Most active commenters
  • kragen(6)
  • bawolff(5)
  • mousethatroared(4)
  • gruez(3)
  • godelski(3)
  • nine_k(3)
  • chrz(3)

←back to thread

Samsung embeds IronSource spyware app on phones across WANA

(smex.org)
845 points the-anarchist | 105 comments | 21 Jun 25 03:06 UTC | HN request time: 2.196s | source | bottom
1. boramalper ◴[21 Jun 25 03:56 UTC] No.44334361[source]
I suspect a strong link between mass surveillance (by corporations for advertising or by states for intelligence purposes) and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.

Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.

“Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.

replies(13): >>44334595 #>>44334624 #>>44334697 #>>44334773 #>>44335164 #>>44335631 #>>44336225 #>>44336629 #>>44337014 #>>44337349 #>>44338148 #>>44344811 #>>44346475 #
2. aussieguy1234 ◴[21 Jun 25 04:47 UTC] No.44334595[source]
Weather apps are one of the worst offenders here. Almost all share your location info with data brokers if you give them location access.

Check the weather today, get bombed tomorrow.

replies(1): >>44341761 #
3. bongodongobob ◴[21 Jun 25 04:54 UTC] No.44334624[source]
Politicians are just the sales and marketing department for multinational corporations and defense contractors. They will never care.
4. FilosofumRex ◴[21 Jun 25 05:09 UTC] No.44334697[source]
Almost all of Iran's cell network system was originally installed by S. Korean firms. They've changed some to Chinese brands, but apparently the compromised S. Korean brands are still around.
replies(2): >>44334967 #>>44336055 #
5. mike_d ◴[21 Jun 25 05:29 UTC] No.44334773[source]
> I suspect a strong link between mass surveillance [...] and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.

We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.

The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.

replies(2): >>44336059 #>>44337730 #
6. Digital28 ◴[21 Jun 25 06:08 UTC] No.44334967[source]
Changing from SK to CN is a trade from intentional vulnerability to unintentional vulnerability. I’ve yet to see a secure piece of software come out of China in my 30+ years of coding.
replies(6): >>44336400 #>>44336611 #>>44336759 #>>44337107 #>>44337336 #>>44339744 #
7. htowi3j4324234 ◴[21 Jun 25 06:47 UTC] No.44335164[source]
If a state actor is after you, cookie and GAIA-id tracking should be the least of your concerns.
8. chaosbolt ◴[21 Jun 25 08:02 UTC] No.44335631[source]
I suspect Israel has backdoor access to most CPUs.

Here is how Pegasus seems: - China has 1.5 billion people, lots of resources, would profit a lot economically if they found a way to hack iOS, etc. But yet couldn't hack it. - Israel with its 7 million people, not only hacks iOS multiple times, but does it to spy on its allies.

Now I've seen the threads analysing Pegasus' complexity, I don't know if it's been reproduced, and if it has then I guess it logically proves me wrong (the tinfoil hatter in me still thinks its right though).

Here is why:

Israel has a lot of silicon fabs or R&D centers, now it makes ZERO sense for the US to have fabs or R&D centers in Israel, since that country is (allegedly) always at the risk of being bomber for no reason at all (yeah right).

Intel has had fabs in Israek since the 80s, why not in Japan or France or the UK (France and the UK are close allies to the US and have no earthquakes or risk of being bombed), why not even Canada?

And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel, then I went down the rabbit hole of when AMD started using PSP (similar tech to Intel ME), and it coinciding with it buying a large pentesting startup in Israel, then starting to build its R&D centers there, Apple and Qualcomm have similar stories.

Obviously this is all tinfoil, and while the dates coincide it's obviously not enough.

But to each their own, and I choose to treat my tech as if it was all was backdoored already, because for me the evidence (while not enough to be sure) is enough for how much I value my privacy.

replies(4): >>44335709 #>>44337018 #>>44337554 #>>44338564 #
9. cma ◴[21 Jun 25 08:44 UTC] No.44335824{3}[source]
Many are also US citizens who could work at research labs in the US without a visa. Something like 50K or 100K of the illegal settlers in the occupied West Bank alone are US citizens.
10. throw123xz ◴[21 Jun 25 09:31 UTC] No.44336055[source]
It's a mistake to assume that a very capable country can't get into a network that uses Chinese equipment/software.
replies(1): >>44336390 #
11. boramalper ◴[21 Jun 25 09:31 UTC] No.44336059[source]
Israel, like any other state, must be using a variety of methods including good old "human intelligence" so it's not either-or.

In addition, saying that

> someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university

is an oversimplification on multiple levels:

1. Low-level employees typically don't have access to sensitive information.

2. With human intelligence, there is always a risk that the person you (e.g. Israel) are in touch with (e.g. an Iranian officer) who pretends to be a "double agent" (e.g. leaking info to Israel), is in fact a "triple agent" (e.g. actually working for Iran to mislead Israel).

3. You can send your kids to foreign universities but not your siblings, your parents, your wife's family, and so on... Some of your beloved ones are almost certain to suffer the consequences of your actions. High treason is no joke.

replies(2): >>44336610 #>>44344556 #
12. PartiallyTyped ◴[21 Jun 25 10:06 UTC] No.44336225[source]
Europol now argues that privacy is not a right and that we need to “think of the children”. EU is now pushing some abhorrent policies and legislation to demand backdoors.

We, the people, need to demand and force our politicians to work for us.

