.png "back to home page")
Hmm. NSO CEO says he heard about list of phone #s last month. "an information broker...said that there is a list circulating in the market and that whoever holds it is saying that the NSO servers in Cyprus were hacked... We don't have servers in Cyprus" https://t.co/CFfRiDwkjH
— Kim Zetter (@KimZetter) July 20, 2021
You have to wonder how many unknown? How many acting out orders or be exposed for something... https://t.co/ge3JlS6NAn
— Jeff Teravainen (@JeffTeravainen) July 21, 2021
Just your periodic reminder that Mike Flynn and Rod Rosenstein were/are employed (and handsomely paid) by NSO Group.
— Nicole Perlroth (@nicoleperlroth) July 21, 2021
Diplomatic weapons of the future are here!
— Subrahmanyam KVJ (@SuB8u) July 21, 2021
"NSO’s Pegasus software, which requires a government licence for export because it is considered a weapon, has in recent years become a crucial part of Israel’s diplomatic outreach..."https://t.co/38cbPuuOGi pic.twitter.com/WNT9IoDZam
1/2) his claim that the list has "nothing" to do with us is almost certainly false. There is near certainty that there is overlap with people on that list and people that got Pegasus spyware. What does seem probable is that the list is not completely overlapping with NSO targets.
— Spencer Dailey (@SpencerDailey) July 21, 2021
not sure what to make of this interview with the NSO Group CEO https://t.co/1rXgXg8v5v
— Jacob Silverman (@SilvermanJacob) July 21, 2021
I’m sort of wondering if NSO is actually scared. Not that someone will regulate them, but that their own customers will decide to have them killed.
— Matthew Green (@matthew_d_green) July 21, 2021
So it seems fairly obvious that ripping out memory-unsafe parsing code and disabling advanced (non plain-text) features — while not guaranteed to solve the problem — is still an open problem, something that Apple can devote its enormous resources to. 6/
— Matthew Green (@matthew_d_green) July 20, 2021
“It will always be my word against the evidence”
— Scott Stedman (@ScottMStedman) July 21, 2021
-NSO Group CEO.
Well said. The evidence will always win. https://t.co/ZnCDuQhrxD
Amnesty International: "We have long known that activists and journalists are targets of this surreptitious phone-hacking – but even those at the highest levels of power cannot escape the sinister spread of NSO’s spyware... It should send a chill down the spine of world leaders." https://t.co/jHqEerXRuL
— Geoffrey York (@geoffreyyork) July 20, 2021
There's so much to parse in this piece, my head spins https://t.co/QxF3GVruhV
— Ryan Naraine (@ryanaraine) July 20, 2021
Let me be clear: export regulations, licensing, and reviews have been in place for years. They did not work, and cannot work.
— Edward Snowden (@Snowden) July 20, 2021
A moratorium on the trade in intrusion software is the bare minimum for a credible response—mere triage. Anything less and the problem gets worse. https://t.co/214Dt9IWWa
Time for both Israeli company NSO and spying governments to be held accountable for these serious abuses! https://t.co/cOqlTj3mJ4
— Phil Robertson (@Reaproy) July 20, 2021
Takeaway from the #PegasusProject spyware revelations:
— John Scott-Railton (@jsrailton) July 20, 2021
If 10 Prime Ministers & 3 presidents can't be safe from mercenary spyware, what chance do the rest of us stand?
Since the hacking industry is incapable of self control, governments must step up.https://t.co/qW4paLz7IF
NSO Group's approach to identifying misuse of its software appears to consist of asking customers nicely whether they used Pegasus to aid in the chopping up of dissidents or not.https://t.co/w2TDa0ODxV pic.twitter.com/i9tHegJVWL
— Shashank Joshi (@shashj) July 21, 2021
How Israel used NSO spyware as diplomatic calling card - “It’s like the toy that every intelligence officer wants,” said a person involved in pitching NSO products in the Gulf. Rpt by @MehulAtLarge https://t.co/R7g5HdNElK
— Tony Tassell (@TonyTassell) July 21, 2021
3/bonus) Regarding the "list": Amnesty said 34 iPhones were forensically checked. 23 successfully had malware (specifically Pegasus) installed on them. the other 11 saw attempts at malware infection. That's a 100% hit rate on their sampling of the "list". https://t.co/ZgT297kt0R
— Spencer Dailey (@SpencerDailey) July 21, 2021
NSO's claim that it is "technologically impossible” to spy on American phone numbers is a bald-faced lie: a exploit that works against Macron's iPhone will work the same on Biden's iPhone.
— Edward Snowden (@Snowden) July 20, 2021
Any code written to prohibit targeting a country can also be unwritten. It's a fig leaf. https://t.co/1C25G2OUx8
This long story suggests #Israel sold #PegasusSpyware like weapon sales, to improve ties with other nations.
