Pegasus spyware seller: Blame our customers not us for hacking

The maker of powerful spy software allegedly used to hack the phones of innocent people says blaming the company is like "criticising a car manufacturer when a drunk driver crashes".

NSO Group is facing international criticism, after reporters obtained a list of alleged potential targets for spyware, including activists, politicians and journalists.

Investigations have begun as the list, of 50,000 phone numbers, contained a small number of hacked phones.

Pegasus infects iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras.

https://www.bbc.com/news/technology-57922664

💡 Read as well: ‘If You’re Not a Criminal, Don’t Be Afraid’– NSO CEO says
https://www.forbes.com/sites/thomasbrewster/2021/07/22/nso-group-ceo-defends-1-billion-spyware-company-against-pegasus-project-hacking-allegations/

#leak #surveillance #nso #israel #pegasus #spyware #hacking
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Windows Command-Line Obfuscation

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due to the number of variations. This post shows how more than 40 often-used, built-in Windows applications are vulnerable to forms of command-line obfuscation, and presents a tool for analysing other executables.

https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation

#windows #commandline #obfuscation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Journalists identified as possible targets of Pegasus spyware

The Pegasus Project, a consortium of investigative reporters, revealed this week that at least 180 journalists are possible targets of Pegasus spyware, which is produced by the Israeli company NSO Group and marketed to governments around the world.

“This report shows how governments and companies must act now to stop the abuse of this spyware which is evidently being used to undermine civil liberties, not just counter terrorism and crime,” said Robert Mahoney, CPJ’s deputy executive director. “No one should have unfettered power to spy on the press, least of all governments known to target journalists with physical abuse and legal reprisals.”

https://cpj.org/thetorch/2021/07/journalists-identified-as-possible-targets-of-pegasus-spyware/

#journalists #leak #surveillance #nso #israel #pegasus #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Fraud Family phishing-as-a-service disrupted in the Netherlands

Dutch police have arrested two suspects this week who created and hosted phishing sites for other cybercrime groups as part of an online service they were calling The Fraud Family.

Police officers arrested a 24-year-old man from the city of Arnhem and a 15-year-old boy from the town of Loenen aan de Vecht.

Investigators said the former developed the phishing kits, while the latter had been responsible for selling access to the tools developed by his partner.

Police also searched the house of a third suspect, an 18-year-old teen from Hoogeveen, but his role in the operation was not detailed.

The arrests, which took place on Tuesday but were announced today, came after a report from Group-IB, a security firm specializing in financial fraud and security for the banking sector, which has been dealing and investigating phishing sites created by the gang’s tools since last year.

https://therecord.media/fraud-family-phishing-as-a-service-operation-disrupted-in-the-netherlands/

💡 Read as well:
https://www.itsecuritynews.info/group-ib-helps-dutch-police-identify-members-of-phishing-developer-gang-fraud-family/

#phishing #fraudfamily #netherlands #arrested
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

why not allow tracking?

why "i have nothing to hide" isn't enough. it's nowhere near enough.

because, by allowing tracking, you can be giving up way more information than you think! some examples:

❗️ who you sleep with because both you and the person you share your bed with keep your phones nearby. [1]

❗️ whether you sleep soundly at night or whether your troubles are keeping you up. [1]

❗️ whether you pick up your phone in the middle of the night and search for things like "loan repayment". [1]

❗️ your IQ based on the pages you "like" on Facebook and the friends you have. [1]

❗️ your restaurant visits and shopping habits. [1]

❗️ how fast you drive, even if you don't have a smart car, because your phone contains an accelerometer. [1]

❗️ your life expectancy based on how fast you walk, as measured by your phone. [1]

❗️ whether you suffer from depression by how you slide your finger across your phone’s screen. [1]

❗️ if your spouse is considering leaving you because she's been searching online for a divorce lawyer. [1]

❗️ journalists, lawyers, human rights defenders, and other innocent people are targeted. [2]

❗️ LGBTQ+ people can be outed against their will. [3]

💡 Source(s):

[1] https://thereboot.com/why-we-should-end-the-data-economy/

[2] https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance

[3] https://www.nytimes.com/2021/07/21/technology/phones-location-data.html

https://whynottrack.com/

#whynottrack #tracking #data #bigdata #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI

Prosecutors in Chicago are being forced to withdraw evidence generated by the technology, which led to the police killing of 13-year-old Adam Toledo earlier this year.