13. Dah00n ◴[21 Jun 25 10:41 UTC] No.44336390{3}[source]
It's also a mistake to assume that a very capable country can't get into a network that uses US equipment/software... especially Cisco equipment with all the "forgotten" hardcoded logins. Iran is better off with Chinese equipment than American or Korean.
replies(3): >>44336552 #>>44336731 #>>44361773 #
14. Dah00n ◴[21 Jun 25 10:43 UTC] No.44336400{3}[source]
Yet in telco it is much easier and faster to get a bug fixed in Chinese equipment. IMO it is more likely you don't work with critical infrastructure than the problem being Chinese equipment.
15. kragen ◴[21 Jun 25 11:11 UTC] No.44336552{4}[source]
Nobody knows enough to say whether Iran is better off with Chinese equipment, because most of the intentional backdoors on every side of this struggle remain undiscovered by the other sides.
replies(1): >>44336643 #
16. SirHumphrey ◴[21 Jun 25 11:20 UTC] No.44336610{3}[source]
> 1. Low-level employees typically don't have access to sensitive information.

You would think, but when I was interning (well, it was a paid internship) for a company, I was fixing an excel spreadsheet with payroll information for an entire department of a few hundred people. Not the best piece of "opsec", but when you are in a hurry (pay was due in a couple of days) and most people are on vacations "hey the junior kid can probably fix it, he seems fine" is a way too common approach. And it is fine - sometimes for a long time. Until it isn't.

replies(1): >>44336739 #
17. ReptileMan ◴[21 Jun 25 11:20 UTC] No.44336611{3}[source]
Supermicro IPMI comes to mind. If it was compromised we would have known by now.
replies(3): >>44336808 #>>44342178 #>>44353340 #
18. kragen ◴[21 Jun 25 11:22 UTC] No.44336629[source]
The truth is far outside the Overton window.

Yes, privacy is a question of civil defense in the drone age. But the existing crop of states will never acknowledge that; their structure and institutions presume precisely the kind of mass databases of PII that create this vulnerability, as well as institutional transparency for public accountability. This makes them structurally vulnerable to insurgencies that expropriate those databases for targeting. The existing states will continue to clutch at their fantasies of adequately secured taxpayer databases until their territorial control (itself an anachronism in the drone age; boots on the ground can no longer provide security against things like Operation Spiderweb) has been reduced to a few fortified clandestine facilities.

Things are going to be very unpredictable and, I suspect, extremely violent.

replies(2): >>44337277 #>>44339702 #
19. dse1982 ◴[21 Jun 25 11:24 UTC] No.44336643{5}[source]
Well, China is more on the side of Iran than the US or US allies. So there is that.
replies(1): >>44336654 #
20. kragen ◴[21 Jun 25 11:27 UTC] No.44336654{6}[source]
Yes, but that doesn't imply they want Iran's telecommunications network to be a black box to the PLA.
21. mensetmanusman ◴[21 Jun 25 11:40 UTC] No.44336731{4}[source]
Not if you know math…
22. aswanson ◴[21 Jun 25 11:40 UTC] No.44336739{4}[source]
Yeah I recall being a new hire at a defense contractor, getting a login, and accidentally opening an excel sheet with a ton of management user names and logins. People are sloppy.
23. FirmwareBurner ◴[21 Jun 25 11:43 UTC] No.44336759{3}[source]
>I’ve yet to see a secure piece of software come out of China in my 30+ years of coding.

SW coming out of Korea's domestic industry giants isn't any better. Because they used to treat SW like a cost center or another item on the BoM.

IIRC, the only way to do online banking in Korea years ago, was you needed Internet explorer and some active-X plugin that supported encryption.

Some Korean giants do have good SW, but a lot of it is developed internationally by offices outside of Korea.

24. iamtedd ◴[21 Jun 25 11:51 UTC] No.44336808{4}[source]
Not only is Supermicro headquartered in USA, but it's operations are in Taiwan, which they would very much like you to acknowledge is not the same as mainland China.
replies(2): >>44339057 #>>44341169 #
25. lm28469 ◴[21 Jun 25 12:20 UTC] No.44337014[source]
If you're a valuable enough target, like these Iranians generals/scientists they just need to find you once and then they can continuously track your movements via satellite. They don't need much precision, just which building to level
replies(2): >>44337862 #>>44339636 #
26. saagarjha ◴[21 Jun 25 12:20 UTC] No.44337018[source]
> China has 1.5 billion people, lots of resources, would profit a lot economically if they found a way to hack iOS, etc. But yet couldn't hack it.

What makes you think China can't hack iOS?

27. jeroenhd ◴[21 Jun 25 12:35 UTC] No.44337107{3}[source]
When a security analysis was done of Chinese parts of the Dutch mobile network, that was pretty much the conclusion: Chinese vendors deliver software and components full of vulnerabilities, but none of them seem to be intentional.

Since then there has been a movement to reduce Chinese vendors in general our if security concerns, as well as to improve the security posture of the mobile networks by doing things like "encrypting connections" and "switching away from telnet".

On the other hand, the Chinese managed to break into the US wiretapping system, so it's not like other networks aren't vulnerable either.

replies(1): >>44337329 #
28. drewbug ◴[21 Jun 25 13:03 UTC] No.44337277[source]
I used to feel this way until I learned about counter-UAS tech.
replies(1): >>44337420 #
29. vardump ◴[21 Jun 25 13:09 UTC] No.44337329{4}[source]
> Chinese vendors deliver software and components full of vulnerabilities, but none of them seem to be intentional.

