@wikileaks Snowden:
"The first thing I do when I get a new phone is take it apart.
I don’t do this to satisfy a tinkerer’s urge, or out of political principle, but simply because it is unsafe to operate.
Fixing the hardware, which is to say surgically removing the two or three (1/43)
"The first thing I do when I get a new phone is take it apart.
I don’t do this to satisfy a tinkerer’s urge, or out of political principle, but simply because it is unsafe to operate.
Fixing the hardware, which is to say surgically removing the two or three (1/43)
@wikileaks tiny microphones hidden inside, is only the first step of an arduous process, and yet even after days of these DIY security improvements, my smartphone will remain the most dangerous item I possess.
The microphones inside my actual phone, prepped for surgery
Prior to (2/43)
The microphones inside my actual phone, prepped for surgery
Prior to (2/43)
@wikileaks this week’s Pegasus Project, a global reporting effort by major newspapers to expose the fatal consequences of the NSO Group—the new private-sector face of an out-of-control Insecurity Industry—
most smartphone manufacturers along with much of the world press (3/43)
most smartphone manufacturers along with much of the world press (3/43)
@wikileaks collectively rolled their eyes at me whenever I publicly identified a fresh-out-of-the-box iPhone as a potentially lethal threat.
Despite years of reporting that implicated the NSO Group’s for-profit hacking of phones in the deaths and detentions of journalists and (4/43)
Despite years of reporting that implicated the NSO Group’s for-profit hacking of phones in the deaths and detentions of journalists and (4/43)
@wikileaks human rights defenders;
despite years of reporting that smartphone operating systems were riddled with catastrophic security flaws
(a circumstance aggravated by their code having been written in aging programming languages that have long been regarded as unsafe); (5/43)
despite years of reporting that smartphone operating systems were riddled with catastrophic security flaws
(a circumstance aggravated by their code having been written in aging programming languages that have long been regarded as unsafe); (5/43)
@wikileaks and despite years of reporting that even when everything works as intended, the mobile ecosystem is a dystopian hellscape of end-user monitoring and outright end-user manipulation,
it is still hard for many people to accept that something that feels good may not in (6/43)
it is still hard for many people to accept that something that feels good may not in (6/43)
@wikileaks fact be good.
Over the last eight years I’ve often felt like someone trying to convince their one friend who refuses to grow up to quit smoking and cut back on the booze—meanwhile, the magazine ads still say “Nine of Ten Doctors Smoke iPhones!” and “Unsecured Mobile (7/43)
Over the last eight years I’ve often felt like someone trying to convince their one friend who refuses to grow up to quit smoking and cut back on the booze—meanwhile, the magazine ads still say “Nine of Ten Doctors Smoke iPhones!” and “Unsecured Mobile (7/43)
@wikileaks Browsing is Refreshing!”
In my infinite optimism, however, I can’t help but regard the arrival of the Pegasus Project as a turning-point—a well-researched, exhaustively-sourced, and frankly crazy-making story about a “winged” “Trojan Horse” infection named “Pegasus” (8/43)
In my infinite optimism, however, I can’t help but regard the arrival of the Pegasus Project as a turning-point—a well-researched, exhaustively-sourced, and frankly crazy-making story about a “winged” “Trojan Horse” infection named “Pegasus” (8/43)
@wikileaks that basically turns the phone in your pocket into an all-powerful tracking device that can be turned on or off, remotely, unbeknownst to you, the pocket’s owner.
...
In short, the phone in your hand exists in a state of perpetual insecurity, open to infection by (9/43)
...
In short, the phone in your hand exists in a state of perpetual insecurity, open to infection by (9/43)
@wikileaks anyone willing to put money in the hand of this new Insecurity Industry.
The entirety of this Industry’s business involves cooking up new kinds of infections that will bypass the very latest digital vaccines—AKA security updates—and then selling them to countries that (10/43)
The entirety of this Industry’s business involves cooking up new kinds of infections that will bypass the very latest digital vaccines—AKA security updates—and then selling them to countries that (10/43)
@wikileaks occupy the red-hot intersection of a Venn Diagram between “desperately craves the tools of oppression” and “sorely lacks the sophistication to produce them domestically.”
An Industry like this, whose sole purpose is the production of vulnerability, should be dismantled. (11/43)
An Industry like this, whose sole purpose is the production of vulnerability, should be dismantled. (11/43)
@wikileaks Subscribe now
2.
Even if we woke up tomorrow and the NSO Group and all of its private-sector ilk had been wiped out by the eruption of a particularly public-minded volcano, it wouldn’t change the fact that we’re in the midst of the greatest crisis of computer security (12/43)
2.
Even if we woke up tomorrow and the NSO Group and all of its private-sector ilk had been wiped out by the eruption of a particularly public-minded volcano, it wouldn’t change the fact that we’re in the midst of the greatest crisis of computer security (12/43)
@wikileaks in computer history.
