It’s a paradox. On one hand governments are hopeless when it comes to technology — just think of all that crummy legacy software or the fiasco involving the opening of the Obamacare exchanges. But on the other hand, governments can be very, very good when it comes to some kinds of tech.
We got a rude reminder of that this week through news the United Arab Emirates allegedly used a massive iPhone exploit to target a human rights activist. The exploit was so serious that Apple urged users to install an update immediately, and there was a report of at least one Fortune 100 company cutting off employee iPhones if the patch was not installed.
The exploit, which allowed attackers to spy on an entire iPhone including all its apps, was reportedly developed by a shadowy private company (more about them below), but those using it appear to be nation states. What we’re seeing, in other words, is the emergence of cyber-arms dealers peddling wares to eager governments. And this combination of powerful, available cyber weapons plus governments (hi there Russia!) willing to use them means the phenomenon of nation state hacking will remain the security story of 2016.
All this raises the stakes in the ongoing policy and ethical dilemma over how the NSA and other agencies should handle zero day exploits. Should they share them or hoard them? I don’t have an answer but lots of other people do, and I’m sure we’ll be hearing a lot from them in coming weeks.
Robert is off on a well-deserved vacation to Spain, so I’ll be picking up the slack through Labor Day. Thanks for reading and enjoy every last minute of late summer. More below.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Who the heck is NSO Group? The security community is still agog over news about the latest Apple exploits, but the people at NSO Group who designed them really don’t want to talk about it, including who they are and what they do. But a profile suggests the company has roots in the Israeli military, and is today doing a brisk business from Thailand to Bahrain. (Forbes)
All the news that’s fit to hack. Those busy Russian hackers are branching out from hacking U.S. political parties to targeting media outlets. The New York Times says the FBI is investigating an attempted attack on its Moscow bureau, but refuted a CNN report that claimed the hack was much more pervasive. (New York Times, Fortune)
A second Snowden? The release this month of an NSA tool-kit led one security author to claim the so-called Shadow Brokers, who published the hack, likely point to the existence of an agency insider who is leaking files Snowden-style. Others say, “no way, it’s definitely the Russians.” Here’s a Q&A to help you decide who has the stronger argument. (Fortune).
Big bucks for cyber peace-of-mind: If you read this newsletter, it probably occurred to you there are lots of businesses that worry about cyber disasters. You would be right based on the surging popularity of cyber-insurance, which Fitch says led to 120 insurance groups writing $1 billion in premiums in 2015. And, yes, that number is set to go up. (Business Wire)
Ransomware everywhere: The nasty software that locks up your computer has been in the news for a while now. We know schools and hospitals are targets, but who else is getting hit? You can add a NASCAR team, taxi companies and darn near everyone else. (Wall Street Journal)
Oh, and if you want to pretend to be a non-English speaker, it’s not enough to just “omit definite and indefinite articles, confuse past and present tense, and miss the infinitive “to.” Motherboard gets to the bottom of the crazy patter used by those Russians/non-Russians.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Why did France and Germany just have a cow over encryption? David Meyer says the countries’ appear to be asking for powers they already have – or else they’re teeing up larger EU-wide initiatives.
France has been beating the anti-encryption drum hard recently, and it has now joined forces with Germany to call for something to be done … The thing is, there is already little to stop EU countries—which retain complete control over their national security laws—from trying to force the likes of Telegram and WhatsApp to decrypt messages. Read the rest on Fortune.com.
Facebook’s Plan for WhatsApp Data Poses Legal Risks by Jeff Roberts
Here’s Why Dropbox is Urging Readers to Reset Their Password by David Meyer
Tim Cook’s Report Card: B+ Student, Needs to Try Harder by Mathew Ingram
How Intel and Others Are Fighting the Ransomware Epidemic by David Meyer
ONE MORE THING
Hack it all for the pizza. A U.S. jury found the son of a Russian MP guilty of a slew of hacking-related charges and a prison term will likely follow. His lawyers see this is a diplomatic incident, but what we want to know is how “master hacker” chose his target, described as “mostly pizza restaurants in the state of Washington.” (BBC)