Plausible deniability.

replies(1): >>44340003 #
30. monster_truck ◴[21 Jun 25 13:10 UTC] No.44337336{3}[source]
Brother you cannot be serious with this racist take
replies(3): >>44337626 #>>44337676 #>>44341547 #
31. crawsome ◴[21 Jun 25 13:12 UTC] No.44337349[source]
Someone needs to go into congress and demonstrate to them, live, how easy it is to lift their phone numbers and call them all at once.
32. kragen ◴[21 Jun 25 13:24 UTC] No.44337420{3}[source]
That's wishful thinking. Flying drones aren't the only threat, or the main threat, and there isn't such a thing as "counter-UAS tech", only counter-yesterday's-UAS tech. Radio jamming was "counter-UAS tech" until the mass production of fiber-optic-controlled FPV drones starting five months ago, for example. You can still find vendors marketing it as such.

30 milligrams of high explosive is enough to open your daughter's skull, or, more relevantly, your commanding officer's daughter's skull, and there are a thousand ways to deliver it to her if she can be tracked: in pager batteries, crawling, swimming, floating, waiting for ambush, hitchhiking on migratory birds, hitchhiking on car undercarriages, in her Amazon Prime deliveries, falling from a hydrogen balloon in the mesosphere, and so on. And if 30mg is too much, 2mg of ricin on a mechanical ovipositor will do just as well.

All of this is technically possible today without any new discoveries. At this point it's a straightforward systems development exercise. And you can be sure that there are bad people working for multiple different countries' spy agencies who know this; they don't need me to tell them.

replies(1): >>44337635 #
33. Hizonner ◴[21 Jun 25 13:44 UTC] No.44337554[source]
> Here is how Pegasus seems: - China has 1.5 billion people, lots of resources, would profit a lot economically if they found a way to hack iOS, etc. But yet couldn't hack it.

That you know of. Maybe they just don't indiscriminately sell the results to anybody who shows they have money. Or maybe they have different strategies for spying.

> - Israel with its 7 million people, not only hacks iOS multiple times,

NSO and friends find zero-days or buy them on the open market (not just from Israel). Citizen Lab has identified specific vulnerabilities used to install Pegasus. The exploits don't require or use CPU back doors.

... and you think Israel's smaller population somehow translates into better infiltrators than China has, but not better hackers than China has? Israel also makes better halva than China, by the way.

That kind of "logic" is what turns you into a loony raving on a street corner somewhere.

> but does it to spy on its allies.

Everybody spies on their allies, at least opportunistically. But Pegasus is a commercial product, sold to basically every government and mostly used to spy on normal people, not other governments. The people writing it have ties to Israeli spies, and I'm sure it's been used by Israeli spies, but it's general-purpose.

> Israel has a lot of silicon fabs

As far as I can tell, Israel has one facility capable of making remotely serious CPUs. It's owned by Intel. There are no phones using Intel processors.

The processors in iPhones are "Designed by Apple in Cupertino" and fabbed by TSMC in Taiwan. The processors in basically all other phones are ARM, and most of them also come from TSMC. Pegasus does not run on Intel processors, ever.

> And I compared the dates of when intel started putting the Intel Management Engine in all of their CPU and the date of which they built their biggest fab in Israel

So the fab somehow reached out into the rest of Intel and retroactively caused it to develop a heavily advertised feature?

34. bbarnett ◴[21 Jun 25 13:52 UTC] No.44337626{4}[source]
Saying that a culture is poor at security dev, such as Chinese business culture, is not even remotely rasist.

There are many ethnicities in China, people of all genetic backgrounds. It is the culture that is the problem, not the race.

For example, there are many ethnically Chinese people who grew up in the West, working in businesses, in countries where there is a culture of security.

Now, you could label it 'culturalist', and maybe it is, but there are definitely inferior and superior cultures. Especially, there are parts of cultures which are quite comparable this way.

replies(2): >>44337990 #>>44338256 #
35. bostik ◴[21 Jun 25 13:54 UTC] No.44337635{4}[source]
> 30 milligrams of high explosive is enough to open your daughter's skull, or, more relevantly, your commanding officer's daughter's skull, and there are a thousand ways to deliver it

While we are talking about flying drones, we are not far off from Slaughterbots becoming reality.[0] Why bother with surgical assassinations if you can blanket entire regions with with swarms of autonomous seek-and-destroy explosives?

After all, as last two years have so amply demonstrated: people are fine with genocide.

0: https://www.youtube.com/watch?v=O-2tpwW0kmU

replies(5): >>44337823 #>>44337947 #>>44339472 #>>44340651 #>>44345068 #
36. greenchair ◴[21 Jun 25 14:00 UTC] No.44337676{4}[source]
is it racist to wonder why I rarely see a chinese restaurant with inspection score above 80? culture differences are a real thing (if you don't have your head buried in the sand that is).
replies(1): >>44352577 #
37. michaelt ◴[21 Jun 25 14:08 UTC] No.44337730[source]
> The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.

If there are spies in foreign countries going around offering life-changing sums of money for USB sticks, which people are accepting

is it not also plausible that folks at google/samsung/apple/aws/cloudflare/microsoft are getting offered life-changing sums of money for leaving their work-from-home laptop unattended for 5 minutes?

replies(3): >>44337911 #>>44340425 #>>44348621 #
38. gruez ◴[21 Jun 25 14:21 UTC] No.44337823{5}[source]
>After all, as last two years have so amply demonstrated: people are fine with genocide.

