(November 23, 2022)
In the span of a 12-week internship, Hotz promises to “fix” Twitter search and introduce all-new features, such as the ability to search within liked tweets.
As the first person in the world to jailbreak the iPhone, Hotz is no stranger to bringing new capabilities to existing platforms.
(8 June 2013)
Meanwhile, Twitter is one company which has managed to keep mum in PRISM discussions.
(7 Jun 2013)
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims „collection directly from the servers“ of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.
(28.03.2023)
Section 702 of the Foreign Intelligence Surveillance Act (FISA), which the US Congress must vote to reauthorise by December to prevent it from lapsing under a sunset clause, allows US intelligence agencies to carry out warrantless spying on foreigners’ email, phone and other online communications.
While US citizens have some protections against warrantless searches under the Fourth Amendment of the US Constitution, the US government has maintained that these rights do not extend to foreigners overseas, giving agencies such as the National Security Agency (NSA), Federal Bureau of Investigation (FBI) and Central Intelligence Agency (CIA) practically free rein to snoop on their communications.
Israel‘s offensive cyber industry accounts for a wide variety of surveillance and espionage technologies. A number of these are tools sold to policing bodies which reveal the geographic location of a target. There are also more advanced technologies, sold to law enforcement and intelligence bodies, which allow clients to hack into computers, mobile phones and encrypted messaging apps, extracting all information stored on a device and secretly turning on its microphone and camera to create a tool which spies on its owner.
(Dec. 16th 2022)
While end-to-end encryption (E2E) has been already present for Apple’s Messages, iCloud Keychain, Health data, and more, the update brings E2E to your Messages Backup (Messages in iCloud) your iPhone iCloud backup, iCloud Drive, Notes, Photos, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes.
We‘re told it is potentially capable of spying on the victims‘ chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It‘s said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.
On Thursday this week, TAG revealed its analysis of the software, and how it helped dismantle the infection.
Google erklärte weiter, in einigen der nun aufgedeckten Fälle mit der Spähsoftware aus Italien hätten die Hacker die Spionagesoftware möglicherweise unter Zusammenarbeit mit Internetdienstanbietern eingesetzt. Daraus könne geschlossen werden, dass die Käufer der Programme Verbindungen zu staatlich unterstützten Akteuren hatten.
(23.06.2022)
Seven of the nine zero-day vulnerabilities our Threat Analysis Group discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.
(..)
In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications. (…)
We assess, based on the extensive body of research and analysis by TAG and Project Zero, that the commercial spyware industry is thriving and growing at a significant rate. This trend should be concerning to all Internet users.
These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians.
Block connections to pages and web resources hosted in major cloud services if the user wishes to do so. Supports blocking Google, Amazon, Facebook, Apple, Microsoft and Cloudflare.
(March 16, 2022)
“We don‘t want our best trained intel officers going straight into the hands of foreign governments for the sake of money,“ Castro said. „This discourages intelligence mercenaries and protects our national interest.“
The UAE spying operation, called Project Raven, hacked into Facebook and Google accounts and thousands of Apple iPhones, targeting activists that human rights groups say were later arrested and tortured
(September 14, 2022)
In the legal battles with a focus on listening devices like “smart speakers,” etc, that are currently active in the US, Google and Amazon are not spared either. Reports, including by Reuters, say that a number of filings allege that their devices and apps are recording users’ conversations without their consent, and that Big Tech companies use this material to make money by giving it to advertisers, who can then more precisely target people based on knowledge of their behavior and interests.
The committee constituted by the Supreme Court to look into allegations of snooping using the Pegasus spyware invited all citizens who suspected their mobile phones had been targeted to contact the panel by noon on January 7.
“The committee requests any citizen of India who has reasonable cause to suspect that his/her mobile has been compromised due to specific usage of NSO Group Israel’s Pegasus software to contact the technical committee appointed by the Hon’ble Supreme Court of India, with reasons as to why you believe your device may have been infected with Pegasus malware, and whether you would be in a position to allow the Technical Committee to examine your device,” the three-member panel said in an advertisement in several national dailies.
“This is on par with serious nation-state capabilities,” he says. “It‘s really sophisticated stuff, and when it‘s wielded by an all-gas, no-brakes autocrat, it‘s totally terrifying. And it just makes you wonder what else is out there being used right now that is just waiting to be discovered. If this is the kind of threat civil society is facing, it is truly an emergency.”
After years of controversy, there may be growing political will to call out private spyware developers.
Bemerkenswert finde ich auch etwa die Frage vom Kollegen von der »Süddeutschen Zeitung«, ob sich aus der Protestbewegung eine Terrorbewegung entwickelt. Und die Frage, ob man Apple und Google auffordern könne, die Telegram-App nicht mehr anzubieten. Kommentatoren sahen diese Frage als indirekte Aufforderung an die Regierung, das zu tun.
