Leak uncovers global abuse of cyber-surveillance weapon

591 点作者 johnny_reilly将近 4 年前

22 条评论

Pegasus and it's capabilities have been publicly known for several years. Pegasus recently appeared in connection with hack that stole Jeff Bezos' nude selfies.It sounds like the new info putting them back in the new cycle is related to this sentence:"The Guardian and its media partners will be revealing the identities of people whose number appeared on the list in the coming days. They include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers."Should be a very interesting release.

评论 #27875104 未加载

评论 #27875429 未加载

评论 #27875032 未加载

评论 #27874448 未加载

评论 #27875117 未加载

toptal将近 4 年前

So, PBS seems to have done a documentary on this, which was just released an hour ago: <a href="https://m.youtube.com/watch?v=a2BIYWHdfTE" rel="nofollow">https://m.youtube.com/watch?v=a2BIYWHdfTE</a>Did all of the media outlets organize together for months in advance to be able to release everything today? The content and production quality makes it seem like this release was planned months in advance.Also, assuming they did, what’s the process all of these news organizations go through in order to plan such a release on the same exact day? The planning of the release in such a coordinated way is almost questionable itself, though it would be good to get insight into this.

评论 #27874742 未加载

评论 #27874762 未加载

评论 #27874703 未加载

评论 #27874745 未加载

rootkea将近 4 年前

Here is the full forensic methodology report of this leak by Amnesty International's Security Lab: <a href="https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/" rel="nofollow">https://www.amnesty.org/en/latest/research/2021/07/forensic-...</a>With this report, the Amnesty International has also released Mobile Verification Toolkit (MVT) - a forensic tool to look for signs of infection in smartphone devices: <a href="https://github.com/mvt-project/mvt" rel="nofollow">https://github.com/mvt-project/mvt</a>

评论 #27877005 未加载

coldcode将近 4 年前

NSO is clearly in the business of selling surveillance to foreign entities, and saying they vet people is nothing but smoke as there is zero actual evidence other than their blanket statements. If some government or other customer tells them they only attack terrorists, it's clearly easy to target anyone; how would NSO even know.Also rather stupid was Apple's statement about their phones being secure, when its obvious there are zero days being sold to NSO instead of telling Apple. Everything is insecure these days, at some level.If NSO paid people $1M for a zero day (I bet they don't say), and Apple/Google/etc paid $10K, who do you think gets the info.

评论 #27874636 未加载

评论 #27875441 未加载

评论 #27878152 未加载

评论 #27874734 未加载

dredmorbius将近 4 年前

NSO said that even if Pineda’s phone had been targeted, it did not mean data collected from his phone contributed in any way to his death...NSO are clearly concerned about any such claims sticking.Shared and joint liability for such consequences of software and tools strikes me as one of the more viable ways of limiting their over development.Finding a firm, its officers, its engineers, its salespeople, its investors, and its creditors culpable for assassinations and murders would tend to dampen enthusiasm significantly. That's not enough to utterly quash development, but it makes it far more expensive and unattractive.I don't have high hopes for this. But one may dream.

c7DJTLrn将近 4 年前

Disgusting. When the topic of commercial "cyberweapons" comes up, I immediately wonder about the people who created them. How they can sleep at night knowing how tools of their design are used. I'd argue that it's a completely different class of cybercrime and worse than anything else out there.Unprecedented action needs to be taken against NSO Group.

评论 #27875943 未加载

评论 #27875145 未加载

评论 #27876546 未加载

rendall将近 4 年前

Edward Snowden predicts this to be "the story of the year"<a href="https://twitter.com/Snowden/status/1416797153524174854" rel="nofollow">https://twitter.com/Snowden/status/1416797153524174854</a>