Last two years? Try last few decades at the very least. People only care about the war in Gaza more because it's controversial. For non-controversial cases people just agree it's bad but shrug their shoulders.

https://en.wikipedia.org/wiki/Bosnian_genocide

https://en.wikipedia.org/wiki/Rwandan_genocide

https://en.wikipedia.org/wiki/Darfur_genocide

replies(3): >>44338177 #>>44350733 #>>44354765 #
39. mousethatroared ◴[21 Jun 25 14:27 UTC] No.44337862[source]
"Just which building to level"

What's "just" a war crime amongst friends?

replies(2): >>44339006 #>>44339673 #
40. heavyset_go ◴[21 Jun 25 14:34 UTC] No.44337911{3}[source]
Yes, this happens. Industrial espionage is popular.

From what I've seen with bribes, it doesn't even take life-changing amounts of money.

replies(1): >>44339748 #
41. kragen ◴[21 Jun 25 14:39 UTC] No.44337947{5}[source]
Slaughterbots is just the beginning; it's definitely too late to prevent that scenario now.

Why bother? For the same reason to bother with surgical assassinations if you can blanket entire regions with nuclear fireballs. Radioactive wastelands are unprofitable! This is a general problem with genocide: it only gets you land, and since the Green Revolution land is abundant. Protection rackets, on the otehr hand, are highly profitable, but only with some exclusivity; if extortionists multiply, the unique Nash equilibrium is multiple gangs that collectively demand many times the victims' total revenues, resulting in ecological collapse.

More generally, the threat of violence is only effective as a form of coercion when you can credibly withdraw the violence as a reward for compliance. Violence provides no incentive to comply to someone who believes they are just as likely to be a victim whether they comply or not.

But swarms of autonomous seek-and-destroy explosives are plausibly the most effective way to provide that surgical-assassination threat, perhaps combined with poisons, solid penetrators, and/or incendiaries. The Minority Report spiders (not yet technically feasible) or a quadcopter can be enormously more selective than a GBU-57, a Hellfire missile, or even a hand grenade, and can choose to avert their attack at the last millisecond upon the presentation of properly signed do-not-assassinate orders, even if long-distance communication is jammed.

replies(2): >>44339391 #>>44348566 #
42. gruez ◴[21 Jun 25 14:44 UTC] No.44337990{5}[source]
>>Brother you cannot be serious with this racist take

>There are many ethnicities in China, people of all genetic backgrounds. It is the culture that is the problem, not the race.

This just seems like nitpicking to me. Colloquially most people would classify discrimination based on country of origin, or "culture" (whatever that means) as racism, even if it doesn't meet the technical definition. For instance Trump's travel bans have been called by many as "racist", even though it covers a bunch of countries, and even though the countries are majority muslim, it also excludes major muslim countries like Pakistan and Indonesia.

replies(3): >>44338501 #>>44338574 #>>44341570 #
43. larrled ◴[21 Jun 25 15:05 UTC] No.44338148[source]
“hopefully politicians will soon”

The gop is controlled by donors who are mostly free market liberals. Elon won’t let anyone “censor” (regulate) x. The democrats don’t care about national security historically, and it’s not currently an issue their cosmopolitan TikTok loving base cares anything, at all, about. “Security” is something that most democrats I talk to now associate with deportation or military spending, both of which they ferociously hate. Across parties, policy and discourse are reactive. Security requires a proactive orientation that it seems the public sector may structurally lack.

44. jonah ◴[21 Jun 25 15:12 UTC] No.44338177{6}[source]
What's ridiculous is that it's even seen as controversial by some.
replies(1): >>44340401 #
45. AJ007 ◴[21 Jun 25 15:23 UTC] No.44338256{5}[source]
There's also another point that security is really fucking expensive. Apple on Google spend billions a year on security, yet their phones are broken in to once they are a couple of years old. Big American software companies have large margins and large budgets. Those Chinese companies are running on fumes (and credit.)

Security and encryption is taken as a given by Western regulators given how many times they pass laws to break encryption. If you look at targeted 0-days, the conclusion would be more along the lines of the very best hardware+software is barely secure.

46. exe34 ◴[21 Jun 25 15:55 UTC] No.44338501{6}[source]
Just because most people are wrong doesn't mean we should encourage the dilution of words.
replies(1): >>44339245 #
47. 1oooqooq ◴[21 Jun 25 16:02 UTC] No.44338564[source]
pegasus Occam's razor:

- the smaller country hacked ios, have to sell it to recoup r&d costs, got caught many times.

- the larger country hacked ios, don't need to sell it around, haven't been caught.

48. Dylan16807 ◴[21 Jun 25 16:04 UTC] No.44338574{6}[source]
> This just seems like nitpicking to me. Colloquially most people would classify discrimination based on country of origin, or "culture" (whatever that means) as racism, even if it doesn't meet the technical definition.

Nobody is going to believe you're talking about real things if you let people call your argument "racism" so it's not nitpicking if you can explain why it's not. Also the word "discrimination" is itself a loaded term.

And yes areas having cultures is real. Sometimes it's tied to country, sometimes it's not.

