[HN Gopher] Leak uncovers global abuse of cyber-surveillance weapon
___________________________________________________________________
Leak uncovers global abuse of cyber-surveillance weapon
Author : johnny_reilly
Score : 444 points
Date : 2021-07-18 16:05 UTC (6 hours ago)
(HTM) web link (www.theguardian.com)
(TXT) w3m dump (www.theguardian.com)
| tigerBL00D wrote:
| How is this legal and why companies like NSO and their principals
| are not being prosecuted?
| A4ET8a8uTh0 wrote:
| Is it forbidden? Then it is likely legal.
|
| I am not defending NSO here, but I just want to provide a
| sample of a simple defense of this. In practical sense, there
| is very little regulation in this space. And if you add to it
| some of the territories involved in that race, you will quickly
| notice that it may be hard to force them to do anything. They
| are sovereign after all.
| owlbynight wrote:
| Why is this seemingly okay but if my Mom leaves a card in my
| mailbox, it's illegal? I really hate that our countries are
| largely run by incompetent corrupt geezers.
|
| Compromising the personal devices of private citizens for
| nefarious means should be globally illegal and, if perpetrated by
| a government, should be considered an act of war.
|
| Why does it seem like we're all just kind of okay with citizens
| being attacked like this?
| 14 wrote:
| Who is target US journalists?
| dredmorbius wrote:
| _NSO said that even if Pineda's phone had been targeted, it did
| not mean data collected from his phone contributed in any way to
| his death..._
|
| NSO are clearly concerned about any such claims sticking.
|
| Shared and joint liability for such consequences of software and
| tools strikes me as one of the more viable ways of limiting their
| over development.
|
| Finding a firm, its officers, its engineers, its salespeople, its
| investors, and its creditors culpable for assassinations and
| murders would tend to dampen enthusiasm significantly. That's not
| enough to utterly quash development, but it makes it far more
| expensive and unattractive.
|
| I don't have high hopes for this. But one may dream.
| toptal wrote:
| So, PBS seems to have done a documentary on this, which was just
| released an hour ago: https://m.youtube.com/watch?v=a2BIYWHdfTE
|
| Did all of the media outlets organize together for months in
| advance to be able to release everything today? The content and
| production quality makes it seem like this release was planned
| months in advance.
|
| Also, assuming they did, what's the process all of these news
| organizations go through in order to plan such a release on the
| same exact day? The planning of the release in such a coordinated
| way is almost questionable itself, though it would be good to get
| insight into this.
| eXpl0it3r wrote:
| The case around Jamal Khashoggi is also documented quite well
| in the documentary: "The Dissident"
|
| It was that movie/documentary where I first heard of Pegasus
| and how it had been used by the Saudi government.
| alex_duf wrote:
| Hey, former software engineer at the Guardian here. Yes the
| news outlets are collaborating on stories too big for a single
| one.
|
| The last I can remember was the Panama papers, which followed a
| very similar process. I seem to remember they all synchronized
| through the ICIJ [1], and more or less each journalist would
| cover their own territory / domain. Then they agreed on a
| reasonable date to release the news.
|
| They shared more than just information, but also technical
| infrastructure to do the investigation.
|
| [1]: https://www.icij.org/
| toptal wrote:
| So, if the ICIJ coordinated the last one, then who
| coordinated this one? It seems like Forbidden Stories is the
| main organizer though they also make it seem like "The
| Pegasus Project" is the organizer as well, which seems rather
| confusing.
| tedunangst wrote:
| You can't read the article?
|
| > Forbidden Stories, a Paris-based nonprofit media
| organisation, and Amnesty International initially had
| access to the leaked list and shared access with media
| partners as part of the Pegasus project, a reporting
| consortium.
| [deleted]
| Goety wrote:
| It looks like the Wikipedia page cites a broken link in
| concerning Forbidden Stories supporters!
