John Scott-Railton Profile picture
Chasing digital badness. Connectivity in conflicts. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner. Tweets mine.
Ella Sanders Profile picture 🌻🌻🌻 Американський хакер 🌻🌻🌻 Profile picture hippie@heart Profile picture eDo Profile picture Adam Smithee Profile picture 30 added to My Authors
Jun 23 4 tweets 3 min read
NEW: meet Italian mercenary spyware vendor RCS Labs.

Victims in:
🇮🇹Italy
🇰🇿Kazakhstan.

One clever technique: cut victims data w/ISP complicity, then prompt them to load malicious app to 'reconnect.' 1/

By @benoitsevens & Clement Lecigne h/t @maddiestone
blog.google/threat-analysi… 2/ The inevitable question is "how does RCS Labs compare to..."

Two datapoints:

- This isn't zero click, this is a bunch of clicks & requires some user convincing
- Look at these stale milk exploits...

Yet obviously...it still works well enough that folks are paying for it.
Jun 22 8 tweets 7 min read
Spot a generic notification from @twitter in your timeline?

They're hoping you don't read it.

So I'll summarize.

Twitter used phone numbers you gave them to secure your account... for targeted ads.

This was dumb. And wrong. 1/
help.twitter.com/en/personal-in… 2/ @Twitter notified you that they abused phone numbers...because the @FTC made them.

Embarrassing details that they left out:

- They did it from 2014-2019
- Affected more than 140 million users.
- The FTC hit them w/a $150 million dollar fine.

ftc.gov/news-events/ne…
Jun 21 10 tweets 8 min read
So, NSO Group is getting hammered at 🇪🇺 @EP_PegaInquiry.

They keep claiming #Pegasus is for fighting terror, crime.

And then do the 'balancing security vs. privacy' thing.

This is a *false dichotomy.*

NSO *knows* a huge part of Pegasus uses are Gov-on-Gov hacking. 1/ 2/ "Stop the storytelling!" - @sandor_ronai interrupts the NSO rep.

MEPs at the @EP_PegaInquiry have clearly run out of patience with the rep, who is talking in circles about human rights due diligence.
Jun 20 9 tweets 3 min read
Just saw a wild armed politician video?

Felt a strong need to Quote Tweet?

That's because YOU are the target audience.

You're helping this person enter the news cycle.

Stop it.

Here's how: Quote Tweet friends, screenshot enemies.

Better yet, focus elsewhere. Your angry engagement is depressingly predictable.

Twitter doesn't know that a Quote Tweet means you disagree!

Politicians know this, and use it.

Your amplification signals to algorithms & traffic hungry editors that the person is relevant.

You are gifting them more exposure.
Jun 15 14 tweets 6 min read
VPNs are pricey snake oil.

Consumers are getting scammed by misleading marketing.

I've never met a user with an accurate understanding of just how modestly, if at all, VPNs address their security & privacy concerns.

Time for the industry to get regulatory scrutiny. The VPN industry nurtures the impression that they actually do things like:

- Stopping malware (NOPE!)
- Hiding you from tracking (mostly NOPE, remember cookies, etc?)

They soak consumers for millions while creating a false sense of security.
Jun 15 5 tweets 4 min read
Two years ago we exposed a hack for hire operation.

One suspected customer: @wirecard.

Their critics, journalists & short sellers were all targeted.

Weeks later, Wirecard collapsed in a fraud scandal.

Here's something that still haunts me 1/...
citizenlab.ca/2020/06/dark-b… 2/ After we published, I started getting notes from individual @wirecard investors.

Politely, they suggested that Wirecard wouldn't dream of such a thing.

Perhaps we'd been misled by malign forces aligned against their favored company?

I still wonder how badly they fared.
Jun 14 14 tweets 7 min read
BREAKING: US-defense contractor @L3HarrisTech plans to acquire sanctioned spyware maker NSO Group.

Bad for 🇺🇸NatSec & CI. Atrocious for human rights.

If admin lets it happen would be own-goal against @POTUS' democracy agenda. 1/

By @intel_online
intelligenceonline.com/international-… 2/ Why is it bad to bring NSO closer to the US defense establishment?

Firstly, let's talk about counterintelligence.

NSO is hand-in-glove close to a foreign intelligence service & staffed by formers.

The US is a major target for collection by that service.
Jun 11 7 tweets 7 min read
The "no guns on #January6th" line keeps cropping up.

It's flat wrong. There were plenty of guns on #January6th

"I'm the one in the video with the gun right here"

-John Emanuel Banuelos speaking to the police.

Story: @ryanjreilly
nbcnews.com/politics/polit…
May 17 7 tweets 4 min read
YES! Every grocery store & pharmacy in America should have a warning like this.👇👇

In 2021, the @FTC says scammers took at least $148 million in gift card scams.

They prey on the elderly. Stores should add a quick module to their trainings: signs that someone is being scammed.

For example? A vulnerable person taking instructions by phone & buying high $ amount in gift cards.

A simple gentle interaction might be all it takes to protect someone's grandmother.
May 11 4 tweets 3 min read
Let's continue to ignore the changing climate.

Video: NPS Cape Hatteras It fascinates me that housing markets tend to price the poorest homeowners into areas of highest climate risk.