> Trump's travel bans have been called by many as "racist", even though it covers a bunch of countries,

I'm confused? Covering a whole bunch of countries sharing a demographic is much more likely to be a racist move than picking one or two.

> and even though the countries are majority muslim, it also excludes major muslim countries like Pakistan and Indonesia.

That's a good argument against saying "muslim ban" but I'm pretty sure a focus on the middle east makes it more about race.

49. Henchman21 ◴[21 Jun 25 16:56 UTC] No.44339006{3}[source]
When there is no one willing to prosecute it, is it still a crime?
replies(3): >>44339186 #>>44339638 #>>44342191 #
50. riffic ◴[21 Jun 25 17:05 UTC] No.44339057{5}[source]
*its
51. consp ◴[21 Jun 25 17:26 UTC] No.44339186{4}[source]
Yes, though one without consequences. Until the next guy comes along and actually enforced it.
52. gruez ◴[21 Jun 25 17:35 UTC] No.44339245{7}[source]
I might be sympathetic to this argument if the severity actually differed, eg. people calling mean tweets "violence" or something, but that's not what's happening there. I don't see any meaningfully difference between "I'm discriminating against you because you're Chinese" (culture/nationality) and "I'm discriminating you're Han Chinese" (ethnicity). I doubt the average racist actually knows the distinction between the two anyways, and I doubt people are going to be like "oh you're discriminating based on culture instead of ethnicity? I guess that's fine then!".
replies(1): >>44339475 #
53. godelski ◴[21 Jun 25 18:06 UTC] No.44339472{5}[source]
What's important to remember is that we get to Slaughterbots with "best intentions." Trying to feel safer. Trying to kill our enemies. Trying to protect our friends, families, children. Little by little is how it happens. The road to hell is paved, after all.
replies(1): >>44348381 #
54. exe34 ◴[21 Jun 25 18:07 UTC] No.44339475{8}[source]
> I don't see any meaningfully difference between "I'm discriminating against you because you're Chinese" (culture/nationality) and "I'm discriminating you're Han Chinese" (ethnicity).

It's interesting you would write this as if nobody's pointed out actual cultural differences yet.

55. beeflet ◴[21 Jun 25 18:26 UTC] No.44339636[source]
this is a totally illogical way of understanding warfare in terms of absolutes. Not every target is worth leveling a building over. It isn't that black and white
56. bawolff ◴[21 Jun 25 18:26 UTC] No.44339638{4}[source]
Nothing stopping Iran from joining the ICC. Except that the investigations would go both ways.
replies(1): >>44342595 #
57. bawolff ◴[21 Jun 25 18:32 UTC] No.44339673{3}[source]
Some of the footage coming out of Iran of the aftermath of these assinations have shown specific rooms in buildings targeted, leaving the rest of the building in-tact. For a high value military target like chief of the armed forces, it seems unlikely that would be a warcrime as the civilian casualities would be low compared to the military advantage of the target.

[The nuclear scientists on the other hand are much more questionable because its pretty unclear if they are legal targets at all]

replies(1): >>44342569 #
58. fpoling ◴[21 Jun 25 18:34 UTC] No.44339702[source]
This has been going on in Russia on massive scale. For bribes officials sells anything including highly sensitive databases. Those were used to uncover various Kremlin-run assassins targeting oppositions. Then Ukrainian special services used those to target high-ranking Russian military officers. Russia tried to crack down on that but it just increased the database price tag.
replies(2): >>44340127 #>>44341309 #
59. dragonelite ◴[21 Jun 25 18:40 UTC] No.44339744{3}[source]
Better to swallow the poison that doesn't kill you(for now) than to swallow the one that is intended to kill you.
60. bawolff ◴[21 Jun 25 18:40 UTC] No.44339748{4}[source]
I imagine in a country like Iran where there is a sizable minority that hates the regime, someone might have done it for free.
replies(1): >>44350750 #
61. GTP ◴[21 Jun 25 19:14 UTC] No.44340003{5}[source]
If we're talking about cheap products, then it's more likely due to cost savings rather than malice. But yeah, no one can give you defitive proof of this.
62. kragen ◴[21 Jun 25 19:33 UTC] No.44340127{3}[source]
Do you have sources for that? No problem if they're not in English.
replies(2): >>44340298 #>>44401347 #
63. ponector ◴[21 Jun 25 19:54 UTC] No.44340298{4}[source]
Here is an example of such investigation into russian general: https://youtu.be/alUPgLLIxeM?si=0x1QtJrJf2yfPCZi

Or investigation into some russian topics: https://theins.ru/en/inv

64. tomalbrc ◴[21 Jun 25 20:09 UTC] No.44340401{7}[source]
It is will how some people will live in their bubble and not see the controversies
65. AnthonyMouse ◴[21 Jun 25 20:13 UTC] No.44340425{3}[source]
This is the thing that has always concerned me about Cloudflare. The structure of their operation is "we do a MITM on most of the encryption on the internet". Even if that doesn't make you immediately suspicious that it was set up as a spying operation on purpose (compare "encryption added/removed here" Snowden slide), it makes them a massive state espionage target. Do they really have the ability to resist that level of persistent targeting from every country in the world?
replies(1): >>44342149 #
66. autoexec ◴[21 Jun 25 20:51 UTC] No.44340651{5}[source]
It's sad that it was only months after that video was released that autonomous drones were being used to kill people in war. That video was meant as a warning but it was totally ignored.
67. cluckindan ◴[21 Jun 25 22:23 UTC] No.44341169{5}[source]
Memory sure is short around here.

