John Scott-Railton Profile picture
Chasing digital badness. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner. Tweets mine. Other platforms @jsrailton too.
46 subscribers
May 6 14 tweets 5 min read
BREAKING: jury awards massive $167 million in punitive damages against spyware company NSO Group.

Precedent-setting win against the notorious #Pegasus spyware maker.

Congratulations to @WhatsApp on sticking this case through since 2019. Some thoughts 1/ 2/ After years of every trick & delay tactic it only took a California jury one days deliberation to the heart of the matter:

NSO makes millions hacking mostly-🇺🇸American tech companies... so that dictators can hack dissidents.

Their conduct deserved to be punished.
May 1 4 tweets 2 min read
Friends don't let friends get their eyeballs scanned to buy a coffee.

Sam Altman's Orwellian "Tools for Humanity" says this dystopia machine could help distinguish between #AI agents & humans... or verify at Point of Sale..or..?

Looks to me like a big biometric data grab 1/ Image 2/ Surely they didn't just start with the idea of invasively harvesting eyeball scans...and then look around for potential justifications.

And then add in some AI hype.

Right? Image
Apr 28 6 tweets 3 min read
Fear is dictatorship glue.

You can't imprison everyone with a dissenting thought.

Or inconvenient factual observation.

But fear teaches self censorship. It's a scalable system of control.

The autocrat's challenge is to keep the fear going. 1/ A detention center’s interrogation rooms — Untersuchungshaftanstalt Hohenschönhausen, Vernehmungstrakt (2004) (© Daniel & Geo Fuchs) Image source: https://hyperallergic.com/151019/mundane-horror-in-abandoned-stasi-spaces/ 2/ In the 20th century, keeping fear alive required massive human investment.

Informants... archives...exemplary punishments... information control.

Looked like a linear scale.

A post-cold war school of thought said: once everyone is connected, these systems won't work. Hohenschönhausen investigation prison: monitoring room Daniel & Geo Fuchs  Via https://www.ibtimes.co.uk/stasi-secret-rooms-communist-east-germanys-eerie-interrogation-cells-haunted-prisons-1467734
BStU Zentralarchiv Berlin archives (2004) (© Daniel & Geo Fuchs)  URL: https://hyperallergic.com/151019/mundane-horror-in-abandoned-stasi-spaces/
"There are several images of staged Stasi arrests carried out for training purposes. Dissidents, in some case already serving long prison terms, were sometimes made to re-enact their own arrest for the camera.  " Simon Menner BSTU Source: https://www.bbc.com/news/world-europe-23986385
Mar 19 18 tweets 15 min read
🚨NEW REPORT: first forensic confirmation of #Paragon mercenary spyware infections in #Italy...

Known targets: Activists & journalists.

We also found deployments around the world. Including ...Canada?

And a lot more... Thread on our @citizenlab investigation 1/Image
Image
2/ So #Paragon makes zero-click spyware marketed as better than NSO's Pegasus...

Harder to find...

...And more ethical too!

This caught our attention @citizenlab & we were skeptical.

By @iblametom forbes.com/sites/thomasbr…Image
Image
Image
Feb 6 7 tweets 3 min read
BREAKING: #Paragon reportedly terminates spyware contract with #Italy.

Right on heels of reported targeting of journalist & activists in Italy.

BIG DEAL: puts Italian government in the hot seat, since they denied knowing about it only hours ago.👇
Image 2/ Read this slowly.

The implication is clear: the Italian government was a #Paragon customer & had their contract terminated...

Even as @GiorgiaMeloni's office was issuing denials.

Likely to make the scandal worse.

Exceptional reporting from The Guardian
theguardian.com/technology/202…Image
Image
Feb 1 12 tweets 7 min read
NEW: @WhatsApp says Israeli mercenary spyware company #Paragon targeted scores of users around world.

The infection happened with no interaction. No link to click or attachment to open.

This is called a "zero-click" attack.

WA says targets included journalists & members of civil society.

They dismantled the attack vector & notified users.

Good.

We at @citizenlab shared some info instrumental to their investigation of the vector.

This is a BIG deal. Here's why 1/Image
Image
Image
Image
2/ For a few years the only source of information about #Paragon... has been Paragon.

They marketed themselves as the anti-NSO.

(NSO makes the notorious #Pegasus spyware)

It's easier to frame yourself as virtuous in the spyware game if nobody can look over your shoulder.

By @iblametom
forbes.com/sites/thomasbr…

By @RonanFarrow
newyorker.com/magazine/2022/…Image
Image
Image
Image
Jan 23 7 tweets 5 min read
NEW: US seeks extradition of Israeli private spy over sprawling hacking against 🇺🇸American nonprofits.