If you were compiling a list of the most toxic tech companies, Facebook – strangely – would not come out on top. First place belongs to NSO, an outfit of which most people have probably never heard. Wikipedia tells us that “NSO Group is an Israeli technology firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones”.
Pause for a moment on that phrase: “remote zero-click surveillance of smartphones”.
Dieser Markt ließe sich unermesslich steigern, sollte die Propaganda, dass die gesamte Menschheit (B. Gates) und in Deutschland fast die gesamte Bevölkerung (A. Merkel) geimpft werden solle und auch müsse, umgesetzt werden. Deshalb schätzt das Finanz- und Analyseunternehmen „Morningstar“ für 2021 zu erwartenden Umsatz von 67 Milliarden US-Dollar für Covid-19-Impfstoffe. Der Umsatz der Rüstungsindustrie umfasste 2019 166 Mrd. US-Dollar.
Zwei dieser Biotech-Unternehmen sollen näher betrachtet werden: Biontech und Curevac.
(October 4, 2021)
The July report by Citizen‘s Lab and Microsoft found that Candiru had been used to spy on more than 100 human rights activists, regime opponents, journalists and scholars from countries such as Iran, Lebanon, Yemen, UK, Turkey and even Israel.
Revelations about Candiru make it the first time that fingers were being pointed at a second Israeli cyber-surveillance company, which is considered a competitor of the NSO Group. The notorious Israeli firm sparked a global scandal in July following the discovery that as many as 50,000 phones were targeted by its Pegasus spyware.
(Sep. 7, 2020)
NSO’s specialty is hacking smartphones. Up till now, little was known about Candiru. TheMarker has revealed that the firm offers hacking tools used to break into computers and servers, and now, for the first time, has confirmed it also has technology for breaking into mobile devices.
(Oct 3, 2019)
Israel is home to scores of hacker-for-hire businesses, but one of the most clandestine has been Candiru. With no website and few records available, it’s operated largely under the radar.
But now a researcher is claiming the elite Tel Aviv-based firm sold cyber weapons to the government of Uzbekistan, while industry sources tell Forbes the company is hacking both Microsoft Windows and Apple Macs for various nation states.
In August, Apple detailed several new features intended to stop the dissemination of child sexual abuse materials. The backlash from cryptographers to privacy advocates to Edward Snowden himself was near-instantaneous, largely tied to Apple‘s decision not only to scan iCloud photos for CSAM, but to also check for matches on your iPhone or iPad. After weeks of sustained outcry, Apple is standing down. At least for now.
(06.08.2021)
(02.08.2021)
(06.08.2021)
(06.08.2021)
(05.08.2021)
To say that we are disappointed by Apple’s plans is an understatement. Apple has historically been a champion of end-to-end encryption, for all of the same reasons that EFF has articulated time and time again. Apple’s compromise on end-to-end encryption may appease government agencies in the U.S. and abroad, but it is a shocking about-face for users who have relied on the company’s leadership in privacy and security.
There are two main features that the company is planning to install in every Apple device. One is a scanning feature that will scan all photos as they get uploaded into iCloud Photos to see if they match a photo in the database of known child sexual abuse material (CSAM) maintained by the National Center for Missing & Exploited Children (NCMEC). The other feature scans all iMessage images sent or received by child accounts—that is, accounts designated as owned by a minor—for sexually explicit material, and if the child is young enough, notifies the parent when these images are sent or received. This feature can be turned on or off by parents.
(05.08.2021)
(05.08.2021)
Apple intends to install software on iPhones sold in the United States to scan for child abuse imagery, raising alarm that the move could open the door to surveillance of millions of personal devices.
Liberty Vittert, a professor of data science at Washington University in St. Louis and the features editor of the Harvard Data Science Review, says this is “a cosmic shift in big tech monitoring.”
If the thousands of security and privacy experts who’ve raised an outcry on social media over the past few days — and signed at least one letter calling for change — are correct, then Apple is about to make a staggeringly awful miscalculation. More specifically, they’re warning that a new feature set baked into the company’s software in the name of cracking down on one very specific, very horrible act (using iPhones in the service of child exploitation) will actually open the door to the very dystopian privacy nightmare that Apple’s own leaders have warned about for years.
Sicherheitsexperten von Amnesty International fanden auf mehreren, auch aktuellen iPhones Spuren der „Pegasus“-Software, die anscheinend auf diesem Weg auf das Gerät gelangt war. Ihrer Analyse zufolge kann das Spähprogramm unter Ausnutzung des internetbasierten Dienstes iMessage aus der Ferne installiert werden. Die NSO-Kunden müssen dafür nur die Telefonnummer der Zielperson eingeben.
Apple on Friday said it didn‘t know former President Donald Trump‘s Department of Justice was subpoenaed data on Democrats when it complied with the request.
