Comment by sReinwald
1 day ago
The issue isn't the mere existence of spyware companies globally. The issue is that Israeli companies in particular have cornered the market on selling to the world's worst human rights abusers, with catastrophic consequences.
Let's be specific: NSO Group sold Pegasus to Saudi Arabia, who used it to track Jamal Khashoggi's inner circle before his assassination. They sold to Mexico, where it was used to target journalists' families within days of their murders. To Rwanda, to hunt dissidents abroad after imprisoning their family. The list goes on.
This isn't cherry-picking. When Citizen Lab analyzes global sypware operations, Israeli companies dominate: NSO, Candiru, Paragon, QuaDream, and arguably Cytrox (Macedonian, but Israeli leadership and investors). The common thread? Former Unit 8200 personnel, who've turned state cyber-warfare capabilities into a business model explicitly built on selling to authoritarians.
Your "but everyone does it" framing fundamentally misrepresents the issue. Yes, other countries have surveillance companies. But there's a massive difference between developing capabilities and systematically selling them to regimes that murder journalists. WHen was the last time a German or French company's tools were found on a murdered journalist's or imprisoned political dissident's phone?
The data shows Israeli companies don't just happen to have "bad PR" (or uniquely terrible luck in choosing their clients) - they actively court authoritarian clients because that's where the money is if you have no morals.
For some context: Israel has a population of less than 10 Million - less than 0.1% of the world's population. If you have a persuasive argument for why Israeli spyware is routinely found by organizations like Citizen Lab, why their products seem so uniquely popular and successful with fascists and authoritarians, I'd love to hear it. Because from where I'm standing, the clear and obvious explanation is that there is a deep, systemic issue in the Israeli private intelligence and cybersecurity sector that is entirely unconcerned with how their tools will be used, or by whom, as long as the money's right. All enabled by the Israeli authorities, who need to approve of these exports.
You're right that spyware companies exist elsewhere. But when researchers keep finding the same tiny country's products in the phones of murdered journalists and jailed activists, dismissing scrutiny as bias is itself a bias. The question isn't why Israeli companies get attention - it's why they keep selling to regimes that use their tools to crush dissent, and worse.
It's not the only market they've cornered.
If you are paying for a VPN, the odds are good that it's owned by Kape Technologies, another Israeli company staffed by former Unit 8200 personnel. PIA and a bunch of others are now under their purview.
They'll say they don't keep logs, but only an idiot would trust that.
Cellebrite also does questionable shit with phone forensics; newer products upload phone images to "the cloud." Supposedly it is instanced and law enforcement is just supposed to trust that yet another function the Justice Department outsources to Israel isn't backdoored by them, like Inslaw/PROMIS.
I wonder how they find extremely talented exploit developers. The exploits they produce probably takes years to develop at minimum
Short and sweet: Unit 8200.
Unit 8200 is Israel's elite military intelligence cyber unit - think NSA but with mandatory military service. Israelis serve in their late teens/early twenties, the most tech-savvy and promising recruits land in Unit 8200 where they develop world-class offensive cyber capabilities on the state's dime.
When they finish their service, they take those skills directly to companies like NSO, Candiru and Paragon. It's not a secret - these companies are often funded, and actively recruit Unit 8200 alumni. The talent isn't necessarily found, it's manufactured by the state and then handed off to the private sector.
That's why Israeli spyware is so effective. Arguably, it's not commercial R&D - it's military grade capabilities with a profit motive and little, if any, ethics oversight.
Probably mostly the same way everybody finds extremely talented exploit developers? By bidding for them? Why do people think exploit developers are a strategic resource like rare earth metals? They're probably uniformly distributed across the world --- including in developing countries.
Just about every single Israeli citizen is required to complete mandatory military service. In effect this means that both the local baker and the stay-at-home programmer have likely worked for the IDF in some capacity.
The only reason you're making a big deal about NSO Group is that you've heard of them.
[dead]