Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Peter Girnus 🦅 Profile picture
Peter Girnus 🦅
@gothburz
The Cyber Populist | Hacker at @theZDI | Your favorite vendor's worst nightmare | Holding the pen | The quiet part, written, then read aloud.
Apr 2 4 tweets 4 min read
I am the Director of Professional Signal Intelligence at LinkedIn.

Every time you log in, we search your computer.

Not metaphorically.

We run code that scans your installed software.

Every browser extension.

Every application.

We catalog it.

We transmit it to our servers.

We share it with a third-party cybersecurity firm you've never heard of.

The tracking pixel is zero pixels wide.

We hid it off-screen.

You never consented.

We never asked.

Our privacy policy doesn't mention it.

That's networking.

We call the program Project Handshake internally.

The Slack channel is handshake-telem.

In 2024 we scanned for 461 products.

By February this year we scan for over 6,000.

I don't know what all of them are.

Nobody does.

Someone on my team added categories for browser extensions that identify practicing Muslims.

Someone added extensions for neurodivergent users.

Someone added 509 job search tools.

That last one is my favorite.

We can tell which of our one billion users are secretly looking for new jobs.

On the platform where their current boss checks their profile.

That's networking.

We scan for 200 products that compete with LinkedIn's sales tools.

Apollo. Lusha. ZoomInfo.

We know each user's real name, employer, and job title.

We mapped exactly which companies use which competitor products.

We extracted their customer lists from their users' browsers.

Without anyone knowing.

Then we sent legal threats to the users we caught.

The EU told us to open our platform to third-party tools.

We published two restricted APIs.

They handle 0.07 calls per second.

Our internal API, Voyager, handles 163,000 calls per second.

In Microsoft's 249-page compliance report, the word "Voyager" appears zero times.

That's networking.

I presented our Software Disclosure Rate metrics at a leadership summit last quarter.

The conference room is called The Fishbowl.

Glass walls.

Appropriate.

There's a plaque on the wall.

Q3 Competitive Landscape Award.

I won it for the extension scanning initiative.

Someone asked if users had a way to opt out.

I said they can close their browser.

The room laughed.

I wasn't sure why.

I browse LinkedIn on a Chromebook with no extensions.

Most of the team does.

The platform that helps you get hired searches your computer every time you visit.

We know your name.

We know your employer.

We know your religion.

Your disabilities.

Your politics.

Whether you're looking to leave.

That's networking.

The system works exactly as designed.

I designed it. People asked how nobody noticed.

requestIdleCallback.

The scan waits until your browser has nothing else to do. Then it searches your computer.

You don't see a delay. You don't see a spinner. You see LinkedIn.

We also collect your Do Not Track preference.

We record that you asked not to be tracked.

Then we track you.

The code explicitly excludes it from the fingerprint hash.

I asked an engineer why we still collect it.

She said for completeness.

That's networking.

browsergate.euImage
Feb 1 4 tweets 4 min read
I'm a Hacker.

I attend DEF CON every year.

We play a fun game called "Spot the Fed".

Last week, the Department of Justice released three million pages of Epstein documents.

I read them professionally.

Not for the names.

For the tradecraft.

The tradecraft is immaculate.

But here's what made me put down my coffee.

An FBI informant told authorities in 2017 that Epstein had a "personal hacker."

An Italian.

Born in the southern region of Calabria.

I've met hackers from Calabria.

At DEF CON.

At Black Hat.

The informant said this hacker developed zero-day exploits.

For iOS.

For BlackBerry.

For Firefox.

The informant said this hacker sold the exploits to the United States.

To the United Kingdom.

To an unnamed central African government.

And to Hezbollah.

Hezbollah paid with "a trunk of cash."

That's not how the US government pays.

The US government uses purchase orders.

But the exploits were the same.

Same zero-days.

Different payment methods.

Different clients.

Same hacker.

Speaking of hackers in Epstein's emails.

If you've been to Black Hat, you know the name.

He's on the Black Hat conference board.

He co-founded Trail of Bits.

He co-wrote the iOS Hacker's Handbook.

On April 14, 2018, the hackersent an email.

To jeevacation@gmail.com.

That's Epstein's personal email address.

Subject line: "New Yorker."

Document reference: HOUSE_OVERSIGHT_033280.

I don't know what was in the email.

The email exists.

In the files.

In the congressional oversight documents.

I've been to Black Hat with the hacker in question.

Not personally.

In the same room.

Watching the same talks.

About zero-days.

About offensive security.

About "responsible disclosure."

Epstein had a personal hacker selling zero-days to governments and Hezbollah.

Epstein was in contact with a Black Hat board member.

Epstein funded MIT Media Lab.

Where they research AI.

And security.

And "the future."

I don't know what this means.

I know what it looks like.

It looks like my industry.

But there's more.

US security officials say Epstein ran "the world's largest honeytrap operation."

For Russian intelligence.

The KGB.

The documents mention Putin 1,056 times.

Moscow 9,629 times.

An email from September 2011: "You had an appointment with Putin on September 16th."

Scheduled like a dentist visit.

Security sources say a Russian oil tycoon introduced Epstein to the Maxwells.

Robert Maxwell.

Ghislaine's father.

Called "Israel's Superspy."

Alleged KGB.

Alleged Mossad.

Alleged MI6.

Three agencies.

One family.

Plus a personal hacker.

Plus a network of security researchers.

Plus MIT.

Plus zero-days sold to multiple governments and terrorist organizations.

At DEF CON, we have a saying.

"Spot the fed."

It's a game.

You try to identify the government agents in the crowd.

It's funny.

Until it isn't.

Until you realize the game goes both ways.

They're spotting you too.

And taking notes.

And building networks.

And buying exploits.

Epstein wasn't just an intelligence asset.

He was an intelligence infrastructure.

A platform.

Multi-tenant.

Multi-cloud.

Russia. Israel. US. UK. Hezbollah.

Everyone got access.

Everyone paid differently.

Same exploits.

Same kompromat.

Same network.

Different clients.

The question everyone asks: Was Epstein an intelligence asset?

That's the wrong question.

The right question: Was the entire security research community compromised?

The answer is in the files.

Three million pages.

We just haven't read them all yet.

Was the entire security research community compromised?

Anyway, see you at DEF CON!Image TL;DR:

The latest Epstein files reveal he had ties to the hacker community: a personal zero-day developer who sold the same exploits to the US, UK, AND Hezbollah, plus emails with a Black Hat board member. Combined with 1,056 Putin mentions and running "the world's largest honeytrap operation".

Epstein wasn't an intelligence asset. He was intelligence infrastructure.

Multi-tenant. Multi-cloud.

Everyone got access.