Chasing digital badness. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner. Tweets mine.
Or find me on Mastodon: https://t.co/YPRqnoBtce
42 subscribed
Jul 26 • 4 tweets • 1 min read
You've been non-consensually opted into training Twitter / X's Grok AI.
Want to opt out?
✅Go here:
-or-
✅Navigate to: Settings ➡️ Privacy & Safety ➡️ Grokx.com/settings/grok_…
I'm hearing a lot of feedback from people struggling to opt out of Grok data sharing in on the mobile app.
Some report having success with the web version.
Again, not good. Regulators are surely paying attention.
Jul 12 • 10 tweets • 5 min read
STAGGERING: Nearly all @ATT customers' text & call records breached.
An unknown entity now has an NSA-level view into Americans' lives.
Damage isn't limited to AT&T customers.
But everyone they interacted with.
Also a huge national security incident given government customers on $T. 1/
By @MattEganCNN &@snlyngaas cnn.com/2024/07/12/bus… 2/ From @ATT's SEC filing. None of this is remotely reassuring.
Making matters worse, it looks like some of the data has cell site information.
That means broad stroke location information that can be translated into intelligence about peoples' locations and movements.
2/ OF COURSE. Material allegedly surreptitiously collected by this parallel intelligence service... was then used in harassment campaigns.
This pipeline of technical surveillance to disinformation is achingly familiar to anyone that has lived under authoritarianism.
Jul 10 • 5 tweets • 3 min read
IMPORTANT: has @Apple sent you a mercenary spyware threat notification?
Latest round just went out.
Take them seriously. Get expert help.
If you a journalist, activist, dissident etc. I suggest you ✅contact @accessnow's helpline. 1/ accessnow.org/help/2/ In my experience, @Apple's mercenary spyware threat notifications do several things:
✅ Help users take action to secure themselves
✅ Impose cost on spyware companies & customers
✅ Keep us researchers busy investigating cases
They can also have a✅deterrent effect.
Jul 9 • 10 tweets • 6 min read
NEW: @TheJusticeDept just disrupted a Russian-run AI-enabled Twitter disinformation bot farm.
Almost 1000 accounts on @X.
Masqueraded as Americans & promoted Russian government narratives.
Don't believe me? Well. operators of this fake French news site often forgot to delete the prompts.
Perhaps they don't speak French?
Site is filled with generated content prompted as conservative attacks against @EmmanuelMacron and other disinformation.
Site became active ~ a week before yesterday's #French elections & is now pumping out tons of false content.
Very instructive..
h/t @KyleJGlen (recommended follow!) for flagging!
(2nd screenshot = machine translated) 2/ Lesson: the raw falsehoods laundered up through coordinated disinformation that gets to a viral false thread can be incredibly sloppy.
Jun 22 • 5 tweets • 4 min read
NEW: sprawling #ChatGPT-powered pro-#Rwanda propaganda operation on @X.
More than half a million posts this year.
Used #AI / #LLM- drafted posts to propagandize, attack truth tellers & bury negative stories under inauthentic content. 1/
2/@X is awash with #AI/#LLM- enabled propaganda & bot activity.
Including government efforts to manipulate perceptions & attack state 'enemies.'
As long as Twitter/X continues to fail at addressing this automated manipulation, the scale will only grow.
Jun 21 • 6 tweets • 4 min read
WHOA @USTreasury just sanctioned leadership at 🇷🇺Russian antivirus company @kaspersky.
Comes on heels of yesterday's @CommerceGov ban on sales of their antivirus to the US.
Huge-but-somewhat-anticipated blow to #Kaspersky whose fortunes in the US have been falling since the 2017 @DHSgov binding directive to remove their products from gov systems.
Will be fascinating to see if other governments echo some of these actions.
home.treasury.gov/news/press-rel…2/ The case of @Kaspersky is a good teachable moment to talk about some painful truths about antivirus software.
