2/ The investigation walks through the footage (props to @WSJ, there's so much!) starting with Proud Boys staging under the direction of leaders including (now-arrested) Joe Biggs outside the #Capitol
3/ In the staging area, a Proud Boy identified as Dan Scott aka 'Milkshake' yells "lets take the f***ng capitol"
-Milkshake is admonished by another PB.
-Someone makes fun of 'Milkshake' for the indiscretion(?). Some laughter.
-"Don't yell it, do it" says another, quietly.
4/ The @WSJ places key Proud Boys from pre-breach meet-ups as instigators of later violence and activity by the crowd.
This absolutely matches what many of us have observed...
5/ Breach begins: @WSJ finds Proud Boys leader Joe Biggs in the crowd at an outer police cordon, communicating with a man in a red hat.
Minutes later, red hat man is the 1st past the breached police line.
6/ As the first police line goes down we see multiple identifiable Proud Boys at the front. @WSJ names Michael Porter, for example.
Note the orange tape on helmets. This is an identification sign that many of us observed Proud Boys using throughout the day.
7/ Proud Boys stay at the front of the rush of people, squaring off as they encounter #Capitol Police at the West Entrance. The @WSJ spots Proud Boy #Spazzo.
Remember him? He was the earpiece-wearing window breacher.
9/ After staying in the front of the melee w/police... some Proud Boys flank the officers and join a group fighting their way up the left side, through scaffolding and stairs.
Dominic ‘Spazzo’ Pezzola & Gieswein are spotted. Gieswein sprays something at officers...
10/ Its 2:12 pm. Now up the stairs and against the building Dominic ‘Spazzo’ Pezzola uses a police shield to breach the window, then steps back and lets others including Gieswein inside accompanied by cries of "Go go go!" Then joins them.
11/ The breaching party is inside. Men including Gieswein & Spazzo encounter, then chase officer Eugene Goodman up the stairs..
They come incredibly close to the undefended lawmakers in the Senate (door highlighted in blue). Thankfully, Goodman distracts them.
12/ Proud Boys leader Joe Biggs isn't far behind.
"This is awesome"
Pic right: Biggs has told @DailyMail he
- only went into the #Capitol to find a bathroom
- no planned storming...
- he actually meant "awe-inspiring" & also "awful"
13/ Shortly after, and now back outside, the main police line is breached. Other Proud Boys make it into #Capitol with this larger group. One takes this selfie.
Another roams halls calling out for @SpeakerPelosi to "come out and play" His lawyer says "comments were in jest"
14/ The @WSJ piece is an excellent, damming illustration of what many of us observed: Proud Boys played a key role at the #Capitol.
Congrats to the team that assembled it & their colleagues that helped out.
BREAKING: NSO Group liable for #Pegasus hacking of @WhatsApp users.
Big win for spyware victims.
Big loss for NSO.
Bad time to be a spyware company.
Landmark case. Huge implications. 1/ 🧵
2/ In 2019, 1,400 @WhatsApp users were targeted with #Pegasus.
WhatsApp did the right thing & sued NSO Group.
NSO has spent 5 years trying to claim that they are above the law.
And engaged in all sorts of maneuvering.
With this order, the music stopped and NSO is now without a chair.
3/ Today, the court decided that enough was enough with NSO's gambits & efforts to hide source code.
Judge Hamilton granted @WhatsApp's motion for summary judgement against the #Pegasus spyware maker.
The judge finds NSO's hacking violated the federal Computer Fraud & Abuse Act (#CFAA), California state anti-fraud law #CDFA, and was a breach of contract.
What happens next? The trial proceeds only on the issue of resolving damages stemming from NSO's hacking.
Company has a majority of the US market share for homes & small biz.
Concerns stem from repeated use in cyberattacks from #China & concerns over supply chain security.
Reportedly an office of @CommerceGov has subpoenaed the company. 1/
Story by @heathersomervil @dnvolz & @aviswanatha
2/ @TPLINK has quickly grown market share, even as concerns have grown over vulnerabilities in the routers being used in #China-linked hacking operations.
3/ As Microsoft's @MsftSecIntel reported earlier this year, for example, #TPLINK routers make up the bulk of the CovertNetwork-1658 attack infrastructure.
This operator was conducting so-called password spray attacks, and taking steps to be discrete.
The credentials are then used by multiple #China-based threat actors....
Use only end-to-end encrypted communications says @CISAgov.
YES!
End-to-end encryption is critical infrastructure for a safe society.
Plenty of other solid guidance for mobile users at risk here.
Let's look at their #iPhone & #Android-specific recs... 1/
2/ @CISAgov's top recommendation for Apple users is to✅ enable #LockdownMode
It's my top guidance for high-risk #iPhone users..
Because as researchers tracking sophisticated threats we see Lockdown Mode blunt advanced attacks...
Other solid guidance:
✅Protect your DNS
✅Disable fallback to SMS
✅Enroll in iCloud Private Relay
✅Trim App permissions.
3/ @CISAgov's guidance for #Android starts from the unavoidable fact that many Android manufacturers truly don't respect users security or privacy.
So ✅pick a company that won't leave you insecure after 2-3 years.
Other good guidance here includes...
✅ Only use RCS with end-to-end encryption
✅ Using Android Private DNS
✅ Use Enhanced Protection for Safe Browsing
✅ Google Play Protect
✅ Manage permissions.
3/ There's an active global market for companies whose product line revolves around abusing the trusting nature of call routing to conduct surveillance.
We @citizenlab ran scans & mapped deployments of this tech by one such player: Circles.
Circles had previously merged with NSO Group, which makes #Pegasus.
NEW: police in #Serbia caught unlocking activists phones with @Cellebrite's mobile forensic tools & planting spyware on them.
Incredibly troubling investigation by @AmnestyTech delves into how the Serbian authorities mix a toxic brew of repression out of homegrown + foreign mercenary spyware like #Pegasus + $CLBT's forensic tools possibly supplied as part of foreign assistance from #Norway. 1/
3/ When the couple was eventually released , Parubets was eventually able to pick up his devices from the #FSB at the dreaded Lubyanka building (former KGB HQ, also a prison).
As a programmer, he carefully scrutinized his returned devices & noticed a weird notification on his Android...