Discover and read the best of Twitter Threads about #Pegasus

Most recents (24)

BREAKING: Apple alerts US 🇺🇸 diplomats to #Pegasus spyware hacking.

NSO = in-plain-sight national security threat for years.

Embarrassing that it took a private company to warn them.

How did we get here? THREAD 1/

Story: @Bing_Chris & @josephmenn
reuters.com/technology/exc… Image
2/ The State Dept. #Pegasus spyware breach tells us:

❌ Bureau of Diplomatic security failed to anticipate inevitable mercenary spyware targeting
❌Weak practices for managing & securing diplomats’ devices
❌Lack of perceived risk for hacking & enabling hacking of USG officials. Image
3/ Since 2019, it has been clear that NSO spyware was used against close US allies.

As the threat got closer to US, whatever technical measures were taken… were clearly insufficient.

US diplomatic pressure? None seen.

Meanwhile, something more unseemly was happening…
Read 11 tweets
📍Tune in to Room 2 now!

MENA Coalition to Combat Digital Surveillance (MCCS)

Confronting oppressive governments as they deploy surveillance technology against their own people

with @marwasf @khalidibrahim12 @MohdMaskati
"It is a tragedy when you provide oppressive governments with tools to put innocent people in prison. We have many names of people who have been imprisoned due to surveillance." @khalidibrahim12
@khalidibrahim12 "Windows defender can catch the spyware #Candiru, but the question is whether #Candiru will change their attack tactics, just like #Pegasus did. We think that they definitely will." @MohdMaskati
Read 11 tweets
#pegasus
एप्पल कम्पनी भारत सरकार से ज्यादा जिम्मेदार निकली :

फोन निर्माता कंपनी Apple ने पेगासस Pegasus पर मुकदमा ठोका ।

एप्पल फोन (iPhone) यूजर्स के फोन में घुसपैठ करने और भविष्य में एप्पल फोन में इस प्रकार की घुसपैठ पर स्थाई प्रतिबंध लगाने के लिए यह मुकदमा ठोका गया है ।
1
कैलिफॉर्निया की संघीय अदालत में यह मुकदमा दाखिल किया गया है।

ठीक भी है क्योंकि पेगासस की चपेट में
आए दुनिया के लगभग सभी राजनीतिज्ञ, पत्रकार, एक्टिविस्ट ,बुद्धिजीवी एप्पल फोन का ही इस्तेमाल करते हैं ।

आपको याद होगा कि इस्रायल की जासूसी उपकरण बनाने वाली कंपनी NSO द्वारा
2
निर्मित पेगासस स्पाइवेयर का विभिन्न देशों की सरकारों ने अपने नागरिकों के फोन पर निगरानी रखने के लिए इस्तेमाल किया। कम्पनी यह स्पाइवेयर केवल सरकारों को बेचती है, व्यक्तियों को नहीं।

अपने यहां तो सरकार बहादुर ने माना ही नहीं है कि देश के पत्रकारों ,
3
Read 5 tweets
Today at @EPFL, @MarietjeSchaake discusses the threat that information technologies to democracies.

Her talk opens with the case of #pegasus, which is empowering malicious actors' capabilities to blackmail world leaders.

This is threatening all governing institutions worldwide. Image
A simple observation: if there are more black hats (=bad hackers) than white hats (=good actors), then there will be many 0-day undetected attacks.

Yet right now, a lot more is spent on black hats than on white hats.

Governments might want to massively invest on white hats.
Alternatively (or additionally 😋), governments might want to make the lack of private white-hat investments massively costly for companies.

Being massively hacked could essentially make companies bankrupt; or at least, it should (legally) hugely endanger all directors' jobs.
Read 5 tweets
BREAKING: 9th Circuit Court of Appeals just denied NSO's efforts to dismiss @WhatsApp's lawsuit.

Rejected spyware company's claims to foreign sovereign immunity.

This lawsuit going forwards is a massive blow to NSO.

THREAD
2/ Recall, over 1.4k @whatsapp users were targeted with NSO's #Pegasus spyware during a 2 week period in 2019.

So, the company sued NSO in US courts...
nytimes.com/2019/10/29/tec…
3/ The hack was a "zero click" meaning that victims saw nothing.

When we @citizenlab investigated, we confirmed an unprecedented number of cases of abuse.

Journalists, human rights defenders, lawyers, even a Bishop..