— Rajrishi Singhal (@RajrishiSinghal) July 21, 2021
But @MehulAtLarge seems to be missing a crucial point: armament buyers in the past have rarely used such hardware against their own citizens!https://t.co/DbUaVg6QH8
when i first saw this headline, i was, meh, but then i read this:
— Justin Spratt ???? (@justinspratt) July 21, 2021
“The software surreptitiously turns phones into listening devices while unveiling their encrypted contents.”
*encrypted* ?
“How Israel used NSO spyware as diplomatic calling card” | FT https://t.co/cFDIqiQ7jY
Apple’s stock price fell 2.4% by lunchtime amid concerns that NSO’s #PegasusProject can infiltrate and take over the latest versions of iPhones without a single click from their owner https://t.co/pFv7bI3f2y
— Andreas Harsono (@andreasharsono) July 20, 2021
feel like apple is going to freak out over the bad PR and just dump more money into mitigations -.-“”
— cts (@gf_256) July 20, 2021
There’s a certain risk in doing business with people who view bone saws as a negotiating tool.
— Matthew Green (@matthew_d_green) July 21, 2021
“The Israeli public does not fully understand what is going inside high tech — the holy cow of the economy — and because the Israeli public is not really concerned, there is no public pressure on the government to change anything.”https://t.co/L6DaYJFDYd via @MehulAtLarge
— Arash Massoudi (@ArashMassoudi) July 21, 2021
While we can’t have “perfect security”, closing down avenues for interactionless targeted infection sure seems like a thing we can make some progress on. 3/
— Matthew Green (@matthew_d_green) July 20, 2021
The individuals who work on the security teams at Apple are indisputably world-class.
— patrick wardle (@patrickwardle) July 20, 2021
How insane though, (though sadly unsurprising) that at Apple, marketing trumps security!? ?? https://t.co/pStqSnlEjG pic.twitter.com/4NqMQoY6Qy
this whole NSO thing is going to make my job so much more difficult. damn it
— cts (@gf_256) July 20, 2021
A solid and on-point analysis by the @FT's @MehulAtLarge about NSO's spyware and the relationship between the company and the Israeli state.https://t.co/o5kwS53geD
— John Reed จอห์น รีด (@JohnReedwrites) July 21, 2021
NSO CEO exclusively responds to allegations: "The list of 50,000 phone numbers has nothing to do with us."
— CTech (@Calcalistech) July 20, 2021
“I'll give you a simple statement: Journalists, human rights activists, and civil organizations are all off-limits.” - Shalev Hulio.#PegasusProjecthttps://t.co/ZoWmJ09frA pic.twitter.com/8hkGKaWjCp
Probably the best article on that topic https://t.co/PWxOyltw7q
— ElcomSoft (@ElcomSoft) July 21, 2021
For starters, no internet-connected device is safe from hacking, so the iPhone is no different in that way. But it has a reputation for excellent security, thanks to Apple's excellent marketing. But Apple's marketing also sometimes gets in the way of security.
— Reed Albergotti (@ReedAlbergotti) July 19, 2021
The NSO story has taken an interesting turn, with the company now saying the leaked target phone numbers are not from NSO or its Pegasus spyware & that a broker was shopping the numbers round while falsely claiming an NSO server in Cyprus was hacked https://t.co/vWZoFvrL6T pic.twitter.com/scU9gVlOSk
— Ryan Gallagher (@rj_gallagher) July 21, 2021
NSO has confirmed "the Israeli gov't itself uses NSO’s technology"
— Ben White (@benabyad) July 21, 2021
Its lawyers argued that revealing list of clients “will meaningfully harm foreign relations of the state”
"Many of its staff are from elite military intelligence units."#PegasusProjecthttps://t.co/bLX1LNyZCB
Good piece by @MehulAtLarge on the very thin lines between commercial security and defence companies and the foreign policy interests of the state in Israel. https://t.co/oiPVUnyyqm
— Kabir Taneja (@KabirTaneja) July 21, 2021
"3 presidents, 10 PMs and a king were among those targeted by Pegasus spyware licensed by the private Israeli technology firm NSO Group. The Guardian reports that Morocco, Rwanda, Mexico, India & the UAE are some of the countries that used Pegasus spyware" https://t.co/sQYPIViPJk
— Amarnath Amarasingam (@AmarAmarasingam) July 21, 2021
Will there be a truly independent investigation? Will anyone responsible lose their job & face criminal charges? Will India’s institutions stand up for democracy? US President Nixon had to resign for spying on his political opponents. Pegasus seems *much* worse than Watergate… https://t.co/sx1KhCr67z
— Tarunabh Khaitan (@tarunkhaitan) July 20, 2021
NSO issued a statement today, saying two things: 1) Pegasus wasn't involved in Jamal Khashoggi's murder, and 2) it doesn't have visibility into what customers do or who they target with Pegasus.