Amit Forlit's alleged customer? US lobbying firm @DCIGroup... representing @exxonmobil

Extradition filings in UK give fresh peek into this wild case 1/Image
Image
Image
Image
2/ The case was triggered back in 2018, when US-based nonprofits targeted by hackers requested that @citizenlab notify the authorities.

In 2020, we went public with the investigation, alongside @jc_stubbs @razhael & @Bing_Chris 👇

Dec 23, 2024 4 tweets 1 min read
The volume of scam phone calls targeting elderly people in the US is insane.

Anyone that has visited an aging person knows what I'm talking about.

Ring after ring.

Several calls a day isn't out of the ordinary each of them a risk of wiping out their savings.

It's an untenable situation and will only get worse without focused government action. Phone predators constantly target your parents.

Foreign scam call centers are running on an industrial scale.

Efforts phone companies are making are obviously not up to the task.

Just ask any retired person you know when they last got a scam call.
Dec 23, 2024 7 tweets 2 min read
VPN advertising is the most common source of security misinformation that I encounter.

By far.

So many people misplace their trust in dubious consumer VPN products.

The industry is a scourge. VPNs don't do most of the things that podcasters imply they do.

Security:
Coffee shop attacks on unencrypted logins are a thing of a decade ago.

VPNs won't stop even the dumbest spyware & phishing.

Privacy:
Advertisers still know it's you when you turn on a VPN... they use many other identifying signals from your device, like your browser & advertising IDs. Those don't change when you turn on a VPN.
Dec 21, 2024 12 tweets 12 min read
BREAKING: NSO Group liable for #Pegasus hacking of @WhatsApp users.

Big win for spyware victims.

Big loss for NSO.

Bad time to be a spyware company.

Landmark case. Huge implications. 1/ 🧵Image
Image
Image
Image
2/ In 2019, 1,400 @WhatsApp users were targeted with #Pegasus.

WhatsApp did the right thing & sued NSO Group.

NSO has spent 5 years trying to claim that they are above the law.

And engaged in all sorts of maneuvering.

With this order, the music stopped and NSO is now without a chair.Image
Image
Dec 18, 2024 4 tweets 3 min read
NEW: US considering ban on @TPLINK routers.

Company has a majority of the US market share for homes & small biz.

Concerns stem from repeated use in cyberattacks from #China & concerns over supply chain security.

Reportedly an office of @CommerceGov has subpoenaed the company. 1/

Story by @heathersomervil @dnvolz & @aviswanathaImage
Image
Image
Image
2/ @TPLINK has quickly grown market share, even as concerns have grown over vulnerabilities in the routers being used in #China-linked hacking operations.

wsj.com/politics/natio…Image
Dec 18, 2024 4 tweets 3 min read
Use only end-to-end encrypted communications says @CISAgov.

YES!

End-to-end encryption is critical infrastructure for a safe society.

Plenty of other solid guidance for mobile users at risk here.

Let's look at their #iPhone & #Android-specific recs... 1/Image
Image
Image
2/ @CISAgov's top recommendation for Apple users is to✅ enable #LockdownMode

It's my top guidance for high-risk #iPhone users..

Because as researchers tracking sophisticated threats we see Lockdown Mode blunt advanced attacks...

Other solid guidance:

✅Protect your DNS
✅Disable fallback to SMS
✅Enroll in iCloud Private Relay
✅Trim App permissions.Image
Image
Dec 17, 2024 5 tweets 3 min read
NEW: #China #Russia #Iran & #Israel are spying on 🇺🇸Americans using telecom weaknesses says @DHSgov

Deeply concerning on heels of #SaltTyphoon breaches.

All US carriers vulnerable to some extent.

We know this thanks to Sen @RonWyden's tireless work to expose #SS7 & #Diameter vulnerabilities.

Here's how they work...

Story by @josephfcox 1/Image
Image
2/ Here's the thing about the global network for routing calls.

Requests are trusted by default. Whatever operator they come from!

Since requests can let you do things like intercept calls, texts & track phones locations...

...a lot of governments & some shady companies have come running.

All they needed was a "Global Title" which is not hard to get in some jurisdictions.

Result? A tidal wave from around the globe of shady requests for the purpose of spying on people.

Including Americans. In the US.

We @citizenlab exposed Circles, one such player...

Story: 404media.co/dhs-says-china…Image
Dec 16, 2024 7 tweets 4 min read
NEW: police in #Serbia caught unlocking activists phones with @Cellebrite's mobile forensic tools & planting spyware on them.