1- Massive marketing has instilled the instinctive and INCORRECT belief that in regular users that antivirus products are the most important security step.
This is massively out of step with expert security recommendations. Source: a consistent finding in surveys of expert vs regular user security perceptions.
People continue to get soaked by AV companies selling products that don't provide nearly as much protection as they think.
Great. Just someone claiming to offer some #Pegasus spyware source code for sale.
True or scam, this reminds me of 2018, when an NSO employee stole code & did exactly that.
As I testified to Congress: the mercenary spyware industry continues to recklessly proliferate very sophisticated capabilities once limited to a handful of governments.
Given how many times the industry has gotten caught, I have a hard time believing that these companies can maintain enough control over all facets of their capabilities...
.... to prevent parts of their tech from inevitably leaking to criminals & other non-state actors, turbocharging cybercrime & disruptive ransomware attacks.2/ Now for some grim good news in this case: even if the person is in fact offering some portion of Pegasus spyware source code, and not trying to scam people, they are not even claiming to have the working exploits used to infect phones.
Important distinction, since even if the spiciest & most-helpful-to-criminals aspects of NSO Group's codebase were leaked & incorporated into cyber criminal toolkits... criminals would still need to source the (expensive & complex) exploits required to actually infect phones. And then make them work reliably, etc etc.
May 20 • 5 tweets • 5 min read
Reading this? Your blood probably contains some amount of toxic forever chemicals made by @3m.
How much & is there enough to spike your risk of certain cancers & illnesses?
Without complex blood testing you have no idea.
Why is their toxin running in your veins? Well, the companies that made this stuff (3M & DuPont) kept their discoveries of the harms secret... even as their toxin was incorporated into...everything.
From french fry bags to chairs.
They even gaslit their own scientists.
And they regularly dumped & released their chemicals into the environments around their plants, creating toxic zones.
You should read this shocking profile of corporate greed and cynicism @fastlerner & @propublica.
BREAKING: US @StateDept imposes visa restrictions on 13 mercenary spyware proliferators / immediate family.
First known application of policy rolled out in Feb. state.gov/promoting-acco… 2/ Visa restrictions are a promising tool in the fight against mercenary spyware.
Spyware developers & investors want big returns.
But they also want to spend some of that money on travel to the US & their kids' Ivy League tuition.
It's the work of another #Russian propaganda operator highlighted by @Microsoft that amplifies socially divisive narratives.
Apr 14 • 4 tweets • 1 min read
Good morning to everyone except the "OSINT" accounts that spent last night spreading fake, alarmist & unconfirmed content.
2/ OSINT: Open Source INtelligence.
Owes its good reputation to groups like @Bellingcat that carefully VERIFY material before using it in analysis.
But today, if you find "OSINT" in the handle, there's a good chance that you will find neither verification nor analysis.
Apr 13 • 7 tweets • 2 min read
Be wary of OSINT-branded accounts recycling faked & old footage of airstrikes, explosions, interceptions etc.
It happens every time, but in New Twitter they have a direct financial incentive to push out inflammatory nonsense.
There's more 1/2/ The annoying practice of some OSINT-branded accounts of repeating headlines ginned up & borrowed from somewhere without citation as if it's their own...
Is reckless & dangerous during fast moving conflict where there is huge potential for *consequential* misunderstandings.
Apr 10 • 4 tweets • 3 min read
IMPORTANT: has @Apple recently sent you a #MercenarySpyware threat notification?
This is serious. Seek expert help.
If you're a journalist, activist, dissident, academic, etc. etc: ✅contact the @accessnow Digital Security Helpline.
accessnow.org/help/2/ @Apple's notifications continue to play critical role in helping #MercenarySpyware targets get help & take action.
And they keep leading to accountability.
To date, Apple says they have notified users in 150 countries.
That's a jaw-dropping illustration of the scale of the mercenary spyware proliferation.