Saudi Arabian Telco Asks Pro-Privacy Researcher To Help Them Spy On Citizens, Hilarity & Then Seriousness Ensues

from the perhaps-google-the-person-you're-contacting-first dept

Via Chris Soghoian, we learn that a Saudi Arabian telecom company (one of just two) contacted well-known pro-privacy researcher Moxie Marlinspike recently to see if he might help them intercept communications from a variety of popular communications apps, including Twitter, Viber, Line and WhatsApp. Curious about what they wanted, Marlinspike emailed with them a bit, and then published what he was told -- including the fact that they later told him they very quickly and easily figured out how to intercept WhatsApp communications. Eventually, he told them that he wouldn't work with them, and the guy he was communicating with told him by not helping the Saudi government intercept communications, he was helping the terrorists:
I know that already and I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that’s why I took this and I seek your help. If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities.
From there, however, Marlinspike goes on into a very interesting discussion, well worth reading, about changes in the hacker/security community lately and the lucrative business of selling 0day exploits (often to governments) rather than publishing them and getting things fixed.

Forgetting the question of legality, I hope that we can collectively look at this changing dynamic and perhaps re-evaluate what we culturally reward. I’d much rather think about the question of exploit sales in terms of who we welcome to our conferences, who we choose to associate with, and who we choose to exclude, than in terms of legal regulations. I think the contextual shift we’ve seen over the past few years requires that we think critically about what’s still cool and what’s not.

Maybe this is an unpopular opinion and the bulk of the community is totally fine with how things have gone (after all, it is profitable). There are even explicitly patriotic hackers who suggest that their exploit sales are necessary for the good of the nation, seeing themselves as protagonists in a global struggle for the defense of freedom, but having nothing to do with these ugly situations in Saudi Arabia. Once exploits are sold to US defense contractors, however, it’s very possible they could end up delivered directly to the Saudis (eg, eg, eg), where it would take some even more substantial handwaving to think that they’ll serve in some liberatory way.

Exploits will be exploited. Helping anyone to make use of them means that eventually they're going to get exploited by others in ways you might not agree with.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacking, interception, moxie marlinspike, privacy, saudi arabia, selling vulerabilities, spying, surveillance
Companies: mobily


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 14 May 2013 @ 12:07pm

    i wonder where he got the phrase from 'by not helping the government intercept communications, he was helping the terrorists'. it sounds awfully familiar to me!

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 14 May 2013 @ 12:37pm

    Helping Terrorists

    By helping the government intercept communications you are terrorizing the citizens by creating a police state.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 14 May 2013 @ 12:51pm

    Re:

    and hurting the children

    link to this | view in thread ]

  4. icon
    jupiterkansas (profile), 14 May 2013 @ 12:54pm

    If you have a terrorist problem, perhaps being more lenient will get better results than more spying?

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 14 May 2013 @ 1:03pm

    Re:

    If we had a terrorist problem maybe I would be ok with *some* of the spying that has gone on.

    But we do not have a terrorist problem.
    In the US more people die in vehicle related accidents each year than have ever died from terrorists.

    Anyone afraid of terrorists should be horrified to walk across the street since they are more likely to get run over by a bus than ever be bothered by a terrorist.

    When will the TRANSPORTATION SAFETY Administration do something about all these vehicular deaths each year?
    We clearly need safer cars and streets!

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 14 May 2013 @ 2:20pm

    what muck is this?

    supporting terrorism? no that whould be helping the suadis who might i add have been suspected of funding extremist groups al over the ME.

    link to this | view in thread ]

  7. icon
    Malor (profile), 14 May 2013 @ 2:59pm

    Considering that there always seem to be arms dealers, no matter what horrors are inflicted, I figure Moxie is pretty much pissing in the wind. It's a damn shame, and I wish it weren't so.

    But, if you are a security researcher, and you are selling exploits to governments, don't kid yourself. You are a modern arms dealer, and you are probably going to be getting people killed, very possibly people you would like.

    Going off on a bit of a tangent: this is another reason why I get so frustrated with the Linux kernel devs for treating security with such a cavalier attitude, actively going out of their way to hide security problems in the kernel. In the modern world, people's lives depend on the security their systems claim to provide.

    I can't help but wonder if someone's deliberately vague commit has ended up causing people to be imprisoned, tortured, or even killed, because the bad guys figured out the security implication, but the good guys didn't.

    Code security matters. It matters a lot.

    link to this | view in thread ]

  8. icon
    That Anonymous Coward (profile), 14 May 2013 @ 5:14pm

    Can we get a program?
    It is to fucking hard to tell which team is which anymore.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 14 May 2013 @ 8:06pm

    Damn if I could only go back in time now to ask Hitler to help save the Jews. What could possibly go wrong?

    No thanks I took a shower before I came.

    link to this | view in thread ]

  10. identicon
    Zem, 14 May 2013 @ 8:10pm

    Re:

    Team 1 is dressed in black, Team 2 in midnight blue, easy. Team 3 is in a pretty teal colour, but I haven't seen them around in a while.

    link to this | view in thread ]

  11. identicon
    Kiwini, 14 May 2013 @ 10:01pm

    Closer to home

    ..."the guy he was communicating with told him by not helping the Obama government intercept communications, he was helping the terrorists"...

    Fixt

    link to this | view in thread ]

  12. icon
    Anonymous Howard (profile), 15 May 2013 @ 3:05am

    Re:

    Mike Godwin is rollin' over in his grave. The friggin' guy isn't even dead yet.

    link to this | view in thread ]

  13. identicon
    Eccentric dude, 15 May 2013 @ 5:31am

    Crypto done less worse

    Why do we (people) still use those easy to break crypto-protocols.

    It can be better. See http://eccentric-authentication.org/

    Cheers, Eccentric dude.

    link to this | view in thread ]

  14. icon
    btrussell (profile), 15 May 2013 @ 7:41am

    Re: Re:

    We need to pave the world with magnets and develop a hybrid gas/magnetic vehicle.

    link to this | view in thread ]

  15. identicon
    Rajat Kulshrestha, 28 May 2014 @ 9:43pm

    Re:

    terrorist problem ??, being more lenient will get better results than more spying?

    Whatsapp vs hike

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.