27 comments

[ 0.98 ms ] story [ 62.3 ms ] thread
> We're sorry, but this video is not available.

Boo for the imaginary-line-based fragmentation of the web.

Weird, it's available and free on their streaming app.
danuker appears to be indicating a geo based block.
To summarize part 1:

- Journalists investigate 2016-2020 leak of phone numbers targeted by NSO advanced spyware

- reveals that it was not primarily remotable exploits, but rather involved social engineering in many cases

- uncover victims near Khashoggi, but only after the killing

- uncover possibly corrupt use by the Mexican government, as well as a brief narrative on operator-side

- uncover use in Azerbaijan against journalists

Here in Poland used by political party with public funding to strategically spy on and sabotage opposition party (bypassing actual real intelligence agencies).

What strikes me is how Pegasus wasn’t really used by sophisticated intelligence agencies but as a product by actors adjacent to or below that level of access.

All of this in my mind harkens back to that fantastic Coppola film „The Conversation”. It is inevitable that scummy companies and specialists will always emerge with a well priced product or tool for getting some shitty job done.

(comment deleted)
I'm not sure why they do that but I'm guessing it's because you don't pay taxes to support PBS. I've run into similar visiting various UK public broadcaster websites where I can't watch the videos and it's always mildly annoying to have to fire up my VPN.
You don't see the term spyware much anymore. I suppose that is the result of almost everything being spyware now. Also, how would you even go about creating a spyware scanner given the OS is itself spyware?

Well it turns out that my definition of spyware misses "covert" (according to Google search top results). As if that matters. When I dig deeper, that "covert" qualifier is nowhere to be found. In some definitions you find exactly what you expect, including a definition from a virus scanner domain. There is no specific requirement for spyware to be "covert."

I would increase the qualifiers to include covert, mostly-monopolistic (is there a word for this?), or not immediately apparent to the average IQ.

Because I am far more worried about the non-covert spyware and what it is doing to humanity.

> Also, how would you even go about creating a spyware scanner given the OS is itself spyware?

Not mine.

> You don't see the term spyware much anymore. I suppose that is the result of almost everything being spyware now.

Likewise for "adware" - it seems the rise of smartphones heralded a normalisation of practices which (on the desktop) got you branded as "adware" and removed by AV/malware removal tools.

Now it's accepted and normalised on any and all platform to ship both ad and spyware (i.e. detailed telemetry and cloud storage of data by default, and use of long lived or pervasive unique identifiers)

"Monopolistic" works too. 100% market share is not required for anti-trust action (and would be an impossible bar anyway), many jurisdictions don't even have a >50% requirement.
I think the bar for monopoly power is 25% market share in the UK.
It seems to me that "covert" is implied by the word. Spying is done in secret by definition.
Spying is done in secret in the sense that it isn't disclosed that information that the spy gains access to will be distributed to another party for their use, not necessarily in the sense that no one knows that the spy is obtaining access to the information. That seems to me to be consistent with what I'd imagine "overt" spyware would refer to—something users may be aware is collecting data, but which they aren't aware is selling that data to advertisers or whoever rather than just using it as needed for functionality.
Non covert spying exists, and it happens when users are lured into accepting it not even as a necessary hassle (that would still hold a negative connotation) but plainly ignoring it along with the dangers it poses, completely blinded by the features it is being hidden behind. The saddest aspect is that most people don't give a damn about it.
> how would you even go about creating a spyware scanner given the OS is itself spyware?

You use an open and auditable OS on open and auditable hardware, then run suspicious software on a VM in there. I reckon hard or impossible to do using off the shelf products, but still doable. For now.

I thought this was already covered when EU found several government entities using it against political adversaries.

Also Cailou IIRC

> Pegasus is spyware developed by the _Israeli_ cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android.
And?
A lot of Offensive Security weapons are born in Israel.

A simple observation. Take it as you wish.

That’s true, but a lot of Cyber security products are also made in Israel (Most of Microsoft’s Defender products are developed here, as well as Israel-born companies such as Palo Alto Networks, Checkpoint, SentinalOne, and countless other startups).

The fact is that the tech scene in Israel is very much Cybersecurity oriented and as such it’s logical that there will be lots of companies doing both sides of this.

Pegasus was also used in Poland by the "Prawo i sprawiedliwość" ruling party (in eng. "Law and justice" sic!) to spy on the head of the opposition electoral staff during 2019 election.
The PiS regime allegedly spied on more than just senator Krzysztof Brejza with Pegasus. Pasting from my first ever HN comment:

- https://www.theguardian.com/world/2022/feb/17/more-polish-op...

- https://democratic-europe.eu/2022/01/18/citizen-lab-there-is...

Its interesting in today world. We have had several major spying releases/scandals in the last decade and not much has really come of them (at least in the US). The last several our general population has shrugged off and went right back to using all their devices/services. It seems people just don't seem to care much about their privacy when it comes to governments spying. I don't have much faith there will be any serious consequences in Poland.
You cannot fight government propaganda.