2/ The investigation walks through the footage (props to @WSJ, there's so much!) starting with Proud Boys staging under the direction of leaders including (now-arrested) Joe Biggs outside the #Capitol
3/ In the staging area, a Proud Boy identified as Dan Scott aka 'Milkshake' yells "lets take the f***ng capitol"
-Milkshake is admonished by another PB.
-Someone makes fun of 'Milkshake' for the indiscretion(?). Some laughter.
-"Don't yell it, do it" says another, quietly.
4/ The @WSJ places key Proud Boys from pre-breach meet-ups as instigators of later violence and activity by the crowd.
This absolutely matches what many of us have observed...
5/ Breach begins: @WSJ finds Proud Boys leader Joe Biggs in the crowd at an outer police cordon, communicating with a man in a red hat.
Minutes later, red hat man is the 1st past the breached police line.
6/ As the first police line goes down we see multiple identifiable Proud Boys at the front. @WSJ names Michael Porter, for example.
Note the orange tape on helmets. This is an identification sign that many of us observed Proud Boys using throughout the day.
7/ Proud Boys stay at the front of the rush of people, squaring off as they encounter #Capitol Police at the West Entrance. The @WSJ spots Proud Boy #Spazzo.
Remember him? He was the earpiece-wearing window breacher.
9/ After staying in the front of the melee w/police... some Proud Boys flank the officers and join a group fighting their way up the left side, through scaffolding and stairs.
Dominic ‘Spazzo’ Pezzola & Gieswein are spotted. Gieswein sprays something at officers...
10/ Its 2:12 pm. Now up the stairs and against the building Dominic ‘Spazzo’ Pezzola uses a police shield to breach the window, then steps back and lets others including Gieswein inside accompanied by cries of "Go go go!" Then joins them.
11/ The breaching party is inside. Men including Gieswein & Spazzo encounter, then chase officer Eugene Goodman up the stairs..
They come incredibly close to the undefended lawmakers in the Senate (door highlighted in blue). Thankfully, Goodman distracts them.
12/ Proud Boys leader Joe Biggs isn't far behind.
"This is awesome"
Pic right: Biggs has told @DailyMail he
- only went into the #Capitol to find a bathroom
- no planned storming...
- he actually meant "awe-inspiring" & also "awful"
13/ Shortly after, and now back outside, the main police line is breached. Other Proud Boys make it into #Capitol with this larger group. One takes this selfie.
Another roams halls calling out for @SpeakerPelosi to "come out and play" His lawyer says "comments were in jest"
14/ The @WSJ piece is an excellent, damming illustration of what many of us observed: Proud Boys played a key role at the #Capitol.
Congrats to the team that assembled it & their colleagues that helped out.
NEW: @WhatsApp caught & fixed a sophisticated zero click attack...
Now they've published an advisory about it.
Say attackers combined the exploit with an @Apple vulnerability to hack a specific group of targets (i.e. this wasn't pointed at everybody)
Quick thoughts 1/
Wait, you say, haven't I heard of @WhatsApp zero-click exploits before?
You have.
A big user base makes a platform big target for exploit development.
Think about it from the attacker's perspective: an exploit against a popular messenger gives you potential access to a lot of devices.
You probably want maximum mileage from that painstakingly developed, weaponized, and tested exploit code you created/ purchased (or got bundled into your Pegasus subscription).
3/ The regular tempo of large platforms catching sophisticated exploits is a good sign.
They're paying attention & devoting resources to this growing category of highly targeted, sophisticated attacks.
But it's also a reminder of the magnitude of the threat out there...
WHOA: megapublisher @axelspringer is asking a German court to ban an ad-blocker.
Their claim that should make everyone nervous:
The HTML/ CSS code of websites are protected computer programs.
And influencing they are displayed (e.g by removing ads) violates copyright.
1/
2/ Preventing ad-blocking would be a huge blow to German cybersecurity and privacy.
There are critical security & privacy reasons to influence how a websites code gets displayed.
Like stripping out dangerous code & malvertising.
Or blocking unwanted trackers.
This is why most governments do it on their systems.
3/Defining HTML/CSS as a protected computer program will quickly lead to absurdities touching every corner of the internet.
Just think of the potential infringements:
-Screen readers for the blind
-'Dark mode' bowser extensions
-Displaying snippets of code in a university class
-Inspecting & modifying code in your own browser
-Website translators
3/ What still gives me chills is how many cases surfaced of people killed by cartels... or their family members... getting targeted with Pegasus spyware.
The #PegasusProject found even more potential cases in Mexico.