John Scott-Railton Profile picture
Chasing digital badness. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner. Tweets mine. Or find me on Mastodon: https://t.co/YPRqnoBtce
Ella Sanders Profile picture Neal Rauhauser Profile picture hippie@heart Profile picture eDo Profile picture Adam Smithee Profile picture 41 subscribed
Mar 18 12 tweets 6 min read
BREAKING: more 🇺🇸American officials hacked with mercenary spyware...

...and six more countries join anti-spyware-proliferation pact at #SummitForDemocracy.

Europe:#Finland #Germany #Ireland #Poland
Asia:#Japan #SouthKorea

Big deal 1/

By @snlyngaas
cnn.com/2024/03/17/pol…



Image
Image
Image
Image
2/ Discovery of more hacked 🇺🇸US officials underscores: mercenary spyware proliferation remains a blinking threat to US #NationalSecurity

A growing list of governments (16 pledge signatories by my count) clearly sees the same risk.

The signatory list is extremely interesting..
Mar 12 6 tweets 2 min read
NOW: #Navalny's Chief of Staff just attacked.

Assailant smashed @leonidvolkov's car window then teargassed & beat him with hammer.

Occurred at his home in #Lithuania just now.

Developing story at @meduza_en
meduza.io/en/news/2024/0…

Image
Image
2/ Countries like #Lithuania are a (relative) safe haven for Russian dissidents to continue work.

Tonight's brutal assault of @leonidvolkov threatens to chill this sense of protection.

It must be quickly, comprehensively & transparently investigated by competent authorities.
Mar 5 15 tweets 9 min read
BREAKING: US Treasury sanctions commercial spyware consortium & key enablers for spyware abuses.

OFAC designations = America’s big gun.

First time they’re used against a mercenary spyware company.

Huge deal, let me break the #sanctions against #Intellexa down 1/
Image
Image
2/. The @USTreasury OFAC sanctions hit across the #Intellexa consortium, a multi-jurisdictional web of spyware & surveillance dealing.

(most notorious for #Predator spyware)

They start at the top: the notorious Tal Dilian. And Sara Hamou, a corporate shell specialist.

Image
Image
Image
Mar 4 6 tweets 3 min read
PROTECT YOUR PRIVACY: turn off Twitter calls.

The feature was just enabled for everyone.

Cue spam, harassment & privacy risks.

Troublingly, the feature exposes your IP address in calls.

PICS: instructions on how to turn it off.

Via: tomsguide.com/computing/chan…


Image
Image
Image
2/ Security side: Adding a call stack = big new attack surface.

In the context of X's gutted security teams, you have a recipe for trouble.

There's a reason device-to-device call apps are heavily targeted by sophisticated attackers.

Story @iblametom
forbes.com/sites/thomasbr…
Image
Mar 3 6 tweets 2 min read
Progressives saying they won't vote...

Will be out protesting when Trump wins & begins the evil things he's promised to do.

It will be too late. Image I remember the protest vote conversations in 2016.

And the post-election regret when the harm was done.

The writing is on the wall for another Trump presidency.

Fortunately, there's something YOU, fellow voter, can do to stop it. Image
Feb 15 10 tweets 6 min read
The Tucker Carlson grocery price video (Russia is so cheap you'll be radicalized, folks!) is tragic & funny.

My guy, the grocery bill you're rhapsodizing about is ~SEVENTY PERCENT of a median Russian weekly salary (13.4k RUB) 🧵

Data: en.wikipedia.org/wiki/List_of_R…


Image
Image
Image
2/ Ignore Tucker & the many accounts spamming the video.

Russia is in a well-documented food affordability crisis.

Even before Putin's disastrous invasion, Russians struggled to afford food.

Now it's so bad Putin felt compelled to apologize for skyrocketing *egg prices*


Image
Image
Image
Image
Feb 13 5 tweets 2 min read
BREAKING: #Pegasus used in 🇵🇱#Poland, confirms PM @donaldtusk.

"Very, very long" victim list.

Vindication.

When we @citizenlab first confirmed the hacking we & victims were targeted w/harassment & disinformation.

Via (PL machine trans.) h/t @RonDeibert polskieradio24.pl/5/1222/artykul…
Image 2/ PM @donaldtusk's announcement opens next chapter in journey towards accountability for #Pegasus abuses in #Poland.

