Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Scott-Railton Profile picture
@jsrailton
Sep 22 10 tweets 6 min read Twitter logo Read on Twitter
Scrolly
🚨UPDATE your @Apple products now!

We @citizenlab w/TAG's @maddiestone caught #predator spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.

Apple rushed a patch.

It gets crazier 1/

citizenlab.ca/2023/09/predat…
Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone wi...
2/ Ahmed Eltantawy got in touch with us @citizenlab, worried his devices were targeted in #Egypt.

He was right. His iPhone on @VodafoneEgypt was targeted for network injection.

As he browsed the net, the attackers were trying to slip a #Predator infection onto his device.

Image
Image
Image
3/ It gets worse.

We attribute the spyware injection system to a @Sandvine Packet Logic product w/high confidence.

Sandvine has been accused in past of facilitating human rights abuses in the past.

Owned by NSO Group's former owner Francisco Partners.




Image
Image
Image
Image
4/ This kind of exploit delivery through injection DOES NOT require a target to click as our collaborator, the brilliant @maddiestone, points out in her post.

It's a seriously dangerous kind of attack & hard to protect against.
blog.google/threat-analysi…
Image
@maddiestone 5/ Apple moved quickly to fix the zero-day exploits @maddiestone & @billmarczak discovered.

We encourage everyone to immeidately update their apple products.

There is a piece of good security news buried in all this... Image
@maddiestone @billmarczak 6/ We believe & Apple's Security Engineering & Architecture Team confirms, Lockdown Mode would have blocked this attack!

We *strongly* encourage all Apple users that may be at risk because of who they are or what they do to enable Lockdown Mode!

support.apple.com/en-us/HT212650
Image
@maddiestone @billmarczak 7/ Ahmed ElTantawy wasn't just targeted with network injection!

He was also targeted with #Predator spyware links in decoy messages sent as texts & over @WhatsApp.

One of the attacks masqueraded as communications from the International Federation for Human Rights @fidh_en Image
@maddiestone @billmarczak @WhatsApp @fidh_en 8/ This summer the 🇺🇸US hit developer & distributor of #Predator spyware (Cytrox & Intellexa) with blacklisting.

This latest abuse revelation affirms the determination that the spyware continues to fuel human rights abuses.

By @ddimolfetta & @Post_AG
washingtonpost.com/national-secur…
Image
9/ Pulling back the lens from the tech side of this #Predator attack:

Mercenary spyware is autocrat fuel.

When you hack a pro-democracy presidential hopeful in an autocracy... you are doing dictatorship.

And spyware companies know exactly who they are selling to. Image
10/ Without brave victims like Ahmed Tantawy getting checked & coming forwards, these recent exploits would not have been found.

Billions of apple devices would still be vulnerable.

Including yours. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Sep 14
Block ads on your networks now.

The system designed to follow us around the net with ads is now a blinking national security & human rights threat.

By @omerbenj
haaretz.com/israel-news/20…
Image
2/ Once the capability was limited to governments.

Now, in a predictable step, mercenary spyware companies are selling it.

Leveraging ads to remotely infect you with #Pegasus-like spyware.

Analogy: a devastating & unfixable backdoor chasing you device around the internet. Image
3/ The incentives are simple: ad companies will do everything they can to make sure you get tracked & shown ads.

So do their customers.

Even the newspapers that do good reporting on privacy.

All that effort has basically forced security vulnerabilities onto the entire world.
Read 8 tweets
John Scott-Railton Profile picture
Sep 9
Remember when we collectively identified #ZipTieGuy Eric Munchel?

He was just sentenced to 57 months in prison. 1/ Image
2/ We'll never know how much worse things could have gone without the speedy evacuation of the senators.

But the judge made it clear: the intention was to take hostages. Image
3/ Munchel brought weapons & tactical vests to the Capitol with his mom Lisa Eisenhart

She got a 30 month sentence.

Memory: I still remember shelling out to buy the license of a hires photograph of them together so i could tweet it one time (pic: different image pictured)

Image
Image
Image
Read 7 tweets
John Scott-Railton Profile picture
Sep 7
🚨 Update your @apple products immediately!

Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain.

(No clicking required to infect latest iOS!)

Found while checking civil society.

Disclosed to Apple which rushed a patch 1/
citizenlab.ca/2023/09/blastp…
Image
2/ We found the #BLASTPASS exploit chain thanks to an unnamed victim.

Once more, civil society, is serving as the cybersecurity early warning system for... billions of devices around the world.

Including you, if you're reading this on your iPhone. Or Mac. Image
3/Update your #iPhone right away.

And then, if you are at risk because of who you are or what you do, enable #Lockdown mode.

As my colleague @billmarczak says "it's the one weird trick NSO hates" Image
Read 5 tweets
John Scott-Railton Profile picture
Sep 7
BREAKING: #Poland's Senate investigation into #Pegasus hacking released.

Found "gross violations of constitutional standards"

Says 2019 elections where #Pegasus was used against opposition leadership were not fair.

(Pics: Machine translated) Report: senat.gov.pl/aktualnoscilis…


Image
Image
Image
2/ #Poland's Senate Commission also concluded that the purchase of #Pegasus was illegal, and that the spyware cannot be legally used under Polish law. Image
3/ #Poland's #Pegasus Commission also notifies the Prosecutor's office of the possibility that current & former ministers may have been implicated in the criminal acquisition & use of the spyware.

Wow. Image
Read 4 tweets
John Scott-Railton Profile picture
Sep 4
Vivek Ramaswamy's team is crafting absurd tweets so you can dunk on them.

Your engagement is the goal.

You are being rage farmed.

All Twitter's algorithm sees when you quote tweet is a signal to further boost the content.

Quote tweet friends, screenshot enemies.
Vivek Ramaswamy has little substance.

His team knows it.

How do they center him in the conversation?

Plagiarize the Bobert, MTG, et. al. playbook: steady stream of outlandish statements people feel an irresistible need to disagree with & call out.
Politicians crafting stunts for attention is as old as time.

But, simplifying a bit, algorithmic feeds consistently reward content that generates engagement.

Doesn't have to be positive.

So 100 times out of 100 stunts get prioritized over substance.
Read 5 tweets
John Scott-Railton Profile picture
Aug 26
Hmm: sanctioned spyware maker NSO Group still lobbying in🇺🇸US.

Latest target: American Bar Association (@ABAesq)

Fact: NSO's claims to help US NatSec =contradicted by US Gov.

Maybe they're hoping American lawyers have been living under a rock?

#FARA
efile.fara.gov/docs/6743-Info…



Image
Image
Image
Image
My take: having epically struck out with the 🇺🇸US Government & gotten sanctioned...

NSO Group seeks to to discretely erode the US policy position about mercenary spyware by way of targeting conversations happening legal profession.

Why now? Well..
Governments have begun taking actions on spyware companies.

Next phase = crafting effective regulations.

Complex process with many stakeholders.

NSO wants to get in as early as possible to reduce the risk they get effectively regulated.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(