|
| [broken link #33] https://forbiddenstories.org/they-
| support-us/
|
| "Prominent supporters are:[33]
|
| Can Dundar, former Editor-in-chief of Turkish newspaper
| Cumhuriyet
|
| Khadija Ismayilova, Azerbaijani investigative journalist
|
| Marina Walker Guevara, deputy director of the U.S.-based
| International Consortium of Investigative Journalists[34]
|
| Bastian Obermayer, Pulitzer Prize-winning German
| investigative journalist with the newspaper Suddeutsche
| Zeitung
|
| Fabrice Arfi, Co-head of investigations at French online
| newspaper Mediapart[35]
|
| Will Potter, U.S.-American investigative journalist
| lutoma wrote:
| Looks like the same group of newspapers that also worked
| together on a number of previous high-profile leaks in
| coordination with ICIJ:
|
| https://en.wikipedia.org/wiki/International_Consortium_of_In...
| commoner wrote:
| > The investigation by the Guardian and 16 other media
| organisations suggests widespread and continuing abuse of NSO's
| hacking spyware, Pegasus, which the company insists is only
| intended for use against criminals and terrorists.
|
| Usually, joint investigations between multiple media outlets
| are released in a planned fashion. It's rare to see 17 news
| outlets collaborate on one story, but when "more than 180
| journalists" have been targeted with Pegasus, it may be that
| the targeted journalists worked together on this investigation,
| using their exploited devices as evidence.
| WarOnPrivacy wrote:
| In the US, journalists were long reluctant to discuss Gov
| surveillance abuses in any meaningful way - even when they
| were targeted.
|
| Snowden basically dragged news orgs into reporting it. After
| that initial rush tho, reporting was largely muted. Most DoJ
| and other abuses were minimally covered if at all.
|
| That improved somewhat during the next administration but
| authoritarian deference still seemed in play to me.
| Goety wrote:
| >That improved somewhat during the next administration
|
| I heavily disagree?
| phtrivier wrote:
| Sadly, an haveibeenpawned-like service to know if a number is in
| the list would be unfeasible ; so, the only way to know if you've
| been monitored is to be some kind of celebrity that the giardian
| and co will decide to out.(I suppose it will be better in terms
| of PR to be outed in this case than in the Panama papers...)
| tuukkah wrote:
| Somewhat surprising (disappointing?) for me to find India, Mexico
| and Hungary on the list: " _at least 10 governments believed to
| be NSO customers who were entering numbers into a system:
| Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi
| Arabia, Hungary, India, and the United Arab Emirates (UAE)._ "
| mulmen wrote:
| Why do you find this surprising?
| tuukkah wrote:
| I thought these countries still tried to operate legally
| instead of targeting their opposition leaders etc.
| pm90 wrote:
| > India, Mexico and Hungary
|
| Both India and Hungary are currently governed by anti-
| democratic right wing administrations (Modi and Orban). Not
| that surprising to see the State try to abuse power.
| arv_ind1 wrote:
| Why do you think India has an undemocratic govt? Just
| because Modi is RW?
| webdevlion wrote:
| Ironic that you mention this, since the fact that the
| Modi government's name is on the list attests to their
| anti-privacy way of ruling.
| actuator wrote:
| I am sure the big names missing from the list are also
| doing it. Five eyes, Russia, China probably have much
| better capabilities than the ones on the list.
|
| The list for India is weird though. It has a lot of names
| which are in the pro current establishment camp and some
| of their own leaders as well.
|
| Could it be some other state snooping on them or has it
| found usage by non state actors as well?
| jazzyjackson wrote:
| Probably related to the disenfranchisement of minorities
| A4ET8a8uTh0 wrote:
| Um.. just because they happen to be right-wing ( from US
| perspective - I don't want to derail this conversation ),
| does not mean they are not democratic and hostile towards
| democracy.