Our first investigation was triggered when @Apple's threat notifications began landing in Poland in 2021. Underling their value.👇
Feb 7 5 tweets 3 min read
NEW INVESTIGATION: uncovers #PAPERWALL a global 🇨🇳pro-Beijing *targeted* harassment & disinformation operation.

Runs websites posing as news outlets in 30 countries.

My @citizenlab colleague @albefittarelli has attributed it to a Chinese PR firm.. 1/
citizenlab.ca/2024/02/paperw…



Image
Image
Image
Image
2/ #PAPERWALL hides disinformation plain sight amidst a flood of unrelated junk content & press releases.

And supports highly-targeted attacks on individuals perceived as threats to 🇨🇳#Beijing

Recommended THREAD by @albefittarelli 👇 #China
Feb 6 11 tweets 5 min read
WOW: ~ 50% of 0day exploits against Google/Android products now come from commercial vendors.

"if governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over"

Timely NEW REPORT by @Google TAG

Some takeaways🧵 1/
blog.google/threat-analysi…

Image
Image
2/ First, Google's own investigations are surfacing harms associated with mercenary spyware.

Key area: it's being being used around elections & key issues.

(Side note, I really appreciate that TAG w/ help from @Jigsaw chose to highlight victim stories up front)


Image
Image
Image
Image
Feb 6 4 tweets 3 min read
NEW: @StateDept won't give visas to individuals involved in mercenary #spyware abuses.

No 🇺🇸Disneyworld trip if you...

❌Abused commercial spyware
❌Got financial benefit from the misuse (e.g. your company sold it)

This is targeted & will hurt 1/
state.gov/announcement-o…


Image
Image
Image
2/ Linking mercenary spyware targeting to extrajudicial killings...

@SecBlinken & @StateDept are not mincing words.

Crystal clear: US sees the unchecked proliferation of commercial / mercenary spyware as a major problem for human rights AND 🇺🇸national security... The United States remains concerned with the growing misuse of commercial spyware around the world to facilitate repression, restrict the free flow of information, and enable human rights abuses.  The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association.  Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases.  Additionally, the misuse of these tools presents a security and counterintelligence threat to U.S. personnel.  The United States stands on the si...
Feb 3 10 tweets 5 min read
Twitter's AI bot problem:

Pic 1: spam account posts AI-generated *description* of an image without the image.

Pics 2-4
Swarms of blue-check verified bots reply with equally generated replies complimenting the nonexistent image.

h/t @chrismohney


Image
Image
Image
Image
Just zombies responding to zombies. I love @chrismohney's take.

And when you do actually read a real popular post, you feel blue check bot accounts gumming up any possibility of actual conversation with generated garbage.

What a death spiral.
Feb 1 5 tweets 4 min read
INVESTIGATION: sprawling, relentless #Pegasus hacking of 🇯🇴Jordan-based civil society.

Media, lawyers, human rights workers among victims.

Including 🇺🇸US Citizen @adamcoogle from @hrw.

Both zero-click & 1 click attacks. 1/

READ at @accessnow👇 accessnow.org/publication/be…



Image
Image
Image
Image
2/ The #Jordan investigation = collaboration led by @accessnow, with @amnestytech us @citizenlab, @hrw & @OCCRP pitching in alongside local partners.

Unfortunately, the cases we collectively found are likely only the tip of this messy hack-berg.

Journalists = key target Image
Jan 23 5 tweets 3 min read
Recently, @SECGov's Twitter got hacked. Big lessons.

How:

❌ Phone # taken over w/#SIMswap (trickery targeting cell co)
❌ Multi-factor security = disabled

LESSONS:

✅SIM swaps = big problem
✅You can't trust texts as a 2nd factor.
✅So: use an Authenticator app / Yubikeys!

Image
Image
Image
2/ The #SEC Twitter hack = another dead canary in the cybersecurity coal mine.

Texts & calls = obsolete (IN)security feature.

Meanwhile, out of public eye, people are getting wiped out by #SimSwapping

Whether bank & wallet balances or dissidents' emails, it's everywhere. Image
Dec 15, 2023 4 tweets 3 min read
WILD: major shipping pulling 180s to avoid Red Sea as Houthi attacks spike on shipping.