https://www.bloomberg.com/features/2021-supermicro/

68. mattigames ◴[21 Jun 25 22:47 UTC] No.44341309{3}[source]
If Putin didn't want bribery to go rampant he would set the example, and force other top leaders to do the same, but instead he flaunts his properties, yats, women that he enjoys; but it's probably a price too high for him to pay. I bet Xi Ping enjoys similar privileges but in much more private manner.
replies(1): >>44350596 #
69. heraldgeezer ◴[21 Jun 25 23:39 UTC] No.44341547{4}[source]
Zoomers need to leave this site.
70. const_cast ◴[21 Jun 25 23:46 UTC] No.44341570{6}[source]
It's entirely fair game to criticism or even discriminate based on culture, because culture is composed of actions. If people act in such a way that you do not like, that's a valid reason not to like them.

Now, we do still need to respect cultural differences where it makes sense and consider the historical context behind cultural differences, such as colonialism.

replies(1): >>44345479 #
71. FridayoLeary ◴[22 Jun 25 00:25 UTC] No.44341761[source]
To be fair that's pretty much the forecast in both Iran and israel at the moment.
replies(1): >>44342974 #
72. scripturial ◴[22 Jun 25 01:09 UTC] No.44342149{4}[source]
Cloudflare is a US company right? One assumes it’s controlled (if not directly, then indirectly) by US intelligence interests. That would protect it from non US intelligence influence would it not?
replies(1): >>44342636 #
73. toast0 ◴[22 Jun 25 01:12 UTC] No.44342178{4}[source]
There's a lot of vulnerabilities, of course. Supermicro isn't great at releasing updates for old boards either.

https://www.cve.org/CVERecord/SearchResults?query=supermicro

74. mousethatroared ◴[22 Jun 25 01:13 UTC] No.44342191{4}[source]
Of course it is. Is a rapist innocent if he gets away?
75. mousethatroared ◴[22 Jun 25 01:56 UTC] No.44342569{4}[source]
Since Israel started the war without authorization being the security council, it's legally the aggressor. Which means the actions in of themselves are crimes, regardless of where they are conducted.

Of course, Israel has hit hospitals in Tehran. And condos. War crimes.

So, no matter how you slice it, Israel commits war crimes as a matter of course.

Now, one could object and say that Israel has to commit war crimes because it's so endangered. If that's the case, why doesn't it go to the security council and get authorization for lethal military action? Who on the security council would vote against Israel if the threat was remotely real?

replies(1): >>44343947 #
76. mousethatroared ◴[22 Jun 25 01:59 UTC] No.44342595{5}[source]
Palestine is a member and we all saw what happened there. The US has personally threatened the judges.
replies(1): >>44344346 #
77. AnthonyMouse ◴[22 Jun 25 02:03 UTC] No.44342636{5}[source]
Does the US intelligence apparatus protect its networks with some kind of theurgy preventing the government of Russia or Iran from finding any 0-day before they do from time to time, and have a source of infallible humans immune to bribery or extortion?
78. aussieguy1234 ◴[22 Jun 25 02:50 UTC] No.44342974{3}[source]
Yep, tomorrows forecast: raining fire
79. bawolff ◴[22 Jun 25 05:24 UTC] No.44343947{5}[source]
I meant my response specificly in the context of the post i was responding to - namely that Israel was tracking some high level officials and then bombing the building they were in - which is what i assume the parent was claiming was a war crime.

Other actions in this conflict of course could be crimes and require appropriate analysis.

> Since Israel started the war without authorization being the security council, it's legally the aggressor. Which means the actions in of themselves are crimes, regardless of where they are conducted.

I disagree with the way you phrased this. The analysis of if the use of force is legal in general should be separate from if individual actions are war crimes. See https://www.icrc.org/en/law-and-policy/jus-ad-bellum-and-jus... which emphasizes that jus ad bellum is separate from jus in bello.

Israel is probably going to claim self-defense here (you do not need UNSC permission for a defensive war). The claim is probably pretty far-fetched unless there is some bombshell evidence we are not privy to, as the threat does not seem imminent the way self-defense normally requires.

OTOH - the last time anyone cared about the crime of agression was germany in WW2 (although there are some voices about ukraine & russia). People tend to care much more about war crimes than crimes of aggression.

> Israel has hit hospitals in Tehran

I'm not aware of this allegation. I did hear an allegation from Iran about a hospital in Kermanshah. Regardless, if it is true, it would indeed probably be a war crime. (Generally speaking. Details do matter in these sorts of things)

> And condos

I think the analysis of this would require knowing what specificly was targeted. Generally of course, civilian housing is not an acceptable target, but if for example,it was housing for senior military leadership, that might change things.

> Now, one could object and say that Israel has to commit war crimes because it's so endangered.

If by war crime you mean commit "agression" (to be clear, the crime of agression is not a war crime. These are two separate categories of crimes), this would be an argument that the act is not "agression", since defensive wars are allowed to be done without UNSC approval. You only need UNSC approval if you are not facing an imininent threat.

> Who on the security council would vote against Israel if the threat was remotely real?

Security council is largely about geopolitics, and russia & iran are allies.