All targeted with Pegasus.

citizenlab.ca/2019/10/nso-q-…
Read 7 tweets
I have submitted an urgent letter to Hon'ble CP Mr.Hemant Nagarale @CPMumbaiPolice about the serious revelations by Manish Bhangale at Jalgaon. I have requested Hon'ble CP Mumbai to treat my letter as a First Information Report. #AryanKhan
Revelations of Manish Bhangale - KiranGosavi,Sam D'Souza,Alok Jain & ShaileshChaudhary approached him to commit following offences,A)To illegally obtain Pooja Dadlani's CDR, B)To illegally obtain Aryan Khan's WhatsApp chat, C)To illegally get a SIMCard in Prabhakar Sail's name.
@CPMumbaiPolice
It is my respectful submission before you that Kiran Gosavi is a history-sheeter and is extremely active in tampering the evidence related to CR. No.94 of 2021 in which Aryan Khan is arrested.
Read 14 tweets
#PegasusProject #OrderAnalysis❗️ Long Thread Alert 🧵

BIG NEWS: The Supreme Court of India has constituted a technical committee to investigate the allegations of #Pegasus use against Indian citizens. 1/14

internetfreedom.in/sc-appoints-a-…
WHAT CAN THE COMMITTEE DO? 👁‍🗨

It is to enquire and investigate whether the #Pegasus spyware was acquired by any Government; whether it was used on phones/devices of Indians to access stored data, eavesdrop, intercept information; and/or for any other purpose. 2/n
The Committee can also make recommendations regarding new laws around #surveillance to secure the right to #privacy as well as about establishment of a mechanism for citizens to raise grievances grievances if they fear they are under illegal surveillance. 3/n
Read 14 tweets
#Pegasus row: SC appoints expert committee to investigate spying allegations

The functioning of the committee will be monitored by the Supreme Court, the chief justice said.

scroll.in/latest/1008678…
#Pegasus row: Supreme Court appoints expert committee to investigate spying allegations

The committee will be headed by former Supreme Court judge RV Raveendran.

scroll.in/latest/1008678…
#Pegasus row: Supreme Court appoints three-member committee to investigate snooping allegations

Chief Justice NV Ramana said the Centre had not specifically denied allegations that it had used the spyware developed by an Israeli company.

scroll.in/latest/1008678…
Read 9 tweets
#PegasusSnoopingCase: #SupremeCourt verdict shortly

Bench: Members of a democratic society have reasonable concern of privacy. Citizens need to be protected from violation of privacy.

#Pegasus #SupremeCourt Image
'Citizens need to be protected from violation of privacy', says #SupremeCourt while pronouncing order on #PegasusSpywareCase

#Pegasus #SupremeCourt #PegasusSnoopingCase

freepressjournal.in/india/fpj-lega…
#FPJLegal: #SupremeCourt constitutes #IndependentExpertCommittee to probe #Pegasus snooping allegations

The committee will be Supervised by Justice Ravindran, former SC Judge, assisted by Mr Alok Joshi and other experts.
Read 4 tweets
PEGASUS JUDGMENT THREAD

CJI NV Ramana led bench to deliver judgment on a batch of petitions seeking an independent probe into the #PegasusSpyware scandal which had allegedly compromised privacy of individuals and institutions

#SupremeCourt
#pegasusproject
#judgment
The judgment will be pronounced at 10.30 am today

#SupremeCourt
#pegasusproject
#judgment
The three-judge bench to assemble shortly
#SupremeCourt #PegasusSnoopgate
Read 25 tweets
The NSO Group are among the world's most notorious cyber-mercenaries; they're an Israeli firm under UK/EU private equity control (the owners have previously threatened to sue me and other journalists for reporting on the company's ownership structure). 1/ The FORCEDENTRY exploit on the phone of the Saudi activist,
If you'd like an unrolled version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2021/10/24/bre… 2/
The company claims to be a "lawful interception" supplier, helping democratic, human-rights-respecting governments to spy on terrorists. Their extreme secrecy helps them sell this tale, but thanks to a group of academic human rights researchers, we know better. 3/
Read 38 tweets
NEW: iPhone of @NYTBen was hacked with #Pegasus spyware *after* he complained to NSO Group about previous targeting.

THREAD

Our @citizenlab investigation: citizenlab.ca/2021/10/breaki…
2/ It began in 2018: @NYTBen shared a suspicious message with my colleague @billmarczak.

It was a #Pegasus infection attempt. We @citizenlab
attributed it to #SaudiArabia.

Ben wrote it up & complained to NSO Group.