On May 31 last year, 25-year-old Safarain Herring was shot in the head and dropped off at St. Bernard Hospital in Chicago by a man named Michael Williams. He died two days later.

Chicago police eventually arrested the 64-year-old Williams and charged him with murder (Williams maintains that Herring was hit in a drive-by shooting). A key piece of evidence in the case is video surveillance footage showing Williams’ car stopped on the 6300 block of South Stony Island Avenue at 11:46 p.m.—the time and location where police say they know Herring was shot.

How did they know that’s where the shooting happened? Police said ShotSpotter, a surveillance system that uses hidden microphone sensors to detect the sound and location of gunshots, generated an alert for that time and place.

Except that’s not entirely true, according to recent court filings.

https://www.vice.com/en/article/qj8xbq/police-are-telling-shotspotter-to-alter-evidence-from-gunshot-detecting-ai

#shotspotter #evidence #gunshot #detecting #ai
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Info and facts about Linux-Malware

👉🏽 DFIR reports

👉🏽 Supply chain attacks

👉🏽 Press/academia

👉🏽 Malware samples

👉🏽 Research, PoCs and techniques

👉🏽 Sandboxes

https://github.com/timb-machine/linux-malware

#linux #malware #knowledge
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The State of Phishing in the US: Report and Statistics 2020

In recent years, phishing attacks have fast become the favored method for criminals to steal data from unsuspecting victims. These attacks have risen by almost 815 percent in just two years, with as many as 74 percent of US organizations experiencing a successful phishing attack in 2020.

Last year, cybercriminals were quick to put the sudden switch to working and learning from home to good use. They hit consumers, organizations, and educators where and when they were at their most vulnerable to ensure 2020 was a record-breaking year for phishing attacks.

https://www.comparitech.com/blog/information-security/state-of-phishing/

#phishing #report #statistics #usa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The Insecurity Industry

The greatest danger to national security has become the companies that claim to protect it

1.] The first thing I do when I get a new phone is take it apart. I don’t do this to satisfy a tinkerer’s urge, or out of political principle, but simply because it is unsafe to operate. Fixing the hardware, which is to say surgically removing the two or three tiny microphones hidden inside, is only the first step of an arduous process, and yet even after days of these DIY security improvements, my smartphone will remain the most dangerous item I possess.

Prior to this week’s Pegasus Project, a global reporting effort by major newspapers to expose the fatal consequences of the NSO Group—the new private-sector face of an out-of-control Insecurity Industry—most smartphone manufacturers along with much of the world press collectively rolled their eyes at me whenever I publicly identified a fresh-out-of-the-box iPhone as a potentially lethal threat.

Despite years of reporting that implicated the NSO Group’s for-profit hacking of phones in the deaths and detentions of journalists and human rights defenders; despite years of reporting that smartphone operating systems were riddled with catastrophic security flaws (a circumstance aggravated by their code having been written in aging programming languages that have long been regarded as unsafe); and despite years of reporting that even when everything works as intended, the mobile ecosystem is a dystopian hellscape of end-user monitoring and outright end-user manipulation, it is still hard for many people to accept that something that feels good may not in fact be good.

Over the last eight years I’ve often felt like someone trying to convince their one friend who refuses to grow up to quit smoking and cut back on the booze—meanwhile, the magazine ads still say “Nine of Ten Doctors Smoke iPhones!” and “Unsecured Mobile Browsing is Refreshing!”

https://edwardsnowden.substack.com/p/ns-oh-god-how-is-this-legal

#snowden #insecurity #industry
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Why CISA’s China Cyberattack Playbook Is Worthy of Your Attention

The advisory outlines the tactics, techniques, and procedures China’s state-sponsored cybercriminals use to breach networks.

