Pavel Durov argued that WhatsApp's vulnerabilities are intentionally created as part of surveillance programs with government agencies. [1]
If that were true, Bezos's case would be an example of how that approach to security is double-edged. Backdoors can be just as useful to foreign intelligence as they are to whoever pushed for their implementation.
> The encryption of Signal (=WhatsApp, FB) was funded by the US Government. I predict a backdoor will be found there within 5 years from now.
He seems to enjoy throwing out loosly supported accusations. He might be right in some of them, but stopped clocks and so forth.
He's also been accused himself of deliberately sabotaging the security of his own encrypted messenger app (Telegram). There's no real evidence, but he did hire a bunch of math PhDs to figure out encryption from first principles
> The team behind Telegram, led by Nikolai Durov, consists of six ACM champions, half of them Ph.Ds in math. It took them about two years to roll out the current version of MTProto. Names and degrees may indeed not mean as much in some fields as they do in others, but this protocol is the result of thougtful and prolonged work of professionals. [1]
Note: Signal, like TOR, is funded in part by the Open Technology Fund of Radio Free Asia, which is controlled and funded by Congress. So far there has been no public evidence that this funding has come with any malicious strings. The stated goal of the fund is to promote democracy in developing countries, and Signal and TOR are obviously in line with that overt goal. Radio Free Asia used to be a CIA front during the Cold War, but there's been no public evidence that the transfer of control away from the CIA to Congress was in any way a sham.
Trevor Perrin and Moxie Marlinspike won the Levchin Prize at Real World Crypto for Signal's cryptography; the Levchin Prize referees are a who's who of academic cryptography, including Dan Boneh, Kenny Paterson, and Nigel Smart; other Levchin winners have included Hugo Krawczyk, Mihir Bellare, and Joan Daemon.
Any suggestion that Telegram's cryptography is somehow comparable owing to "half of them Ph.D's in math", or that Signal's extensively-reviewed cryptography is backdoored, is pretty clearly risible.
OTF, meanwhile, funded basically the whole of the privacy-preserving cryptography field, for years (they may still, for all I know); for many years, they were simply throwing money at privacy projects to hire 3rd party auditors, none of whom were at all affiliated with OTF (how I know this is that we participated). People who claim OTF is somehow a snakey USG backdooring enterprise are saying more about themselves than they are about any kind of sophisticated understanding of how crypto software is built.
Signal protocol might be airtight but nobody knows if any part of an app that is built on top of it doesn't leak keys somewhere in the pipeline. All crypto protocols work under certain assumptions and no protocol is 100% secure from all possible misuses when Mallory owns certain portions of infrastructure.
Wasn't he talking about WhatsApp that integrates Signal protocol? Asking if integrating protocol allows the "host" app to leak keys is completely valid.
Again, reading bytecode is not hard. Even reading decompiled binaries isn't very hard. If WhatsApp was leaking keys on the side it wouldn't be too difficult to find, especially given how incredibly high profile it is as a target.
Open source vs closed source is not meaningful here.
Alright, I got what you meant. Do you know if anyone performed bytecode-level analysis on WhatsApp clients already? Just curious, it's nothing I really need.
While there's only one vuln that have been discussed publicly at HN.
The only issue is they are in russian as well.
At least one more was exposed[0] by the same person shortly after, i mean days after the initial.
Over here[1] the same researcher wonders whether any other flaws exist.
And here's[2] how the self-proclaimed `part time-troll` Pavel Durov (the Telegram CEO) reacts to [1]. To me it's obvious he
is being haugty towards HN community with `venerable HN cryptographers`.
To add to his general slandering approach towards competition while handling own product flaws without any transparency and publicity mind his company is now under investigation by SEC[3].
Its default settings are nothing to be desired from a messenger app.
And for the paltry $200k they are offering for breaking it I'd bet you could find a magnitude more with little effort on the grey markets.
But no, absolutely no proof the underlying crypto has been broken. It doesn't need to be when government requests for data stored on their servers does more than enough.
Meanwhile, whatsapp still not blocked in Russia and there is no good explanation for that besides:
So far, Roskomnadzor has "no urgent request" to include Viber and WhatsApp messengers in the register of organizers and distributors of information. According to Interfax, this was stated by the head of the Department, Alexander Zharov. He was asked when these companies will be included in the register.
"We had a stormy substantive dialogue with the telegram messenger," the official recalled. "We are consulting with all other companies on this topic until there is an urgent request to include them in the register."
Maybe gn. Zharov uses whatsapp for chatting with his family and they didn’t like the appearance of mail.ru’s tamtam.chat.
If you know some basic things about Russian government, this can easily be explained by the fact that policy makers are very inefficient, incompetent in technical matters and more often than not decisions are very poorly researched. Just look at the fact that Telegram still works everywhere or the way that even the supposedly most secret russian organization (the secret military police GRU) have handled the poisoning of Sergei and Yulia Skripal, and subsequent outage of the agent that did it... It seems that russian governemnt or police still have a hard time understanding even the basics of what the internet is and how the information can be shared or found or leaked in our age. So banning of Telegram vs not banning of Whatsapp really does not say a lot.
On the other hand it could also be done on purpose in both cases you mention. Deliberately showing incompetence of your digital capabilities is a very efficient way of counter intelligence. The Skripal case was and is a very effective way for the Kremlin to spread fear. Vladimir Putin was most important person of the year for 5 years at Fortune while controlling a GDP of Italy. Vladimir Putin is maximizing the resources he has in a very good way irrespectively what one thinks about his actions and consequences specifically. As long as most people think incompetence every investment he makes will have a significant better outcome.
