> (this was clear from the Darknet Diaries episode)
think that episode also mentioned it iirc ... that the plausible deniability goes out the window the minute they host their own infrastructure.
also NSO Group goes through great length to obscure who they're selling to using shell and shelf companies. actually indistinguishable from how narco terrorists and organized crime operates:
https://forensicnews.net/the-covert-reach-of-nso-group/
Not wanting to defend NSO, but I guess that is common business practice for any supplier of surveillance software for state actors. Remember how loud they cried when people leaked about their monitoring? Such dealing are meant to be intransparent and states create the market.
I also don't recall it. iirc the topic also came up in a tptazcek episode of "security cryptography whatever" and a handful of other places ... so I might be conflating things on who made claims when.
If it were used against their own IL citizens, would it really matter legally? As long as the parent company (NSO) can plausibly claim it had no knowledge of even the existence of a specific SLA between a foreign spinoff (e.g. FloLive, Circle etc) and their clients. If you think yourself into a position where you want to become a global player in an increasingly regulated market (embargoes, sanctions lists etc) the only way to avoid repercussions is by not knowing what other parts of your affiliates are doing.
Just because some of these shell companies have been unmasked must be annoying for NSO. But they can still say they had no idea what directors of these "independent" companies were doing.
It would be normal military tactic to compartmentalize information not just on paper but also in reality to be on a "need to know basis". So it's double baffling to me that the shell companies listed as the main investors are the same people sitting on the NSO board of directors.
> that the plausible deniability goes out the window the minute they host their own infrastructure
NSO operates the infrastructure and customers provide a list of phone numbers. They will launch exploitation against the provided numbers without any knowledge of who owns the phone (as long as the number isn't from a restricted country like Israel or the US). Once the implant calls back it goes to a portal where the customer can control it.
I'd fault NSO for a lot of things, but they just aren't in a position to know if a burner phone belongs to a journalist or a foreign diplomat until it has been popped. They do have to trust their customers to an extent.
No they do not have to trust anyone. They designed it that way. Maybe this level of oversight is the only level the market will bear, but it was still a design decisions.
think that episode also mentioned it iirc ... that the plausible deniability goes out the window the minute they host their own infrastructure.
also NSO Group goes through great length to obscure who they're selling to using shell and shelf companies. actually indistinguishable from how narco terrorists and organized crime operates: https://forensicnews.net/the-covert-reach-of-nso-group/
Unit81, and Unit8200 FTW :(