Buongiorno, Alberto Cammozzo via nexa <nexa@server-nexa.polito.it> writes:
> <https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones> > > > What is Pegasus spyware and how does it hack phones? > Pegasus can infect a phone through ‘zero-click’ attacks, which do not require > any interaction from the phone’s owner to succeed. > > NSO Group software can record your calls, copy your messages and secretly > film you > David Pegg and Sam Cutler > Sun 18 Jul 2021 17.00 BST > > Last modified on Mon 19 Jul 2021 09.53 BST Grazie mille Alberto per il riferimento. Purtroppo, come a me pare troppo spesso accada con molti, troppi articoli della stampa "mainstream", mancano /clamorosamente/ riferimenti alle FONTI. Tento di riparare a questa insopportabile leggerezza, almeno qui.... ANCHE PERCHÉ sono _esattamente_ i "dettagli" (di come viene raccontata la storia) a fare la differenza... oltre che la mancanza di riferimenti ai documenti tecnici. La "root news" dell'intero grappolo credo sia questa, pubblicata da Forbidden Stories [1]: https://forbiddenstories.org/about-the-pegasus-project/ «About The Pegasus Project» --8<---------------cut here---------------start------------->8--- [...] The Forbidden Stories consortium discovered that, contrary to what NSO Group has claimed for many years, including in a recent transparency report, this spyware has been widely misused. The leaked data showed that at least 180 journalists have been selected as targets in countries like India, Mexico, Hungary, Morocco and France, among others. Potential targets also include human rights defenders, academics, businesspeople, lawyers, doctors, union leaders, diplomats, politicians and several heads of states. In a letter shared with Forbidden Stories and its partners, NSO Group contended that the consortium’s reporting was based on “wrong assumptions” and “uncorroborated theories.” NSO Group insisted that the analysis of the data by journalists who were part of the Pegasus Project relied on a “misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers targets of Pegasus or any other NSO products.” HLR refers to Home Location Register – a database that is essential to operating cellular phone networks. A person with direct knowledge of NSO’s systems, speaking on the condition of anonymity, told journalists from the Pegasus Project that an HLR lookup is a key step of determining certain characteristics of a phone, such as whether it is turned on or in a country that allows Pegasus targeting. [...] The consortium met with victims from all over the world whose phone numbers appeared in the data. The forensic analyses of their phones – conducted by Amnesty International’s Security Lab and peer-reviewed by the Canadian organization Citizen Lab – was able to confirm an infection or attempted infection with NSO Group’s spyware in 85% of cases, or 37 in total. Such a rate is remarkably high given the state-of-the-art spyware is supposed to be undetectable on the device in compromises. [...] The project shines a harsh light on the business of NSO Group, which, despite claiming it vets its clients based on their human rights track records, decided to sell its product to authoritarian regimes such as Azerbaijan, the United Arab Emirates and Saudi Arabia. Insiders disclosed the important role played by the Israeli Ministry of Defense when it came to picking NSO Group’s clients. Multiple sources corroborated the fact that Israeli authorities pushed for Saudi Arabia to be added to the list of customers despite NSO Group’s hesitations. The company’s lawyer denied “NSO Group takes governmental direction regarding customers.” --8<---------------cut here---------------end--------------->8--- Credo non sfuggirà ai più smaliziati (anzi _complottisti_) di voi che il /presunto/ coinvolgimento del ministro israeliano aprirebbe scenari geopolitici interessanti in merito al cosiddetto terrorismo internazionale. Il report (che non ho ancora letto) che descrive come è stata condotta l'analisi forense è stato pubblicato da Amnesty International ieri: https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ «Forensic Methodology Report: How to catch NSO Group’s Pegasus» 18 July 2021, 17:00 UTC --8<---------------cut here---------------start------------->8--- [...] In this Forensic Methodology Report, Amnesty International is sharing its methodology and publishing an open-source mobile forensics tool and detailed technical indicators, in order to assist information security researchers and civil society with detecting and responding to these serious threats. This report documents the forensic traces left on iOS and Android devices following targeting with the Pegasus spyware. This includes forensic records linking recent Pegasus infections back to the 2016 Pegasus payload used to target the HRD Ahmed Mansoor. The Pegasus attacks detailed in this report and accompanying appendices are from 2014 up to as recently as July 2021. These also include so-called “zero-click” attacks which do not require any interaction from the target. Zero-click attacks have been observed since May 2018 and continue until now. Most recently, a successful “zero-click” attack has been observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July 2021. Sections 1 to 8 of this report outline the forensic traces left on mobile devices following a Pegasus infection. This evidence has been collected from the phones of HRDs and journalists in multiple countries. Finally, in section 9 the report documents the evolution of the Pegasus network infrastructure since 2016. NSO Group has redesigned their attack infrastructure by employing multiple layers of domains and servers. Repeated operational security mistakes have allowed the Amnesty International Security Lab to maintain continued visibility into this infrastructure. We are publishing a set of 700 Pegasus-related domains. [...] --8<---------------cut here---------------end--------------->8--- Saluti, 380° [...] [1] https://forbiddenstories.org/about-us/ -- 380° (Giovanni Biscuolo public alter ego) «Noi, incompetenti come siamo, non abbiamo alcun titolo per suggerire alcunché» Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.
signature.asc
Description: PGP signature
_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