Well that is certainly a valid theory. Although I have a hard time believing that you have lived any long time in Russia recently or followed closely on the developments, because most people that do would not entertain that theory for more than a minute because it's quite clear that the level of incompetency and corruption in the government is insane. Putin sure has a lot of power, but it does not come from technical prowess or IT/infosec departments, it comes from sheer corruption and what is basically a military dictatorship structure of the country, where he is the one that has and is appointing most "friends" in/to the right places.
AFAIK, Telegram's private conversations are encrypted with private keys stored on device _only_ (not on the server). At least it's what they claim. If true, government requests for data stored on servers are probably not enough.
The secret chats are indeed end to end encrypted, but they have some important exclusions and limitations:
* Group chats can only use the default encryption, not end to end encryption.
* The end to end encrypted chats are tied to a single device, and there's no sync across devices (in contrast, all chats on Wire are end to end encrypted and sync across devices within a limited time period).
The default use cases of almost all users has the chat messages stored in plain text on the Telegram servers. This is one of the reasons search (done on the server side) is quite fast on Telegram.
P.S.: Despite these limitations, I prefer Telegram for its superior UX and for not having metadata shared with Facebook. My wish is that someday Telegram makes E2E the default everywhere.
What encryption? Last I checked, there was no E2E group encryption (Telegram has a bizarre web page claiming that TLS to their servers addresses the privacy threat), and 1:1 E2E is disabled by default.
For a very long time there was no TLS to Telegram servers, only their own MTProto. I think they introduced TLS wrapping at some point as an anti-censorship measure, not sure if that’s even deployed in all markets.
E: Well, I took a look at the desktop client with wireshark. It appears to just do MTProto on port 443, not TLS. When I use iptables to drop traffic on port 443, it falls back to MTProto over HTTP(!).
Common security wasn't respected at Vkontakte as well.
The social network was serving plain http login form and internal communication unencrypted until 2013[0].
I reminisce that when Durov was questioned about the abscence of secure connection to the servers, he told it's a too much of overhead and may impact QoS badly.
Some time they rolled out an `always use https` option and buried it deep in the user preferences. Meaning most of non-tech savvy audience kept using the service unaware they are not secure.
The obvious pattern here is they tend to use plain http as a default transport unerminig established security practices.
Looks like they don’t use TLS at all by default, just MTProto on port 443 or MTProto over HTTP. Comms to the telegram servers are always encrypted with MTProto, but tunneling MTProto over TLS would make any attacks on MTProto much harder (perhaps impossible) to execute.
I thought they used TLS wrapping in some markets for censorship resistance, but apparently that is not the case unless you set up your own proxy.
> What encryption? Last I checked, there was no E2E group encryption
You of all should know better than to conflate the general concept of encryption with the very nice special case that is end-to-end encryption!
> and 1:1 E2E is disabled by default.
It is not disabled in any way. It just isn't default.
There are really enough real reasons to criticize Telegram, absolutely no reason to 1. redefine words to have narrower definitions 2. Write outright misinformation.
I respect you a whole lot but your somewhat sloppy handling of facts detract a whole lot from the overall image.
I don't know of any directly related to it's encryption but multiple protest organizers were identified and arrested by the Hong Kong Police Force through Telegram, I'm not 100% sure but I believe they just added lists of suspected phone numbers onto their phones and looked in Telegram see which one's matched to Group admins.
What happened in Hong Kong was that the authorities created Telegram accounts and added thousands of phone numbers to their contact lists. From that, they got to know which numbers are using Telegram and then were able to do some more tracing. This flaw exists in WhatsApp and Signal too, where anyone who has your number in their contacts list (though you may not have their number in your contacts) will know the moment you join those platforms and will be able to see you on it.
When this design flaw came to be known, Telegram released a newer version where the user has more control on who can know that they're on Telegram. With that change, even if you had someone's number in your contacts list, you wouldn't know if/when they join/are available on Telegram unless they choose to make themselves visible.
That theory is quite possible. If the police join the group, they know the usernames of all of the people in the group, they can then start adding numbers to their contacts and if any of the usernames from the group show up they can then look up who owns the phone number in the government database.
It surprises me that they don't require both of you to have each others phone numbers in your contacts lists before giving away identifiable information.
Telegram released a new version with that exact same requirement to enable visibility. The settings in Telegram have also been expanded for this. On the other hand, this same vulnerability exists (and continues to exist) in WhatsApp and Signal.
There were also claims of android keyboardd being used to log messages on Signal (and maybe Telegram), by Naomi Wu and others. No proof for this though.
From my understanding, TOR was created with the intent of hiding US intelligence communications[0]. From my naive understanding, this only works if 1) no one else can back door it (which is critical since it is presumed you're using it to hide from highly technical state actors) 2) there are a sufficient number of users that are not intelligence actors (so you can hide among them. Otherwise you get "Oh, that person connected to a TOR node, let's go pick them up and grab their computer").
Maybe I'm naive, but it seems like the crypto people and the US government have aligned interests here.
> The stated goal of the fund is to promote democracy in developing countries
With an additional alignment of interests, I think many believe that being able to "talk shit" on your leaders is a key part to democracy. And if you're able to do this without fear of your government coming after you (aka: backdoors), then you will freely acknowledge your dissent, find support, and democracy is the likely outcome. I'm not sure if that's true, but I've definitely heard intelligence people suggest that.
So even if it was controlled by the CIA, would this be an issue? It seems like it is actively in their best interest to use real encryption and no backdoors. You don't want all your potential rebels to get caught. You want them to be able to organize out of the eyes of the government that the CIA is trying to overthrow. Having a backdoor just puts a timebomb on it, and one that isn't going to last very long.
