Apple alerts exploit developer that his iPhone was targeted with gov spyware
A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and was fired. Weeks later, Apple notified him that his personal iPhone was targeted with spyware.
I've interviewed with these types of companies (not the ones in the article). I've even caught them using their exploits on me after they made me an offer and that seems to be the most likely explanation for what happened here. I don't know how anyone can develop exploits for resale in good conscience.
If these companies have no qualms using their exploits against their own employees they'll have absolutely no problem using them against members of Congress, the Courts, investment banks, tech leaders, and anyone with any sort of power. This gives them the ability to blackmail some of the most powerful people in the world.
edit: And that's not even mentioning their reported "intended use" against dissidents and journalists.
You don't know how any of these could be developed in good conscience? How about: anti-proliferation intelligence work is going to happen whether it requires human intelligence or CNE, and CNE is less costly and harmful?
I get where you're probably coming from: this same technology is used all over the world to target journalists and dissidents in countries with and without the rule of law. A very real concern. I wouldn't do this kind of work either (also, it's been over a decade since I had the chops even to apprentice at it).
But there are very coherent reasons people are comfortable doing this work for NATO countries. Our reflexive distrust of law enforcement and intelligence work is a fringe belief: a lot of families are very proud to include people working in these fields.
The most important thing I guess I'd have to say here is: our opinion of this stuff doesn't matter. At current market rates every country in the world can afford CNE technology, and it's a market well served by vendors outside of NATO.
> At current market rates every country in the world can afford CNE technology
Slippery slopes don't justify anything. You might not care enough to make a difference, but many people do and your justification rings hollow to everyone that's potentially a victim. You wouldn't say this about nuclear proliferation, so why make a carveout for digital mercenary work? Because it's "harmless"?
I don't know what your goal is with this statement but it certainly doesn't make me feel any better. If you're this emotionally invested in the topic, it might be best for your own optics to not chime in.
I think I agree with what I think you're trying to say.
However I don't agree with the repercussions of this, which are the same ones that make all reasonable people, security experts included, oppose EU's ChatControl or the UK's backdoor requests: There is no way to ensure and protect the people that need protection, as there is no way to ensure that only "the good guys" have it.
We tend to bullshit ourselves into believing that because spyware software like Predator are weapons, meaning that only countries would be allowed to buy them and use them (same way that Jeff Bezos cannot buy and use an F-35 for example). We see though, that certain individuals _can_ get their hands on these things and use them however they want.
For example, 3 years ago someone adjacent to the greek government bought and used Predator against MEPs, journalists, army generals, mafia bosses, MPs of opposing parties and even MPs of their own, ruling, party. The greek government of course denied that they did it, and they said that this individual did not act under the instructions of the government (though they then changed the law to prevent anyone for learning details about it, but that's a different story).
So, apart from adopting the same approach as with ChatControl and encryption backdoors, i.e. banning them, I don't know how we could protect ourselves against them.
speckx