.png "back to home page")
Another explainer thread: https://t.co/TdpP7GRo5T
— Miguel de Icaza (@migueldeicaza) July 18, 2021
I was the victim of the spyware, and ended up running from Dominican Republic to USA, and even in the US, the Dominican Republic Government, leaked to narco traffickers my location in the USA.
— Carlos Rubio (@CRubioMartinezU) July 18, 2021
Had to move a few times. https://t.co/zkIgUJA2KI
Pegasus spyware gives NSO clients complete device access and thereby the ability to bypass even encrypted messaging apps like Signal, WhatsApp and Telegram. Pegasus can be activated at will until the device is shut off. As soon as it's powered back on, the phone can be reinfected https://t.co/8XJosmhZYW
— cyril almeida (@cyalm) July 18, 2021
200 journalists worldwide were selected as targets for surveillance by authoritarian & corrupt regimes. My phone was hacked for 7 months with a spyware called Pegasus, forensic analyses by @amnesty & @citizenlab confirmed. That’s life.?#PegasusProject https://t.co/P9Ai5eYCoe
— Szabolcs Panyi (@panyiszabolcs) July 18, 2021
Must read by @shaunwalker7 on how the Orbán autocracy in Hungarian is hacking phones of investigative journalists and targeting owners of independent media ?
— R. Daniel Kelemen (@rdanielkelemen) July 18, 2021
cc: @VeraJourova https://t.co/upeBK02YEB
How @AmnestyTech found Pegasus. Huge breakthrough. Their forensic analyses discovered traces of successful and attempted infections as recently as *this month*: https://t.co/NhiB2bKwZj
— Drew Harwell (@drewharwell) July 18, 2021
One of the most important news stories of the year. GoI has denied it has used this spyware. That denial simply doesn't hold up when faced with this leak. https://t.co/DilIBus63I
— Mihir Sharma (@mihirssharma) July 18, 2021
HUGE: Israel's NSO group has repeatedly denied having had anything to do with Khashoggi's killing -- but astonishing new evidence confirms the phones of the central women in his life were hacked right around his murder. https://t.co/G5H8awZ2U6
— Edward Snowden (@Snowden) July 18, 2021
THREAD with a couple of interesting bits from @AmnestyTech's new report on what they learned from looking for NSO Group's spyware on phones https://t.co/CG60vx7cRg
— Bill Marczak (@billmarczak) July 18, 2021
Introducing the Pegasus Project: a collaborative investigation involving more than 80 journalists on 4 continents showing how powerful spyware licensed only to governments targeted journalists, activists and more. https://t.co/k5bdR8C96t 1/
— Joanna Slater (@jslaternyc) July 18, 2021
The most important work to date exposing spyware vendor NSO’s role in spying on human rights advocates, journalists and politicians in countries around the world. https://t.co/7TUtSM6PHV
— Joseph Menn (@josephmenn) July 18, 2021
Apps that are installed by default on iOS are being leveraged by NSO to install their malware; apps that people would not ordinarily see as a threat, or may not even use, so likely haven't removed from their devices https://t.co/58wgjV3fSD pic.twitter.com/b9EHxhlUgH
— Joseph Cox (@josephfcox) July 18, 2021
It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving.
— Bill Marczak (@billmarczak) July 18, 2021
"The minister first moved the meeting..at the last moment, then switched off his phone & told Varadarajan to do the same
— Milan Vaishnav (@MilanV) July 18, 2021
Then “the two phones were put in a room and music was put on in that room..and I thought: ‘Boy, this guy is really paranoid. But maybe he was being sensible'" https://t.co/rrYmeQV0VT
My piece on how some of the world's most invasive spyware is being used against independent Hungarian media - the result of a long, enriching and very collaborative investigation with various outlets.
— Shaun Walker (@shaunwalker7) July 18, 2021
A small part of the upcoming #PegasusProject https://t.co/y9Pwh90rC7
I am one of them too! https://t.co/4A5jdvsIMR
— ياسر أبوهلالة (@abuhilalah) July 18, 2021
IT GETS WORSE: Israel’s NSO Group also sold surveillance tech to pro-Putin dictator Viktor Orban in Hungary for the harassment of journalists. https://t.co/65oXy6Rfp8
— Eric Garland (@ericgarland) July 18, 2021
Phone logs show that (at least some of) the iOS 13.x and 14.x zero-click exploits deployed by NSO Group involved ImageIO, specifically the parsing JPEG and GIF images. ImageIO has had more than a dozen high-severity bugs reported against it in 2021.
