Jonathan Scott Profile picture
Jan 5, 2023 42 tweets 33 min read Read on X
🧵1/

The #Pegasus documentary by @frontlinepbs confirms a lot of my research into the false Pegasus narrative

It starts off in the year 2020 filming @FbdnStories offices in France, they speak about a massive leak of 50,000 NSO Pegasus targets

"There are numbers but no names" Image
2/

The documentary speak about the 50,000 number and says the following about it.

1. The list doesn't have any names
2. It has phone numbers
3. Country Code
4. Sometime stamps
5. It's a list from 2016-2020

"We can't explain where the list is coming from" Image
3/

This information falls directly in line with what I reported in my white paper called Exonerating Rwanda: The spyware case of Carine Kanimba

@OCCRP & @FbdnStories claimed Kanimba's phone was found in a list of 3,500 Rwandan numbers, but Kanimba never had a Rwandan number Image
4/

The statement that Carine Kanimba was found in the #PegasusProject 50,000 list was elevated by @CNN & was then retracted by @OCCRP & @FbdnStories for being false

Kanimba & @citizenlab then testified @HouseIntel July, 2022 saying her Belgian phone number had #Pegasus Image
5/
@ckanimba & @jsrailton were @HouseIntel claiming an American had been spied on. This is a false flag narrative & a clever ruse as I previously noted

Kanimba is American with a Belgian number, this was changed to an American's phone number was spied on
6/

Here is the article where @OCCRP claims Kanimba is part of the 3,500 numbers found in the 50,000 number list

7/
This 50,000 number list is significant b/c it is being used in attempts to exonerate convicted criminals by appealing to International Criminal Tribunals @IntlCrimCourt

Carine Kanimba's false narrative of being found in the 3,500 Rwandan numbers is referenced in this case JOINT DEFENCE MOTION REGARD...
8/

Continuing with the documentary, it speaks about American phone numbers with +1 country code cannot be targeted by Pegasus

Further showing that Carine Kanimba & John Scott-Railton's testimony to @HouseIntel was intentionally deceptive, as Belgium's country code is +32 Image
9/

Recap

@ckanimba & @jsrailton @citizenlab testified to @HouseIntel 2022

Both asserted Kanimba had Pegasus even though NSO says their software cannot target US numbers with a +1 code

Kanimba submits a +32 code report & says b/c she is American she was spied, that is false Image
10/

The documentary continues & focuses on the 50,000 alleged Pegasus list

Journalist gathered in Paris at the Height of COVID-19 & were tasked by @FbdnStories to put names to the phone number list

They were told that most of the countries doing the spying are very dangerous Image
11/

Claudio Guarnieri @botherder of @AmnestyTech now enters the documentary & says Pegasus is code that looks very similar to whats running on your phone but designed to do something different

He is referring to indicators of compromise which Amnesty has many false positives Image
12/

Claudio is viewing a STIX2 file which is an alleged list of IOCs with undisclosed attribution. It is used with MVT-Tool, software written to "detect" Pegasus

Since the release of MVT July, 2021 it has been delivering false positives as noted by @zackwhittaker of @TechCrunch Image
13/

I have written extensively about the false positive results that have derived from @AmnestyTech's MVT-Tool

Each time false positives are found Amnesty does not announce a correction, nor do they reexamine alleged devices

I raised this issue with Amnesty and was dismissed Image
14/

These false positives impact many countries that @FbdnStories @AmnestyTech & @citizenlab are accusing of espionage

#Spain #Rwanda #India #France & #Morocco are just a few accused of spying on civil society & their "victims" have false results

github.com/mvt-project/mv…
15/

Claudio shows the list of IOCs in another frame in the documentary.

The scientific methodology used to attribute this publicly available malicious list has never been shared with the public, but yet this list has been used to confirm hundreds of Pegasus victims Image
16/

We now move into a popular & never confirmed #Pegasus #Hacking association

The the murder of Jamal Khashoggi

The documentary features @danapriest of @washingtonpost as she investigates the Pegasus list

She says two phone numbers were found

Jamals Wife & Jamal's Fiancé Image
17/

Through my extensive research over the years, into the specific claim that #Pegasus was used to hack Jamal Kashoggi I found disinformation coming from @AmnestyTech's partners which include @citizenlab

18/

The video I created shows Bill Marczak of @citizenlab speaking to @CNN in 2018 saying

It is 100 percent clear that [Jamal Khashoggi] received one of these [Pegasus] text messages containing a link

Then John Scott-Railton in 2022 says "we don't have the device to confirm" Image
19/

When I first posted the disinformation @citizenlab was spreading about the Jamal Khashoggi #Pegasus hacking, I was attacked by @runasand & @maldr0id.
They said I was spreading disinformation & that I edited the CNN video to make it seem like @citizenlab was speaking of Jamal Image
20/

The smear campaign run by Runa & Lukasz, Accused me of cutting CNN footage to make it look like @citizenlab said Jamal was hacked. That came to a halt when I presented a Media article from @intifada written in 2018 showing exactly what I presented.

