The NSO group are ex-Mossad who decided working for the government does not pay as well as making money out of exploits, probably obtained at the highest levels of top secret work.
So far, they have been tolerated by the Israeli government as they all went to the same schools, all did the armed forces service together, and all know each other. This allowed them to get a free pass so far. Privately, many of their ex-colleagues, are very critical of their lack of ethics.
All this will change, the day some of the NSO exploits will be used against Israel, the same way some of the NSA leaked tools are now used in the wild.
NSO group is ex unit 8200, which is military signals intelligence. So in American terms, it's the NSA not the CIA. The distinction is important in a country with mandatory military service. You get a large number of people who go through, get trained, and then leave because it never was a career. A number of them take their skills to the private sector.
Mossad, on the other hand, is a civilian intelligence service and I'm told there's a strong tradition that its members don't freelance their services after leaving.
"Most of this data is shared internally across the
IDF (as well as sometimes externally, cf. 3.3 below) to
the Unit’s relevant stakeholders, whether combat
troops, decision-makers or other intelligence agencies
such as Mossad. Or as Yair Cohen, who served 33 years
in Unit 8200, the last five (2001–05) as its commander,
put it, "90% of the intelligence material in Israel is
coming from 8200 […] there isn't a major operation,
from the Mossad or any intelligence security agency,
that 8200 is not involved in"
>"...Mossad, on the other hand, is a civilian intelligence service and I'm told there's a strong tradition that its members don't freelance their services after leaving..."
Tradition is not what it used to be:
"Black Cube: The Bumbling Spies of the ‘Private Mossad’"
"...Despite some missteps, Black Cube “has to turn clients away
because it cannot service all the demands,” said Mr. Halevy,
a former head of the Mossad, an Israeli government intelligence agency. He said Black Cube has worked on 300 cases since being founded in 2010 by two former Israeli military intelligence officers,
Dan Zorella and Avi Yanus..."
"Harvey Weinstein hired ex-Mossad agents to suppress allegations, report claims"
It's an important distinction. The fact that huge numbers of people rotate through the hacking side of 8200 (like the NSA, vast majority of 8200 members don't work on that) is what drives the supply.
Intelligence services typically have less turnover. Though that is changing, particularly for NSA, where people leave to go to contractors.
Also, frankly, describing NSO as ex Mossad just makes phone malware sound much more complicated than it is and much harder to stop. At the end of the day, its software, written by people in much the same way any software is written. It just exploits mistakes other software devs made so that it can run.
"by two former Israeli military intelligence officers, Dan Zorella and Avi Yanus."
emphasis on "military intelligence officers" i.e. not mossad. this is like mixing up the CIA and FBI. to an outsider they might appear the same, but that's not really the case.
"Ilan Mizrachi, a former deputy head of the Mossad, Israel’s intelligence agency, said that he sees nothing inherently wrong with former intelligence operatives working for civilian enterprises. “Some people I know went into journalism, some are consultants,” he said. “Among many other professions, some work for companies like Black Cube.”
Quote from the article:
"Despite some missteps, Black Cube “has to turn clients away because it cannot service all the demands,” said Mr. Halevy, a former head of the Mossad, an Israeli government intelligence agency..."
This is myth. Russian systems are suffering from malware just like others. And probably more, because it's easier for local criminals to target local companies. It might be true for a very tiny fraction of malware, but that's definitely an exception, rather than rule.
Of course if there are state-sponsored hackers (I'm not really aware if those exist, but I allow this possibility), they will target whatever their management points at. And with corruption it's pretty possible that some local business could be targeted as a part of some financial wars.
But majority of hackers are just some guys with some IT knowledge and zero morale. They'll buy some exploits and tools on black markets, duct tape them into something and release in the wild, waiting for profits (or police). They'll rob banks or babushkas, they don't care.
It is not myth for ransomware. Many documented cases. It's essential to the survival of these groups; local cops more likely to leave them alone if they leave local businesses alone.
> It's essential to the survival of these groups; local cops more likely to leave them alone if they leave local businesses alone.
Which is a huge misconception outsiders have about this scene. They are Russian-speaking, not Russian, just like English speaking gangs are not necessarily English. These groups may (and often do) consist of nationals of different exUSSR countries, sometimes without even knowing each other personally. They might not even be a single group, just some individuals doing different parts of the scheme. (including "press releases" and "interviews" they sometimes do)
It has been the case long before all this ransomware fad. Russia, Ukraine, Kazakhstan, Belarus, and partially Lithuania had world's top CC theft gangs for a couple decades, and they always been of mixed origin. They mostly steal EU and US cards because it offers better reward/risk ratio, compared to the home countries which are poor. But nothing stopped them from stealing CCs in Russia or Ukraine either, certainly not some mythical cops (who couldn't care less in reality); in fact, skimmers are widespread in those countries as well.