— Zack Whittaker (@zackwhittaker) July 19, 2021
These two statement seem to be in conflict. Statement here: https://t.co/SAtZZhQQBz pic.twitter.com/hgpEPm5hpJ
„Hulio claimed that over the past 11 years, the company sold its services to 45 countries, and rejected some 90 countries that offered to pay for the software it sells“ - If this is true, then at least 135 countries wanted to buy #Pegasus ? | #NSO https://t.co/87KVymftAd
— Florian Flade (@FlorianFlade) July 20, 2021
I’d go further and say not just iMessage but WebKit and anything that parses and handles the utter mess that is the internet. This is one hell of a task
— Daniel Cuthbert (@dcuthbert) July 20, 2021
There is a take that companies like Apple are never going to be able to stop well-resourced attackers like NSO from launching targeted attacks. At the extremes this take is probably correct. But adopting cynicism as strategy is a bad approach. 1/ https://t.co/PNqrSgTB2p
— Matthew Green (@matthew_d_green) July 20, 2021
This @matthew_d_green blog is a really solid read, since absolute security is a fallacy. "The problem that companies like Apple need to solve is not preventing exploits forever, but a much simpler one: they need to screw up the economics of NSO-style mass exploitation." https://t.co/XO5AfbEewd
— Zack Whittaker (@zackwhittaker) July 20, 2021
“Apple will have to re-write most of the iMessage codebase in some memory-safe language, along w many system libraries that handle parsing. They’ll also need to widely deploy ARM mitigations like PAC & MTE in order to make exploitation harder.” https://t.co/bSNoiGfRS8
— Katie Moussouris (she/her) is fully vaccinated (@k8em0) July 20, 2021
Everyone is spying on everyone as expected. But some prominent persons may be miffed they are not on list of 50,000 phones hacked- obviously they do and say nothing of importance - good or bad. Same thing with Wikileaks - some big shots were annoyed no one bothered leaking them https://t.co/bLTLL4RcJL
— Mukesh Kapila (@mukeshkapila) July 21, 2021
Israel has for years ignored calls by a UN Rapporteur on the Freedom of Expression, and others, to place a moratorium on the sales of spyware and to regulate it more closely.
— Karen Melchior (she/her) (@karmel80) July 21, 2021
https://t.co/QdlypCImLZ
That’s like saying the iPhone has a reputation for having the industry’s fastest chips “thanks to Apple’s excellent marketing”.
— John Gruber (@gruber) July 20, 2021
TBH no one in our business believes in “perfect” security. You know very well that it is a cat-and-mouse game.
— The Doge Mocenigo (@DogeMocenigo) July 19, 2021
Kinda wondering how the pro-Israel lobby in South Africa will spin this one.
— Richard Poplak (@Poplak) July 20, 2021
Regardless, it’ll be fun to watch. https://t.co/ohZktjzDCU
Fully agree with @Snowden on this one. No "better vetting" or "deeper investigation", just a total ban on all kinds of spyware and companies making it. And put all those people working at NSO on trial for the crimes committed with their tools. https://t.co/dqMGAp2X7e
— Ahmet Alphan Sabancı (@ahmetasabanci) July 19, 2021
Another area that Apple has already stepped up their game is in logging. Apple power monitoring telemetry records information about weird process “hang” events, which can sometimes trip up exploits. There’s a privacy tradeoff here, but Apple should lean into this. 7/
— Matthew Green (@matthew_d_green) July 20, 2021
"NSO has hired big name western advisers, including Tom Ridge, the former secretary of homeland security, and briefly, Juliette Kayyem, an assistant secretary...Its current PR offensive is being led by the ex-chief censor of the Israeli military." https://t.co/6BxAymxqCa
— Avi Asher-Schapiro (@AASchapiro) July 21, 2021
Pegasus spyware, if not checked, may end up destroying the brand credibility of iPhone which is built exclusively around privacy. iPhone spends billion of dollars on its privacy branding. The current Pegasus episode may become an existential crises for iPhone.
— M K Venu (@mkvenu1) July 20, 2021
French Launch NSO Probe After Macron Believed Spyware Target https://t.co/Kuv30kbBh6
— Nicolas Krassas (@Dinosn) July 21, 2021
French Launch NSO Probe After Macron Believed Spyware Target: https://t.co/Fwl31iPy26
— The Cyber Security Hub™ (@TheCyberSecHub) July 21, 2021
French Launch NSO Probe After Macron Believed Spyware Target https://t.co/SKdLKVOyPs #vulnerabilities #hacks #security #malware #privacy #ransomware #databreach #iot #nsa #infosec #phishing #0day #privacy #cybersecurity
— Lance Schukies (@LanceSchukies) July 21, 2021
Is your iPhone really at risk from the Pegasus Spyware? https://t.co/IMMhzwHx5P
— iMore (@iMore) July 21, 2021