Means: skipping #Suez Canal & going *long* way 'round Africa.

Tons more broadcasting destination as "ARMED GUARDS ONBOARD"

Suggested follows incl. @mercoglianos & @johnkonrad


Image
Image
Image
Image
2/ The Bab al-Mandab Strait looks like a Houthi shooting gallery.

Today's count:

MSC ALANYA: threatened
AL JASRAH: UAV hit, fire (extinguished)
MSC PALATIUM III: ballistic missile hit, fire (e'd)




Image
Image
Image
Nov 22, 2023 6 tweets 2 min read
When encrypted messages (e.g. from @SignalApp) popup in US court case, don't panic.

Almost guaranteed to come from:

✅seized phones
✅cooperating witness, etc

And NOT from:

❌ 'breaking' the encryption.
❌ 'interception'

Quick thread on why I think that (for now) 1/ Image 2/ Ability to break @signalapp / @WhatsApp encryption would super valuable to intel agencies.

If USG had such a capability, doubtful they'd debut it in the criminal prosecution of someone like #CZ.

Because it would probably stop working!

His plea deal isn't worth that.
Nov 3, 2023 14 tweets 7 min read
Got a threat notification from Apple this week?

✅Take it seriously.

Devices that get warnings usually show signs of spyware infection (or an attempt).

✅Then take action.

If you're part of civil society, you should reach out to a digital security org for assistance. Apple threat notifications are *clear & invaluable* signs something serious is going on.

They've triggered major investigations & uncovered widespread spyware abuses.

For example, #Pegasus hacking against activists & opposition figures in Thailand...
citizenlab.ca/2022/07/geckos…



Image
Image
Image
Image
Oct 13, 2023 6 tweets 4 min read
When you @whatsapp or @Signal a friend, your phone directly connects to their phone.

A shady gov can't 'read' that traffic (thanks e2e encryption!)...

But @sandvine wanted to proliferate tech to track *who* you're messaging with. 1/

By @rj_gallagher
bloomberg.com/news/articles/…
Image 2/ Does @Sandvine sound familiar?

Maybe it's because, the US-Canadian company's tech... keeps showing up used for bad things by repressive regimes.

Russian censorship, Belarusian internet blocks, spyware targeting..

There's one bit of positive news here though...


Image
Image
Image
Image
Oct 9, 2023 12 tweets 6 min read
🚨BREAKING: #predator mercenary spyware targeting across #Twitter/ @X replies to:

❌🇺🇸 US congresspeople
❌ 🇪🇺EU & Asian officials
❌ Journalists

Reports by @AmnestyTech w/independent investigation & confirmation by us @citizenlab 1/
amnesty.org/en/latest/news…



Image
Image
Image
Image
2/ Clicking on the links in these #Twitter / @X replies to officials could lead to the infection of a device with Predator mercenary spyware.

Turning it into a spy in your pocket.

Our @citizenlab confirmation: citizenlab.ca/2023/10/predat…

Image
Image
Sep 22, 2023 10 tweets 6 min read
🚨UPDATE your @Apple products now!

We @citizenlab w/TAG's @maddiestone caught #predator spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.

Apple rushed a patch.

It gets crazier 1/

citizenlab.ca/2023/09/predat…
Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone wi... 2/ Ahmed Eltantawy got in touch with us @citizenlab, worried his devices were targeted in #Egypt.

He was right. His iPhone on @VodafoneEgypt was targeted for network injection.

As he browsed the net, the attackers were trying to slip a #Predator infection onto his device.

Image
Image
Image
Sep 14, 2023 8 tweets 3 min read
Block ads on your networks now.

The system designed to follow us around the net with ads is now a blinking national security & human rights threat.

By @omerbenj
haaretz.com/israel-news/20…
Image 2/ Once the capability was limited to governments.

Now, in a predictable step, mercenary spyware companies are selling it.

Leveraging ads to remotely infect you with #Pegasus-like spyware.

Analogy: a devastating & unfixable backdoor chasing you device around the internet. Image
Sep 9, 2023 7 tweets 3 min read
Remember when we collectively identified #ZipTieGuy Eric Munchel?

He was just sentenced to 57 months in prison. 1/ Image 2/ We'll never know how much worse things could have gone without the speedy evacuation of the senators.

But the judge made it clear: the intention was to take hostages. Image