Or I guess there's another answer to this. The CIA is pretty fucking dumb. Which is a reasonable answer that I'll accept too, but I think the people working on this stuff would be well aware (since they're probably experts in hacking similarly encrypted systems)
From what I recall, talking to one of the Tor founders about this, Tor was created with overseas US military personnel in mind. E.g. A soldier’s location could be compromised through foreign ISPs if they accessed sites like .mil domains directly. Tor was a way of preventing this problem. There were other use cases but this one stood out for me and it was one of the initial ones considered.
Note: even though it originally came from an acronym,
Tor is not spelled "TOR". Only the first letter is
capitalized. In fact, we can usually spot people
who haven't read any of our website (and have
instead learned everything they know about Tor from
news articles) by the fact that they spell it wrong.
I think a lot of people think "TOR" (myself included) because they think "The Onion Router" and acronyms are capitalized. I'm willing to forgive people for making the mistake of following conventional patterns in English.
> To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.
If we register Telegram, Telegram has our master key. I am not sure they are really that secure. Yes, it makes politically hard to disclose any data, but it does not mean impossible.
Telegram also supports proper E2E in the form of secret chats, though the UX is definitely not as good (for example, last I checked it did not support group chat or multi device.)
EDIT: Was under the impression Telegram served closed source clients. Turns out it does not. I stand corrected.
OLD COMMENT:
E2e using a client that is not opensource (on a system that is not trusted) is not helping much.
E2e where the server is not open source should be okay, because the server-end can only snoop on some meta data (how much, when, what IP, chunk sizes, etc.) but not the content.
It's not as if non-WhatsApp zero-days are hard to come by for nation-states. If it wasn't a video shared by WhatsApp, it was going to be an iMessage text PDF appearing to be from one of his assistant's email. I don't think governments need to author vulnerable software: they can outsource that to the private sector for $0 by doing nothing and decompiling/fuzzing/analyzing whatever comes out.
As an engineer that has basic permissions to our build and deployment system (unrelated non communication application) I could pretty easily think of multiple steps in the build where I could inject and link in pretty much arbitrary code.
For instance, anything that can hook directly on a build machine, or artifact upload, or even just simply precompiled into one of the black-box 3rd party dependencies that basically never get recompiled.
All of these mechanism have vectors that would be easy to obfuscate and don't rely on any changes to any repo code. I think there is a good chance that a normal engineer could likely hide something that could make it into a final build product.
Now, combine that with the fact that even the most open of companies have some sort of protected infrastructure (Could be permissions on an S3 bucket, locked data-center or even just a locked away Cat-5 cable in the process. Someone high in the org could easily inject some process that could stay hidden from even the most prying of internal eyes.
Now, while I agree that it's a bit tinfoil-hat-y to believe that this actually -is- happening. I absolutely believe that the technical capability is both there and well within practical effort. And combine this with a few bad incentives it's easy to see how it -could- happen.
Is the "our" you're referring to Whatsapp? If not, then I'm not sure how much we can derive from your experience. There are places that take build and deployment security much more seriously than what you're describing.
My point specifically is that by increasing build and deployment security. You actually are decreasing the amount of people who can potentially review and audit the build. Thus making it more likely that someone in power could introduce a backdoor that nobody else in the large org knows about.
I don't think that's true? Increasing build security is about limited the number of folks who can modify the process. That's orthogonal to auditability.
Fair Point. It is orthogonal, but it is often correlated in practice. Quite often permission systems to prevent modification are also used to prevent visibility.
I'd also say it's not completely unrelated. Let's consider a hidden build machine process. Once you've hidden that, preventing modifications to the build process by people "not in the know" makes it much less likely that said process can be discovered (either on purpose or accident) If everyone can and does have full access to those build machines it increases the likelihood that someone making a modification could run into said process.
My first pass at a way would have some point in the code where various hooks can be triggered for a feature like downloading a file under the guise of creating previews of various types of files and simply have the production build sent to the Google Play store include an additional small plugin that looks for a specific header and then hands over the keys to the kingdom to whatever payload it finds. It's simple and there's generally a very small portion of people looking at the disassembled code from the Play Store. You could even have it produce two versions one for any internal testing on the live version and one with the small backdoor plugin.
Doing it this way you only really have to control a core part of the release team to hide the slight of hand between the published version and the clean 'published' version.
Alternatively just bury the same thing deep in the codebase using techniques like people use for the Obfuscated C competition every year. Any changes could be delayed/deprioritized/handled by a team in the know about the backdoor.
Its probably easier to just bribe/compromise the on-site DBA who has access to the physical hardware. Dump the raw data and decrypt/analyze it offsite.
It's a little unclear what was actually compromised in this if it was just what was available WhatsApp on their end that's definitely an easy way. If it's more that WhatsApp was being used to read more data from the phone than what had already been sent via WhatsApp (or if WhatsApp doesn't have access to things sent because it's E2E encrypted) it'd require something more complex than that.
Boeing's 737 MAX, despite heavy regulations, designed the software to depend on just one sensor. Didn't put any limit on how far down the plane could be pushed.
These are not any individual who would do deliberately. I bet these conversations go differently for ex need to certain kinds of debugging vs the improbability of actually pulling off an attack or prioritising a release dealing and making a design decision to implement a feature in a specific way which is intended to be updated later on opening up windows for attack. They would genuinely be improbable unless someone knows that they are there and committed enough to try.
That seems to support the argument that security vulnerabilities in WhatsApp are most likely unintentional errors / incompetence. Unless you're suggesting the 737 MAX was intentionally sabotaged as well?
It supports the argument that code with major flaws (intentional or not) can make it into production with nobody noticing until consequences of that flaw make its existence clear.
Are you referring to the data center breaches exposed by the Snowden leaks? Because Google claimed that they were unaware of the breach and quickly took action to correct it [1]. Are you suggesting that Google was complicit?
I don't think Google has given us any reason to believe that it was not complicit. For instance, why not include warrant canaries on gmail accounts?
