🧵1/

The #Pegasus documentary by @frontlinepbs confirms a lot of my research into the false Pegasus narrative

It starts off in the year 2020 filming @FbdnStories offices in France, they speak about a massive leak of 50,000 NSO Pegasus targets

"There are numbers but no names"

2/

The documentary speak about the 50,000 number and says the following about it.

1. The list doesn't have any names
2. It has phone numbers
3. Country Code
4. Sometime stamps
5. It's a list from 2016-2020

"We can't explain where the list is coming from"

3/

This information falls directly in line with what I reported in my white paper called Exonerating Rwanda: The spyware case of Carine Kanimba

@OCCRP & @FbdnStories claimed Kanimba's phone was found in a list of 3,500 Rwandan numbers, but Kanimba never had a Rwandan number

4/

The statement that Carine Kanimba was found in the #PegasusProject 50,000 list was elevated by @CNN & was then retracted by @OCCRP & @FbdnStories for being false

Kanimba & @citizenlab then testified @HouseIntel July, 2022 saying her Belgian phone number had #Pegasus

7/
This 50,000 number list is significant b/c it is being used in attempts to exonerate convicted criminals by appealing to International Criminal Tribunals @IntlCrimCourt

Carine Kanimba's false narrative of being found in the 3,500 Rwandan numbers is referenced in this case

8/

Continuing with the documentary, it speaks about American phone numbers with +1 country code cannot be targeted by Pegasus

Further showing that Carine Kanimba & John Scott-Railton's testimony to @HouseIntel was intentionally deceptive, as Belgium's country code is +32

9/

Recap

@ckanimba & @jsrailton @citizenlab testified to @HouseIntel 2022

Both asserted Kanimba had Pegasus even though NSO says their software cannot target US numbers with a +1 code

Kanimba submits a +32 code report & says b/c she is American she was spied, that is false

10/

The documentary continues & focuses on the 50,000 alleged Pegasus list

Journalist gathered in Paris at the Height of COVID-19 & were tasked by @FbdnStories to put names to the phone number list

They were told that most of the countries doing the spying are very dangerous

11/

Claudio Guarnieri @botherder of @AmnestyTech now enters the documentary & says Pegasus is code that looks very similar to whats running on your phone but designed to do something different

He is referring to indicators of compromise which Amnesty has many false positives

12/

Claudio is viewing a STIX2 file which is an alleged list of IOCs with undisclosed attribution. It is used with MVT-Tool, software written to "detect" Pegasus

Since the release of MVT July, 2021 it has been delivering false positives as noted by @zackwhittaker of @TechCrunch

13/

I have written extensively about the false positive results that have derived from @AmnestyTech's MVT-Tool

Each time false positives are found Amnesty does not announce a correction, nor do they reexamine alleged devices

I raised this issue with Amnesty and was dismissed

15/

Claudio shows the list of IOCs in another frame in the documentary.

The scientific methodology used to attribute this publicly available malicious list has never been shared with the public, but yet this list has been used to confirm hundreds of Pegasus victims

16/

We now move into a popular & never confirmed #Pegasus #Hacking association

The the murder of Jamal Khashoggi

The documentary features @danapriest of @washingtonpost as she investigates the Pegasus list

She says two phone numbers were found

Jamals Wife & Jamal's Fiancé

18/

The video I created shows Bill Marczak of @citizenlab speaking to @CNN in 2018 saying

It is 100 percent clear that [Jamal Khashoggi] received one of these [Pegasus] text messages containing a link

Then John Scott-Railton in 2022 says "we don't have the device to confirm"

19/

When I first posted the disinformation @citizenlab was spreading about the Jamal Khashoggi #Pegasus hacking, I was attacked by @runasand & @maldr0id.
They said I was spreading disinformation & that I edited the CNN video to make it seem like @citizenlab was speaking of Jamal

20/

The smear campaign run by Runa & Lukasz, Accused me of cutting CNN footage to make it look like @citizenlab said Jamal was hacked. That came to a halt when I presented a Media article from @intifada written in 2018 showing exactly what I presented.

electronicintifada.net/blogs/tamara-n…

22/

Moving forward in the documentary we see how "Forensics" are conducted by @FbdnStories & @AmnestyTech

@danapriest travels to Istanbul to meet w/Jamal Khashoggi's fiance & asks her if she would want her phone forensically examined

Then calls Claudio in Berlin for results

23/

The way @AmnestyTech & @citizenlab conduct "Forensics" is by using iCloud backups

A physical forensics examination could potentially reconstruct memory to find deleted data, but Director of The Citizen Lab an @AmnestyTech partner says having the mobile might not be useful

24/

Forensics firm @ElcomSoft stated that only using an iCloud backup is not proper & you will be missing a lot.