NSO issued a predictable denial.
3/ A member of the @nytimes tech security team later found another #Pegasus infection attempt from 2018.

Here it is, inviting him to cover a protest at the #Saudi embassy in Washington DC.

Clicking on the link would infect his device with the spyware.
Read 7 tweets
Israeli @NSOgroup is part of the global spyware trade which profits from repression.

Civil society is uniting to stop this. Activists in India, where 300+ names appeared on the target list of Pegasus, have launched this campaign. Join us! bit.ly/3E9VhU7

Here's why 👇🏾
In July 2021, #PegasusProject exposed the use of Israeli @NSOgroup's spyware against thousands of journalists, activists & politicians. Apartheid Israel is at the center of the spyware trade, which is repressive by design and field-tested on Palestinians.

bit.ly/3wSoNtb
Cambridge University has cancelled a £400M deal with the UAE dictatorship over its use of Pegasus against journalists and human rights defenders. All institutions must also end ties with apartheid Israel which produces this life-threatening technology.

bit.ly/3aOxV9B
Read 5 tweets
Dubai’s Sheikh Mohammed bin Rashid Al Maktoum had phones of his ex-wife & lawyers hacked during custody battle over their children, England’s High Court ruled.

Al Maktoum used the sophisticated #Pegasus software, developed by Israeli firm NSO.

(Misuse of #Pegasus in #India too)
The #Pegasus software has been developed by Israeli firm NSO for countries to counter national security risks.

Here phones of Princess Haya bint Al Hussein, half-sister of Jordan’s King Abdullah II & some of those closely connected to her were spied upon.

@Israel @UN_HRC @hrw
19 months earlier a court in England had concluded that Al Maktoum had abducted two of his daughters, mistreated them, and held them against their will.

In a new ruling Judge Andrew McFarlane said “The findings represent a total abuse of trust, and indeed an abuse of power”.
Read 22 tweets
BREAKING: UK High Court finds Emir of Dubai authorized hacking of his ex-wife Princess Haya, her child custody lawyers & more with NSO's #Pegasus spyware.

THREAD on this wild case 1/
Story: theguardian.com/world/2021/oct… Image
2/ Background: Princess Haya had fled to UK and was engaged in a custody battle with the Emir.

She engaged some serious legal help, including Baroness Fiona Shackleton.

At some point, Emir Mohammed bin Rashid Al Maktoum decided it was time to start hacking their phones. Image
3/ WILD: @billmarczak warned Princess Haya's lawyers about #Pegasus.

Within HOURS, NSO had sent @CherieBlairQC to call the lawyer.

-How did NSO know about the hacking?
-Why did @CherieBlairQC call that day?

NSO has *always* denied they can see what their customers do. ImageImage
Read 5 tweets
#WatchtheState: Our weekly update on patterns of state violence in #India.

Here's a quick review of reported instances of #stateviolence. @project_polis

Follow the thread for more:
#DelhiPogrom: "CCTV Footage In Itself Not Sufficient To Prolong Incarceration": Delhi High Court Grants Bail To Man In Jail For 17 Months.
livelaw.in/news-updates/d…
#DelhiPogrom: "Adjournments Sought By SPPs, IOs In Very Casual Manner": Court Imposes 5K Cost As Salary Cut. @nupur_0111
livelaw.in/news-updates/d…
Read 47 tweets
BREAKING: FIVE French 🇫🇷 ministers' phones infected w/ #Pegasus spyware, per Gov.

@jmblanquer - Education
@J_Denormandie - Agriculture
@j_gourault - Territorial Cohesion
@SebLecornu - Overseas
@EmmWargon - Housing

By @fabricearfi & @ellensalvi
mediapart.fr/journal/france…
2/The official investigation that keeps surfacing 🇫🇷 French gov infections was triggered by this summer's #PegasusProject revelations that French President Macron was on the list of potential #Pegasus targets.
theguardian.com/world/2021/jul…
3/ Somewhere, someone is composing a "hey governments spy on governments, so what?" take.

True.

Thing is, NSO Group's entire self presentation is that #Pegasus is for fighting crime & terror.

But the fact is: a lot of NSO's customers are governments that just want to spy.
Read 4 tweets
BREAKING: this summer, a photojournalist was tracking the inexplicably lavish lifestyle of Hungarian PM Orbán's political allies.

We @citizenlab found he was being intensely surveilled with #NSOGroup's #Pegasus spyware.

