🚨NEW REPORT: first forensic confirmation of #Paragon mercenary spyware infections in #Italy...

Known targets: Activists & journalists.

We also found deployments around the world. Including ...Canada?

And a lot more... Thread on our @citizenlab investigation 1/
2/ So #Paragon makes zero-click spyware marketed as better than NSO's Pegasus...

Harder to find...

...And more ethical too!

This caught our attention @citizenlab & we were skeptical.

By @iblametom forbes.com/sites/thomasbr…

BREAKING: #Paragon reportedly terminates spyware contract with #Italy.

Right on heels of reported targeting of journalist & activists in Italy.

BIG DEAL: puts Italian government in the hot seat, since they denied knowing about it only hours ago.👇

https://x.com/jsrailton/status/1887255424560472247

2/ Read this slowly.

The implication is clear: the Italian government was a #Paragon customer & had their contract terminated...

Even as @GiorgiaMeloni's office was issuing denials.

Likely to make the scandal worse.

Exceptional reporting from The Guardian
theguardian.com/technology/202…

NEW: @WhatsApp says Israeli mercenary spyware company #Paragon targeted scores of users around world.

The infection happened with no interaction. No link to click or attachment to open.

This is called a "zero-click" attack.

WA says targets included journalists & members of civil society.

They dismantled the attack vector & notified users.

Good.

We at @citizenlab shared some info instrumental to their investigation of the vector.

This is a BIG deal. Here's why 1/


2/ For a few years the only source of information about #Paragon... has been Paragon.

They marketed themselves as the anti-NSO.

(NSO makes the notorious #Pegasus spyware)

It's easier to frame yourself as virtuous in the spyware game if nobody can look over your shoulder.

By @iblametom
forbes.com/sites/thomasbr…

By @RonanFarrow
newyorker.com/magazine/2022/…

NEW: US seeks extradition of Israeli private spy over sprawling hacking against 🇺🇸American nonprofits.

Amit Forlit's alleged customer? US lobbying firm @DCIGroup... representing @exxonmobil

Extradition filings in UK give fresh peek into this wild case 1/


2/ The case was triggered back in 2018, when US-based nonprofits targeted by hackers requested that @citizenlab notify the authorities.

In 2020, we went public with the investigation, alongside @jc_stubbs @razhael & @Bing_Chris 👇

https://x.com/jsrailton/status/1774958322841432443

The volume of scam phone calls targeting elderly people in the US is insane.

Anyone that has visited an aging person knows what I'm talking about.

Ring after ring.

Several calls a day isn't out of the ordinary each of them a risk of wiping out their savings.

It's an untenable situation and will only get worse without focused government action. Phone predators constantly target your parents.

Foreign scam call centers are running on an industrial scale.

Efforts phone companies are making are obviously not up to the task.

Just ask any retired person you know when they last got a scam call.

VPN advertising is the most common source of security misinformation that I encounter.

By far.

So many people misplace their trust in dubious consumer VPN products.

The industry is a scourge. VPNs don't do most of the things that podcasters imply they do.

Security:
Coffee shop attacks on unencrypted logins are a thing of a decade ago.

VPNs won't stop even the dumbest spyware & phishing.

Privacy:
Advertisers still know it's you when you turn on a VPN... they use many other identifying signals from your device, like your browser & advertising IDs. Those don't change when you turn on a VPN.

BREAKING: NSO Group liable for #Pegasus hacking of @WhatsApp users.

Big win for spyware victims.

Big loss for NSO.

Bad time to be a spyware company.

Landmark case. Huge implications. 1/ 🧵


2/ In 2019, 1,400 @WhatsApp users were targeted with #Pegasus.

WhatsApp did the right thing & sued NSO Group.

NSO has spent 5 years trying to claim that they are above the law.

And engaged in all sorts of maneuvering.

With this order, the music stopped and NSO is now without a chair.

NEW: US considering ban on @TPLINK routers.

Company has a majority of the US market share for homes & small biz.