But also, in coastal areas, some of the richest.

The difference comes in resources available when crisis strikes.
May 2 7 tweets 2 min read
The EU has a #PegasusProblem, and it's getting worse.

The cause? An out-of-control mercenary spyware industry.

The solution isn't technical. Vulnerabilities get patched. And then the industry just finds new ones.

The only way to break the cycle? Smart regulation. 1/ 2/ It's hard to regulate specific cybersecurity technologies w/out side effects.

Like harming innovation, or punishing researchers.

The good news? The mercenary spyware industry isn't just a technology, it's a constellation of services designed to help governments hack.
May 2 11 tweets 7 min read
NEW: 🇪🇸 Spain says Prime Minister & Defense Minister were infected with #Pegasus.

Remarkable timing.

Just days ago Defense Minister Robles gave a speech appearing to defend use of Pegasus following our @citizenlab report on hacking of Catalans. 1/

reuters.com/world/europe/s… 2/ Two weeks ago we published an investigation showing a large-scale hacking operation using #Pegasus & Candiru spyware against Catalan political figures & civil society.
catalonia.citizenlab.ca
Apr 18 5 tweets 6 min read
BREAKING: we @citizenlab found signs of a #Pegasus spyware infection at the 🇬🇧Prime Minister's office, 10 Downing St.

We notified 🇬🇧.

We'd found other infections within the Gov.. THREAD 1/

Must-read by @RonanFarrow: newyorker.com/magazine/2022/… 2/ Meanwhile, we also found signs that multiple 🇬🇧 officials at the @FCDOGovUK had been infected with #Pegasus spyware.
Apr 18 16 tweets 15 min read
🚨MAJOR NEW INVESTIGATION: #CatalanGate state-run hacking operation.

Stunning range of #Pegasus & #Candiru infections in the EU.

Many political & civil society targets got infected. Multiple 🇪🇺 MEPs.

THREAD 1/
catalonia.citizenlab.ca 2/ A jaw dropping list of people were targeted in #CatalanGate

Let's take the 🇪🇺 European Parliament.

*Every pro-independence MEP* was targeted directly or w/relational targeting:

-@toni_comin
-@DianaRibaGiner
-@jordisolef
-@ClaraPonsati
-@KRLS
Apr 4 6 tweets 4 min read
BREAKING: bodies in Bucha were visible in satellite imagery for weeks.

Directly rebuts Russia's claim that bodies only appeared after they left.

By @malachybrowne @bottidavid @heytherehaley
nytimes.com/2022/04/04/wor… 2/ Gaps in information during war are fertile soil for Russian dezinformatsia.

Part of what's so powerful about visual investigations & OSINT is that they accelerate truth & reduce the space Kremlin propagandists have to work with.
Apr 3 4 tweets 4 min read
NEW: Putin ally, autocrat Viktor Orban just declared victory in #hungaryelections.

The news is surely being welcomed in Moscow.

Dark times for Hungary & Europe.

By @robpicheta & @balintbardi
cnn.com/2022/04/03/eur… 2/ Orban's victory speech had a list of"opponents."

Including Zelensky.

Awful.
Apr 2 4 tweets 2 min read
Incredibly disturbing footage is surfacing showing bound bodies left behind by Russian forces.

Clearly, it's time for the UN & other international bodies to send in evidence teams to work these sites. You should not be surprised.

#Putin signaled his plans to the world.

Now, ask yourself what atrocities are as yet unknown.. evidence still hidden behind Russian lines.
Mar 24 5 tweets 6 min read
NEW: Rolling Stone reports that a #Kremlin-connected businessman paid for swastika graffiti in #Ukraine.

Goal? Help #Putin create a pretext for invasion.

Absolutely wild story by @seth_hettena rollingstone.com/politics/polit… 2/The man who bankrolled the money-for-nazi-graffiti plot also reportedly has connections with both Trump & Giuliani.

Bizarre.
Mar 22 5 tweets 2 min read
Toxic, unoriginal people keep cracking the same code: be provocative and infuriating, then rage farm your way to a larger audience.

The key ingredient: the rest of us, when we Quote Tweet & dunk.

We are their growth model. 1/ 2/ Look at the tweet histories of tastelessly provocative people.

Say, around #Ukraine

Notice something interesting?

You'll probably find that a *lot* of "so and so is now talking about ME!!"

The glee is barely disguised. That's the 🔑.
Mar 18 5 tweets 3 min read
The state of #Kremlin invasion propaganda:

Russian MOD posts a vid on Twitter & FB.

Claim video shows a TaCtIcAl LaNdInG!

Must've forgotten to edit the audio.

You can hear the Russian pilot yelling "I've been hit... guys I'm making a forced [landing]" 2/ The #Kremlin posted their propaganda self-own to Facebook & Twitter.

Russia blocks both.

The most they could manage to censor the rest of us? Disabling replies.
Mar 14 12 tweets 12 min read
Massive container ship #EVERFORWARD has run aground in the Chesapeake Bay.

Yes, same operator as #EVERGIVEN.

Yes, almost exactly a year later. 1/ 2/ Looking at charts, #EVERFORWARD may have slightly deviated from dredged navigation channel into shallower waters after departing Baltimore.

And got stuck.

She's apparently not blocking the navigation channel, but is quite close to it.