John Scott-Railton Profile picture
Chasing digital badness. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner. Tweets mine. Or find me on Mastodon:
Ella Sanders Profile picture Neal Rauhauser Profile picture hippie@heart Profile picture eDo Profile picture Adam Smithee Profile picture 41 subscribed
Apr 14 4 tweets 1 min read
Good morning to everyone except the "OSINT" accounts that spent last night spreading fake, alarmist & unconfirmed content. 2/ OSINT: Open Source INtelligence.

Owes its good reputation to groups like @Bellingcat that carefully VERIFY material before using it in analysis.

But today, if you find "OSINT" in the handle, there's a good chance that you will find neither verification nor analysis.
Apr 13 7 tweets 2 min read
Be wary of OSINT-branded accounts recycling faked & old footage of airstrikes, explosions, interceptions etc.

It happens every time, but in New Twitter they have a direct financial incentive to push out inflammatory nonsense.

There's more 1/ 2/ The annoying practice of some OSINT-branded accounts of repeating headlines ginned up & borrowed from somewhere without citation as if it's their own...

Is reckless & dangerous during fast moving conflict where there is huge potential for *consequential* misunderstandings.
Apr 10 4 tweets 3 min read
IMPORTANT: has @Apple recently sent you a #MercenarySpyware threat notification?

This is serious. Seek expert help.

If you're a journalist, activist, dissident, academic, etc. etc: ✅contact the @accessnow Digital Security Helpline. 2/ @Apple's notifications continue to play critical role in helping #MercenarySpyware targets get help & take action.

And they keep leading to accountability.

To date, Apple says they have notified users in 150 countries.

That's a jaw-dropping illustration of the scale of the mercenary spyware proliferation.

You can learn more about the notifications here:
Apr 2 6 tweets 4 min read
WHOA: Judgments thrown out after role of hackers-for-hire revealed + Judge orders millions in damages.

New chapter in accountability for law firms using shady services.

Both @reuters & we @citizenlab have investigated #DarkBasin group 1/

By @razhael…

2/ In 2020, alongside @reuters we @citizenlab exposed a massive Indian hack-for-hire operation.

In sprawling target list... a slew of US nonprofits working on climate change.

Whose presumably-hacked emails wound up in hostile PR & litigation.


Mar 28 4 tweets 1 min read
On new Twitter, experts are harassed & drowned out.

Exceptionally bad during crises.

Any chance of follow-up questions or dialogue in replies is buried under a dismal scroll of blue check throwaway taunts, abuse & ignorance.

No wonder experts are stepping away. If you've watched the last 24h, you saw the consequences of Twitter's war on expertise:

Expert voices on #Baltimore got profoundly less engagement & impressions than clout-chasing accounts monetizing misinformation, sensationalism & conspiracy theorizing.
Mar 24 5 tweets 2 min read
Growing push to spread misleading cybersecurity claims about voting in the run-up to November.

Nothing to do with actual cybersecurity research into election integrity.

This is a perception-shaping strategy to create the option for a Trump-led rejection of a genuine result. 2/ Cybersecurity experts saying most things are, in theory, hackable...

...are NOT confirming misinformation about the November election.

'In theory we could go to Mars' doesn't manifest a rocket ship on the pad, ready to launch in November.
Mar 22 9 tweets 4 min read
Good lord.

US warned Russia of possible imminent terror attack.

Putin publicly dismissed the warnings on March 19th.

Those attacks seem to have just happened.
The State media report of Putin dismissing the terrorism warnings is still online.

Link to the archived copy in case it is deleted.

(Note Screenshot in my 1st tweet = machine translated)
Via @internetarchive @waybackmachine…
Mar 18 12 tweets 6 min read
BREAKING: more 🇺🇸American officials hacked with mercenary spyware...

...and six more countries join anti-spyware-proliferation pact at #SummitForDemocracy.

Europe:#Finland #Germany #Ireland #Poland
Asia:#Japan #SouthKorea

Big deal 1/

By @snlyngaas…

2/ Discovery of more hacked 🇺🇸US officials underscores: mercenary spyware proliferation remains a blinking threat to US #NationalSecurity

A growing list of governments (16 pledge signatories by my count) clearly sees the same risk.

The signatory list is extremely interesting..
Mar 12 6 tweets 2 min read
NOW: #Navalny's Chief of Staff just attacked.

Assailant smashed @leonidvolkov's car window then teargassed & beat him with hammer.

Occurred at his home in #Lithuania just now.

Developing story at @meduza_en…

2/ Countries like #Lithuania are a (relative) safe haven for Russian dissidents to continue work.

Tonight's brutal assault of @leonidvolkov threatens to chill this sense of protection.

It must be quickly, comprehensively & transparently investigated by competent authorities.
Mar 5 15 tweets 9 min read
BREAKING: US Treasury sanctions commercial spyware consortium & key enablers for spyware abuses.

OFAC designations = America’s big gun.

First time they’re used against a mercenary spyware company.

Huge deal, let me break the #sanctions against #Intellexa down 1/
2/. The @USTreasury OFAC sanctions hit across the #Intellexa consortium, a multi-jurisdictional web of spyware & surveillance dealing.

(most notorious for #Predator spyware)

They start at the top: the notorious Tal Dilian. And Sara Hamou, a corporate shell specialist.

Mar 4 6 tweets 3 min read
PROTECT YOUR PRIVACY: turn off Twitter calls.

The feature was just enabled for everyone.

Cue spam, harassment & privacy risks.

Troublingly, the feature exposes your IP address in calls.

PICS: instructions on how to turn it off.


2/ Security side: Adding a call stack = big new attack surface.

In the context of X's gutted security teams, you have a recipe for trouble.

There's a reason device-to-device call apps are heavily targeted by sophisticated attackers.