— Bill Marczak (@billmarczak) July 18, 2021
Because the 0-clicks they're using appear to be quite reliable, the lack of traditional "persistence" is a feature, not a drawback of the spyware. It makes the spyware more nimble, and prevents recovery of the "good stuff" (i.e., the spyware and exploits) from forensic analysis
— Bill Marczak (@billmarczak) July 18, 2021
Read this thread and research about the targets of NSO Group’s spyware. Spoiler: it’s ugly! I hope this straw breaks the camel’s back of the complete reluctance to stop these toxic, private, high-tech intelligence services ↘️ https://t.co/rvHoX3PSsn
— Marietje Schaake (@MarietjeSchaake) July 18, 2021
Snowden calls to hold NSO directly accountable for abuse of its spy tech software after @PhineasJFR’s bombshell report for @FbdnStories comes out across the world as part of massive global investigation https://t.co/HxEB6M0GS7
— Omer Benjakob (@omerbenj) July 18, 2021
"Revealed: leak uncovers global abuse of cyber-surveillance weapon.
— Prashant Bhushan (@pbhushan1) July 18, 2021
Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests."
Many activists, journalists, politicians& judges are targets in India. #Pegasushttps://t.co/HMLQO8oG7i
4. We @citizenlab independently peer reviewed @AmnestyTech's forensic methodology, including how they identify an infected phone.
— John Scott-Railton (@jsrailton) July 18, 2021
Our review, led by my colleague @billmarczak, judged their forensics & research methodology to be SOUND.https://t.co/YTTqFdx7AI pic.twitter.com/d8whUyioEJ
There were 11 occasions when a Pegasus infection was confirmed within a few days of a comment request from @panyiszabolcs to the Hu Gvt, according to analysis. More than 50% of the comment requests he sent to the government during a 7 month period were followed up with an attack https://t.co/hkSaPSZ38l
— Valerie Hopkins (@VALERIEin140) July 18, 2021
Potential targets of surveillance included the Wall Street Journal, CNN, the New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, AP, Le Monde, Bloomberg, Agence France-Presse, the Economist, Reuters and Voice of America https://t.co/FjAR9wqrrX
— Mairav Zonszein מרב זונשיין (@MairavZ) July 18, 2021
“Humanity is not in a place where we can have that much power just accessible to anybody.” https://t.co/0tOhODhEXQ
— Cat Zakrzewski (@Cat_Zakrzewski) July 18, 2021
Introducing Govt response - “However, questionnaire sent to GoI indicates that story being crafted is one that is not only bereft of facts but also founded in pre-conceived conclusions. It seems you are trying to play the role of an investigator, prosecutor as well as jury” https://t.co/fUNL6lE8rI pic.twitter.com/la2zL3DlJn
— Alok Bhatt (@alok_bhatt) July 18, 2021
The Pegasus Project investigation just out on @washingtonpost https://t.co/F7DoxEsH9U
— Saket Gokhale (@SaketGokhale) July 18, 2021
This groundbreaking reporting from @Guardian, @WashingtonPost, and many others demonstrates what we and others have been saying for years: NSO’s dangerous spyware is used to commit horrible human rights abuses all around the world and it must be stopped.https://t.co/dMD0wKjceF
— Will Cathcart (@wcathcart) July 18, 2021
The Israeli company behind this -- the NSO group -- should bear direct, criminal liability for the deaths and detentions of those targeted by the digital infection vectors it sells, which have no legitimate use. https://t.co/KtpyiyBzUf
— Edward Snowden (@Snowden) July 18, 2021
Congrats to #PegasusProject media partners and @botherder @amnesty for these important revelations https://t.co/jCTzs5WHBk
— Stefania Maurizi (@SMaurizi) July 18, 2021
Continuing evidence of the harm done by companies like NSO. What will it take for governments to stop these vendors operating with impunity? https://t.co/p4SdODMDHM
— Shane Huntley (@ShaneHuntley) July 18, 2021
If this doesn't explode as it should, there's no hope for Hungary. https://t.co/ksGfoeNzrM
— Csaba Gálffy (@galffy) July 18, 2021
(4) One of the other interesting bits here is just how much of pain it is to do phone forensics. @AmnestyTech couldn't do much w/ Android (as a lot of logs that are easy-to-access are wiped on device reboot), and the highest-signal iPhone analysis was limited to DataUsage.sqlite
— Bill Marczak (@billmarczak) July 18, 2021
300+ HUN targets identified, incl @direkt36's investigative stars @AndrasSzab & @panyiszabolcs. No surprise #pegasus spyware targets civil society figures as well. In the first 3,5 mths of 2021, Judit Varga approved on avg 5 surveillance reqs/day.
