> let's also have a discussion about why this was sold to anyone who would pay with no oversight at all.
There will always be cyberweapon brokers. If not NSO, then someone else. And money talks.
Why would there be any oversight? What you need is plausible deniability.
I’d prefer if they started selling Pegasus to absolutely anyone at all. Like, online, for $999 a month or something. Maybe then there will be actual efforts to patch the vulnerabilities that are being exploited for it to work.
Or perhaps the security services we pay so much for could stop hoarding vulnerabilities and start patching them. So as to add to our.. security.
Of course the problem is that these services are geared towards protecting the state, as distinct from the people. It is a distinctly unpleasant legacy of the cold war. We'll learn the hard way before there's a change of mindset.
There's a big difference between an underground group doing it in semi-secrecy, vs a state-sponsored company doing it publicly. With said company somehow not being sued into the ground or said country's action not being taken as an act of war in situations like this.
> I’d prefer if they started selling Pegasus to absolutely anyone at all
The high value of what they offer comes from the scarcity, which result in lower likelihood of it being patched.
NSO isn't the equivalent of NSA. While NSA is part of the US government and actively spied on allied countries with no repercussions, NSO is a privately held company employing ex intelligence. With mandatory service at 18 and the private sector paying between 8 to 10 times more, it's common to find these intelligence boys leaving the service asap and working in different private companies.
Implying Israel has anything to do with NSO or that the government is behind it, coupled with the amount of attention this gets relative to a company like Italian based Hacking Team (which both the FBI and Russian government made business with) is cause for concern. Is this hacker news or culturally biased vent club?
I think the domain cyclonefront is nice for a new forum, don't you? You can be an admin there, grow a short mustache and do quarter jumping-jacks.
These products, just like any offensive weapon, aren't quite as useful for defensive purposes, or when used by someone who doesn't do this stuff 24/7.
The justification that "somebody else would have done it" is morally bankrupt, of course, as shown in Nuremberg or the Eichmann trial. It's also just not true: by definition, the alternative would be worse in some way, or it would have been the first choice from the beginning. For simple products, the margin between the knife you are selling and the next-best choice might indeed be small. For nuclear weapons, the marginal product is 100 % less useful, as far as I can tell: there is no other seller. For tanks, you can probably get some Sowjet era relics if you know the right people in the 'stans, which will be significantly worse than western state-of-the-art but not entirely useless.
I'd say Pegasus is somewhere between the tank and the nuclear bomb on that spectrum, right now. Which might well be the point where export controls are most useful, because they also reduce the need and incentive for others to enter the market as buyers and sellers, respectively.
Export controls don't work? Did I miss the news, North Korea bought an MERV tipped intercontinental ballistic missile from the 'free market'? Do they have thermonuclear warheads?
I am not convinced if we way we treated Iran is justified, but thats a different suvject. And after Ukraine, noone will. Ever give up nukes
There will always be cyberweapon brokers. If not NSO, then someone else. And money talks.
Why would there be any oversight? What you need is plausible deniability.
I’d prefer if they started selling Pegasus to absolutely anyone at all. Like, online, for $999 a month or something. Maybe then there will be actual efforts to patch the vulnerabilities that are being exploited for it to work.