|
| In fact, I would argue, that they have a mandate from its
| people ( hence they are democratic ) and their program is
| very open about the changes they propose ( which may
| unpopular in EU salons, but not for an ordinary citizen
| ).
| [deleted]
| dogma1138 wrote:
| Are we're supposed to act like it's a new thing? It's
| rather similar to the client list of Hacking Team
| https://en.m.wikipedia.org/wiki/Hacking_Team
|
| This market has been developing for the past 2 decades
| there are a lot more players than NSO and most of them
| aren't in Israel.
| boomboomsubban wrote:
| A reminder, a 20th century US president was found to be
| openly spying on the opposition, and only faced
| repercussions for the cover-up. Though I can't prove it, I
| assume every major political group is doing some amount of
| surveillance on the opposition.
| aqibgatoo wrote:
| The current indian govt figured in the list back in 2019 as
| well, so no surprises there.
| tuukkah wrote:
| The 2019 list was probably of Pegasos's customers? This list
| is of governments using Pegasos against their opposition,
| journalists, lawyers...
| A4ET8a8uTh0 wrote:
| I am actually surprised the list is so short. I was expecting
| to see more names.
| TedDoesntTalk wrote:
| Possibly other countries (US, UK, Russia, Australia, China,
| etc) have enough resources to build their own equivalent
| tools without needing to buy Pegasus.
| haunter wrote:
| Hungary? Basically the western bastion of Russia
| riffraff wrote:
| I wish it was only Russia, Orban is in bed with the PRC too.
|
| Hungary is being run as a cleptocracy, it will align with
| whoever gives the chance for higher embezzlement.
| tuukkah wrote:
| Member of EU too - hope this leak will increase the pressure
| against them.
| nickfromseattle wrote:
| Pegasus and it's capabilities have been publicly known for
| several years. Pegasus recently appeared in connection with hack
| that stole Jeff Bezos' nude selfies.
|
| It sounds like the new info putting them back in the new cycle is
| related to this sentence:
|
| "The Guardian and its media partners will be revealing the
| identities of people whose number appeared on the list in the
| coming days. They include hundreds of business executives,
| religious figures, academics, NGO employees, union officials and
| government officials, including cabinet ministers, presidents and
| prime ministers."
|
| Should be a very interesting release.
| iforgetti wrote:
| This does prove or disprove any other Pegasus related claims
| but regarding the Bezos "hack", Brad Stone who is a Bezos
| biographer says in this interview (https://twitter.com/profgall
| oway/status/1400539983333793792?...) that all the evidence
| about the nude photos leak point to Bezos' girlfriend's brother
| actually just taking the photos from her phone through physical
| access and leaking them.
| jjeaff wrote:
| I don't think all the evidence points to the brother in law.
|
| https://www.vice.com/en/article/v74v34/saudi-arabia-
| hacked-j...
| tedunangst wrote:
| Let's just ignore what all the people who would know have
| to say.
| https://www.bloomberg.com/news/features/2021-05-05/how-
| jeff-...
| A4ET8a8uTh0 wrote:
| The technology is there. It is obvious that if it is being
| sold, it will be used. And like most things that do give people
| power, it is likely to be abused. At least in some sectors
| there is a strict regulation of what can be used and why ( and
| there is a cost associated with it so companies tend to
| scrutinize for unnecessary searches ), but an individual with
| too much money and time on their hands? The only limit is that
| person.
|
| I will admit I am tantalized.
| JohnDeHope wrote:
| And like [all] things that [] give people power, it is
| [guaranteed] to be abused.
| erostrate wrote:
| The most positive thing about this leak is that it includes
| government officials. The more they realize that the mass
| surveillance they are pushing on us will also apply to them,
| the more chances we'll have that they push back against it.
| Leparamour wrote:
| The problem is that politicians often seem to view themselves
| as an exalted caste. Targeting individuals is only
| problematic insofar politicians from the ruling parties are
| targeted. If the Spyware companies promise to exclude them
| from being targets, all is fine.