Concerns stem from repeated use in cyberattacks from #China & concerns over supply chain security.

Reportedly an office of @CommerceGov has subpoenaed the company. 1/

Story by @heathersomervil @dnvolz & @aviswanatha


2/ @TPLINK has quickly grown market share, even as concerns have grown over vulnerabilities in the routers being used in #China-linked hacking operations.

wsj.com/politics/natio…

Use only end-to-end encrypted communications says @CISAgov.

YES!

End-to-end encryption is critical infrastructure for a safe society.

Plenty of other solid guidance for mobile users at risk here.

Let's look at their #iPhone & #Android-specific recs... 1/

2/ @CISAgov's top recommendation for Apple users is to✅ enable #LockdownMode

It's my top guidance for high-risk #iPhone users..

Because as researchers tracking sophisticated threats we see Lockdown Mode blunt advanced attacks...

Other solid guidance:

✅Protect your DNS
✅Disable fallback to SMS
✅Enroll in iCloud Private Relay
✅Trim App permissions.

NEW: #China #Russia #Iran & #Israel are spying on 🇺🇸Americans using telecom weaknesses says @DHSgov

Deeply concerning on heels of #SaltTyphoon breaches.

All US carriers vulnerable to some extent.

We know this thanks to Sen @RonWyden's tireless work to expose #SS7 & #Diameter vulnerabilities.

Here's how they work...

Story by @josephfcox 1/
2/ Here's the thing about the global network for routing calls.

Requests are trusted by default. Whatever operator they come from!

Since requests can let you do things like intercept calls, texts & track phones locations...

...a lot of governments & some shady companies have come running.

All they needed was a "Global Title" which is not hard to get in some jurisdictions.

Result? A tidal wave from around the globe of shady requests for the purpose of spying on people.

Including Americans. In the US.

We @citizenlab exposed Circles, one such player...

Story: 404media.co/dhs-says-china…

NEW: police in #Serbia caught unlocking activists phones with @Cellebrite's mobile forensic tools & planting spyware on them.

Incredibly troubling investigation by @AmnestyTech delves into how the Serbian authorities mix a toxic brew of repression out of homegrown + foreign mercenary spyware like #Pegasus + $CLBT's forensic tools possibly supplied as part of foreign assistance from #Norway. 1/

Read: amnesty.org/en/documents/e…


2/ From Traffic Stop to Spyware Victim...

As costs increase for zero-click spyware, expect to see authorities getting creative...

Rolling their own tech & finding novel ways to plant it on activists' devices with physical access.

https://x.com/DonnchaC/status/1868572455809548770

🚨NEW INVESTIGATION: Russia's 🇷🇺 FSB beat & detained this programmer.

They demanded he inform on contacts in #Ukraine.

When he was finally released, Kirill Parubets got his phone back.

It was bugged with spyware. 1/

Investigative collab by us @citizenlab w/@DeptFirst.
2/ Russian authorities descended on Kirill Parubets & his spouse. Raiding their apartment.

Beating him for his passwords.

Accusation? Money transfers to #Ukraine.

Then they threw the couple into custody.

The #FSB threatened life imprisonment if he didn't agree to become an informant.

citizenlab.ca/2024/12/device…

Good! Finally a path to crackdown on data brokers.

Americans are constantly victimized by these companies.

Privacy shouldn't be partisan, so pay close attention to see who comes out against these common-sense plans from the @CFPB. 1/

By Dell Cameron & Andrew Couts @wired.

2/ The volume of data constantly collected & sold on Americans puts the US at a global disadvantage.

The data-broker firehose is a hostile foreign intelligence service's delight.

But that's just the beginning.

Meet 'decolonization' expert Nomma Zarubina.

FSB codename "Alyssa"

All over the Washington DC think tank circuit. Had a knack for meeting US officials. Even attended some protests against Russia.

Just last week she spoke at an event on Parliament Hill in #Canada.

She's just been charged by the #FBI for lying about taking direction from the FSB. 1/


2/ Nomma Zarubina was collecting photos with current & former officials like Pokemon.