At first glance, last week’s advisory on state-sponsored China cyberattacks by the FBI and the Cybersecurity and Infrastructure Security Agency is nothing new. It outlines the tactics, techniques, and procedures they use. Plus, not every data center contains information that’s of interest to the Chinese government.

But the report should be required reading for many, if not most, people that manage security on data center networks. That’s because A) Companies that could potentially be impacted here go far beyond just those of direct strategic interest to China; B) The report includes a list of specific indicators of intrusion by if this particular set of attackers — which would help inform a response plan; and C) It includes both a set of recommended mitigation measures and contact information for the FBI and CISA offices working to address this threat who could be of assistance.

https://www.datacenterknowledge.com/security/why-cisa-s-china-cyberattack-playbook-worthy-your-attention

💡 Read as well: 👇🏽

An unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – are joining the United States in exposing and criticizing the PRC’s malicious cyber activities.

👉🏽 https://t.iss.one/BlackBox_Archiv/2397

#cisa #usa #nato #eu #china #prc #malicious #internet #cyberdefence #cyberattack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Nextcloud Tor Hidden Service! (.onion) Featuring Pine64 A64 LTS

Howto: self host Nextcloud as a Tor (.onion) Hidden Service using a Single Board Computer! Darkweb Nextcloud from start to finish!

⚠️ This video leaves a functional Nextcloud Hidden Service, but hardening is needed.

https://devtube.dev-wiki.de/videos/watch/79ff6de5-f7a8-4d96-aa54-710756b49666

#nextcloud #tor #onion #darkweb #pine64 #guide #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

This is no ordinary spying. Our most intimate selves are now exposed

The Pegasus project shows we could all soon be ruled by states that know everything about us, while we know less and less about them

Here in India, the summer of dying is quickly morphing into what looks very much like a summer of spying.

The second wave of coronavirus has retreated, after leaving an estimated 4 million Indians dead. The official government figure for the number of deaths is a tenth of that – 400,000. In Narendra Modi’s dystopia, even as the smoke dwindled in crematoriums and the earth settled in graveyards, gigantic hoardings appeared on our streets saying “Thank you Modiji”. (An expression of the people’s gratitude-in-advance for the “free vaccine” that remains largely unavailable, and which 95% of the population is yet to receive.) As far as Modi’s government is concerned, any attempt to tabulate the true death toll is a conspiracy against India – as if the millions more who died were simply actors who lay down spitefully in the shallow, mass graves that you saw in aerial photos, or floated themselves into rivers disguised as corpses, or cremated themselves on city sidewalks, motivated solely by the desire to sully India’s international reputation.

This same charge has now been levelled by the Indian government and its embedded media against the international consortium of investigative journalists from 17 news organisations who worked with Forbidden Stories and Amnesty International to break an extraordinary story about global surveillance on a massive scale. India appears in these reports, alongside a group of countries whose governments appear to have bought Pegasus spyware developed by NSO Group, an Israeli surveillance firm. NSO, for its part, has said that it sells its technology only to governments that have been vetted for their human rights record and undertake to use it only for purposes of national security – to track terrorists and criminals.

The other countries that seem to have passed NSO’s human rights test include Rwanda, Saudi Arabia, Bahrain, the UAE and Mexico. So who, exactly, has agreed upon the definition of “terrorists” and “criminals”? Is this simply up to NSO and its clients?

https://www.theguardian.com/commentisfree/2021/jul/27/spying-pegasus-project-states-arundhati-roy

#comment #pegasus #nso #india
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Former intelligence analyst sentenced to 45 months in prison

Former intelligence analyst Daniel Everette Hale was arrested on May 9, 2019, and charged with leaking classified information about drone warfare and other counterterrorism measures to a reporter.

Hale has been charged with five crimes related to the disclosure of military-related information, and could face up to 50 years in prison if convicted.

https://nitter.pussthecat.org/FreedomofPress/status/1420062103554166791

via Twitter

💡 Read as well: 👇🏽

Former intelligence analyst charged with leaking classified documents to reporter
https://pressfreedomtracker.us/all-incidents/former-intelligence-analyst-charged-leaking-classified-documents-reporter/

#whistleblower #usa #hale
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Leaks to press in the public interest shouldn't be prosecuted under the Espionage Act. Period.