80. bawolff ◴[22 Jun 25 06:23 UTC] No.44344346{6}[source]
I mean, the ICC did issue a warrant for individuals on both sides of that conflict and seems willing to prosecute. The Palestinian national died in the conflict, so obviously could not be prosecuted. The Israeli nationals are regrettably refusing to surrender themselves, which would be an issue no matter which body attempted to prosecute (unless it was a domestic Israeli court). That is hardly a situation unique to this conflict - lots of people with warrants attempt to evade capture.

The US behaviour is despicable, but ultimately it hasn't really changed anything.

81. bigfatkitten ◴[22 Jun 25 06:58 UTC] No.44344556{3}[source]
> 1. Low-level employees typically don't have access to sensitive information.

Snowden was a contract Sharepoint admin. He was on the absolute bottom of the org chart.

82. VagabundoP ◴[22 Jun 25 07:43 UTC] No.44344811[source]
What always shocks me is how much negligence is shown by politicians and cyber inteligence wrt to standard mobiles.

Anyone who runs a country, especially senior politicians, just shouldn't have a standard mobile.

It should be a built from the ground up phone by your own countries government services. Running GrapheneOS or something.

And you shouldn't have a second phone to have your affairs either.

83. MoonGhost ◴[22 Jun 25 08:27 UTC] No.44345068{5}[source]
> After all, as last two years have so amply demonstrated: people are fine with genocide.

And open war crimes like intentionally killing civilians (TV broadcasters in Iran for example, or Gaza en mass)

84. drysine ◴[22 Jun 25 09:46 UTC] No.44345479{7}[source]
Nazis used to measure skull dimensions to discriminate on race. How do you measure "culture" of an individual? Just apply a stereotype based on the country of origin?
replies(1): >>44350801 #
85. yapyap ◴[22 Jun 25 12:46 UTC] No.44346475[source]
> “Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.

lol. lmao even.

this is the holy mary of security, politicians (US) will not give a damn as long as they’re not the ones being targeted and as long as the ad giants like google and co keep lining their pockets.

replies(1): >>44348858 #
86. nine_k ◴[22 Jun 25 16:57 UTC] No.44348381{6}[source]
Well, no. People with outright evil intentions, the kind that would hire a hitman, definitely also pour money and brains into the very same research.

Technologies are morally agnostic: a knife, a rifle, a piece of cryptography, they all work equally well for the noblest and the most nefarious purposes. It's the humans' task to structure the society in such a way that good uses of technology mostly dominate evil uses.

replies(1): >>44349437 #
87. nine_k ◴[22 Jun 25 17:21 UTC] No.44348566{6}[source]
This is correct. But the surgical precision is only enabled by the fact that a person can be reasonably well located and tracked. It's likely not hard to pinpoint a specific person of interest in a vast metropolis, but, IMHO, really hard or impossible to locate a specific wild zebra in an African savanna, because they do not wear tracking devices, and inhabit large areas. So you can target e.g. me in NYC much more easily than some specific zebra, even though the zebra is likely less intellectual and less privacy-conscious.

Hence, I suppose, important figures will eventually disappear from the public eye. Definitely, a president or a governor must be present in person at many events. But e.g. CEOs of military contractors, or even key scientists and developers in certain fields, may start to fade away, turn pseudonymous, and virtualize, now that remote work and videoconferencing is normalized. They would still be somehow trackable as normal citizens, but their visible connection to their work would be severed and kept an utmost secret, literally a life-and-death secret.

This would be good news for national defense, but bad news for any dissenters who cross any powerful-enough entities for those to consider an assassination or at least blackmailing. Unlike a hitman, a hit drone can be completely and safely destroyed beyond recognition within an hour, by burning it and grinding the ashes.

Also, precisely delivered non-lethal means could be quite effective, and hard to track. Inject or just spray a bad virus to disable your opponent for several critical months. Spray a potent allergen if the target is allergic. Inject some LSD into politician's bloodstream an hour before an important meeting or speech. "Innocent" stuff like that.

88. im3w1l ◴[22 Jun 25 17:29 UTC] No.44348621{3}[source]
> google/samsung/apple/aws/cloudflare/microsoft

One thing to keep in mind is those people are already paid quite well. What life can you offer them that they don't already have? Blackmail is a likelier angle.

replies(1): >>44350224 #
89. Tokumei-no-hito ◴[22 Jun 25 17:56 UTC] No.44348858[source]
maybe the recent attack in minnesota will change their mind - the shooter used data brokers for his plan

https://www.wired.com/story/minnesota-lawmaker-shootings-peo...

90. godelski ◴[22 Jun 25 19:06 UTC] No.44349437{7}[source]
You're missing the substance of what I've said. No one is denying evil people exist. But take a few more seconds to process what I said...
replies(1): >>44350023 #
91. nine_k ◴[22 Jun 25 20:28 UTC] No.44350023{8}[source]
I know that the road to hell is paved with best intentions. My point is that the pavement is not 100% best intentions, some intentions are outright bad, and we should acknowledge that, and prepare to face that.
replies(1): >>44351151 #
92. heavyset_go ◴[22 Jun 25 20:58 UTC] No.44350224{4}[source]
You'd be surprised. We had a cop making over $250k/year extorting people for $20 bribes here. It isn't always about the money.
93. chrz ◴[22 Jun 25 21:50 UTC] No.44350596{4}[source]
if you think you can stop bribery in communism regime then i have some news for you
replies(2): >>44350860 #>>44354710 #
94. chrz ◴[22 Jun 25 22:11 UTC] No.44350733{6}[source]
People care because they follow news. You dont send reporters where you dont want news about.
95. chrz ◴[22 Jun 25 22:14 UTC] No.44350750{5}[source]
Imagine all countries
96. const_cast ◴[22 Jun 25 22:24 UTC] No.44350801{8}[source]
You… ask them? Or they tell you?