| dannyw wrote:
| This sounds absolutely huge. It feels like a Snowden lite.
| camjohnson26 wrote:
| Snowden says: "Stop what you're doing and read this. This
| leak is going to be the story of the year"
|
| https://twitter.com/Snowden/status/1416797153524174854?s=20
| slg wrote:
| I'm not judging the importance of the story, but based off
| past reception of these stories it is wildly naive to
| believe this will be the story of the year. That is
| especially true in a year in which the globe is still not
| through a global pandemic that has killed millions.
|
| Most people simply don't care that much about digital
| privacy. Lots of people believe Facebook is spying on them
| constantly including recording everything said in the
| presence of their phone and many of those people go right
| on continuing to use those apps.
| clairity wrote:
| > "...wildly naive to believe this will be the story of
| the year. That is especially true in a year in which the
| globe is still not through a global pandemic that has
| killed millions."
|
| if this were true, cardiovascular disease and cancer
| would be the top stories everyday, as they combine for
| tens of millions of deaths per year. the media focuses on
| novel fear because it's attention-getting, not rationally
| dire.
| slg wrote:
| You phrased that like a disagreement, but I think it
| actually goes to support by point. A pandemic that has
| shutdown much of the planet for going on a year and a
| half seems like a much more novel fear than someone's
| phone spying on them.
|
| And you can't just blame this on the generic "media".
| They sell what the people want to buy. They report on
| novel fears because that is what attracts more attention
| from readers/viewers. The story about a murder is always
| going to get more attention than a dozen people dying of
| heart disease.
|
| It isn't that the media doesn't care about these privacy
| issues. It is that people generally don't care about
| these privacy issues.
| djmips wrote:
| You've underestimated how quickly people normalize
| things. The pandemic and the shutdown isn't big news
| anymore.
| slg wrote:
| And digital surveillance is still big news 8 years after
| Snowden's leaks? It has also been normalized. There is
| little chance that the average person would rate this a
| bigger story than the pandemic.
| grugq wrote:
| Bezos nudes weren't stolen by a hack, but by physical access to
| his mistress's device. Her brother. At least, that's what I
| recall.
|
| The forensic investigation showed that bezos' device was clean.
| From what I saw.
| Natsu wrote:
| The analysis claimed that some video sent by MBS might be
| malware, but then claimed to be unable to decrypt it and
| prove that or analyze it in any way.
|
| HN called them out on failing to decrypt and properly analyze
| the file when that came up:
|
| https://github.com/ddz/whatsapp-media-decrypt
| commoner wrote:
| Here's the forensic report from FTI Consulting:
|
| https://www.vice.com/en/article/v74v34/saudi-arabia-
| hacked-j...
|
| Reviews of the report suggest that it contains circumstantial
| evidence, but lacks conclusive evidence:
|
| https://en.wikipedia.org/wiki/Jeff_Bezos_phone_hacking#Analy.
| ..
| TedDoesntTalk wrote:
| What adult, a tech executive no less, is dumb enough to send
| nude selfies in 2021?
| webnrrd2k wrote:
| All of them? I mean, they're still human and get just as
| horny (and irrational because of it) an any other sex-
| osessed monkey.
| jjeaff wrote:
| No, not all of them. Most people have the sense to never
| even take nude photos with a connected device.
| heavenlyblue wrote:
| Some people are just normal people and realise that
| living in a prison because of the chance of someone
| leaking your nudes is just isn't worth it so they just
| take the chance. It doesn't mean they would not retaliate
| if someone actually leak their nudes.
| leppr wrote:
| I hope you always wear pants while using your phone.
| Otherwise how can you be sure to never having pointed
| your smartphone camera in your nude genitalia's
| direction? A hacker could've been filming and potentially
| ended your life through a devastating leak.
| polar wrote:
| > I hope you always wear pants while using your phone.