There is not really any fundamental difference between abetting the data center breach and opting not to offer warrant canaries. Likely tens of thousands of Google users are searched every day due to easy FISC warrants and wide investigative nets.
The state sponsored attacks on Google would of course allow Google to plausibly deny cooperation, but obviously Google has every incentive to cooperate fully, as is evidenced by the lack of warrant canaries.
Warrant cannaries are of dubious legality and have yet to be seriously tested in court. It makes total sense that a large company would not adopt something potentially illegal.
A person on StackExchange put it well
> The distinction between revealing the existence of the subpoena by action, rather than by inaction, is a false one. It's exactly the kind of cutesy legal formality that non-lawyers love to rely on, but real judges ignore. If you tell someone: "Hey, you know John Smith's three sons, Joe, Ted, and Bill? Joe and Ted are good people; they have never molested any children. As for Bill--well, I don't have anything to say about Bill." If Bill is not a child molester, you have defamed him, and you are not going to convince a judge otherwise. [1]
Here's how the EFF puts it.
> Are there any cases upholding warrant canaries?
> Not yet. EFF believes that warrant canaries are legal, and the government should not be able to compel a lie. To borrow a phrase from Winston Churchill, no one can guarantee success in litigation, but only deserve it.
I'm also not sure how warrant canaries relate to your parents' point.
I would just point out there is a very clear legal distinction between action and inaction. Further, all of this only applies to the issuance and proper service of an order compelling silence. I think the EFF’s common statement that if the canary requires affirmative action to not deploy the court is in a tough spot to compel that action. Also, I can say with a large amount of certainty, that no judge blatantly ignores procedural or semantic formalities out of hand. The judge in question may way the relevant factors and disagree with an argument, although some judges built caseloads of precedent on just such minor quibbles, but it is literally the judges job to at least consider a technical argument on its merits.
Your comment reinforces my point. Google would be extremely reluctant to utilize warrant canaries because of the uncertain legal consequences of doing so.
The same applies to declining to cooperate with government surveillance operations. We don't really know how the government likes it when a big company obstructs its surveillance goals.
On HN today was a headline about Apple reversing course on a business decision voluntarily, simply to please government.
> I'm also not sure how warrant canaries relate to your parents' point.
The points above I believe link the two business decisions.
There were a bunch of Google engineers who worked through Christmas that year who sure we're pretty pissed off about the unexpected work and were furious at the NSA.
Not orchestrated, but happily tolerated. All Google needs is to be able to plausibly deny complicity, but the other practices of Google (such as not offering warrant canaries on all Google accounts) indicate that Google is eager to cooperate and please governments, so it would have been easy to leave a few doors unlocked, hire a plant (with solid itsec skills), etc.
I was at Google at the time of the Snowden disclosures. People there were furious, and encrypting internal traffic became a top priority immediately afterwards.
Of course. That is the correct response once the attack is known. To most people, unencrypted traffic vs encrypted traffic seems like an obvious security oversight, but many others exist that are not so stark and obvious sounding.
My point is that all indications point to Google being unbelievably cooperative with the US Government, essentially allowing whatever legal or extralegal (per Snowden) back doors were requested.
It is not much of a leap to conclude that Google was both aware and cooperative with the harvesting of unencrypted traffic. This does not mean that all employees were aware of it.
The analysis should be to discover how few employees would have had to be complicit for the attack to be carried out successfully.
There is no way that such an attack would succeed if too many were aware, since it is obviously in the extralegal (Snowden revelation) category, and since most Google employees are ethical humans, it would have provoked outrage if widely known.
> WhatsApp's vulnerabilities are intentionally created as part of surveillance programs with government agencies.
This has been obvious in places like the United Arab Emirates (aka Dubai) where services like FaceTime etc. (sometimes even voice chat in games) are blocked by the government but they allow WhatsApp (but not WhatsApp voice calls).
Not really, Dubai blocks VOIP because phone carriers lobbied for that. This has the added benefit of forcing people to make insecure, easy to intercept, regular phone calls.
Within days of their launch, Telegram was discovered to have huge vulnerabilities that resulted from them rolling their own crypto: https://news.ycombinator.com/item?id=6948742, so I'm not sure they should be throwing stones about other people's bugs.
You’re full of shit. There’s nothing theoretical about that vulnerability (almost certainly a deliberately planted backdoor), it allows the Telegram servers to selectively MITM private chats.
> there has been no successful implementation of them.
What does this even mean? Only Telegram can perform this active attack, obviously you haven’t seen it implemented.
There are no whatsapp vulnerabilities in this case, or encryption breakdown. To exfiltrate a lot of data as the article says to need sandbox escape and privilege escalation.
one thing that needs to be accounted for is that, IIRC, we just recently had US AG Barr make a stink about encryption based on Facebook tech (either WhatsApp/Messenger i believe) being some anti-law enforcement issue.
does the theory suggest that US DoJ does not know how to exploit these backdoors, but other agencies (CIA/NSA, foreign intel services) do?
That was what Bezos's camp has been saying from almost the very beginning. The news here isn't the suspected involvement of the Saudis, the news is that MBS is directly implicated.
MBS definitely seems pretty brazen. I could totally buy him doing this - effectively social engineering Bezos - over negative stories about Saudi Arabia in the Washington Post. Who better to persuade Bezos to look at a video?
I'm a little surprised Bezos fell for it. Video-triggered vulnerabilities are pretty rare and not something you'd normally be vigilant about, as are world leaders acting as APTs, but he still should've considered the possibility that a giant, powerful nation his ultra-influential newspaper covered might want to target him and would have the capability to do so.
He could've asked an Amazon security analyst to open the video in a sandboxed system, or could've just done so himself. I guess it just never crossed his mind that the (de facto) ruler of Saudi Arabia would phish him.
