Jonathan Scott Profile picture
Oct 26, 2022 11 tweets 6 min read Read on X
The #CatalanGate report by @citizenlab and @amnesty is filled with many unknowns, but this seems par for the course.

Elisenda Paluzie - said to be Infected with Pegasus shows a false positive result in the Amnesty validation report.

@josejolivas @jordi_canyas @foroprofesores Image
Meritxell Bonet - Also said to be infected with Pegasus has a false positive result in the Amnesty Tech validation report Image
Jordi Sànchez - Another said to be infected 25 times has a false positive result Image
Sònia Urpí Garcia - Has an even stranger issue in her "forensics validation"

She is now connected to a Hungarian Forensics Report. Image
Artur Mas - is said to be infected with Pegasus, but Citizen Lab was

"[Unable to determine specific infection date(s)]"

We can see an alleged "Malicious" SMS sent to
Jordi Sànchez 2017-07-11

Is this how @citizenlab and @amnesty are determining who is infected? Image
The false positive results mentioned above can be seen be seen in a Github issue raised by an MVT-Tool user

Etienne Maynier of Amnesty Tech acknowledged the false positive, and removes the indicator from the Stix2 file, but keeps it in the main code base

github.com/AmnestyTech/in… Image
The iOS developer that raised the issue in says the "malicious" file

Library/Preferences/com.apple.CrashReporter.plist

is a normal file in an iPhone & suggests checks to see if it is an IOC

Etienne says Amnesty doesn't read the content of the file just looks for a name.

🤯
We can see that loading a Stix2 file that contains

Library/Preferences/com.apple.CrashReporter.plist

is delivering a false positive result for more than 1 person. I have posted this before, but Amnesty Tech acknowledges the false positive and removes it
Let me break this down

1. Amnesty created a list with keywords that are believed to be Pegasus

2. MVT-Tool is made to detect Pegasus

3. If you tell MVT to cross check with the keyword list, false positive results for com.apple.CrashReporter.plist came back
4. Amnesty acknowledged this issue with the keyword list, and removed com.apple.CrashReporter.plist from the keyword list

5. By the time this was removed from the keyword list, 17 people had already been confirmed to be infected with Pegasus base on this keyword.
Last part of clarification b/c ppl refuse to see what is really happening

The iOS developer in this issue is stating Amnesty should do more than just look for a file name com.apple.CrashReporter.plist

b/c just looking for a name can show a false positive result Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jonathan Scott

Jonathan Scott Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jonathandata1

Sep 17, 2023
Let me tell you why #DFIR is a joke

Here are the pieces to “Digital Forensics”

1. Acquisition
2. Preservation
3. Examination
4. Analysis
5. Reporting

Here are are just a few types of “Digital Forensics” specialties there are

1. Mobile
2. PC
3. IoT
4. Network
5. Cloud

As a DFIR “professional” you are not an expert in every one of these modalities nor are you allowed to perform all of the duties required.
So what do #DFIR “professionals” even do?
@keydet89 @ry_obryan The other major issue I’m finding @keydet89 is that false positives are not being reported to government entities.

They are being left out of the reporting completely
Read 6 tweets
Jan 5, 2023
🧵1/

The #Pegasus documentary by @frontlinepbs confirms a lot of my research into the false Pegasus narrative

It starts off in the year 2020 filming @FbdnStories offices in France, they speak about a massive leak of 50,000 NSO Pegasus targets

"There are numbers but no names" Image
2/

The documentary speak about the 50,000 number and says the following about it.

1. The list doesn't have any names
2. It has phone numbers
3. Country Code
4. Sometime stamps
5. It's a list from 2016-2020

"We can't explain where the list is coming from" Image
3/

This information falls directly in line with what I reported in my white paper called Exonerating Rwanda: The spyware case of Carine Kanimba

@OCCRP & @FbdnStories claimed Kanimba's phone was found in a list of 3,500 Rwandan numbers, but Kanimba never had a Rwandan number Image
Read 42 tweets
Sep 6, 2022
🚨IMPORTANT

(1/4)

Amnesty claims to have

"Temporarily removed the false positive claim and reinstated it"

There is no evidence of any reinstatement of the false positive for 4 months. Nov, 2021 a reinstatement has occurred.
(2/4)

October, 2021 The European Union Voted on a Joint Motion Resolution Against Rwanda For Spying on Carine Kanimba.

Amnesty Knew there was false positives in their report.

Sources:

europarl.europa.eu/doceo/document…

europarl.europa.eu/doceo/document…
(3/4)

Kanimba admits in an interview July 22nd, 2021 that she had calls with the US State Department.

July, 2021 Kanimba was NOT infected and WAS infected with Diagnosticd, and there was no mention of this in any public document

US Govt. Resources were spent to protect her
Read 6 tweets
Sep 6, 2022
Everyone that is attacking the #Rwanda supporters are either working with, have worked, or are affiliated with Citizen Lab and Amnesty.

The University of Toronto which is the home of Citizen Lab is funded by a Chinese Spyware Firm called iFLYTEK

When I brought this to the attention of the world, The radical Citizen Lab supporters started to come out from everywhere and attack me to no end.

The article is linked☝️, and @UofT refuses to comment on this.

The Chinese olympics app was developed by iFLYTEK
When Citizen Lab wrote about the Chinese Olympics app they did not mention it was developed by a Blacklisted Spyware Firm, but instead named iFLYTEK saying they could not find evidence of any censorship when using the app.
Read 4 tweets
Sep 5, 2022
Oh this is good!! I hope the journalist from around the world will talk to me about my lawsuit.

Journalists
Ask me how I know so much about spyware?
Ask me how I know so much about mobile forensics?
Ask me to show you the SEALED court documents detailing my work with the US Gov
Journalist

Ask me to show you communications with Verizon Wireless asking me to create backdoors in Samsung, Motorola, LG, and Google Pixel Phones.

My lawsuit was trying to stop my former business partner from selling the backdoors I created by request of Verizon Wireless.
Really @runasand plotting with @1njection...saying that lying to the Rwandan Government is a sensational claim...it's proven and validated...

Wow..

Know who you're aligning with Runa
Almost 40 tweets of targeted harassment from August 2021 to March 2022
Read 4 tweets
Jul 29, 2022
Infosec loves to use the phrase “do better.” Wake up & see what’s happening in this community. Y’all engage so much in harassment & hate. That dedicated hate account jonathandata0 is spreading lies about the reporter that interviewed me Irina Tsukerman calling her a prostitute. Image
It’s shameful to see “prominent” #infosec pros engaged in active harassment, bullying, promotion of defamation, and openly plotting to engage in smear campaigns. Infosec is a modality people dream about joining…but many people have publicly said they now fear it because of 👆
Her we go…more derogatory #infosec virtue signaling from jonathandata0…coward and keyboard warrior is what you are. Let’s have a live debate about issues you want to discuss and then we’ll see what you’re on about. Go ahead and twist this tweet…you’ll only prove my point more. Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(