electronicintifada.net/blogs/tamara-n… Image
21/

The original @CNN interview with Bill Marczak of The Citizen Lab saying with 100% certainty that Pegasus was used to hack Jamal Khashoggi can be viewed here

22/

Moving forward in the documentary we see how "Forensics" are conducted by @FbdnStories & @AmnestyTech

@danapriest travels to Istanbul to meet w/Jamal Khashoggi's fiance & asks her if she would want her phone forensically examined

Then calls Claudio in Berlin for results Image
23/

The way @AmnestyTech & @citizenlab conduct "Forensics" is by using iCloud backups

A physical forensics examination could potentially reconstruct memory to find deleted data, but Director of The Citizen Lab an @AmnestyTech partner says having the mobile might not be useful Image
24/

Forensics firm @ElcomSoft stated that only using an iCloud backup is not proper & you will be missing a lot.

They published an article

The Worst Mistakes in iOS Forensics
"Proper logical acquisition is not limited to backups. In fact, backups are just the beginning." Image
25/

As I continue to watch the documentary, we see how Amnesty & Citizen Lab both use backups for their forensics analysis

@danapriest meets with Khashoggi's wife in D.C
Khashoggi's wife allowed Dana to download her phone & send a copy to Claudio and Bill Marczak at Citizen Lab Image
26/

Bill Marczak of @citizenlab now enters & says he conducted an analysis on all the available data from 2 Android OS phones belonging o Khashaggi's wife Hanan

If Marczak had the physical device there would be more data, & now the phone's integrity has been compromised Image
27/

This is a common theme with @citizenlab & @AmnestyTech, they allow the alleged victim to continue to use the device that has been said to be infected which compromises all data integrity

No chain of custody, no quarantine, & the examination is not performed in a clean lab
28/

Bill Marczak speaks about analyzing Android OS devices for Pegasus in 2020 but not a single Android OS device was analyzed in 2022 when 65 Catalans were said to be infected with Pegasus

Citizen Lab says "Android which is more difficult to forensically analyse"

#CatalanGate Image
29/

We now start to get into some interesting details. @danapriest relays Bill Marczak's finding of Hanan's Android OS devices, He says a browser tab was opened by UAE officials while Hanan was detained, and then the URL installed Pegasus Image
30/

Marczak says they have the smoking gun, the traces of the spyware. He says "Almost certainly the spyware was installed and exfiltrated information from her phone"

"Almost certainly" is not definitive, but @citizenlab likes to present "strong circumstantial evidence" as fact Image
31/
"Saudi Arabia has said claims that it used spyware are baseless"
This is 100% accurate
There is no science, reproducible evidence, data integrity is compromised & @citizenlab's lack of rigor shows in their latest false Pegasus infection of Toni Comín Member of EU Parliament Image
32/

NSO Group has also denied all involvement of their technology in the murder of Jamal Khashoggi. @amnesty and @citizenlab have been consistently accusing NSO Group's technology of spying on members of civil society for over 5 years without any evidence. Image
33/

What many do not known, is @citizenlab has received many donations from spyware firm Palantir, & Dir Ron Deibert of @citizenlab calls Palantir the darling of the defense & intelligence community in his Book Black Code: Surveillance, Privacy, and the Dark Side of the Internet Image
@citizenlab 34/

The documentary takes us to Mexico & we are told that Carmen Aristegui @aristeguicnn has been a victim of Pegasus since 2015

This is contrary to @AmnestyTech's report showing Carmen was infected in 2014

Why am I pointing this out?
b/c details matter when seeking truth Image
35/

Carmen @aristeguicnn says her sister is among the 50,000 phone number list of Pegasus targets & says her sister is not political & not an activist

@OsloFF said it costs $1M per phone infection with Pegasus

Mexico was said to have 15,000+ numbers that is ~$15B USD needed Image
36/

Carmen @aristeguicnn says she knew her phone was tapped when she and her son started to get strange text messages...

Strange texts does not mean tapped

During COVID-19 receiving texts w/short URLs was common around the world. 20 ppl could be included it's called spam/junk Image
37/

Now the Anonymous blacked out face person with a voice changer comes into the documentary, we'll call them Anon

Anon says these were the steps to infect

1. Get the victims number
2. Do Social Eng/OSINT
3. Construct some text to send
4. Hope they click
5. Spyware installs Image
38/

Anon is a Mexican insider providing info to @FbdnStories & @frontlinepbs, but Anon's story is different from what Citizen Lab told Financial Times about the spyware in Mexico

1. No Social Eng/OSINT needed
2. @citizenlab says with "high confidence" this is how Pegasus works Image
39/

Former President Enrique Nieto has denied using Pegasus to spy on journalists.

The big questions are...

Why are real professionals not performing mobile forensics on these alleged infected devices?