|
| Don't you?
| h2odragon wrote:
| We'll be putting the leakers in the cell beside Assange any day
| now, right?
| coldcode wrote:
| NSO is clearly in the business of selling surveillance to foreign
| entities, and saying they vet people is nothing but smoke as
| there is zero actual evidence other than their blanket
| statements. If some government or other customer tells them they
| only attack terrorists, it's clearly easy to target anyone; how
| would NSO even know.
|
| Also rather stupid was Apple's statement about their phones being
| secure, when its obvious there are zero days being sold to NSO
| instead of telling Apple. Everything is insecure these days, at
| some level.
|
| If NSO paid people $1M for a zero day (I bet they don't say), and
| Apple/Google/etc paid $10K, who do you think gets the info.
| netsec_burn wrote:
| It's not that cut and dry, ethics and legality are a concern
| for a lot of researchers such as myself that sell zerodays. In
| my experience the actual price difference between unethical and
| ethical outlets is up to 4x, not two orders of magnitude (10K
| vs 1M?). I can't speak for everyone of course, but even the
| other researchers I know refuse to sell to unethical buyers,
| money isn't a factor.
| [deleted]
| zrth wrote:
| Can you give me a feeling for wat ethical buyers would be.
| I'd assume bug bounties and ZDI and similar. What else?
| netsec_burn wrote:
| First and foremost, the original vendor is always the most
| ethical place to sell it. That's where you stand the best
| chance of having it fixed for affected users. Second to the
| vendor are third parties that report vulnerabilities to the
| vendor by selling early warnings as a service. I don't know
| if I would recommend ZDI, they provide zero guidance for
| what their payout ranges are. There are security companies
| that purchase zerodays to write about them for PR, which
| also fixes the issue. And finally there's selling it to
| branches of the US government with license restrictions and
| a blanket exclusion for the NSA.
|
| Beyond those buyers, the lines start to blur (defense
| contractors, companies in countries allied with the US e.g.
| FVEY). I would not recommend it either. Unethical buyers
| have completely different interests. I know Zerodium for
| one is a terrible place to sell to ( _you_ may be a
| target), and anything that is sold to Crowdfense is likely
| to be used against American interests.
|
| My take away advice is, you can choose between painting a
| target on your front or one on your back.
| Aulig wrote:
| Who do companies like ZDI sell early warnings to? I don't
| quite understand how a vulnerability could be worth more
| to them than the vendor who could fix it (assuming they
| don't somehow abuse the vulnerability).
| sudosysgen wrote:
| You can almost assuredly sell exploits illegally/unethically
| for a serious amount if you have the right connections. We
| know that iOS zerodays have sold north of 2 million $.
| edoceo wrote:
| I don't know that. I can't find anything on G or DDG - can
| you point me towards some data/links?
| sudosysgen wrote:
| https://www.wired.com/2015/11/hackers-claim-million-
| dollar-b...
|
| https://arstechnica.com/information-
| technology/2019/01/zerod...
|
| https://zerodium.com/program.html [see iOS 0-click FCP]
| edoceo wrote:
| Thank you!
|
| Summary: Wired report is a $1M and Ars reports three, one
| at $2.5M - all paid by Zerodium. Wow.
| fossuser wrote:
| Thanks for being one of the good guys.
| cblconfederate wrote:
| Part of their vetted list: Azerbaijan, Bahrain, Kazakhstan,
| Morocco, Rwanda, Saudi Arabia, United Arab Emirates
|
| It's as if they are vetting for the most authoritarian, human-
| rights-abusing, anti-free-press countries in the list. A
| peculiar vetting process indeed
| Leparamour wrote:
| Their vetting process probably goes like this:
|
| Question: How would you solve the Trolley problem?
|
| Answer: By using more trolleys.
| zepto wrote:
| > Also rather stupid was Apple's statement about their phones
| being secure
|
| Apple has never made such a statement.
