Buongiorno nexiane, un lunghissimissimissimo articolo che spiega, ancora una volta, come lo spyware venga utilizzato in tutto il mondo per ogni tipo di operazione... e intendo proprio per /ogni/ tipo: dalla sorveglianza dei dissidenti o nemici politici (europei inclusi) a quella dei consorti di persone talmente ricche da potersi permettere di acquistare spyware (e infrastrutture dedicate) /indipendentemente/ dagli ipocriti gestori dei permessi di commercializzazione di quel software. Sperano di fermare il fenomeno con dei procedimenti giudiziari, ipocriti che non sono altro. Nessuno pensi, anche solo per temporanea distrazione, che Pegasus sia l'unico o il peggiore, perché sarebbe oltremodo offensivo. Scusate la lunghezza dell'estratto, ho cercato di includere solo quello che ritengo significativo. https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-c... «How Democracies Spy on Their Citizens» --8<---------------cut here---------------start------------->8--- [...] In Catalonia, more than sixty phones—owned by Catalan politicians, lawyers, and activists in Spain and across Europe—have been targeted using Pegasus. This is the largest forensically documented cluster of such attacks and infections on record. Among the victims are three members of the European Parliament, including Solé. Catalan politicians believe that the likely perpetrators of the hacking campaign are Spanish officials, and the Citizen Lab’s analysis suggests that the Spanish government has used Pegasus. A former NSO employee confirmed that the company has an account in Spain. (Government agencies did not respond to requests for comment.) The results of the Citizen Lab’s investigation are being disclosed for the first time in this article. I spoke with more than forty of the targeted individuals, and the conversations revealed an atmosphere of paranoia and mistrust. Solé said, “That kind of surveillance in democratic countries and democratic states—I mean, it’s unbelievable.” [...] According to an analysis by the Citizen Lab, phones connected to the Foreign Office were hacked using Pegasus on at least five occasions, from July, 2020, through June, 2021. The government official confirmed that indications of hacking had been uncovered. According to the Citizen Lab, the destination servers suggested that the attacks were initiated by states including the U.A.E., India, and Cyprus. (Officials in India and Cyprus did not respond to requests for comment.) About a year after the Downing Street hack, a British court revealed that the U.A.E. had used Pegasus to spy on Princess Haya, the ex-wife of Sheikh Mohammed bin Rashid al-Maktoum, the ruler of Dubai, one of the Emirates. Maktoum was engaged in a custody dispute with Haya, who had fled with their two children to the U.K. Her attorneys, who are British, were also targeted. [...] A senior European law-enforcement official whose agency uses Pegasus said that it gave an inside look at criminal organizations: “When do they want to store the gas, to go to the place, to put the explosive?” He said that his agency uses Pegasus only as a last resort, with court approval, but conceded, “It’s like a weapon. . . . It can always occur that an individual uses it in the wrong way.” [...] Establishing strict rules about who can use commercial spyware is complicated by the fact that such technology is offered as a tool of diplomacy. [...] “Everything that we are doing, we got the permission from the government of Israel,” Hulio (uno dei fondatori di NGO, i produttori di Pegasus, n.d.r.) told me. “The entire mechanism of regulation in Israel was built by the Americans.” [...] NSO sees itself as a type of arms dealer, operating in a field without established norms. [...] Hulio said, “I just remember that one day the lawsuit happened, and they shut down the Facebook account of our employees, which was a very bully move for them to do.” He added, referring to scandals about Facebook’s role in society, “I think it’s a big hypocrisy.” NSO has pushed for the suit to be dismissed, arguing that the company’s work on behalf of governments should grant it the same immunity from lawsuits that those governments have. So far, the U.S. courts have rejected this argument. [...] WhatsApp’s aggressive posture was unusual among big technology companies, which are often reluctant to call attention to instances in which their systems have been compromised. The lawsuit signalled a shift. The tech companies were now openly aligned against the spyware venders. Gheorghe described it as “the moment the whole thing just exploded.” [...] Microsoft, Google, Cisco, and others filed a legal brief in support of WhatsApp’s suit. Goodwin, the Microsoft executive, helped to assemble the coalition of companies. “We could not let NSO Group prevail with an argument that, simply because a government is using your products and services, you get sovereign immunity,” she told me. “The ripple effect of that would have been so dangerous.” Hulio argues that when governments use Pegasus they’re less likely to lean on platform holders for wider “back door” access to users’ data. He expressed exasperation with the lawsuit. “Instead of them, like, actually saying, ‘O.K., thank you,’ ” he told me, “they are going to sue us. Fine, so let’s meet in court.” [...] Israel has become the world’s most significant source of private surveillance technology in part because of the quality of talent and expertise produced by its military. “Because of the compulsory service, we can recruit the best of the best,” the former senior intelligence official told me. “The American dream is going from M.I.T. to Google. The Israeli dream is to go to 8200,” the Israeli military-intelligence unit from which spyware venders often recruit. [...] In 2019, NSO was saddled with hundreds of millions of dollars in debt as part of a leveraged-buyout deal in which a London-based private-equity firm, Novalpina, acquired a seventy-per-cent stake. Recently, Moody’s, the financial-services firm, downgraded NSO’s credit rating to “poor,” and Bloomberg described it as a distressed asset, shunned by Wall Street traders. [...] “I know there have been misuses,” Hulio said. “It’s hard for me to