Incredibly troubling investigation by @AmnestyTech delves into how the Serbian authorities mix a toxic brew of repression out of homegrown + foreign mercenary spyware like #Pegasus + $CLBT's forensic tools possibly supplied as part of foreign assistance from #Norway. 1/

Read: amnesty.org/en/documents/e…Image
Image
Image
Image
2/ From Traffic Stop to Spyware Victim...

As costs increase for zero-click spyware, expect to see authorities getting creative...

Rolling their own tech & finding novel ways to plant it on activists' devices with physical access.
Dec 5, 2024 10 tweets 7 min read
🚨NEW INVESTIGATION: Russia's 🇷🇺 FSB beat & detained this programmer.

They demanded he inform on contacts in #Ukraine.

When he was finally released, Kirill Parubets got his phone back.

It was bugged with spyware. 1/

Investigative collab by us @citizenlab w/@DeptFirst.Image
Image
2/ Russian authorities descended on Kirill Parubets & his spouse. Raiding their apartment.

Beating him for his passwords.

Accusation? Money transfers to #Ukraine.

Then they threw the couple into custody.

The #FSB threatened life imprisonment if he didn't agree to become an informant.

citizenlab.ca/2024/12/device…Image
Image
Dec 3, 2024 5 tweets 3 min read
Good! Finally a path to crackdown on data brokers.

Americans are constantly victimized by these companies.

Privacy shouldn't be partisan, so pay close attention to see who comes out against these common-sense plans from the @CFPB. 1/

By Dell Cameron & Andrew Couts @wired.Image
Image
Image
2/ The volume of data constantly collected & sold on Americans puts the US at a global disadvantage.

The data-broker firehose is a hostile foreign intelligence service's delight.

But that's just the beginning.
Dec 3, 2024 9 tweets 6 min read
Meet 'decolonization' expert Nomma Zarubina.

FSB codename "Alyssa"

All over the Washington DC think tank circuit. Had a knack for meeting US officials. Even attended some protests against Russia.

Just last week she spoke at an event on Parliament Hill in #Canada.

She's just been charged by the #FBI for lying about taking direction from the FSB. 1/Image
Image
Image
Image
2/ Nomma Zarubina was collecting photos with current & former officials like Pokemon.

Wearing some NGO bona-fides, she also shows up at a lot of events with prominent exiles from #Russia & figures from #Ukraine.

She also got into all sorts of meetings... Image
Image
Image
Nov 27, 2024 4 tweets 3 min read
BREAKING: #ExxonMobil lobbyist investigated over hacking of American nonprofits.

Hacked material fed PR campaigns & lawsuits against environmental advocacy orgs. 1/

By @razhael & @Bing_Chris Image
Image
Image
Image
2/ The case goes back years & centers around a massive hack-for-hire operation based in #India....

...that did the dirty work for powerful people & companies around the world.

Nov 24, 2024 6 tweets 3 min read
First time I've seen what I think is AI-generated fake satellite imagery.*

Interesting. 1/ 2/ With a squint this vibes. Try it for yourself on the first pic without zooming in.

Notice anything that just isn't quite right?

First thing: the marina / oceanfront areas don't follow a coherent logic. Image
Image
Nov 14, 2024 7 tweets 5 min read
Whoa: NSO Group allegedly rolled a @WhatsApp exploit to implant #Pegasus spyware even after WhatsApp sued them.

This previously-unrevealed "Erised" vector was later disabled by #WhatsApp.

These un-redacted filings are quite the read. Even some footnotes have scoops. 1/Image 2/ We learn that NSO Group had at least three @whatsapp exploits: Heaven, Eden & Erised.

The first, called Heaven, was active some time prior to Sept-Dec 2018. It worked by using manipulated messages to direct targeted devices to a malicious WhatsApp relay controlled by NSO Group.

Heaven was ultimately disabled by changes made in Sept & December 2018 by WhatsApp.

storage.courtlistener.com/recap/gov.usco…Image
Image
Image
Image
Oct 31, 2024 4 tweets 2 min read
WILD: actual photo of Musk-hired door knockers being driven around #Michigan.

This group of mostly-black workers were driven in the back of a truck with no seats.

They say they were flown in, given unrealistic goals, and threatened with their lodging being cut off & being forced to pay their own way home if they couldn't meet them.

Some didn't even know which candidate they were working for.

Article by @JakeLahut
wired.com/story/elon-mus…Image Working to help the richest man in the world get his preferred candidate into office, folks. Image