— Andras Lederer (@andraslederer) July 18, 2021
Govt reaction speaks for itself https://t.co/aUaYdTCqaE pic.twitter.com/mFfQy0MrKs
[Important thread 1/N]: Let that sink in for a second: almost all respected publications were under espionage.
— Zuk (@ihackbanme) July 18, 2021
All the sources of journalists, were exposed. If you ever spoke to a journalist (even with "Signal"/"Whatsapp") you are exposed.
THIS IS A MAJOR THREAT TO DEMOCRACY! https://t.co/PPGeWJDfoO
3. More about leaked numbers & targets in a sec, but first you need to know: @AmnestyTech just released a report with technical analysis of NSO's infrastructure... & analysis validating w/forensics that some phones were infected with Pegasus.https://t.co/WCl5rDvpv7
— John Scott-Railton (@jsrailton) July 18, 2021
5. Now, to the findings: >50k numbers were leaked that are reportedly part of the infection & targeting workflow with Pegasus.
— John Scott-Railton (@jsrailton) July 18, 2021
To help validate the relationship between these numbers & infections @AmnestyTech got consent to forensically examine a subset of the devices. pic.twitter.com/Vd2rMz2ARf
BlastDoor is a great step, to be sure, but it's pretty lame to just slap sandboxing on iMessage and hope for the best. How about: "don't automatically run extremely complex and buggy parsing on data that strangers push to your phone?!"
— Bill Marczak (@billmarczak) July 18, 2021
Government surveillance of journalists and opposition leaders isn’t new. What’s new is the speed, stealth, and totality of ownage by the Pegasus tool, which requires no user interaction whatsoever. It’s like the nuclear weapon of government surveillance. https://t.co/YsYUN8346b
— Vipin Narang (@NarangVipin) July 18, 2021
In 2019, @WhatsApp discovered and defeated an attack from NSO. They rely on unknown vulnerabilities in mobile OSes, which is one of the reasons why we felt it was so important to raise awareness of what we'd found. https://t.co/iSMuwLrKpJ
— Will Cathcart (@wcathcart) July 18, 2021
Insane work of @amnesty on the activity of the NSO group. They also released IOCs and the tools they used. #DFIR folks this article is made for you. https://t.co/SckcsbfYZc
— Baptiste Robert (@fs0c131y) July 18, 2021
Thank you to @Microsoft, @Google, @Cisco, @VMWare, the @InternetAssn and others who have spoken up against the perils of giving spyware firms like NSO immunity.
— Will Cathcart (@wcathcart) July 18, 2021
Here's how our Security Lab analysed the phones ?#PegasusProjecthttps://t.co/lvc23OcLhb
— Amnesty International (@amnesty) July 18, 2021
I talked to @panyiszabolcs - a terrific journalist - for After the Fall. Here was my impression after that conversation: https://t.co/KaSIZupqKr pic.twitter.com/etPW2FLqtK
— Ben Rhodes (@brhodes) July 18, 2021
2. Background: the already-notorious NSO Group makes mercenary spyware to silently & remotely hack iPhones & Androids.
— John Scott-Railton (@jsrailton) July 18, 2021
Many of their government customers are authoritarians.
Most cannot resist the temptation to target their critics, reporters, human rights groups etc. pic.twitter.com/97oHA6fsV9
Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak https://t.co/R1ier9hiNd
— Anthony DeRosa ? (@Anthony) July 18, 2021
How NSO's Pegasus is used to spy on journalists https://t.co/RAk7qzIvts
— Haaretz.com (@haaretzcom) July 18, 2021
At the time, we worked with @CitizenLab, who identified 100+ cases of abusive targeting of human rights defenders and journalists in 20+ countries. But today's reporting shows that the true scale of abuse is even larger, and with terrifying national security implications.
