Since Apple began delivering threat notifications we @citizenlab & others like @AmnestyTech have used them as a key indication that investigation is needed.
Another country where the threat notifications uncover likely-political hacking? #Poland.
@citizenlab @AmnestyTech Apple's threat notifications have also helped confirm + expand our understanding of cases we're already investigating, like #Pegasus infection clusters in #ElSalvador and #Mexico.
@citizenlab @AmnestyTech Apple's threat notifications turbocharged our research into mercenary spyware.
And they are a blinking red light that a government is likely trying to get up to something on your phone.
Which is why, since they started back in 2021, some actors pushed disinformation about them.
@citizenlab @AmnestyTech Another case where Apple's threat notifications led to a major investigation & string of hacking discoveries?
Extensive #Pegasus hacking #Armenia.
Report by @accessnow in collaboration with @CyberHubAm @citizenlab @amnestytech @RubenMuradyan accessnow.org/publication/ar…
@citizenlab @AmnestyTech @accessnow @CyberHubAm @RubenMuradyan The US took vigorous action against mercenary spyware proliferation. Including an executive order.
Key early sign something needed to be done?
Apple threat notifications in the inboxes of #US diplomats...
@citizenlab @AmnestyTech @accessnow @CyberHubAm @RubenMuradyan If Apple, Meta, Google, Yahoo threat notifications are landing anywhere in your vicinity...
The canary in your coal mine has just passed out.
Seek out orgs with digital security expertise. There is nubstitute for competent assistance when the threat is serious.
@citizenlab @AmnestyTech @accessnow @CyberHubAm @RubenMuradyan Apple has a world class threat intelligence team hunting mercenary spyware & other bad things.
The notifications come from their finds.
Like all the other companies that do notifications, they tend to read as a bit low on details of exactly who & what they found. Why?...
@citizenlab @AmnestyTech @accessnow @CyberHubAm @RubenMuradyan Threat notifications are big deal for a recipient.
They're also *closely scrutinized by spyware operators*
So threat hunting teams try to balance what they share in warnings with not "burning" their investigative techniques so they can keep tracking spyware groups.
@citizenlab @AmnestyTech @accessnow @CyberHubAm @RubenMuradyan There's a vital conversation happening now about improving impact & value of notifications for victims and researchers while not burning investigations.
But if you're puzzled by why some find the current generation of warnings from Apple/Google/Meta 'vague' I hope this helps.
Personally, I'm on the side of rebalancing notifications to be more informative & impactful for recipients.
Also, evidence-based tuning of language & UX to make next steps clear & easy
Things getting better, but it's a slow road w/tricky problems & equities to balance.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
We @citizenlab w/TAG's @maddiestone caught #predator spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.
Remember when we collectively identified #ZipTieGuy Eric Munchel?
He was just sentenced to 57 months in prison. 1/
2/ We'll never know how much worse things could have gone without the speedy evacuation of the senators.
But the judge made it clear: the intention was to take hostages.
3/ Munchel brought weapons & tactical vests to the Capitol with his mom Lisa Eisenhart
She got a 30 month sentence.
Memory: I still remember shelling out to buy the license of a hires photograph of them together so i could tweet it one time (pic: different image pictured)