The people creating the software behind every device of any significance—the people who help to make Apple, Google, Microsoft, an amalgamation of miserly chipmakers who want to sell things, not fix things, and the well-intentioned Linux developers (13/43)
The people creating the software behind every device of any significance—the people who help to make Apple, Google, Microsoft, an amalgamation of miserly chipmakers who want to sell things, not fix things, and the well-intentioned Linux developers (13/43)
@wikileaks who want to fix things, not sell things—are all happy to write code in programming languages that we know are unsafe, because, well, that’s what they’ve always done,
and modernization requires a significant effort, not to mention significant expenditures.
The vast (14/43)
and modernization requires a significant effort, not to mention significant expenditures.
The vast (14/43)
@wikileaks majority of vulnerabilities that are later discovered and exploited by the Insecurity Industry are introduced, for technical reasons related to how a computer keeps track of what it’s supposed to be doing, at the exact time the code is written, which makes choosing a (15/43)
@wikileaks safer language a crucial protection... and yet it’s one that few ever undertake.
If you want to see change, you need to incentivize change. For example, if you want to see Microsoft have a heart attack, talk about the idea of defining legal liability for bad code in a (16/43)
If you want to see change, you need to incentivize change. For example, if you want to see Microsoft have a heart attack, talk about the idea of defining legal liability for bad code in a (16/43)
@wikileaks commercial product.
If you want to give Facebook nightmares, talk about the idea of making it legally liable for any and all leaks of our personal records that a jury can be persuaded were unnecessarily collected.
Imagine how quickly Mark Zuckerberg would start (17/43)
If you want to give Facebook nightmares, talk about the idea of making it legally liable for any and all leaks of our personal records that a jury can be persuaded were unnecessarily collected.
Imagine how quickly Mark Zuckerberg would start (17/43)
@wikileaks smashing the delete key.
Where there is no liability, there is no accountability... and this brings us to the State.
3.
State-sponsored hacking has become such a regular competition that it should have its own Olympic category in Tokyo.
Each country denounces the (18/43)
Where there is no liability, there is no accountability... and this brings us to the State.
3.
State-sponsored hacking has become such a regular competition that it should have its own Olympic category in Tokyo.
Each country denounces the (18/43)
@wikileaks others’ efforts as a crime, while refusing to admit culpability for its own infractions. How, then, can we claim to be surprised when Jamaica shows up with its own bobsled team?
Or when a private company calling itself “Jamaica” shows up and claims the same right to (19/43)
Or when a private company calling itself “Jamaica” shows up and claims the same right to (19/43)
@wikileaks “cool runnings” as a nation-state?
If hacking is not illegal when we do it, then it will not be illegal when they do it—and “they” is increasingly becoming the private sector.
It’s a basic principle of capitalism: it’s just business.
If everyone else is doing it, (20/43)
If hacking is not illegal when we do it, then it will not be illegal when they do it—and “they” is increasingly becoming the private sector.
It’s a basic principle of capitalism: it’s just business.
If everyone else is doing it, (20/43)
@wikileaks why not me?
This is the superficially logical reasoning that has produced pretty much every proliferation problem in the history of arms control, and the same mutually assured destruction implied by a nuclear conflict is all-but guaranteed in a digital one, due to the (21/43)
This is the superficially logical reasoning that has produced pretty much every proliferation problem in the history of arms control, and the same mutually assured destruction implied by a nuclear conflict is all-but guaranteed in a digital one, due to the (21/43)
@wikileaks network’s interconnectivity, and homogeneity.
Recall our earlier topic of the NSO Group’s Pegasus, which especially but not exclusively targets iPhones.
While iPhones are more private by default and, occasionally, better-engineered from a security perspective than (22/43)
Recall our earlier topic of the NSO Group’s Pegasus, which especially but not exclusively targets iPhones.
While iPhones are more private by default and, occasionally, better-engineered from a security perspective than (22/43)
@wikileaks Google’s Android operating system, they also constitute a monoculture:
if you find a way to infect one of them, you can (probably) infect all of them, a problem exacerbated by Apple’s black-box refusal to permit customers to make any meaningful modifications to the way (23/43)
if you find a way to infect one of them, you can (probably) infect all of them, a problem exacerbated by Apple’s black-box refusal to permit customers to make any meaningful modifications to the way (23/43)
@wikileaks iOS devices operate.
When you combine this monoculture and black-boxing with Apple’s nearly universal popularity among the global elite, the reasons for the NSO Group’s iPhone fixation become apparent.
Governments must come to understand that permitting—much less (24/43)
When you combine this monoculture and black-boxing with Apple’s nearly universal popularity among the global elite, the reasons for the NSO Group’s iPhone fixation become apparent.