| commoner wrote:
| > Apple has never made such a statement.
|
| From the article:
|
| > Apple said: "Security researchers agree iPhone is the
| safest, most secure consumer mobile device on the market."
| zepto wrote:
| Exactly. It says nothing about their phones being secure.
| Only that they are more secure than their competitors.
| commoner wrote:
| That's a stretch.
| zepto wrote:
| No, it's what they said.
|
| Saying they claimed their phones to be secure is just a
| lie.
| commoner wrote:
| It's a stretch to argue that "safest, most secure
| consumer mobile device on the market" is not a claim of
| security. The average reader would not interpret that
| statement as you did, which makes the statement
| misleading.
| zepto wrote:
| > is not a claim of security.
|
| It _is_ a claim of _relative_ security but it is a lie to
| say that Apple claimed their device is secure.
|
| >The average reader would not interpret that statement as
| you did
|
| I think most people can read the statement for what it is
| - a comparison to other devices on the market.
| cblconfederate wrote:
| So it is fair to say that iPhones are insecure
| johnny_reilly wrote:
| More specific details on Pegasus here:
|
| https://www.theguardian.com/news/2021/jul/18/what-is-pegasus...
| rootkea wrote:
| Here is the full forensic methodology report of this leak by
| Amnesty International's Security Lab:
| https://www.amnesty.org/en/latest/research/2021/07/forensic-...
|
| With this report, the Amnesty International has also released
| Mobile Verification Toolkit (MVT) - a forensic tool to look for
| signs of infection in smartphone devices: https://github.com/mvt-
| project/mvt
| [deleted]
| Zigurd wrote:
| How much consideration does NSO and other "forensic tools" makers
| get from platform makers and malware detection providers? Does
| intelligence and law enforcement get to keep their vulns longer
| after they are detected?
| WarOnPrivacy wrote:
| Ethics says we shouldn't be okay with surveillance predators.
| [deleted]
| [deleted]
| mjreacher wrote:
| At what point are western governments going to crack down on
| companies such as NSO Group?
| LinuxBender wrote:
| I am just guessing, but they would probably crack down on
| specific companies that sell to governments other than their
| own.
| bilbo0s wrote:
| They'd also crack down on companies that sell to other
| governments _and_ their own. The stakes are getting too high
| at this point.
|
| On a completely unrelated note, if I were a security
| researcher, I'd start being extremely mindful about to whom
| I'm selling zero-days.
| Leparamour wrote:
| >On a completely unrelated note, if I were a security
| researcher, I'd start being extremely mindful about to whom
| I'm selling zero-days.
|
| Unless you're dependent on the money, responsible
| disclosure is probably the most ethical way.
| thr0wwy wrote:
| I don't think the US government will sanction Israel over
| selling surveillance software to governments that are allied
| with both the US and Israel.
| jeffbee wrote:
| Governments objecting to the success of drive-by 0-day malware
| should be investing in safer operating systems and programming
| languages, not trying to outlaw malware.
| mjreacher wrote:
| Why not both? Western governments should (theoretically) be
| promoting democratic causes not allowing companies to sell to
| governments that target those that protect democratic values
| such as activists and journalists.
| jeffbee wrote:
| I guess but that doesn't sound very realistic. The US, if
| we accept it as an example western government, will
| tolerate literally anything from Israel, whether government
| or private, and doesn't really care how badly the Saudis
| are acting, either.
|
| If this bothers you the best thing individuals can do is
| invent better computers.
| mjreacher wrote:
| Landing on the moon once didn't sound very realistic
| either, doesn't mean we should stop trying. At the
| current moment there is plenty of public pressure on
| Israel so if it could be directed at something like this
| that would be a good thing in my mind. This is a
| political problem and hence should be solved as such.
| desine wrote:
| Scientific unrealistic is different than socially
| unrealistic. It's not easy to express, but the knowledge
| I have of human nature, I feel like I understand better,
| than the knowledge I have of quantum mechanics.