— Will Cathcart (@wcathcart) July 18, 2021
The Indian contingent at the #pegasus olympics includes “ministers, opposition leaders, business executives, senior officials, scientists, activists and others”.
— Salman Anees Soz (@SalmanSoz) July 18, 2021
Is there anyone Modi & Shah are not scared of?
Thread? https://t.co/HY5VhgkMlR
Human rights defenders, tech companies and governments must work together to increase security and hold the abusers of spyware accountable. Microsoft was bold in their actions last week https://t.co/dbRgdfTIcA
— Will Cathcart (@wcathcart) July 18, 2021
NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. ~ @amnesty https://t.co/DZX7m3CacV
— Om Thanvi (@omthanvi) July 18, 2021
You journos are brave.
— David Belle (@davidbelle_) July 18, 2021
After the Panama Files I would have done this anon. https://t.co/qAeK7v8Go0
Here we go... https://t.co/MWupUodbTz
— Immortal Technique (@ImmortalTech) July 18, 2021
Haha wow that's wild
— Fredo Fabrucci: Gentleman Kong (@Utwitily) July 18, 2021
Oh well I'm sure someone is going to face some consequences for this, let's just wait https://t.co/RO2ufxV60G pic.twitter.com/e4SzSRuzK8
Here's how NSO's Pegasus software is used to infect journalists phones in what is called "zero clicks" https://t.co/2YrBQkOBY2
— Haaretz.com (@haaretzcom) July 18, 2021
Reactions to #PegasusProject:
— Drew Harwell (@drewharwell) July 18, 2021
* @Snowden: https://t.co/FCkTjQQHvm
* @jsrailton: https://t.co/ZhNIjHizUw
* WhatsApp head @wcathcart: https://t.co/CiLYEccjJX
A number of journalists I have dealt with on Magnitsky case among the 180 journalists identified by clients of spyware firm. They include @bradleyhope @Khadija_Ismayil & many others. The firm supplying this spyware should face consequences https://t.co/Aoesv79bt5
— Bill Browder (@Billbrowder) July 18, 2021
Press freedoms are vital, and any unlawful state interference or surveillance of journalists is unacceptable.
— roula khalaf (@khalafroula) July 18, 2021
FT editor among 180 journalists identified by clients of spyware firm https://t.co/4xP0LqVDGE
We need more companies, and, critically, governments, to take steps to hold NSO Group accountable. Once again, we urge a global moratorium on the use of unaccountable surveillance technology now. It’s past time.
— Will Cathcart (@wcathcart) July 18, 2021
(1) @AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.
— Bill Marczak (@billmarczak) July 18, 2021
The charming folks at Israel's NSO Group were asked by a number of mostly authoritarian governments, among them Saudi Arabia and the UAE, to spy on the phones of more than 180 journalists around the world (myself included). https://t.co/7mKc9RQF3G
— Gregg Carlstrom (@glcarlstrom) July 18, 2021
Loved ones and colleagues of Washington Post columnist Jamal Khashoggi had their phones compromised with NSO Group software both before and after Khashoggi’s 2018 killing.
— Organized Crime and Corruption Reporting Project (@OCCRP) July 18, 2021
Read the full story in @washingtonpost, one of 17 reporting partners in the #PegasusProject ? https://t.co/IgPCHJrFOC
Also, (3) as @AmnestyTech observed and we @citizenlab can confirm, NSO Group's Pegasus spyware delivered via 0-click exploits is no longer "persistent" in the strict sense of the word (i.e., doesn't come back when you reboot). Persistence is achieved via firing the 0-click again
— Bill Marczak (@billmarczak) July 18, 2021
Stop what you're doing and read this. This leak is going to be the story of the year: (LINK: https://t.co/zhC0LN4TlC) pic.twitter.com/doo4HDDzxt
— Edward Snowden (@Snowden) July 18, 2021
"Other prominent journalists whose phones were selected by NSO’s clients include Gregg Carlstrom, a Middle East reporter at the Economist, whose Egyptian and Qatari phone numbers were selected as possible targets by an NSO client, believed to the UAE. " https://t.co/Px99H1AOcw
— Moon of Alabama (@MoonofA) July 18, 2021
BREAKING: massive, global leak of the targets of NSO Group's Pegasus spyware. *huge deal.*
— John Scott-Railton (@jsrailton) July 18, 2021
Forensic investigation by @AmnestyTech
in collaboration with @FbdnStories reporters.
