Most active commenters

    ←back to thread

    Samsung embeds IronSource spyware app on phones across WANA

    (smex.org)
    845 points the-anarchist | 14 comments | 21 Jun 25 03:06 UTC | HN request time: 0.001s | source | bottom
    Show context
    boramalper ◴[21 Jun 25 03:56 UTC] No.44334361[source]
    I suspect a strong link between mass surveillance (by corporations for advertising or by states for intelligence purposes) and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.

    Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.

    “Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.

    replies(13): >>44334595 #>>44334624 #>>44334697 #>>44334773 #>>44335164 #>>44335631 #>>44336225 #>>44336629 #>>44337014 #>>44337349 #>>44338148 #>>44344811 #>>44346475 #
    1. mike_d ◴[21 Jun 25 05:29 UTC] No.44334773[source]
    > I suspect a strong link between mass surveillance [...] and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.

    We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.

    The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.

    replies(2): >>44336059 #>>44337730 #
    2. boramalper ◴[21 Jun 25 09:31 UTC] No.44336059[source]
    Israel, like any other state, must be using a variety of methods including good old "human intelligence" so it's not either-or.

    In addition, saying that

    > someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university

    is an oversimplification on multiple levels:

    1. Low-level employees typically don't have access to sensitive information.

    2. With human intelligence, there is always a risk that the person you (e.g. Israel) are in touch with (e.g. an Iranian officer) who pretends to be a "double agent" (e.g. leaking info to Israel), is in fact a "triple agent" (e.g. actually working for Iran to mislead Israel).

    3. You can send your kids to foreign universities but not your siblings, your parents, your wife's family, and so on... Some of your beloved ones are almost certain to suffer the consequences of your actions. High treason is no joke.

    replies(2): >>44336610 #>>44344556 #
    3. SirHumphrey ◴[21 Jun 25 11:20 UTC] No.44336610[source]
    > 1. Low-level employees typically don't have access to sensitive information.

    You would think, but when I was interning (well, it was a paid internship) for a company, I was fixing an excel spreadsheet with payroll information for an entire department of a few hundred people. Not the best piece of "opsec", but when you are in a hurry (pay was due in a couple of days) and most people are on vacations "hey the junior kid can probably fix it, he seems fine" is a way too common approach. And it is fine - sometimes for a long time. Until it isn't.

    replies(1): >>44336739 #
    4. aswanson ◴[21 Jun 25 11:40 UTC] No.44336739{3}[source]
    Yeah I recall being a new hire at a defense contractor, getting a login, and accidentally opening an excel sheet with a ton of management user names and logins. People are sloppy.
    5. michaelt ◴[21 Jun 25 14:08 UTC] No.44337730[source]
    > The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.

    If there are spies in foreign countries going around offering life-changing sums of money for USB sticks, which people are accepting

    is it not also plausible that folks at google/samsung/apple/aws/cloudflare/microsoft are getting offered life-changing sums of money for leaving their work-from-home laptop unattended for 5 minutes?

    replies(3): >>44337911 #>>44340425 #>>44348621 #
    6. heavyset_go ◴[21 Jun 25 14:34 UTC] No.44337911[source]
    Yes, this happens. Industrial espionage is popular.

    From what I've seen with bribes, it doesn't even take life-changing amounts of money.

    replies(1): >>44339748 #
    7. bawolff ◴[21 Jun 25 18:40 UTC] No.44339748{3}[source]
    I imagine in a country like Iran where there is a sizable minority that hates the regime, someone might have done it for free.
    replies(1): >>44350750 #
    8. AnthonyMouse ◴[21 Jun 25 20:13 UTC] No.44340425[source]
    This is the thing that has always concerned me about Cloudflare. The structure of their operation is "we do a MITM on most of the encryption on the internet". Even if that doesn't make you immediately suspicious that it was set up as a spying operation on purpose (compare "encryption added/removed here" Snowden slide), it makes them a massive state espionage target. Do they really have the ability to resist that level of persistent targeting from every country in the world?
    replies(1): >>44342149 #
    9. scripturial ◴[22 Jun 25 01:09 UTC] No.44342149{3}[source]
    Cloudflare is a US company right? One assumes it’s controlled (if not directly, then indirectly) by US intelligence interests. That would protect it from non US intelligence influence would it not?
    replies(1): >>44342636 #
    10. AnthonyMouse ◴[22 Jun 25 02:03 UTC] No.44342636{4}[source]
    Does the US intelligence apparatus protect its networks with some kind of theurgy preventing the government of Russia or Iran from finding any 0-day before they do from time to time, and have a source of infallible humans immune to bribery or extortion?
    11. bigfatkitten ◴[22 Jun 25 06:58 UTC] No.44344556[source]
    > 1. Low-level employees typically don't have access to sensitive information.

    Snowden was a contract Sharepoint admin. He was on the absolute bottom of the org chart.

    12. im3w1l ◴[22 Jun 25 17:29 UTC] No.44348621[source]
    > google/samsung/apple/aws/cloudflare/microsoft

    One thing to keep in mind is those people are already paid quite well. What life can you offer them that they don't already have? Blackmail is a likelier angle.

    replies(1): >>44350224 #
    13. heavyset_go ◴[22 Jun 25 20:58 UTC] No.44350224{3}[source]
    You'd be surprised. We had a cop making over $250k/year extorting people for $20 bribes here. It isn't always about the money.
    14. chrz ◴[22 Jun 25 22:14 UTC] No.44350750{4}[source]
    Imagine all countries