Why are the physical mobile devices not going through analysis? Image
40/

The documentary moves to Turkey to meet with journalist @Khadija_Ismayil Khadija Ismayilova of Azerbaijan

Miranda Patrucic @MirandaOCCRP of the @OCCRP is present and tells Khadija that Pegasus is a Zero-Click technology, this is the year 2020 Image
41/

The first alleged Pegasus Zero-Click was discovered in 2021

Then, in 2022 Citizen Lab said they found a different Pegasus Zero-Click dating back from 2017-2020 on Catalan phones

Miranda says she's aware of a Zero-Click in 2020 during this filming, where is the CVE? Image
42/

Digital espionage & forensics are my core research focuses, most people & orgs in this documentary have either blocked me, called me a fraud, conspiracy theorist, said i'm on NSO payroll, etc..

But @OCCRP claims to know of a Zero-Click attack in 2020 & have never reported Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jonathan Scott

Jonathan Scott Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jonathandata1

Sep 17, 2023
Let me tell you why #DFIR is a joke

Here are the pieces to “Digital Forensics”

1. Acquisition
2. Preservation
3. Examination
4. Analysis
5. Reporting

Here are are just a few types of “Digital Forensics” specialties there are

1. Mobile
2. PC
3. IoT
4. Network
5. Cloud

As a DFIR “professional” you are not an expert in every one of these modalities nor are you allowed to perform all of the duties required.
So what do #DFIR “professionals” even do?
@keydet89 @ry_obryan The other major issue I’m finding @keydet89 is that false positives are not being reported to government entities.

They are being left out of the reporting completely
Read 6 tweets
Oct 26, 2022
The #CatalanGate report by @citizenlab and @amnesty is filled with many unknowns, but this seems par for the course.

Elisenda Paluzie - said to be Infected with Pegasus shows a false positive result in the Amnesty validation report.

@josejolivas @jordi_canyas @foroprofesores Image
Meritxell Bonet - Also said to be infected with Pegasus has a false positive result in the Amnesty Tech validation report Image
Jordi Sànchez - Another said to be infected 25 times has a false positive result Image
Read 11 tweets
Sep 6, 2022
🚨IMPORTANT

(1/4)

Amnesty claims to have

"Temporarily removed the false positive claim and reinstated it"

There is no evidence of any reinstatement of the false positive for 4 months. Nov, 2021 a reinstatement has occurred.
(2/4)

October, 2021 The European Union Voted on a Joint Motion Resolution Against Rwanda For Spying on Carine Kanimba.

Amnesty Knew there was false positives in their report.

Sources:

europarl.europa.eu/doceo/document…

europarl.europa.eu/doceo/document…
(3/4)

Kanimba admits in an interview July 22nd, 2021 that she had calls with the US State Department.

July, 2021 Kanimba was NOT infected and WAS infected with Diagnosticd, and there was no mention of this in any public document

US Govt. Resources were spent to protect her
Read 6 tweets
Sep 6, 2022
Everyone that is attacking the #Rwanda supporters are either working with, have worked, or are affiliated with Citizen Lab and Amnesty.

The University of Toronto which is the home of Citizen Lab is funded by a Chinese Spyware Firm called iFLYTEK

When I brought this to the attention of the world, The radical Citizen Lab supporters started to come out from everywhere and attack me to no end.

The article is linked☝️, and @UofT refuses to comment on this.

The Chinese olympics app was developed by iFLYTEK
When Citizen Lab wrote about the Chinese Olympics app they did not mention it was developed by a Blacklisted Spyware Firm, but instead named iFLYTEK saying they could not find evidence of any censorship when using the app.
Read 4 tweets
Sep 5, 2022
Oh this is good!! I hope the journalist from around the world will talk to me about my lawsuit.

Journalists
Ask me how I know so much about spyware?
Ask me how I know so much about mobile forensics?
Ask me to show you the SEALED court documents detailing my work with the US Gov
Journalist

Ask me to show you communications with Verizon Wireless asking me to create backdoors in Samsung, Motorola, LG, and Google Pixel Phones.

My lawsuit was trying to stop my former business partner from selling the backdoors I created by request of Verizon Wireless.
Really @runasand plotting with @1njection...saying that lying to the Rwandan Government is a sensational claim...it's proven and validated...

Wow..

Know who you're aligning with Runa
Almost 40 tweets of targeted harassment from August 2021 to March 2022
Read 4 tweets
Jul 29, 2022
Infosec loves to use the phrase “do better.” Wake up & see what’s happening in this community. Y’all engage so much in harassment & hate. That dedicated hate account jonathandata0 is spreading lies about the reporter that interviewed me Irina Tsukerman calling her a prostitute. Image
It’s shameful to see “prominent” #infosec pros engaged in active harassment, bullying, promotion of defamation, and openly plotting to engage in smear campaigns. Infosec is a modality people dream about joining…but many people have publicly said they now fear it because of 👆
Her we go…more derogatory #infosec virtue signaling from jonathandata0…coward and keyboard warrior is what you are. Let’s have a live debate about issues you want to discuss and then we’ll see what you’re on about. Go ahead and twist this tweet…you’ll only prove my point more. Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(