Apple said it was under a gag order not to disclose the subpoena to the affected parties.
Microsoft also acknowledged it received a similar subpoena.
Die „New York Times“ schrieb, Angehörige des Justizministeriums hätten 2017 und 2018 von Apple unter Strafandrohung die Herausgabe von Daten der Betroffenen verlangt – als Teil von Untersuchungen zu möglicher Weitergabe offizieller Informationen rund um die Russland-Ermittlungen gegen Trump. Apple sei zugleich verpflichtet worden, Stillschweigen über die Datenanforderung zu wahren.
Die großen Medientechnologiekonzerne der Wall Street haben eine beispiellose Säuberungswelle im Internet gestartet. Big Tech löscht nicht mehr länger nur Nutzerbeiträge. Nun wollen Facebook, Google, Twitter, Apple und Amazon aller Welt zeigen, dass sie als Meinungswächter frei entscheiden können, wer sich im Internet äußern darf – und wer nicht.
“We need to stop fascism so let’s give massive sweeping powers to an elite alliance of unelected authoritarians.”
“Well I’m a leftist and I haven’t been banned on social media.”
That’s because the left is politically impotent in our society. Unless this is just a hobby for you, at some point you should plan on the left becoming a threat to the oligarchs and warmongers. What do you think happens then?
Do you really think if the left actually becomes a threat to the status quo the Neera Tandens and Rachel Maddows aren’t going to suddenly discover a reason why you’re dangerous and need to be censored? The only way to be fine with censorship is to plan on never challenging power.
I‘ve been resisting the conclusion that this is Liberals‘ 9/11 because it at first seemed hyperbolic, even though they‘re using the same weapons against their critics (if you question all the new powers they want, it means you love the Terrorists).
But this is Liberals‘ 9/11.
(13. November 2020)
Nachdem der Quellport de-randomisiert worden sei, sei es möglich gewesen, eine böswillige IP-Adresse einzuschleusen und so erfolgreich einen DNS-Cache-Poisoning-Angriff durchzuführen. Die Details haben die Forscher im Paper „DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels“ publiziert.
Weitere Experimente unter realistischen Serverkonfigurationen und Netzwerkbedingungen würden zudem zeigen, dass ihre grundlegende Methode leicht an das gesamte DNS-System angepasst werden könnte.
The researchers determined that 35% of open resolvers are open to the attack, as well as four of six home routers made by well-known brands.
They also found that 12 of 14 popular public resolvers (now 11—Cloudflare says they‘ve corrected their systems) are susceptible. Even a patched DNS server could be made vulnerable by an unpatched or misconfigured NAT gateway.
Their 19-page paper on the exploit includes lists of devices and services tested. They have since set up a SAD DNS website featuring a Q&A and a tool that anyone can use to determine whether their DNS is vulnerable.
The flaw is being tracked as CVE-2020-25705, and affects Linux 3.18 – 5.10, Windows Server 2019 version 1809 and newer, macOS 10.15 and newer, and FreeBSD 12.1.0 and newer. The researchers did not test earlier versions of the listed operating system.
(31.12.2020)
Aliada, according to the suit, is a group of cyberweapon companies whose products are branded under the name Intellexa. In May 2019, it added, the group recruited Eran Beck, a former head of the Military Intelligence’s cyber department, as its director of development.
Fourteen members of INCLO express grave concerns regarding recent moves by various groups to breakencryption. We note with alarm calls from the Council of the European Union, the EuropeanCommission, and the Department of Justice in the US, with support from Australia, Canada, New Zealand, India, Japan and the UK, to allow police authorities intercept encrypted communications.
(13.11.2020)
We will also examine with interest the Commission’s announced proposal to designate hate speech and hate crime and incitement as criminal offences that are provided for and regulated under European Union law.
In the same vein, the Council must consider the matter of data encryption so that digital evidence can be lawfully collected and used by the competent authorities while maintaining the trustworthiness of the products and services based on encryption technology.
(12.10.2020)
The top justice officials of the United States, Britain, Australia, Canada and New Zealand said in a statement that the growth of end-to-end encrypted apps that make official oversight impossible – like Signal, Telegram, FaceBook Messenger and WhatsApp – “pose significant challenges to public safety.”
“There is increasing consensus across governments and international institutions that action must be taken,” they said.
(11.10.2020)
We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:
– Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
– Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
– Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
The House Judiciary Subcommittee on Antitrust will hear from the tech giants‘ leaders.
Proponents are hailing the arrival of the system as a step towards stamping out the virus and ending lockdown.
The function is automatically disabled in countries without contact-tracing apps, such as Britain and the US.
The UK follows Germany, Italy and Denmark among others in switching from a so-called „centralised“ approach to a „decentralised“ one.
The government is expected to confirm the news shortly.