Story: @panyiszabolcs & @andraspe
direkt36.hu/en/a-ner-elit-… ImageImageImageImage
2/ Details of the surveillance of photojournalist Dániel Németh are spooky.

Powerful people must've been intensely worried about who he'd find relaxing in the Mediterranean sunshine. ImageImageImageImage
3/ Our finding of #Pegasus hacking of photojournalist Dániel Németh was validated by @AmnestyTech.

The evidence is solid, but Hungary has already been stonewalling.

Time for the @Europarl_EN 🇪🇺 and concerned MEPs to step in & seek answers. Image
Read 5 tweets
Deutsch Tamás claims that there's been no unlawful wire-tapping since 2010 in 🇭🇺. This is only true because the Minister of Justice has the discretion to authorize any wire-tapping & that no MoJ under Orbán has refrained themselves from extensively using this discretionary power.
Therefore to prevent further spying until the change of government, @momentumhu initiated a referendum. 👇#PegasusProject #Hungary #Democracy
1⃣ Wire-tapping may only be carried out with the permission of a judge.
2⃣ Confidentiality, sacramental seal and human dignity shall not be impaired.
3⃣ If the wire-tapping was unlawful, the person shall be notified subsequently.
Read 4 tweets
Yesterday morning, @Apple released emergency software updates for their products (#iPhone, #AppleWatch, #iMac, #iPad) to prevent users from the critical #Pegasus spyware vulnerability:

support.apple.com/en-us/HT212807
The vulnerability, discovered by @citizenlab, are available for all Apple products. Details of the updates can be found in @MITREcorp’s recent CVEs.

CVE-2021-30860:
cve.mitre.org/cgi-bin/cvenam…
The @nytimes released an article yesterday, on the eve of Apple’s Product Event, sharing Apple’s latest update, explaining the Pegasus #spyware to their audience, as well as where it comes from (@NSOgroup).

nytimes.com/2021/09/13/tec…
Read 6 tweets
How to check iOS devices for signs of CVE-2021-30860 / FORCEDENTRY exploitation (for context, see @citizenlab's 13.09.2021 blog). #nso #pegasus #malware #ios
Make an unencrypted iTunes backup, or use MVT (docs.mvt.re/en/latest/inde…) to decrypt an encrypted one. You can also check older backups, if you have them. (it's a good idea to make regular iTunes backups for all your devices, precisely for this reason)
Use DB Browser for SQLite (see sqlitebrowser.org) to open Manifest.db, in the root folder of the iTunes backup. Make sure you open it read-only - "File -> Open Database Read Only".
Read 8 tweets
🚨 UPDATE YOUR APPLE DEVICES NOW🚨

We caught a zero-click, zero day iMessage exploit used by NSO Group's #Pegasus spyware.

Target? Saudi activist.

We reported the #FORCEDENTRY exploit to @Apple, which just pushed an emergency update.

THREAD 1/
citizenlab.ca/2021/09/forced…
2/ Here's the story of the #FORCEDENTRY exploit:

Back in Mach my colleague @billmarczak was examining the phone of a Saudi activist infected w/#Pegasus spyware. Bill did a backup at the time.

A recent a re-analysis yielded something interesting: weird looking ".gif" files.
3/ Thing is, the ".gif" files...were actually Adobe PSD & PDF files...and exploited Apple’s image rendering library.

Result? Silent exploit via iMessage.

Victim sees *nothing,* meanwhile #Pegasus is silently installed & their device becomes a spy in their pocket.
Read 6 tweets
Recently I've been looking into #Pegasus #Malware and found myself in a rather unique threat intelligence position.

To talk about it, here's...
a Thread 🧵
a Blog 📖
and a Video 🎥

👇
In July 2021 @FbdnStories produced an astounding collection of articles highlighting NSO Group's Pegasus malware and its apparent misuse throughout Governments across the globe. @amnesty wrote about Pegasus in 2016 where a prominent human-rights activist was targeted...
Back in 2016 the vehicle to infect an iPhone with Pegasus was the #trident suite of vulnerabilities. In 2021, a vuln known as #megalodon was being used, a zero-day in iMessage which required zero user-interaction...
Read 11 tweets
#Pegasus We would not like to place it in on affidavit in interest of the nation and security of the nation: Solicitor General
#Pegasus We will constitute a COMMITTEE of DOMAIN EXPERTS: Solicitor General
#Pegasus Such issues of whether centre was using pegasus or not cannot be debated in affidavits and can be looked into by domain experts: Solicitor General
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!