live with that. And I obviously feel sorry for that. Really, I’m not just saying that. I never said it, but I’m saying it now.” Hulio said that the company has turned down ninety customers and hundreds of millions of dollars of business out of concern about the potential for abuse. But such claims are difficult to verify. [...] Asked about the extreme abuses ascribed to his technology, Hulio invoked an argument that is at the heart of his company’s defense against WhatsApp and Apple. “We have no access to the data on the system,” he told me. “We don’t take part in the operation, we don’t see what the customers are doing. We have no way of monitoring it.” When a client buys Pegasus, company officials said, an NSO team travels to install two racks, one devoted to storage and another for operating the software. The system then runs with only limited connection to NSO in Israel. [...] The competition, Hulio argued, is far more frightening. “Companies found themselves in Singapore, in Cyprus, in other places that don’t have real regulation,” he told me. “And they can sell to whoever they want.” The spyware industry is also full of rogue hackers willing to crack devices for anyone who will pay. “They will take your computers, they will take your phone, your Gmail,” Hulio said. “It’s obviously illegal. But it’s very common now. It’s not that expensive.” Some of the technology that NSO competes with, he says, comes from state actors, including China and Russia. “I can tell you that today in China, today in Africa, you see the Chinese government giving capabilities almost similar to NSO.” According to a report from the Carnegie Endowment for International Peace, China supplies surveillance tools to sixty-three countries, often through private firms enmeshed with the Chinese state. “NSO will not exist tomorrow, let’s say,” Hulio told me. “There’s not going to be a vacuum. What do you think will happen?” [...] Last month, the European Parliament formed a committee to look into the use of Pegasus in Europe. Last week, Reuters reported that senior officials at the European Commission had been targeted by NSO spyware. The investigative committee, whose members include Puigdemont, will convene for its first session on April 19th. Puigdemont called NSO’s activities “a threat not only for the credibility of Spanish democracy, but for the credibility of European democracy itself.” [...] “People can survive and can adapt to almost any situation,” Hulio once told me. NSO Group must now adapt to a situation in which its flagship product has become a symbol of oppression. “I don’t know if we’ll win, but we will fight,” he said. One solution was to expand the product line. The company demonstrated for me an artificial-intelligence tool, called Maestro, that scrutinizes surveillance data, builds models of individuals’ relationships and schedules, and alerts law enforcement to variations of routine that might be harbingers of crime. “I’m sure this will be the next big thing coming out of NSO,” Leoz Michaelson, one of its designers, told me. “Turning every life pattern into a mathematical vector.” [...] On his mother’s phone, which had been hacked eight times, the researchers found a new kind of zero-click exploit, which attacked iMessage and iOS’s Web-browsing engine. There is no evidence that iPhones are still vulnerable to the exploit, which the Citizen Lab has given the working name Homage. When the evidence was found, Scott-Railton told Campo, “You’re not going to believe this, but your mother is patient zero for a previously undiscovered exploit.” --8<---------------cut here---------------end--------------->8--- bla bla bla bla... tutto /dovrebbe/ essere riassunto con questo unico paragrafo: --8<---------------cut here---------------start------------->8--- The exploit triggered two video calls in close succession, one joining the other, with the malicious code hidden in their settings. The process took only a few seconds, and deleted any notifications immediately afterward. The code used a technique known as a “buffer overflow,” [...] The company concluded that NSO had injected malicious code into files in Adobe’s PDF format. It then tricked a system in iMessage into accepting and processing the PDFs outside BlastDoor. --8<---------------cut here---------------end--------------->8--- Ecco appunto, siamo fermi alla /preistoria/ dell'informatica, quando gli exploit si attivavano con dei banalissimi buffer overflow e i documenti binari potevano essere /eseguiti/ come codice macchina... bah?!? Governanti, vi è mai venuto in mente di spendere almeno un decimo di quello che spendete per /tentare/ di proteggere i dispositivi dei vostri amici, o un centesimo di quello che spendete per attaccare i dispositivi dei vostri nemici, per finanziare lo sviluppo di sistemi operativi migliori (la sicurezza degli applicativi verrebbe via /gratis/)?... che tra l'altro già ci sono :-O Possibile che in questo regime chi sfrutta abili programmatori sociopatici, che stanno svegli per due giorni di fila per trovare il bit, sia in grado di fare soldi a palate nel settore dell'informatica?... e chi non fa spyware fa software per profilare e /controllare/ i comportamenti dei propri urtenti, mentre decine di migliaia di hacker in tutto il mondo fanno cose che farebbero volentieri a meno di fare e non riescono a dedicarsi a ciò che desiderano?!? Gli spyware e i malware [1] non sono armi, sono /solo/ software, opere letterarie, basta saperle leggere per comprenderle... e comprendere dove non funzionano. C'è un sacco di gente che lo saprebbe fare e ancora di più che saprebbe imparare a farlo, se solo ne avesse la possibilità. Governanti, siete troppo pieni di voi per comprendere, non c'è altra spiegazione. Saluti, 380° [1] https://www.gnu.org/proprietary/proprietary.html.en «As of April, 2022, the pages in this directory list around 550 instances of malicious functionalities (with more than 650 references to back them up), but there are surely thousands more we don't know about.» -- 380° (Giovanni Biscuolo public alter ego) «Noi, incompetenti come siamo, non abbiamo alcun titolo per suggerire alcunché» Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.