (or lack of it) that makes me feel morally superior. It's the choice to use that tech to defend literal facists that I would find embarassing.
Exactly. As somebody with a past in security, I've often thought about the ethics of my actions. Where is the ethics of government?
If you think that sounds naive, I think you get my point. Those in power can not show worse ethics and morals than those they rule, at least not if you want to uphold the illusion of democracy and its values.
It's not a question of illusion. Classical political philosophy makes it clear that leaders must be virtuous to be good leaders, and that the consequences of having leaders without virtue are bad. No system can counteract vice; people, after all, run the system. Probably the most famous example of how the state degenerates as virtue weakens is given in Plato's Republic, but this is seen consistently.
The American founders also emphasized the requirement that, for the American republic to function, it must have a virtuous people. The democratic process means that citizens now participate in the political process and thus shoulder some of the responsibility for how well a country is governed. The virtue of citizens becomes even more important.
how come each time researchers find a new spyware, it's always an Israeli shop behind it ? maybe because Israel has developed an ecosystem and an industry around spying. I think it's evil to try to deflect the blame from israel given the fact it's currently committing genocide in Palestine
Based on what you're saying, I think I know more about this market than you do. I'm comfortable with who does and does not take me seriously. For those people who do: this "Israel" stuff is not useful for understanding what's happening in the world with respect to CNE tools.
A long time ago, I went to my first (and only) Defcon conference. There was a speaker who had worked in the US government talking about state use of hacking tools.
After the talk I went up to him and asked, "What are the countries that are using these tools?" He looked at me with a certain amount of scorn and said, "All of them."
1 reply →
Just out of curiosity - would you describe companies that are commonly in the spotlight as more mercenary than average?
6 replies →
because all of this private company linked to the former elite cyber unit that israel army has
its not surprising since israel intelligence unit one of the best in the world
I imagine most of the time it would be pretty hard to attribute which company and from which country the spyware comes from.
I'm always amazed we know the origin of these sorts of things as much as we do.
They have more experience with such things - all the expertise concentrated there. It's the same reason all the megasocialtech web apps come from Silicon Valley.
[flagged]
> You are being willfully naive (at best)
Please edit swipes out of comments on HN.