Pretty brazen? Don't forget that the WP reported that US intelligence intercepted comms from Saudi officials discussing a plan ordered by MBS to lure Jamal Khashoggi from his home in Virginia and then subsequently had him cut into pieces in an embassy.
Not only has the US president declared the press the "enemy of the people", he also has a personal vendetta against Jeff Bezos for hurting his feelings. And he's got a personal lackey doing his personal bidding at the head of the DOJ.
If anything, it's more plausible to have been directed by the President (though it probably wasn't) than for any consequences of these actions to come from this administration (which certainly won't happen).
According to this story MBS is an operative. If heads of state decide to become operatives, perhaps they should lose any protections that might normally be afforded to them.
Which is it? Is "fake news" a dangerous sentiment, or do journalists actually get the facts wrong more often than they get them right?
Do journalists try to get the facts correct? When they get them wrong, do they issue retractions? Or do they not?
Do you think you can draw an equivalency between their accuracy and the President's relationship with the truth?
This is not the same as saying "TV is bad for you, mmkay?" This is about actual journalism, which may take place in newspapers or on television.
You're treading on dangerous false equivalency here. I get that it's hip to say "the mainstream media gets it wrong all the time, amirite" in lieu of having an actual nuanced opinion, but I certainly don't think it's remotely accurate.
I guess Khashoggi must have really annoyed MBS. This has now cost the Saudis at least ten times as much goodwill as all anti-Saudi editorials in the Post and everywhere else together.
That, or it was a favour to MBS American friends. The other people involved (David Pecker et al) and MBS do share a few friends in the White House, who also seem obsessed with the Washington Post and Bezos himself.
Saudi Arabia has a lot of exiles and so far as I know, it's not murdering everyone who criticizes them.
Khashoggi is was not simply a journalist but a member of an influential family with Saudi Arabia [1]. MBS has dealt quite brutally with a variety of his internal opponents without Saudi Arabia. Murdering Khashoggi was something of a statement that MBS wouldn't let his direct opponents escape to other countries to oppose him.
To be clear, the murder was a horrific act by a brutal theocratic regime, I'm not noting these factor to condone it in any way but merely to give background.
[1] For example, this Khashoggi was a relative of Adnan Khashoggi, once know as the world's largest arms dealer.
No matter how I try to balance: "these are people who are killers and venally evil in nearly every sense of the word"
and "But they are still intelligent and because they aim to maintain their significant power, they have to act in a measured, limited way that still involved logic and allows most 'little people' to go about their business AND we need to understand logic of these things BECAUSE these people influence so much.".
No matter how much I couch and balance my words, there's always someone ready to jump in with the crude simplification. Frick-off, jeesh.
And to further clarify, the Saudis don't murder exiles, in particular, wholesale. They do murder the Houthas and several other groups wholesale.
Great theory, except for the fact David Pecker was directly involved and more or less admitted it was a favor for Trump which he had been doing for decades.
While David Pecker was involved in the brokering of the hush money deal with Stormy Daniels, which Michael Cohen eventually made (and prosecuted for), the "catch and kill" payment was made to Karen McDougal, which was another Trump affair.
What are you talking about? Nobody is refuting that MBS killed Kashoggi. What I'm refuting is that the Bezos hack wasn't a favor to Trump. It clearly was.
The headline is not that interesting, but the bigger news here is the vector used (WhatsApp, Pegasus), and how the exploit message was sent directly from MBS' number soon after they shared contact information.
Wouldn't be surprising if Bezos rolls out Amazon's own messaging platform soon. In some sense Amazon is already half-way of being a social network on its own now - if they add personal feeds and "follow" they would become full blown FB+Instagram+Pinterest and adding messaging would complete the package. "Your margin is my opportunity", and the Zuck's margin is among the largest out there.
In the end we're all responsible for our own actions - but there are a lot of outside factors that influence us. The leak appears to have been a significant factor. I'm less interested in the fact that infidelity would likely have eventually lead to the divorce (though if it was privately dealt with it may not have) - I'm more curious if the timing was advantageous for MBS. This is all pure speculation, though.
I'm surprised this take is so controversial. Bezos didn't deserve to get hacked and exposed like this, but the hack exposed infidelity. The hack didn't plant fully fabricated evidence of infidelity.
I don't think "I would have gotten away with it!" is a compelling argument, but I'm not a Scooby Doo villain.
The comments about timing, malice, financial consequences, etc., are all fair for making a case that the hacks and leaks are scummy, but the Bezos's are in charge of their own relationship, or lack thereof.
OK, so I'm just a random anonymous coward. And arguably obsessed with my hobby.
But I'm puzzled that Bezos would be corresponding with MBS on the same device that he uses for potentially embarrassing personal stuff. Isn't that just a totally obvious OPSEC fail?
The problem is that even the head of a ginormous company with a strong connection to computer security generally (through AWS) is going to take actions based on convenience rather than OPSEC discipline.
I think it's natural for any given human to chat with all one's friend on the same level, with the same device and so-forth. A given individual can train themselves to have hard walls in their personal dealings but I'd suspect that individual would be a mid-level specialist, not the owner/manager/CEO who gets their position by their ability to manage and connect with people, not through technical expertise.
I guess. But even before the Khashoggi assassination, MBS was arguably an obvious threat. I can't imagine considering him a "friend".
I mean, I'd be gobsmacked if he mixed personal and business on the same devices. That could be disastrous, not just embarrassing. So a third device category doesn't seem unworkable.
Edit: Also, wouldn't someone like Bezos have security advisers? And how could they have failed to warn him?
One could make a similar argument about MBS, of course.