Ransomware groups are the same as CC thieves, it's just a different scheme; they probably avoid home countries for the same reason (same risk, less reward). The state can't possibly have too much influence on them, it just triggers the bullshit detector for anyone who lives in any former Soviet republic and knows about this stuff at least superficially.
It's specifically because Russian prosecutors couldn't care less if there are no Russian victims. By doing this they know there is next to zero chance of criminal proceedings.
> So far, they have been tolerated by the Israeli government
Why wouldn't the Israeli government tolerate them? If anything, doesn't their government benefit from groups like this?
They get access to spy tools that they didn't have to use taxpayer money to fund, and because it's former members of their own intelligence working on it, they have some semblance of influence over how it's used.
That's my understanding too. Funding is not really an issue, 8200 has one of the biggest budgets in the army but they are bound to the law and regulations, NSO on the other hand can pass the lines and keep Israel uninvolved
Not really. Israel likely openly shares secrets with other Five Eyes countries and so it gets a sort of free pass from geopolitical pressures. Its a mutually beneficial exchange. Additional to the Mossad comment, the Israeli students who work for these group take an entrance exam at 17 and that recommends them for what's known as UNIT 8200 which is a feeder network/NSA clone.
Israel is only peripherally and reluctantly involved in the confrontations with Russia and China at the heart of 5E interests, and it neither trusts nor is trusted by 5E countries to the level of sharing intelligence sources or tools except in specific, transactional interactions.
American and Israeli politicians like to talk about Israel being America's "closest ally", but those are just pretty words. Israel's real selling point to the US is that it's a low-maintenance ally.
The United States has thousands of troops deployed across the Gulf to defend its allies there. It has another several thousand as a "tripwire" in South Korea.
US troops have died in combat defending Saudi Arabia and Kuwait. They've been killed by militants directly supported by Pakistani intelligence services.
How exactly is Israel "high maintenance" by those standards?
If you want to define away sending hundreds of thousands of troops to defend Saudi Arabia, using those troops to free Kuwait from foreign invasion, and then keeping those troops in both countries (where they've taken everything from car bombings to shooting attacks) as defending her own interests rather than those states, then you can define away any action taken on behalf of an ally that way. To take this to an extreme: by that definition, US defense of South Korea isn't "aid to an ally".
There is a legitimate argument that US aid to Israel isn't well thought out rationally, but the only reason that's plausible is that a few billion a year and low-cost diplomatic statements/votes aren't a big enough deal for the Serious National Security Considerations to come into play.
I think the hostility encountered by the US in the Middle East is entirely a function of protecting her own interests in a complicated and contested region. Maybe necessary, definitely inevitable.
The human suffering on all sides is a cost of doing business. This is deemed acceptable by the US govt and not contested by the hosting countries for various bad reasons. It is nothing more special than that. There is no grand righteous moral justification, but that is a useful fiction.
I apologize if this offends you, and I don't share it to be disrespectful -- just to explain my perspective.
I mean, sure. The moral question is important! But I was starting from a thread of people who didn't understand the real-life character of the Israeli-American relationship.
If you're trying to describe the actual actions of the parties involved, morality is not a useful analytical or predictive tool; that comes into play when you yourself try to act.
It gives Israel military aid on the order of $3-4B per year. On US budget orders of magnitude that's peanuts, and comes with none of the US troop or naval commitment of e.g. the Saudi or Korean alliances.
> All this will change, the day some of the NSO exploits will be used against Israel, the same way some of the NSA leaked tools are now used in the wild.
Yes. The bipartisan USA Freedom Act limited several aspects of the NSA's dragnet [1]. Amendments weakening the bill were defeated [2]. Less materially, a documentation requirement for § 702 searches of U.S. persons was added in 2018 [3].
I’m skeptical the NSA doesn’t just ignore or creatively interpret laws it doesn’t like, given their past history and the consequences for their misbehavior.
I mean when the CIA got busted not only spying on Congress a few years ago, but also lying about spying on Congress, they were told “don’t do that again please.”
It's mind boggling Clapper wasn't crucified for this.
This sort of thing keeps happening and some sketchy outsider may get elected with catch phrases like "Drain the swamp". Oh wait...
It’s also the Mossad/Israeli government realizing that their capabilities and interests can be advanced by having the hacker mercenary services for sell.
the high tech industry in Israel is not that big. If you look at the companies that make COTS microwave and millimeter wave telecommunications equipment, they're not too different from the other .IL companies which make advanced radar systems, jammers, and avionics for aircraft.
I imagine it's similar for black/grey-hat software development.
So far, they have been tolerated by the Israeli government as they all went to the same schools, all did the armed forces service together, and all know each other. This allowed them to get a free pass so far. Privately, many of their ex-colleagues, are very critical of their lack of ethics.
All this will change, the day some of the NSO exploits will be used against Israel, the same way some of the NSA leaked tools are now used in the wild.