Governments must come to understand that permitting—much less (24/43)
@wikileaks subsidizing—the existence of the NSO Group and its malevolent peers does not serve their interests, regardless of where the client, or the client-state, is situated along the authoritarian axis:
the last President of the United States spent all of his time in office (25/43)
the last President of the United States spent all of his time in office (25/43)
@wikileaks when he wasn’t playing golf tweeting from an iPhone, and I would wager that half of the most senior officials and their associates in every other country were reading those tweets on their iPhones
(maybe on the golf course).
Whether we like it or not, adversaries and (26/43)
(maybe on the golf course).
Whether we like it or not, adversaries and (26/43)
@wikileaks allies share a common environment, and with each passing day, we become increasingly dependent on devices that run a common code.
The idea that the great powers of our era—America, China, Russia, even Israel—are interested in, say, Azerbaijian attaining strategic parity (27/43)
The idea that the great powers of our era—America, China, Russia, even Israel—are interested in, say, Azerbaijian attaining strategic parity (27/43)
@wikileaks in intelligence-gathering is, of course, profoundly mistaken.
These governments have simply failed to grasp the threat, because the capability-gap hasn’t vanished—yet.
Subscribe now
4.
In technology as in public health, to protect anyone, we must protect everyone. (28/43)
These governments have simply failed to grasp the threat, because the capability-gap hasn’t vanished—yet.
Subscribe now
4.
In technology as in public health, to protect anyone, we must protect everyone. (28/43)
@wikileaks The first step in this direction—at least the first digital step—must be to ban the commercial trade in intrusion software.
We do not permit a market in biological infections-as-a-service, and the same must be true for digital infections.
Eliminating the profit (29/43)
We do not permit a market in biological infections-as-a-service, and the same must be true for digital infections.
Eliminating the profit (29/43)
@wikileaks motive reduces the risks of proliferation while protecting progress, leaving room for publicly-minded research and inherently governmental work.
While removing intrusion software from the commercial market doesn’t also take it away from states, it does ensure that (30/43)
While removing intrusion software from the commercial market doesn’t also take it away from states, it does ensure that (30/43)
@wikileaks reckless drug dealers and sex-criminal Hollywood producers who can dig a few million out of their couch cushions won’t be able to infect any or every iPhone on the planet, endangering the latte-class’ shiny slabs of status.
Such a moratorium, however, is mere triage: (31/43)
Such a moratorium, however, is mere triage: (31/43)
@wikileaks it only buys us time.
Following a ban, the next step is liability.
It is crucial to understand that neither the scale of the NSO Group’s business, nor the consequences it has inflicted on global society, would have been possible without access to global capital from (32/43)
Following a ban, the next step is liability.
It is crucial to understand that neither the scale of the NSO Group’s business, nor the consequences it has inflicted on global society, would have been possible without access to global capital from (32/43)
@wikileaks amoral firms like Novalpina Capital (Europe) and Francisco Partners (US).
The slogan is simple:
if companies are not divested, the owners should be arrested. (33/43)
The slogan is simple:
if companies are not divested, the owners should be arrested. (33/43)
@wikileaks The exclusive product of this industry is intentional, foreseeable harm, and these companies are witting accomplices. (34/43)
@wikileaks Further, when, a business is discovered to be engaging in such activities at the direction of a state, liability should move beyond more pedestrian civil and criminal codes to invoke a coordinated international response.
Diplomacy by other means
5. (35/43)
Diplomacy by other means
5. (35/43)
@wikileaks Imagine you’re the Washington Post’s Editorial Board (first you’ll have to get rid of your spine). (36/43)
@wikileaks Imagine having your columnist murdered and responding with a whispered appeal to the architects of that murder that next time they should just fill out a bit more paperwork. (37/43)
@wikileaks Frankly, the Post’s response to the NSO scandal is so embarrassingly weak that it is a scandal in itself:
how many of their writers need to die for them to be persuaded that process is not a substitute for prohibition? (38/43)
how many of their writers need to die for them to be persuaded that process is not a substitute for prohibition? (38/43)
@wikileaks Saudi Arabia, using “Pegasus,” hacked the phones of Jamal Khashoggi’s ex-wife, and of his fiancée, and used the information gleaned to prepare for his monstrous killing and its subsequent cover-up. (39/43)
@wikileaks But Khashoggi is merely the most prominent of Pegasus’ victims — due to the cold-blooded and grisly nature of his murder.
The NSO Group’s “product” (read: “criminal service”) has been used to spy on countless other journalists, judges, and even teachers. (40/43)
The NSO Group’s “product” (read: “criminal service”) has been used to spy on countless other journalists, judges, and even teachers. (40/43)
@wikileaks On opposition candidates, and on targets’ spouses and children, their doctors, their lawyers, and even their priests.
This is what people who think a ban is “too extreme” always miss: (41/43)
This is what people who think a ban is “too extreme” always miss: (41/43)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