Like, for example, cultures which are outwardly hostile towards women and their autonomy don’t keep that as a secret. In those places, it’s well known and obvious.

replies(1): >>44351059 #
97. solace_silence ◴[22 Jun 25 22:34 UTC] No.44350860{5}[source]
Agreed, they should call it campaign contributions like the U.S.
98. ◴[22 Jun 25 23:10 UTC] No.44351059{9}[source]
99. godelski ◴[22 Jun 25 23:31 UTC] No.44351151{9}[source]
Yes, I understand. I was trying to point out that essentially everyone default understands that, so it does not need be said. Bad causes bad, people know this or are hopeless. Good causes bad is non-obvious and needs constant reminder.
100. throw3434566 ◴[23 Jun 25 05:01 UTC] No.44352577{5}[source]
Depends on what you attribute the score to.

I've worked in many restaurants and a lot of the health scores are stacked against ethnic restaurants and how they prepare foods.

Your score gets knocked down if you have soups simmering for too long, but in Chinese cuisine it's often times common to have the broth cooking for more than 12 hours.

101. nullc ◴[23 Jun 25 07:31 UTC] No.44353340{4}[source]
Many vendor IPMI is so fiendishly hard to isolate from untrusted networks (or even networks in general) that it almost has to be an intentional backdoor.
102. aleph_minus_one ◴[23 Jun 25 11:41 UTC] No.44354710{5}[source]
Russia is not a communist country (anymore).
103. aleph_minus_one ◴[23 Jun 25 11:47 UTC] No.44354765{6}[source]
In many European countries people do care about the Bosnian genocide - I mean the geographical distance is not that far from where they live.

This also explains the more prevalent ignorance concerning the other two genocides of your list: they are simply for away from the place the respective person lives.

104. throw123xz ◴[24 Jun 25 00:48 UTC] No.44361773{4}[source]
Who made that assumption? The comment I replied to said that the network deployed by S. Korean firms was compromised and implied that the one from China was safe. I'm just pointing out that using Huawei or ZTE won't stop a country like Israel.
105. dredmorbius ◴[27 Jun 25 23:53 UTC] No.44401347{4}[source]
This is sufficiently-well established presently that it's almost hard to find specific documentation as it's largely accepted fact. I'm finding few hits post-2019, so it's possible that data practices have improved.

WNYC's On the Media carried several interviews with a documentarian filming Alexy Navalny as Navalny and the documentarian team identified Navalny's (initial) would-be assassins, including various FSB agents. They specifically targeted a person they'd think might have weak opsec, a scientist directly engaged in producing nerve agents (novichok IIRC). His core competence was chemistry rather than spycraft. The documentary team included a former Bellingcat investigator:

Brooke Gladstone: In the months following Navalny's poisoning, Christo Grozev, former lead Russia investigator at Bellingcat, was stuck in Vienna with filmmaker Daniel Roher. The two had just been booted from Ukraine where they had been trying to film an investigation. Now Grozev had lots of time on his hands and a laptop and a fresh stack of data from the Russian black market....

Christo Grozev: When we were looking at the Navalny poisoning, we thought, "Well, they must have used the same scientists. They can't have hundreds of scientists who do this. This has to be kept top secret. These people have to take the risk to manufacture this toxin." I started looking at the phone records of these scientists, and we bought them on the Russian markets where you can buy absolutely any kind of data.... [Navalny's people] provided the data of how Navalny had traveled to what locations. I matched it to the known travel data of the poisoners and spies. We saw this pattern, essentially a group of six to eight FSB poisoners had been tailing him for more than four years to a total of 66 different towns and cities.

<https://www.wnycstudios.org/podcasts/otm/episodes/revisiting...>

Other general coverage (searching "russia black market data"):

"Russian data theft: Shady world where all is for sale" (26 May 2019)

According to cyber-security experts, vast quantities of supposedly private data - including from Russian state institutions - are bought and sold every day....

<https://www.bbc.com/news/world-europe-48348307>

And for a long time. From 2009:

Goldmine of black market in Russian data

Gorbushka Market, just outside central Moscow, does a thriving trade in any electronics good you could want: mobile phones, plasma television sets, the latest DVDs, and, if you ask to see them, software peddlers will show potential clients a list of “databases”.

These consist of CDs with names such as “Ministry of Interior – Federal Road Safety Service”, “Tax Service” and “Federal Anti-Narcotics Service” and cost about $100 apiece. Each contains confidential information gathered by Russian law enforcement or government agencies: anything from arrest records, personal addresses, passport numbers, phone records or address books to bank account details, known associates, tax data and flight records are on offer...

<https://www.ft.com/content/07dedd34-d921-11de-b2d5-00144feab...>

Archive: <https://archive.is/UPPHK>

And 2005:

"In the stolen-data trade, Moscow is the Wild East"

<https://web.archive.org/web/20050708015611/http://www.globet...>

Adjacent article on Bellingcat OSINT generally (2024), though nothing on black markets:

"The forensic empire that is Bellingcat"

<https://www.theprojectcounselgroup.com/2024/06/19/the-forens...>