Share this page!

John Scott-Railton Profile picture
Twitter logo
Nov 30 7 tweets 8 min read
BREAKING: @Google just exposed Variston, a previously-unknown mercenary #spyware vendor.

Based in 🇪🇸#Spain.

#Europe can't go a week without a spyware scandal. 1/

By @_clem1 & @benoitsevens at Google TAG
blog.google/threat-analysi… Continuing this work, today, we’re sharing findings on an
2/ Google's Threat Analysis Group first learned of Variston's shenanigans...from an anonymous tip.

Someone clearly had it in for the mercenary #spyware vendor.

But also: yet again, suggests that EU Governments really aren't doing much to rein in sketchy commercial players.
3/ Google TAG found Variston could exploit Chrome Browser & Firefox.

And Windows Defender.

Diverse little portfolio of ways to get onto a device.

Google thinks they were being used as 0-days before being fixed.

Ft. @ifsecure @maddiestone & @_tsuro
4/ Coincidentally to the Variston case, yesterday the @EP_PegaInquiry held a hearing about #Spain's own #Pegasus scandal.

Featuring a spyware denialist peddling debunked claims & not-very-forthcoming Spanish officials.

By @vmanancourt & @shannonvansant
politico.eu/article/eu-spy…
5/ Key takeaway: while you've heard of notorious #spyware like #Pegasus & #Predator, there is a whole ecosystem of shady players.

Some operate from the 🇪🇺#EuropeanUnion.

Right now they skirt along with no serious oversight or accountability.

This. Must. Change.
6/ Some 🇪🇺EU member states have #spyware skeletons.

And have tried to block the @EP_PegaInquiry.

For example, the #Greek response to #PredatorGate is an embarrassment.

It's myopic. And in the long run harmful to our collective security.

Source: lighthousereports.nl/investigation/…
Agreed with @ShaneHuntley here.

Also a good thread on his team's work uncovering this.👇

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Nov 30
Mercenary spyware was secretly flown to "blood soaked" Sudanese militia.

Uncovered thanks to an employee selfie.

Reminder: #EU inability to tackle #spyware crisis = global consequences.

Report by @cr0ft0n @telloglou @e_triantafillou
& @omerbenj
haaretz.com/israel-news/se…
Heirs to the murderous #Janjaweed have a global phone #hacking capability.

Reflect on the #NationalSecurity implications.

We've warned of this for a decade.

Yet policymakers still dither on mercenary #spyware.

It will only get worse.

More: lighthousereports.nl/investigation/…
Mercenary spyware companies persuaded regulators to leave them largely unregulated.

The #Sudan #militia sale is the logical conclusion.

These companies won't stop until they've burned our collective house down.
Read 7 tweets
John Scott-Railton Profile picture
Nov 29
NEW: #OathKeepers leader Stewart Rhodes found guilty of seditious conspiracy.

Kelly Meggs, too.

Also convicted of obstructing an official proceeding, as were OathKeepers:

Kenneth Harrelson
Jessica Watkins
Thomas Caldwell

Report: reuters.com/legal/us-jury-…
Remember this #Jan6 video by @rstevensbrody?

I do.

It sent a chill down my spine.

It motivated so many to get involved in painstaking crowdsourced efforts to identify the #OathKeepers down to the last detail of their movements during the siege.
For *weeks* after #Jan6 much of what public knew about #OathKeepers during #Jan6 was the fruit of volunteer sleuthing...

The work of a handful of visual investigations teams like the @nytimes...

And and some tenacious local & nat'l reporters.
Read 6 tweets
John Scott-Railton Profile picture
Nov 27
Watching protests in China...

Every protester surely knows something of the Chinese gov's ubiquitous surveillance apparatus.

Cameras, phone tracking, monitored apps.

Enough to pick out & punish most everyone later...

And yet they still step out.
Ubiquitous surveillance carries the universally understood implication of certain punishment for transgression.

In the long run, conditioning people to self censor is a easier to scale than punishing all of them.

It's a core part of population control in dictatorships.
Egypt, 2011: prior to Jan 25th you'd see small protests surrounded by 10x police.

Going to protest = near-certain arrest.

Then something happened. After some spontaneous protests, it became clear: gov could not punish everyone.

The fear barrier unlocked & numbers exploded.
Read 4 tweets
John Scott-Railton Profile picture
Nov 27
Musk touts Twitter signup growth.

But users aren't customers.

Advertisers are the primary customers.

And ~50% of them have left.

More are probably just waiting for holiday retail season to end.
If you aren't paying, you're the product, not the customer.

Twitter communities *were* the product.

Brands paid to be in front of their eyeballs.

As Musk chases them off, advertisers are inevitably following.
Twitter's communities were whole ecosystems.

Take my field: #infosec. So much of the conversation was happening here.

But now that community has left.

Want to reach them? You'll need advertising impressions elsewhere.

(Got examples? Counterexamples? please weigh in!)
Read 4 tweets
John Scott-Railton Profile picture
Nov 22
Homophobic bigotry about Club Q on my timeline.

Because people are Quote Tweeting their disagreement.

Please stop.

You amplify their reach & Twitter's algorithm rewards them for it.
Don't get rage farmed.

Quote Tweet your friends.

Screenshot your enemies.
Some of the most unavoidably toxic people rage farmed their way into relevance.

We have to break the cycle.

We need simple strategies that buck the algorithmic pressure to feed it.
Read 8 tweets
John Scott-Railton Profile picture
Nov 21
WOW: #NSOGroup petitioned the #SupremeCourt to request the Solicitor General weigh in on @WhatsApp's lawsuit against them.

@TheJusticeDept did! Urging the Supreme Court NOT to hear the case.

Massive blow to the mercenary spyware company that makes #Pegasus. 1/

h/t @davidakaye
2/ NSO had asserted that because foreign governments - which they refused to name- used their tech...they should be entitled to immunity.

@TheJusticeDept's view is categorical. Nope.
3/ @TheJusticeDept's amicus brief notes NSO's placement on Entity List for facilitating the very type of bad things (Natsec threats, human rights abuses) that are the subject of the @WhatsApp lawsuit.

TLDR: NSO is the *very last* company that could be considered for immunity.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(