On September 14, the European Parliament’s inquiry committee to investigate the use of #NSO’s Pegasus and other spyware organized a hearing on the use of spyware in Poland. You can watch the recording here. multimedia.europarl.europa.eu/en/webstreamin…
The inquiry committee traveled to Tel Aviv in July to meet with various people, including #NSO's co-founder and then-CEO @Shalevhulio. He argued that NSO is a company that at least tries to work on regulation, while competing with many others who are not.
The inquiry committee was informed that #NSO's Pegasus had been purchased by 14 member states in total, and that the licenses of 2 EU member states were terminated because of non-compliance with the user agreement.
The committee is heading to Poland next week! So far one minister has said he's not available, another has not committed to a meeting. Makes it even more challenging for the European Parliament committee to get a full picture of how and when spyware is used in Poland.
Imagine suddenly receiving a warning from Apple that your phone has potentially been compromised, then find that it happened not once, not twice, but six times. Ewa Wrzosek, a Warsaw district prosecutor, shared her experience with the Pegasus inquiry committee yesterday.
While answering questions from the Pegasus inquiry committee, Ewa Wrzosek had this great response to the argument that "if you have nothing to hide, then..." You can have nothing to hide *and* have a right to privacy. They're not mutually exclusive.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Pretty excited for this talk by @patch1t about a one-click macOS takeover, starting out mentioning P0’s iMessage exploit and NSO’s Pegasus spyware. #HITB2022SIN
The story of CVE-2021-30657 was one of my favorite talks at #OBTS last year, esp. the way @cedowens, @jbradley89 and @patrickwardle talked through the steps to finding the initial flaw.
Was digging through court records related to Vault 7 and found this tidbit. The FBI used the wifi at Starbucks to download the leak. #OBTS
If you want to better understand how government agencies, such as the CIA, create and use cyber tools, there are some helpful bits in the #Vault7 court records. Here's one example. #OBTS
Makes sense for the CIA (and others, really) to have a code library of basic components in a state that can be readily used. #Vault7#OBTS
When I worked at the @nytimes, I had a manager who for two years told me that I’m difficult, nasty, fragile, territorial, controlling. He always told me this in person, in private. (thread)
He told me that I don’t care about other people. That no one wanted to work with me. That people were "more relaxed" when I was away. I respected him. Believed every word he said, every time. I even internalized it, tried to fix it. It was a full year before I told HR.
I simply thought that if I changed, he'd stop. If I did everything right, he'd approve. If I fit in, everything would be OK. That if I used the right words, at the right time, in the right way, he would not lash out.
Former intel analyst charged with disclosing classified information to a reporter, the indictment illustrates challenges/risks with journalist/source comms. justice.gov/usao-edva/pres…
P5 outlines comms: analyst researched reporter, attended reporter's book event, searched for classified info re: reporter's beat, texted friends about the event + meeting reporter, reporter emailed analyst article about Snowden, analyst and reporter exchanged texts, emails, etc.
Indictment suggests the analyst and the reporter communicated via emails, texts and in-person meetings prior to using encrypted comms. Book event in April 2013, reporter suggested Jabber in September. Could be they used encrypted comms sooner without this being highlighted here.
An FBI agent has been charged with leaking information to @theintercept. This article by @mukhtaryare does a good job illustrating how the agency runs leak investigations. A short thread. (1/6) mprnews.org/story/2018/03/…
The search warrant filed in Minneapolis federal court against Albury did not identify The Intercept, but the documents described in the warrant match the documents posted by The Intercept in January 2017. (2/6) theintercept.com/series/the-fbi…
The Intercept filed two FOIAs with the agency in late March 2016. The requests contained specific information about the documents that were not available to the public. The FBI determined that The Intercept "obtained these documents from someone with direct access to them." (3/6)