This reminds me of the way that Barrack Obama tried to keep his personal cellphone once he became president. Having a personal relationship with the wealthy and powerful is a unique thing since these are the ultimate decision makers. I would guess that Bezos or anyone like him chats frequently with very powerful people and that this is factor in him maintaining his own power and influence. And mobile devices would seem to magnify that ability of the very topmost people to connect directly with each other - ie, this was all done by secretaries and through protocol but that's slower and can let one big boss instantly sway another.
Of MBS doing his own spying and hacking is another way topmost people are becoming "do it yourself-ers".
I shudder to think what would have happened if Obama had ultimately refused to give up his personal phone, and every half-talented hacking group on the planet had pwned it six ways from Sunday—what a national security disaster that would have been! Oh wait
The Clinton server wasn't really interesting because she broke the rules...it was because the Chinese/whomever could grab stuff and the owners had plausible deniability.
I wonder how often less high profile folks get hit with stuff like this?
On one hand, zero days are rare and expensive.
OTOH someone who isn't the CEO of a major company might not notice the malware, or if they do, not know they should forward it to an organization like Citizen Lab.
If you aren't a high profile target, you may not be worthy of being targeted specifically. Of course, as in the Ashley Madison and Equifax cases, you might be compromised along with thousands of others.
Zero days are expensive for individuals and small companies, but what happens when state actors are involved?
>If you aren't a high profile target, you may not be worthy of being targeted specifically.
That's what I am questioning.
There are many sysadmins, key executives in tech companies, or open source contributors who may not be "high profile" in the traditional sense but be juicy targets. Arguably there are more useful targets to hack than a CEO who's assuming their every move is being studied and always keeps truly sensitive conversations verbal.
I can't say who since I don't know but my interest is piqued. It worries me no one would brief a CEO (who crosses borders presumably) to at least use a passphrase.
Zero days are plentiful. But there are only a handful that you could buy today which could potentially give you access to a CEO's phone. The only other option is to build your own team to find a zero day for you, which is not cheap or quick.
Apparently I’m the only person on earth who wants to know what kind of phone Bezos was using, which OS version, etc. It seems like this detail is conveniently being left out of every story.
Anyone have any additional details? I understand that it was a WhatsApp vulnerability (Pegasus?) but I’d still like to know more about the device.
At the time, FB said it didn't believe the bug had been exploited: In this instance there is no reason to believe users were impacted. [0] The alleged hack of Bezos happened in May 2018, about 18 months after the Nov 2019 bug fix. I wonder if FB's statement was just boilerplate PR or if they really did substantial forensics to have "no reason to believe users were impacted".
Anecdotal, but a lot of times phrases similar to that are used because the real answer is "We don't have any way of knowing if users were actually impacted" and it's obviously far better for PR to phrase it that way.
It does sound better but here's the thing: this is Jeff Bezos. He's one of the most high-profile people on the planet. If his phone was hacked through WhatsApp, he clearly filed a complaint and told them what had happened. They just didn't manage to patch it for over a year and then stated they 'had no way of knowing' even though this clearly proves it happened.
Why do you think it was CVE-2019-11931? The Facebook vs. NSO lawsuit[1] mentions CVE-2019-3568[2]. CVE-2019-3568 was widely reported in May to have been exploited by NSO group[3].
Is there any detail on the nature of the exploit? It seems to have been triggered by receipt of a video in WhatsApp. Was the flaw in WhatsApp itself? Or would the exploit have occurred regardless of which messaging/transfer mechanism was used to deliver the video? Has this been fixed? Is it even a documented exploit or is it simply known that it had something to do with the WhatsApp video, but not the actual methodology?
One thing which this article doesn't address at all, is what is the beef between MBS and Bezos? Why would the Saudi prince leak this data? How did Amazon upset him?
I think at the very least they would have bet on the WH looking the other way while they conducted an attack on a prominent US citizen. At worst it could be another "favour" attached to military procurement.
Very curious about the downvotes on this one. Trump has clearly demonstrated time and again that he is not above egregiously and obviously breaking the law to further his personal interests. He has been willing to overlook cold-blooded murder by MBS specifically. So this speculation is very comfortably (or uncomfortably, as it were) within the realm of reasonable speculation, is it not?
Lauren Sanchez(bezos' new girfiend) along with her brother Michael(who is also her agent), leaked the story to force Bezos to divorce his wife and get along with her.
Explanation 2:
The crown prince of Saudi Arabia personally sent a trojan file, downloaded all the data, distributed it through a gossip rag he happens to be friends with, for some kind of revenge/message
I get why Bezos has to go with explanation 2 because explanation 1 would indicate the girl he wants to have sex with or her brother is manipulative. I dont see why the rest of us have to go along with this. Even this anonymous source says he has "high confidence" not anywhere near certainty.
A country like Saudia Arabia is going to use every tactic possible to combat their asymmetry with the West. It's not the crown prince personally having someone cook up a trojan for him -- it's their national apparatus deciding that free potential leverage over influential Americans is a worthwhile pursuit.
The motives for explanation 2 are currently not known. MBS might have had numerous reasons, ranging from WaPo or AWS. But regardless, there could have been many reasons to target Bezos. The part that doesn't sit right with me is the leaks, since it would have burned the 0day and connected Saudis to hacking phones which I doubt they would have wanted.
Last time I stayed at an AirBnb in Prague, the owners preferred method of communication was WhatsApp. When I went to install it I was confronted with no other choice than allowing it to import all my contacts, even though there was only one person I wanted to communicate with.
I was aware of these vulnerabilities and generally am protective of handing out PII, especially information others have entrusted to me. So I didn't give it access to hundreds of business and personal contacts spanning decades of work and life.
How do others deal with this who perhaps don't have the choice to just say "I'm going to text you instead for the 4 days we are going to have a need to communicate"? Do you keep a full set of contact data outside your phone's contacts for information you don't want shared? Private and public contacts?