We @citizenlab conducted peer review.
Here's an explainer THREAD.https://t.co/TasFCy5EGW pic.twitter.com/rGGKAkfSry
DataUsage.sqlite is a file in an iTunes backup that records process names accessing the mobile data, as well as bytes uploaded and downloaded. Information can persist in here for *years* unless cleaned up. So, in around 2019, NSO Group decided to try their hand at cleaning it up.
— Bill Marczak (@billmarczak) July 18, 2021
Israeli firm NSO's Pegasus software is used to infect journalists phones utilizing 'zero click' exploits. Here's how they did it and what we found out https://t.co/0FIO7irZPs
— avi scharf (@avischarf) July 18, 2021
This is a bomb shell of a story. #PegasusProject #ModiHaiTohMumkinHai https://t.co/1TmlBqEKL6
— Vidya (@VidyaKrishnan) July 18, 2021
A former senior HU counter-intelligence officer (...) admitted there was a flexible approach to concocting national security reasons for surveillance during his time.“[But] there were two professions we kept our distance from: lawyers and journalists”https://t.co/PJ7B2r3eML
— Barbara Grabowska-Moroz (@BGrabowskaMoroz) July 18, 2021
Viktor Orbán accused of using Pegasus to spy on journalists and critics https://t.co/jVrvyz2CaB
— Peter Jukes (@peterjukes) July 18, 2021
The EU has to take action against Viktor Orbán for using NSO spyware in assault on media. This revelation makes clear how limited dual-use export controle of surveillance tech is against domestic human rights violations ↘️ https://t.co/Je7yVKlq2Z
— Marietje Schaake (@MarietjeSchaake) July 18, 2021
8. #HUNGARY ??
— John Scott-Railton (@jsrailton) July 18, 2021
Ask the government for comment... get hacked.
Hungary's far-right PM Viktor Orbán is using Pegasus spyware to surveil & attack Hungary's independent media, like @direkt36, @panyiszabolcs, and many more.
Story: @shaunwalker7 https://t.co/FuXWoylRul pic.twitter.com/yM1KHbjRej
Viktor Orbán accused of using Pegasus to spy on journalists and critics https://t.co/Vy3ZKPuGOY
— Bastian Obermayer (@b_obermayer) July 18, 2021
Leaked data offers the most comprehensive look yet at journalists, rights activits, dissidents and more targeted by repressive regimes and other customers of NSO Group; https://t.co/mk6xkZc9O1 Hungary element was a major revelation: https://t.co/VsHHuT0nR6
— Frank Bajak (@fbajak) July 19, 2021
Hungary gave the most incriminating response I've ever seen to a request for comment on the #Pegasus surveillance scandal. I mean, whenever I'm "not aware" of whether I did something or not, I demand to know if foreign spies tipped you off about it.
— Edward Snowden (@Snowden) July 18, 2021
LINK: https://t.co/ZBXZvXUQ32 pic.twitter.com/NY6QM3CQ6O
To all remaining Orban-apologists and enablers in the European Union: THIS is what you’re supporting. A regime spying on its own citizens, and a totalitarian criminal. https://t.co/WDnaGZSvPI
— Katalin Cseh (@katka_cseh) July 19, 2021
According to an investigation by @FbdnStories Viktor Orbán's government used Israeli spyware to hack investigative journalists' phones. This could be yet again a serious attack on independent media in #Hungary.https://t.co/eYRWKoc7Dj
— EFJ (@EFJEUROPE) July 19, 2021
#Hungary’s far-right government suspected of hacking phones of investigative journalists and targeting owners. https://t.co/ZXdcO3Nbv8
— Mohamed Amjahid (@mamjahid) July 19, 2021
The #Pegasus #NSO attacks make it clear that mandatory SIM card registration is a really bad idea. A government with easy access to *everybody's* phone numbers is a dangerous power grab. https://t.co/f15NYc8AIr
— Jan Penfrat @ilumium@mastodon.cloud (@ilumium) July 19, 2021
Viktor Orbán accused of using Pegasus to spy on journalists and critics https://t.co/WwrY1SyymM
— Steve Peers (@StevePeers) July 19, 2021