Daniel Hale helped the public learn about a lethal program that never should have been kept secret. He should be thanked, not sentenced as a spy.

https://nitter.pussthecat.org/ACLU/status/1420086837897478147

via Twitter

💡 Read as well: 👇🏽

Former intelligence analyst sentenced to 45 months in prison

https://t.iss.one/BlackBox_Archiv/2428

#whistleblower #usa #hale
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Illegal streaming service shut down and man arrested

A police operation working closely with FACT who investigate cybercrime, fraud and other IP crime, have arrested a man in Shrewsbury in connection with suspected illegal streaming of premium television channels, and other copyrighted material.

A 56 year old man was arrested for Money Laundering (s327 Proceeds of Crime Act 2002) and encouraging or assisting in the commission of an either way offence namely obtaining services dishonestly (s44 Serious Crime Act 2007 and s11 Fraud act 2006). This was following an investigation in partnership with FACT. He was taken to Shrewsbury Police Station for questioning and has now been released under investigation pending further enquiries.

During the warrant, officers were able to access and disrupt the online platform, disable the suspected illegal streams and deliver an on screen message to those who receive them warning that the content accessed is suspected to be unlawful.

Sergeant Ian Osborne from West Mercia’s Cyber Crime Unit said: “This operation is the unit's first arrest in relation to online streaming and sends out a strong message that we are homing in on those who knowingly commit or facilitate online copyright infringement."

"Not only is there an enormous loss to the entertainment industry with this particular operation but it is also unfair that millions of people work hard to afford their subscription-only TV services while others cheat the system."

https://www.westmercia.police.uk/news/west-mercia/news/2021/july/illegal-streaming-service-shut-down-and-man-arrested/

#illegal #streaming #shutdown #police #uk #fact
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

We need more protection from government surveillance — not less

The ability to communicate securely via encryption is essential to the protection of democracy and human rights.

Joint open letter by 13 NGOs to the editor of Politico Europe in response to the Op Ed by Head of Europol & NY District Attorney on encryption, July 27, 2021

In their opinion piece “The last refuge of the criminal: Encrypted smartphones” (July 26), Catherine De Bolle, executive director of Europol, and Cyrus R. Vance, Jr., district attorney of New York County, made an extraordinary bid to undermine encryption, barely a week after the Pegasus scandal rocked the globe and exposed the perils of government surveillance facilitated by tech companies.
The headline itself will be particularly jarring to the hundreds of journalists and human rights defenders currently in detention all around the world. Their “crime”? Defending the rights of others and standing up for democracy.

In Turkey, to cite one example, many have gone to prison simply for using encrypted messaging services — an act in itself deemed criminal by the authorities. As we saw with Pegasus, Europe is no exception to this trend, with three Hungarian investigative journalists targeted.

Human rights defenders and journalists are not the only groups for whom encryption is essential. Members of the LGBTQ+ community depend on end-to-end encryption to help ensure their privacy and safety. Domestic violence survivors rely on end-to-end encryption tools to provide a secure channel to make plans and communicate with trusted individuals.

Encryption helps prevent spies, criminals and hostile governments from accessing and exploiting confidential communications; stealing personal, financial and other types of data; penetrating computer systems and databases and causing wide-scale, systemic disruptions to economies, infrastructure and security.
The claim that the authors support “strong encryption, just not unregulated encryption” is unfortunately misleading. As any technologist or engineer will confirm, communications are either end-to-end encrypted, or they are not. This is a question of computer science.