Story @iblametom…
Mar 3 6 tweets 2 min read
Progressives saying they won't vote...

Will be out protesting when Trump wins & begins the evil things he's promised to do.

It will be too late. Image I remember the protest vote conversations in 2016.

And the post-election regret when the harm was done.

The writing is on the wall for another Trump presidency.

Fortunately, there's something YOU, fellow voter, can do to stop it. Image
Feb 15 10 tweets 6 min read
The Tucker Carlson grocery price video (Russia is so cheap you'll be radicalized, folks!) is tragic & funny.

My guy, the grocery bill you're rhapsodizing about is ~SEVENTY PERCENT of a median Russian weekly salary (13.4k RUB) 🧵


2/ Ignore Tucker & the many accounts spamming the video.

Russia is in a well-documented food affordability crisis.

Even before Putin's disastrous invasion, Russians struggled to afford food.

Now it's so bad Putin felt compelled to apologize for skyrocketing *egg prices*

Feb 13 5 tweets 2 min read
BREAKING: #Pegasus used in 🇵🇱#Poland, confirms PM @donaldtusk.

"Very, very long" victim list.


When we @citizenlab first confirmed the hacking we & victims were targeted w/harassment & disinformation.

Via (PL machine trans.) h/t @RonDeibert…
Image 2/ PM @donaldtusk's announcement opens next chapter in journey towards accountability for #Pegasus abuses in #Poland.

Our first investigation was triggered when @Apple's threat notifications began landing in Poland in 2021. Underling their value.👇
Feb 7 5 tweets 3 min read
NEW INVESTIGATION: uncovers #PAPERWALL a global 🇨🇳pro-Beijing *targeted* harassment & disinformation operation.

Runs websites posing as news outlets in 30 countries.

My @citizenlab colleague @albefittarelli has attributed it to a Chinese PR firm.. 1/…

2/ #PAPERWALL hides disinformation plain sight amidst a flood of unrelated junk content & press releases.

And supports highly-targeted attacks on individuals perceived as threats to 🇨🇳#Beijing

Recommended THREAD by @albefittarelli 👇 #China
Feb 6 11 tweets 5 min read
WOW: ~ 50% of 0day exploits against Google/Android products now come from commercial vendors.

"if governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over"

Timely NEW REPORT by @Google TAG

Some takeaways🧵 1/…

2/ First, Google's own investigations are surfacing harms associated with mercenary spyware.

Key area: it's being being used around elections & key issues.

(Side note, I really appreciate that TAG w/ help from @Jigsaw chose to highlight victim stories up front)

Feb 6 4 tweets 3 min read
NEW: @StateDept won't give visas to individuals involved in mercenary #spyware abuses.

No 🇺🇸Disneyworld trip if you...

❌Abused commercial spyware
❌Got financial benefit from the misuse (e.g. your company sold it)

This is targeted & will hurt 1/…

2/ Linking mercenary spyware targeting to extrajudicial killings...

@SecBlinken & @StateDept are not mincing words.

Crystal clear: US sees the unchecked proliferation of commercial / mercenary spyware as a major problem for human rights AND 🇺🇸national security... The United States remains concerned with the growing misuse of commercial spyware around the world to facilitate repression, restrict the free flow of information, and enable human rights abuses.  The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association.  Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases.  Additionally, the misuse of these tools presents a security and counterintelligence threat to U.S. personnel.  The United States stands on the si...
Feb 3 10 tweets 5 min read
Twitter's AI bot problem:

Pic 1: spam account posts AI-generated *description* of an image without the image.

Pics 2-4
Swarms of blue-check verified bots reply with equally generated replies complimenting the nonexistent image.

h/t @chrismohney

Just zombies responding to zombies. I love @chrismohney's take.

And when you do actually read a real popular post, you feel blue check bot accounts gumming up any possibility of actual conversation with generated garbage.

What a death spiral.
Feb 1 5 tweets 4 min read
INVESTIGATION: sprawling, relentless #Pegasus hacking of 🇯🇴Jordan-based civil society.

Media, lawyers, human rights workers among victims.

Including 🇺🇸US Citizen @adamcoogle from @hrw.

Both zero-click & 1 click attacks. 1/

READ at @accessnow👇…

2/ The #Jordan investigation = collaboration led by @accessnow, with @amnestytech us @citizenlab, @hrw & @OCCRP pitching in alongside local partners.

Unfortunately, the cases we collectively found are likely only the tip of this messy hack-berg.

Journalists = key target Image
Jan 23 5 tweets 3 min read
Recently, @SECGov's Twitter got hacked. Big lessons.


❌ Phone # taken over w/#SIMswap (trickery targeting cell co)
❌ Multi-factor security = disabled


✅SIM swaps = big problem
✅You can't trust texts as a 2nd factor.
✅So: use an Authenticator app / Yubikeys!

2/ The #SEC Twitter hack = another dead canary in the cybersecurity coal mine.

Texts & calls = obsolete (IN)security feature.

Meanwhile, out of public eye, people are getting wiped out by #SimSwapping

Whether bank & wallet balances or dissidents' emails, it's everywhere. Image
Dec 15, 2023 4 tweets 3 min read
WILD: major shipping pulling 180s to avoid Red Sea as Houthi attacks spike on shipping.

Means: skipping #Suez Canal & going *long* way 'round Africa.

Tons more broadcasting destination as "ARMED GUARDS ONBOARD"

Suggested follows incl. @mercoglianos & @johnkonrad

2/ The Bab al-Mandab Strait looks like a Houthi shooting gallery.

Today's count:

MSC ALANYA: threatened
AL JASRAH: UAV hit, fire (extinguished)
MSC PALATIUM III: ballistic missile hit, fire (e'd)