• THE RISE OF THE CYBER-MERCENARIES
    What happens when private firms have cyberweapons as powerful as those owned by governments?
    https://foreignpolicy.com/2018/08/31/the-rise-of-the-cyber-mercenaries-israel-nso
    https://foreignpolicymag.files.wordpress.com/2018/08/1_cyber_weapon_final1.jpg?w=1024&h=1536&crop=0,0,0

    he first text message showed up on Ahmed Mansoor’s phone at 9:38 on a sweltering August morning in 2016. “New secrets about torture of Emiratis in state prisons,” it read, somewhat cryptically, in Arabic. A hyperlink followed the words. Something about the number and the message, and a similar one he received the next day, seemed off to Mansoor, a well-known human rights activist in the United Arab Emirates. He resisted the impulse to click on the links.

    Instead, Mansoor sent the notes to Citizen Lab, a research institute based at the University of Toronto specializing in human rights and internet security. Working backward, researchers there identified the hyperlinks as part of a sophisticated spyware program built specifically to target Mansoor. Had he clicked on the links, the program would have turned his phone into a “digital spy in his pocket,” Citizen Lab later wrote in a report—tracking his movements, monitoring his messages, and taking control of his camera and microphone.

    But the big revelation in the report wasn’t so much the technology itself; intelligence agencies in advanced countries have developed and deployed spyware around the world. What stood out was that Citizen Lab had traced the program to a private firm: the mysterious Israeli NSO Group. (The name is formed from the first initials of the company’s three founders.) Somehow, this relatively small company had managed to find a vulnerability in iPhones, considered to be among the world’s most secure cellular devices, and had developed a program to exploit it—a hugely expensive and time-consuming process. “We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign,” the Citizen Lab researchers wrote in their report.