Somewhat recent Android versions have work profile which at the very least gives you a sandbox for all apps you want to be isolated from the main profile. Unfortunately, all those work profile apps still share data between themselves. Maybe it was improved lately.
The wider question here is how to handle Saudi Arabian trades in Western markets. Every and any deal undertaken by a state actor (MBS, any of the 1000s of princes the place is littered with, the sovereign wealth fund or the state or semi state companies) could well be the result of insider trading...
And thats just the public markets. Imagine the advantage you would have in startup investing if you could covertly read all the internal discussions, the founders texts and emails, remotely access their meetings with lawyers, accountants and other VCs.
No wonder SA is suddenly interested in Silicon Valley
Yes, it seems he was pretty hardcore about it. "Go ahead, publish it."
Since J. Edgar Hoover, it is has been an open secret that blackmail drives the upper echelon of politics and media. The Bill Clinton thing is another example, pretty sure he put his foot down and said fuck it, hence Lewinsky turning up with a tainted dress from 8 months ago, and down goes the U.S. president. How many just acquiesce and play along quietly?
More people should have guts like Bezos (probably did). Though at some point, I'm sure the shadow people will just fall back on good old violence, like the Epstein case.
That's interesting. How would that work? Under Android, all apps effectively run inside a Java sandbox, right? So how would the attackers be able to install spyware through Whatsapp?
So, anyone want to hazard a guess on why the prince would want the optics of being seen to have been responsible for the hack (as opposed to trying to cover that up by, say, not using his very own account)?
Firstly, he's an idiot. His staff obviously don't brief him on the likely consequences of actions, they just go do it. Because he's a brutal dictator who has disloyal people executed.
Secondly, Saudi's don't have their own advanced cyber capabilities (unlike Iran, UAE, Israel, etc), they rely on buying help. And single use, no interaction, 0day RCEs for recent phones (and we can assume latest iOS or Pixel) are not that available. So they used what they could get their hands on.
It beats me that they couldn't steal the phone of someone else in Bezos's WhatsApp contacts and impersonate them. Maybe Bezos wouldn't have opened the attachment. But overall, I think they are just dumb.
There remains a small possibility that someone hacked the phone of MbS (I mean, everyone has thoughts about doing that) and then pivoted to attacking people in his contacts. But the whole NSO group involvement makes me think it wasn't that.
"The flaw (CVE-2019-3568) successfully allowed attackers to silently install the spyware app on targeted phones by merely placing a WhatsApp video call with specially crafted requests, even when the call was not answered."
These are not hacks, it's called "Backdoor". There are probably tons more hidden backdoors left, we can only speculate. WhatsApp is a private non-open source project.
Whatsapp allows desktop clients. I use it too. It is technically possible for someone to hijack this desktop client and do this without MBS's involvement, as long as MBS authorized that desktop. I think you need proximity, but you can have a computer near the prince, and that computer being remotely controlled by someone sitting far away.
Not saying this happened ... but there are many ways to blame it on prince and many ways to defend him (and blame a subordinate).
I thought the Whatsapp desktop client was just a glorified remote control for the phone, and could not actually function as a standalone client by itself?
It is a remote control, but a case could be made that even though the prince had the phone with him, someone did it from his computer [ Of course assuming he was not looking at his phone at that time. ]
If you're thinking of a private actor, I think that once you have access to MBS phone, you run to Doha before attacking Bezos. Qatar would pay a ton of money for that access.
If you're thinking of a state actor except Saudi Arabia, I think there would be much easier and more discreet vectors to Jeff Bezos Whatsapp than MBS phone (literally almost any of Bezos other contacts would be less risky).
> This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.
Any more information on how this type of attack works? Is it a vulnerability in Whatsapp, or was whatsapp just the delivery platform?
first paragraph: The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.
So, not snapchat, but whatsapp. And it's quite surprising for me. So, Saudis have 0 days which work on whatsapp on iphone (I suppose Bezos uses iphone)? I mean, FB and AAPL, which both can afford tens of billions in security research, were pwned by saudi 0day? hmmm...
Honest question. Given that RCE's are extremely rare, can't FB and AAPL announce 100M USD bounty to get them first and patch them, avoiding bad PR and brand impact? Damn, make it 200M?! Or bad actors can easily pay 5x more to exploit said 0 day on a few targets, so hackers will sell to them instead?
I don't think FB or Apple can win a bidding war with state actors, and especially not a wealthy monarch. I think the problem is these 0 days are worth more to bad actors than the bad press costs companies.
>I don't think FB or Apple can win a bidding war with state actors, and especially not a wealthy monarch.
Depends on your personal risk profile, I guess. If I was a highly professional security researcher (one can dream!), the one can find 0 day RCE in whatsapp, well, I would happily accept 10-20M bounty from FB and retire for life, instead of bargaining with wealthy monarch and accepting non-trivial risk of being dismembered with some blunt tools in embassy of Turkey or somewhere else.
Indeed, any money after the "never work again and have a decent middle class lifestyle" point is worth significantly less to me than money before that point.
I think the problem is that FB or Apple don't really get directly hurt from these exploits being used. Some politician gets hacked and important personal data gets leaked - oh well, there was a bug, we've patched it, one less user out of a few billion. And the vast majority of people probably don't rank this kind of thing very high on their threat model, they're either not going to know or aren't going to care.
Actually, this is my second question. How much money FB/AAPL are ready to pay for a security researcher who can find 0 day in their software to work full-time for them? Is Nefarius Inc. really competitive with them, salary-wise? I just can't grasp the economics here. Back in 90's, being a bad guy was probably more lucrative, but now, when established IT companies have market cap in trillion zone... what makes people work for nefarius inc?
Very good pay; the ability to work remotely; pride/prestige; community; political reasons.
