EU parliament member hit by Israeli Candiru spyware

Original Article ↗ Hacker News Discussion ↗

Attack details and technical discussion

  • Initial comments note the MEP avoided infection by not clicking a malicious link; others point out zero-click exploits exist.
  • Disagreement over whether the specific link would compromise a device merely by opening it or required an additional step; this is unclear from the newsletter/tweet.
  • Some argue such a high‑value political target is exactly where expensive 0‑days would be deployed; others highlight that not all attacks are zero‑click.
  • Explanations describe how messaging apps and browsers can be compromised via rich content (e.g., crafted images exploiting parsing libraries).
  • Discussion of spear‑phishing vs generic phishing: spear‑phishing is targeted and may or may not use 0‑days.

Prevalence and value of zero‑click exploits

  • Commenters stress that working 0‑days for major mobile platforms and browsers are very expensive, have short shelf life, and are used sparingly.
  • Attackers often already know the target’s device/OS, narrowing the exploit set.
  • Some suggest ordinary users are unlikely to be hit if they remain “uninteresting.”

Naming and ethics of surveillance firms

  • The “Candiru” name (a parasitic fish) is discussed as darkly appropriate.
  • Comparisons are made to companies like Palantir, with the theme of firms adopting names from cautionary fiction or “evil” concepts, sometimes for nerd appeal.
  • Debate touches on how juvenile humor and self‑consciously “evil” branding relate to ethical maturity.

Geopolitics, attribution, and EU spyware use

  • Several comments emphasize the key question is which state client used Candiru, not just that it is Israeli‑made.
  • Politico links cited suggest Hungarian intelligence may be involved, in the broader context of EU spyware abuse in Hungary, Poland, Spain, Greece, and Cyprus.
  • Concerns that such tools are used against domestic and foreign political opponents and that this is becoming normalized inside the EU.
  • One commenter notes a national‑security angle: supplier states might “piggyback” on clients’ surveillance, though others say on‑prem deployments and monitoring make that non‑trivial.

Perceived information operations and moderation on HN

  • Long subthread on whether topics involving Israel (and other states) are downplayed or delegitimized on HN.
  • Some allege coordinated pro‑Israel presence or broader state‑backed influence operations; others say mercenary spyware stories from Israel appear regularly and prominently.
  • Parallel claims are made about Russian, Chinese, Iranian, and US influence campaigns; disagreement over their relative scale and visibility.
  • Meta‑discussion about how subtle narrative‑steering might be hard to detect, and that “allowed discussion” isn’t proof of absence of manipulation.
  • HN moderators explain the post’s rapid downranking by an automated flamewar detector plus user flags, and outline policies against flamebait and antisemitism.

Legal and policy responses

  • Some argue countries selling such spyware should be sanctioned and developers prosecuted as spies.
  • An example from Swedish law is cited: unauthorized surveillance/computer access and aiding such crimes could be prosecutable, though penalties are limited (e.g., two years).

Israeli surveillance and occupation context

  • Historical examples raised include reported spying on the International Criminal Court and wiretapping Palestinian Authority communications; others note Palestine’s telephony being routed via Israeli infrastructure.
  • One side frames such interception as unsurprising in a hostile context; another stresses it’s enabled by occupation and control, tying it to broader issues of subjugation and unequal power.
  • A highly contentious comment lists multiple extreme accusations against Israel (e.g., involvement in major historical events); no corroboration or detailed debate appears within the thread.