Wearing some NGO bona-fides, she also shows up at a lot of events with prominent exiles from #Russia & figures from #Ukraine.

She also got into all sorts of meetings...

BREAKING: #ExxonMobil lobbyist investigated over hacking of American nonprofits.

Hacked material fed PR campaigns & lawsuits against environmental advocacy orgs. 1/

By @razhael & @Bing_Chris


2/ The case goes back years & centers around a massive hack-for-hire operation based in #India....

...that did the dirty work for powerful people & companies around the world.

https://x.com/jsrailton/status/1774958322841432443

First time I've seen what I think is AI-generated fake satellite imagery.*

Interesting. 1/

https://twitter.com/NGA_GEOINT/status/1860707476745703641

2/ With a squint this vibes. Try it for yourself on the first pic without zooming in.

Notice anything that just isn't quite right?

First thing: the marina / oceanfront areas don't follow a coherent logic.

Whoa: NSO Group allegedly rolled a @WhatsApp exploit to implant #Pegasus spyware even after WhatsApp sued them.

This previously-unrevealed "Erised" vector was later disabled by #WhatsApp.

These un-redacted filings are quite the read. Even some footnotes have scoops. 1/ 2/ We learn that NSO Group had at least three @whatsapp exploits: Heaven, Eden & Erised.

The first, called Heaven, was active some time prior to Sept-Dec 2018. It worked by using manipulated messages to direct targeted devices to a malicious WhatsApp relay controlled by NSO Group.

Heaven was ultimately disabled by changes made in Sept & December 2018 by WhatsApp.

storage.courtlistener.com/recap/gov.usco…

WILD: actual photo of Musk-hired door knockers being driven around #Michigan.

This group of mostly-black workers were driven in the back of a truck with no seats.

They say they were flown in, given unrealistic goals, and threatened with their lodging being cut off & being forced to pay their own way home if they couldn't meet them.

Some didn't even know which candidate they were working for.

Article by @JakeLahut
wired.com/story/elon-mus… Working to help the richest man in the world get his preferred candidate into office, folks.

I'm excited for the #HarrisWalz plan to massively expand medicare to cover in-home care.

Beautiful. So many families are are helping loved ones get through hurdles with dignity & independence. At home.

Oh wait, you hadn't heard about this?

A study shows major broadcast networks mostly ignored the policy announcement on the day she made it.
apnews.com/article/harris…
Home health care is ruinously expensive.

But as everyone knows, it's often better for seniors to get help in their homes.

A study found that this new #HarrisWalz #medicare benefit is likely to help more than 14 million beneficiaries.

Chart: kff.org/medicare/issue…

You've probably heard about Musk's petition.

It's run on the same website that ran bait-and-switch voter registration back in August.

They had to shut it down.

The goal then: probably soak up detailed voter data.

Remember, lots of shady micro-targeting is going on right now from Musk-backed PACs.

And now? Data collection is again a key priority.

I don't know why this isn't front and center in news stories about this.
2/ Coverage of Musk's actions often treats them in isolation.

The petition for example is largely covered as "is this legal?"

Good question, but if you don't focus on the systemic effort to gather data & influence voters using that data, you miss the plot.

BREAKING: Musk-backed PAC is micro-targeting muslim areas with ads saying Harris stands with Israel... and targeting jewish areas saying the opposite.

Writing is on the wall: Musk willing to further divide America if he thinks it will help his candidate win.

By @jason_koebler
404media.co/this-is-exactl… Review the @google ads data yourself.

A "PRO-ISRAEL TEAM WE CAN TRUST" designed to look like a #HarrisWalz campaign ad is micro-targeted to areas with a high muslim population around Dearborn, Michigan.

Meanwhile, same Musk-backed PAC has a "WHY PANDER TO PALESTINE?" ad micro-targeted to areas in Pennsylvania.

The ads are getting millions of impressions.

adstransparency.google.com/advertiser/AR0…