评论 #27874720 未加载

评论 #27875862 未加载

ttctciyf将近 4 年前

Glad to see reporting on this, but struggling to understand how it's so much more outrageous than the UK's own behaviour in this regard vis-a-vis Gamma Group and the Finspy / Finfisher products.For example:> Despite rules saying the UK should not export security goods to countries that might use them for internal repression, ministers have signed off more than £75m in such exports over the past five years to states rated “not free” by the NGO Freedom House.> The 17 countries include China, Saudi Arabia and Bahrain, as well as the United Arab Emirates, which was the biggest recipient of licences totalling £11.5m alone since 2015.> Human rights groups said the UK was developing a reputation for not conducting proper checks on who it sold arms to, while Labour called on the government to show it is working to prove that it is complying with its own rules against arming dictators.- UK selling spyware and wiretaps to 17 repressive regimes including Saudi Arabia and China[1]Or just search[2] for "gamma" and "privacy international"1: <a href="https://www.independent.co.uk/news/uk/politics/uk-spyware-wiretaps-saudi-arabia-china-bahrain-uae-human-rights-a9613206.html" rel="nofollow">https://www.independent.co.uk/news/uk/politics/uk-spyware-wi...</a>2: <a href="https://www.google.com/search?q=%22gamma%22+%22privacy+international%22&tbs=cdr%3A1%2Ccd_min%3A1%2F1%2F2015%2Ccd_max%3A" rel="nofollow">https://www.google.com/search?q=%22gamma%22+%22privacy+inter...</a>

owlbynight将近 4 年前

Why is this seemingly okay but if my Mom leaves a card in my mailbox, it's illegal? I really hate that our countries are largely run by incompetent corrupt geezers.Compromising the personal devices of private citizens for nefarious means should be globally illegal and, if perpetrated by a government, should be considered an act of war.Why does it seem like we're all just kind of okay with citizens being attacked like this?

评论 #27877674 未加载

tuukkah将近 4 年前

Somewhat surprising (disappointing?) for me to find India, Mexico and Hungary on the list: "at least 10 governments believed to be NSO customers who were entering numbers into a system: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE)."

评论 #27874311 未加载

评论 #27874305 未加载

评论 #27874508 未加载

评论 #27875198 未加载

mjreacher将近 4 年前

At what point are western governments going to crack down on companies such as NSO Group?

评论 #27875089 未加载

评论 #27874304 未加载

评论 #27874388 未加载

johnny_reilly将近 4 年前

More specific details on Pegasus here:<a href="https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones" rel="nofollow">https://www.theguardian.com/news/2021/jul/18/what-is-pegasus...</a>

maratumba将近 4 年前

Response from NSO: <a href="https://amp.theguardian.com/news/2021/jul/18/response-from-nso-and-governments" rel="nofollow">https://amp.theguardian.com/news/2021/jul/18/response-from-n...</a>

评论 #27877084 未加载

评论 #27875893 未加载

tigerBL00D将近 4 年前

How is this legal and why companies like NSO and their principals are not being prosecuted?

评论 #27875147 未加载

phtrivier将近 4 年前

Sadly, an haveibeenpawned-like service to know if a number is in the list would be unfeasible ; so, the only way to know if you've been monitored is to be some kind of celebrity that the giardian and co will decide to out.(I suppose it will be better in terms of PR to be outed in this case than in the Panama papers...)

deregulateMed将近 4 年前

I just pretend my devices are compromised. I'm genuinely surprised this isn't how all business handle IT.Maybe it isn't practical when you have trade secrets and engineering actively working on development. But maybe if IT was given this constraint, they'd figure out a solution.

threatofrain将近 4 年前

> That thesis is supported by forensic analysis on the phones of a small sample of journalists, human rights activists and lawyers whose numbers appeared on the leaked list.> The research, conducted by Amnesty’s Security Lab, a technical partner on the Pegasus project, found traces of Pegasus activity on 37 out of the 67 phones examined.> The analysis also uncovered some sequential correlations between the time and date a number was entered into the list and the onset of Pegasus activity on the device, which in some cases occurred just a few seconds later.> Amnesty shared its forensic work on four iPhones with Citizen Lab, a research group at the University of Toronto that specialises in studying Pegasus, which confirmed they showed signs of Pegasus infection. Citizen Lab also conducted a peer-review of Amnesty’s forensic methods, and found them to be sound.---> NSO has always maintained it does “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets”.

Zigurd将近 4 年前

How much consideration does NSO and other "forensic tools" makers get from platform makers and malware detection providers? Does intelligence and law enforcement get to keep their vulns longer after they are detected?

WarOnPrivacy将近 4 年前

Ethics says we shouldn't be okay with surveillance predators.

h2odragon将近 4 年前

We'll be putting the leakers in the cell beside Assange any day now, right?

14将近 4 年前

Who is target US journalists?

milofeynman将近 4 年前

Was a joint investigation. Here's Washington Post writeup:Private spy software sold by NSO group found on cellphones worldwide - Washington Post<a href="https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/" rel="nofollow">https://www.washingtonpost.com/investigations/interactive/20...</a>

评论 #27874315 未加载