“Regulated encryption” is simply a euphemism for government backdoors into our communications. Backdoors undermine the security of communications, leaving them open and vulnerable to attacks from malevolent actors. There is no such thing as a backdoor for only the good guys. Even if there was, the Pegasus scandal is a reminder that not all governments are “good” and that “good governments” can act badly.

https://www.fidh.org/en/international-advocacy/european-union/we-need-more-protection-from-government-surveillance-not-less

#encryption #surveillance #eu
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Pegasus Project Reveals Phone Spyware Targets - ThreatWire

The REvil Decryption Key is Obtained, Windows & Linux are Vulnerable to Privilege Escalation Attacks, and the Pegasus Project Reveals Phone Spyware Targeting! All that coming up now on ThreatWire.

https://www.youtube.com/watch?v=mJfCTJRs1io

#revil #pegasus #spyware #threatwire #hak5 #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Cinny — Yet another matrix client

Imagine a matrix client...

Where you can enjoy the conversation using simple, elegant and secure interface protected by e2ee with the power of open source.

https://cinny.in/

👉🏽Found @: https://t.iss.one/v1_links

#cinny #matrix
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Windows encryption Bitlocker bypassed despite TPM protection

From Stolen Laptop to Inside the Company Network

What can you do with a stolen laptop? Can you get access to our internal network? That was the question a client wanted answered recently. Spoiler alert: Yes, yes you can. This post will walk you through how we took a “stolen” corporate laptop and chained several exploits together to get inside the client’s corporate network.

We received a Lenovo laptop preconfigured with the standard security stack for this organization. We didn’t get any information about this laptop, no test credentials, no configuration details, no nothing, it was a 100% blackbox test. Once the laptop came in, we opened the shipping box and got to work. After we did our reconnaissance of the laptop (BIOS settings, normal boot operation, hardware details, etc) we noted a lot of best practices were being followed, negating many common attacks.

https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

#encryption #bitlocker #tpm #lenovo
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Orbiter Space Flight Simulator

Orbiter is a spaceflight simulator based on Newtonian mechanics. Its playground is our solar system with many of its major bodies – the sun, planets and moons. You take control of a spacecraft – either historic, hypothetical, or purely science fiction. Orbiter is unlike most commercial computer games with a space theme – there are no predefined missions to complete (except the ones you set yourself), no aliens to destroy and no goods to trade.

Instead, you will get a pretty good idea about what is involved in real space flight – how to plan an ascent into orbit, how to rendezvous with a space station, or how to fly to another planet. It is more difficult, but also more of a challenge. Some people get hooked, others get bored. Finding out for yourself is easy – simply give it a try. Orbiter is free, so you don’t need to invest more than a bit of your spare time.

https://github.com/mschweiger/orbiter

💡 Read as well: 👇🏽
https://www.orbiter-forum.com/threads/orbiter-is-now-open-source.40023/

#orbiter #spaceflight #simulator #opensource
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Activision Blizzard Hires Notorious Union-Busting Firm WilmerHale

Yesterday, July the 28th, many of Activision’s 9,500 workers walked off the job to protest the culture of harassment and discrimination present at the company. Activision Blizzard is currently being sued by the state of California over alleged sexual harassment and ‘frat boy’ culture. The complaint from California asserts that “[f]emale employees receive lower starting pay and also earn less than male employees for substantially similar work.”

The lawsuit shows wide-ranging discrimination towards women from the company. The complaint notes that the company is “only 20 percent women.” Its top leadership is also exclusively male and white,” and that “very few women ever reach top roles in the company.” The women who do reach higher roles earn less salary, incentive pay, and total compensation than their male peers, as evidenced in Activision’s own records.

Activision has called in the experts to put down the claims of sexual harassment and discrimination and stop the protests by workers. Activision has hired WilmerHale. WilmerHale has been hired to “review” Activision’s policies. Wilmerhale’s own site advertises its expertise as “union awareness and avoidance.” They use attorneys and experts to develop “union avoidance strategies and union organizational campaigns.” WilmerHale was used extensively by Amazon to spread anti-union misinformation and propaganda to “sow doubts about the unionization drive.” WilmerHale was the firm that killed unionization efforts at an Amazon center in Bessemer, Alabama.

https://www.promethean.news/news/activision-hires-notorious-union-busting-firm-wilmerhale

#activision #blizzard #WilmerHale #amazon
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv