Long Article on NSO Group
Ronan Farrow has a long article in the New Yorker on NSO Group, which includes the news that someone—probably Spain—used the software to spy on domestic Catalonian separatists.
Comments
Ted • April 21, 2022 9:47 AM
Wow. So pervasive. The article mentioned that an investigative committee formed by the European Parliament would have its first meeting on the use of Pegasus in Europe on April 19.
I’m wondering what a good solution is here?
Quantry • April 21, 2022 11:42 AM
Ted, re #comment-403723
I’m wondering what a good solution is here?
Simple:
forbiddenstories.org/about-the-pegasus-project/
Security Sam • April 21, 2022 12:41 PM
Digital security has become hapless
Leaving unaware clients strapless
As security gurus preach hopeless
And cling on until they are jobless.
Ted • April 21, 2022 1:13 PM
@Quantry
Dont own a phone.
Get out of town. Befriend a farmer while you can.
Lol. I hope you don’t feel that hopeless!
There is a video of the EU’s first inquiry meeting in my link above. I’ve only listened to some of it, but the MEP’s on the committee sound very informed and in support of future changes.
I found where JSR from Citizen Lab spoke (~min 49-55). He had 4 or 5 recommendations…
Ted • April 21, 2022 1:18 PM
Here’s my poor attempt as summarizing his recommendations:
- Consequences, including sanctions on NSO, Candiru, and other spyware companies
- EU members should regulate the import and export of spyware
- Robust transparency about which EU states acquire spyware and from whom
- EU must set norms about how member states oversee the acquisition and use of spyware
Before you critique any of these points, make sure you listen to that portion of the meeting, or any of it. Because there’s better detail there.
cartword • April 23, 2022 2:29 AM
Waooo, Its a beneficiary post Thank you.
Ismar • April 24, 2022 2:25 AM
Does this mean that at least in the countries where Pegasus is used, the respective governments cannot spy on their citizens via other means- like requesting this information directly from the OS manufacturers or from the ISP providers?
Winter • April 24, 2022 2:44 AM
@Ismar
Does this mean that at least in the countries where Pegasus is used, the respective governments cannot spy on their citizens via other means-
Yes, it does.
In many cases the spying was done by politicians who had to hide the spying from government institutions who still have some modus of political independence.
Ted • April 24, 2022 10:40 AM
@Winter
The Dutch MEP Jeroen Lenaers is the chair of the EP committee looking into Pegasus. Do you know if his interests and standing align with this this position?
Sophie in ‘t Veld is also on the PEGA committee.
Winter • April 24, 2022 11:00 AM
@Ted
Do you know if his interests and standing align with this this position?
I do not know him and I “dislike” his party, the Christen Democrats (currently part of the coalition government). That said, there is no reason to believe that he is not honestly appalled by this scandal.
His personal web side (in Dutch) says he considers this a scandalous violation of privacy and that he started his new chairmanship with talking to Forbidden Stories, The Citizen Lab en Amnesty International.
ht-tps://www.jeroenlenaers.nl/jeroen-lenaers-gekozen-tot-voorzitter-van-de-pegasus-enquetecommissie/
He was also involved in the hearings on civil liberties and power abuses by the Polish and Hungarian governments.
ht-tps://www.europarl.europa.eu/meps/en/95074/JEROEN_LENAERS/home
(English)
So this sounds OK. Time will tell.
ResearcherZero • April 27, 2022 8:18 AM
Outside of major cities, there is often zero accountability for phone intercepts. Generally they are not properly recorded, only a summary of how many take place, and this is not enforced in any manner.
Lawyers are frequent targets for these activities. The tactic is to keep them busy, so that they are somewhere more convenient for police at a given time, and preferably not at the courthouse or the local station.
JonKnowsNothing • April 27, 2022 1:30 PM
@ResearcherZero
Another off-the-record method is when the LEA gets a pen register, or dialed number recorder (DNR) warrant. An approved-by-LEA telecom contractor can access the CO box and install the recorder or install it where it can collect the information.
The warrant may have an expiry date but often times the approved-by-LEA telecom contractor “forgets” to remove the device and it keeps on working.
Other contractors know what it is, so they won’t touch it.
Whether this data is admissible in US Courts maybe irrelevant to the value of the excess data logged.
Subscribe to comments on this entry
Leave a comment
← Clever Cryptocurrency Theft Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries →
Sidebar photo of Bruce Schneier by Joe MacInnis.
John • April 21, 2022 8:43 AM
hmm….
More boring talk to listen to.
John