Being a good digital thief is still very lucrative, especially for people living in low income areas with relatively lax law enforcement. These people can run encrypted computer extortions, steal bitcoin wallets, run/sell botnets, fence digital goods, run underground ad networks, and consult.
No idea about nefarius, but when I talked with someone in a similar role the answer was work conditions. It was apparently easier to get a remote role with a flexible schedule at a more "sketchy" company.
Brokers ("grey market") usually pay out over time, for this reason. If a seller double-dipped by also selling the vuln to the vendor via a bounty program, it could get fixed before they actually got most of their grey-market money.
My guess is this gave them the ability to access anything WhatsApp could access with a code bug in the application and so maybe a Facebook issue more than an Apple issue.
If WhatsApp was given photo library access (which isn't unlikely considering you need it to send previously taken photos) then the exploit could access all his photos without a vulnerability on Apple's part.
> which isn't unlikely considering you need it to send previously taken photos
To be clear for anyone else reading, photo library access is required to browse the photo library from within WhatsApp, it's not required to share arbitrary photos to WhatsApp from the photo app via the OS's built-in share feature.
I am not buying this story. With all the other possible options, why would someone like MBS do it from his very own phone which this article claims? It sounds more like someone is trying to frame MBS.
The US is the world's largest weapons exporter and Saudi Arabia is the world's largest weapon importer.
I'm not sure even a Hitler level calamity would make the US stop dealing with them. They're holding their hands and complementing their "leadership skills" ffs...
The Saudi Royal Family simply do not care and walk around with impunity. They thumb their nose at the law and the world order and think they deserve to do whatever they want. This is exactly the same as the Khagoshi execution where overwhelming evidence and implication, but, play naive and put on a big sham investigation. Just how when Russian agents poisoned the Skripals and said they were their to view a church steeple.
Of course, the nation that the Saudi's rely on for aid and military hardware could pressure them. But that would require some minimal commitment to human rights and a free press. And no personal desire to silence criticism from the WaPo by it's president.
This does seem the most likely, as hard as it is to believe. I guess when you have hierarchies based on blood rather than competency, this is what you end up with.
It seems unlikely it would be MBS himself pressing the button, but a reason why Saudi intelligence might use his personal account is because Bezos would be far more likely to open a video sent from MBS than from some random account.
But the obvious thing to do would be to pick anybody else that Jeff would also talk to and send it from their account instead. Only the most incompetent intelligence agency imaginable would do an op and intentionally attribute it to their own head of state.
It has to come from an account a) Bezos trusts enough to read and open attachments from, b) an account Saudi intel has access to, and c) an account that's not gonna go "hey ignore that, I got hacked".
TFA rather implies that MBS is totally full of himself:
> One observer said the alleged targeting of Bezos reflected the ‘personality-based’ environment in which the crown prince operates.
So it seems plausible that he and his advisers just assumed that they were technical enough to avoid attribution.
It does seem that there's more known than suspicious timing:
> The Guardian understands a forensic analysis of Bezos’s phone, and the indications that the “hack” began within an infected file from the crown prince’s account, has been reviewed by Agnès Callamard, the UN special rapporteur who investigates extrajudicial killings. It is understood that it is considered credible enough for investigators to be considering a formal approach to Saudi Arabia to ask for an explanation.
But then, even if they have conclusive evidence that said file is malware, some third party might have compromised MBS' account.
Presumably because the attacker(s) assumption was that Bezos would open a message coming directly from someone he trusted and had direct communication with, in this case being MBS?
That brings a lot more questions though; who actually sent the message? Was it a man-in-the-middle situation? Was MBS's WhatsApp account compromised? Did someone else use MBS physical phone to do this? Was it a third party?
Doubt he or any other president would do anything about it. When was the last time any administration gave the Saudi government more than a weak reprimand for their antics? Some of our "allies" can do no wrong.
Because the USA is doing the same to them and their political/military/business leaders. This is par for the course. Everyone is hacking everyone. I'm surprised that they (the NSA) didn't give Bezos a hardened phone and full security audit. Maybe he didn't let them.
Is this something a President or anyone in government employ should care about? A private citizen using a commercial app on a private phone granted that app some permissions he later regretted. Why should USA taxpayers care about that?
Will Bezos's divorce affect the Amazon empire in any way? Wondering if that personal move will somehow have corporate, technological infrastructural, and thus national security repercussions.
>Jeff Bezos chatting with Mohammed bin Salman on WhatsApp
Not sure whether this is a yet another fake story sponsored by the Qataris, who infiltrated the liberal western media with their isalmist and ultra left minions all over in the name of diversity, since their rift with the Saudis in mid 2017 or the richest man on Earth is actually retarded enough to chat with a head of state like Saudi Arabia on fucking WhatsApp
Why? Bezos isn't going to open any other videos from someone else. The US executive branch won't do a thing, in case the Saudis decide to stop buying US treasury bonds in exchange for oil. Then they might stop buying weapons, which funds the inflated military industry, and then they might buy weapons from someone else and begin keeping larger reserves of their currency. This exchange is worth more to those in power than Bezos' love life.
I can see it. The Saudi's control over their own media means that their population will likely never find out, and the ones that do will support the government anyway. Outside of that the rest of the world is in the perfect place to accept whatever lies the Saudi's shrug this off with. Authoritarianism is on a rise and truth is in decline. Trust in media is probably the worst its ever been. Your post proves it. There would be no impact on their foreign policy efforts even if it were true.
Bezos is presumably savvy enough not to open a WhatsApp message from some random person, and given the Khashoggi situation (employed by the WaPo, which Bezos owns) it's not surprising he'd be on the Saudi's target list to compromise.
If that were true, Bezos's case would be an example of how that approach to security is double-edged. Backdoors can be just as useful to foreign intelligence as they are to whoever pushed for their implementation.
[1] https://t.me/s/durov/109