| milofeynman wrote:
| Was a joint investigation. Here's Washington Post writeup:
|
| Private spy software sold by NSO group found on cellphones
| worldwide - Washington Post
|
| https://www.washingtonpost.com/investigations/interactive/20...
| cf100clunk wrote:
| From the Guardian article: "The research, conducted by
| Amnesty's Security Lab, a technical partner on the Pegasus
| project, found traces of Pegasus activity on 37 out of the 67
| phones examined." The results were released by an international
| consortium of media entities that includes The Guardian and the
| WaPo.
| maratumba wrote:
| Response from NSO:
| https://amp.theguardian.com/news/2021/jul/18/response-from-n...
| zrth wrote:
| Gaslighting at its finest.
| dredmorbius wrote:
| De-amped link:
| https://www.theguardian.com/news/2021/jul/18/response-from-n...
| [deleted]
| c7DJTLrn wrote:
| Disgusting. When the topic of commercial "cyberweapons" comes up,
| I immediately wonder about the people who created them. How they
| can sleep at night knowing how tools of their design are used.
| I'd argue that it's a completely different class of cybercrime
| and worse than anything else out there.
|
| Unprecedented action needs to be taken against NSO Group.
| helge9210 wrote:
| Sale of these technologies is heavily regulated. If this kind
| of technology is deployed in your home country, State of Israel
| gave permission to sell it and your own state have permission
| to buy and deploy it.
| c7DJTLrn wrote:
| This is beyond regulation - these tools are infringing on
| human rights. But frankly, I don't mind what sales the State
| of Israel permits, they're free to do what they want.
| However, I would be upset if the government of my own home
| country permits these sales (which they probably do) or does
| not reprimand those associated with NSO Group.
| 34679 wrote:
| I imagine it helps to think of your victims as cattle put here
| by god for you to exploit.
| Leparamour wrote:
| I wouldn't go so far and drag Judaism into this.
|
| At least it's an interesting question why so many shady
| companies seem to operate out of Israel.
| Leparamour wrote:
| Without programmers disregarding ethics these companies would
| have nothing to sell.
|
| My proposition is to put known employees of these companies on
| a blacklist for conferences like CanSecWest or similar.
| SheinhardtWigCo wrote:
| Too mild. Slap them with OFAC sanctions.
| threatofrain wrote:
| > That thesis is supported by forensic analysis on the phones of
| a small sample of journalists, human rights activists and lawyers
| whose numbers appeared on the leaked list.
|
| > The research, conducted by Amnesty's Security Lab, a technical
| partner on the Pegasus project, found traces of Pegasus activity
| on 37 out of the 67 phones examined.
|
| > The analysis also uncovered some sequential correlations
| between the time and date a number was entered into the list and
| the onset of Pegasus activity on the device, which in some cases
| occurred just a few seconds later.
|
| > Amnesty shared its forensic work on four iPhones with Citizen
| Lab, a research group at the University of Toronto that
| specialises in studying Pegasus, which confirmed they showed
| signs of Pegasus infection. Citizen Lab also conducted a peer-
| review of Amnesty's forensic methods, and found them to be sound.
|
| ---
|
| > NSO has always maintained it does "does not operate the systems
| that it sells to vetted government customers, and does not have
| access to the data of its customers' targets".
| rendall wrote:
| Edward Snowden predicts this to be "the story of the year"
|
| https://twitter.com/Snowden/status/1416797153524174854
| rasz wrote:
| This, or a tiktok clip of a farting puppy, its hard to tell.
| pomian wrote:
| Perhaps it should be. Sadly it will probably pass quickly for
| other headlines. Will any changes in privacy control happen?
| Will someone make and market a new secure phone? That would
| need interesting.
___________________________________________________________________
(page generated 2021-07-18 23:00 UTC)