They published an article

The Worst Mistakes in iOS Forensics
"Proper logical acquisition is not limited to backups. In fact, backups are just the beginning."

25/

As I continue to watch the documentary, we see how Amnesty & Citizen Lab both use backups for their forensics analysis

@danapriest meets with Khashoggi's wife in D.C
Khashoggi's wife allowed Dana to download her phone & send a copy to Claudio and Bill Marczak at Citizen Lab

26/

Bill Marczak of @citizenlab now enters & says he conducted an analysis on all the available data from 2 Android OS phones belonging o Khashaggi's wife Hanan

If Marczak had the physical device there would be more data, & now the phone's integrity has been compromised

28/

Bill Marczak speaks about analyzing Android OS devices for Pegasus in 2020 but not a single Android OS device was analyzed in 2022 when 65 Catalans were said to be infected with Pegasus

Citizen Lab says "Android which is more difficult to forensically analyse"

#CatalanGate

29/

We now start to get into some interesting details. @danapriest relays Bill Marczak's finding of Hanan's Android OS devices, He says a browser tab was opened by UAE officials while Hanan was detained, and then the URL installed Pegasus

30/

Marczak says they have the smoking gun, the traces of the spyware. He says "Almost certainly the spyware was installed and exfiltrated information from her phone"

"Almost certainly" is not definitive, but @citizenlab likes to present "strong circumstantial evidence" as fact

31/
"Saudi Arabia has said claims that it used spyware are baseless"
This is 100% accurate
There is no science, reproducible evidence, data integrity is compromised & @citizenlab's lack of rigor shows in their latest false Pegasus infection of Toni Comín Member of EU Parliament

32/

NSO Group has also denied all involvement of their technology in the murder of Jamal Khashoggi. @amnesty and @citizenlab have been consistently accusing NSO Group's technology of spying on members of civil society for over 5 years without any evidence.

33/

What many do not known, is @citizenlab has received many donations from spyware firm Palantir, & Dir Ron Deibert of @citizenlab calls Palantir the darling of the defense & intelligence community in his Book Black Code: Surveillance, Privacy, and the Dark Side of the Internet

@citizenlab 34/

The documentary takes us to Mexico & we are told that Carmen Aristegui @aristeguicnn has been a victim of Pegasus since 2015

This is contrary to @AmnestyTech's report showing Carmen was infected in 2014

Why am I pointing this out?
b/c details matter when seeking truth

35/

Carmen @aristeguicnn says her sister is among the 50,000 phone number list of Pegasus targets & says her sister is not political & not an activist

@OsloFF said it costs $1M per phone infection with Pegasus

Mexico was said to have 15,000+ numbers that is ~$15B USD needed

36/

Carmen @aristeguicnn says she knew her phone was tapped when she and her son started to get strange text messages...

Strange texts does not mean tapped

During COVID-19 receiving texts w/short URLs was common around the world. 20 ppl could be included it's called spam/junk

37/

Now the Anonymous blacked out face person with a voice changer comes into the documentary, we'll call them Anon

Anon says these were the steps to infect

1. Get the victims number
2. Do Social Eng/OSINT
3. Construct some text to send
4. Hope they click
5. Spyware installs

38/

Anon is a Mexican insider providing info to @FbdnStories & @frontlinepbs, but Anon's story is different from what Citizen Lab told Financial Times about the spyware in Mexico

1. No Social Eng/OSINT needed
2. @citizenlab says with "high confidence" this is how Pegasus works

39/

Former President Enrique Nieto has denied using Pegasus to spy on journalists.

The big questions are...

Why are real professionals not performing mobile forensics on these alleged infected devices?

Why are the physical mobile devices not going through analysis?

40/

The documentary moves to Turkey to meet with journalist @Khadija_Ismayil Khadija Ismayilova of Azerbaijan

Miranda Patrucic @MirandaOCCRP of the @OCCRP is present and tells Khadija that Pegasus is a Zero-Click technology, this is the year 2020

41/

The first alleged Pegasus Zero-Click was discovered in 2021

Then, in 2022 Citizen Lab said they found a different Pegasus Zero-Click dating back from 2017-2020 on Catalan phones

Miranda says she's aware of a Zero-Click in 2020 during this filming, where is the CVE?

42/

Digital espionage & forensics are my core research focuses, most people & orgs in this documentary have either blocked me, called me a fraud, conspiracy theorist, said i'm on NSO payroll, etc..

But @OCCRP claims to know of a Zero-Click attack in 2020 & have never reported