From a friend's discord

#infosec #starWars

NEW: "shocking and depressing"

"...even in this room I am speaking to people who were victims of this system"

#Poland's prosecutor general testifies to 🇵🇱#polish parliament about hacking of 100s with #Pegasus spyware.

Story: https://apnews.com/article/poland-spyware-pegasus-nso-group-israel-413bb3cb27daac011d52b524c6d16160

#polska #cybersecurity #spyware #malware #infosec #surveillance #EU #Europe

There's a disgraceful ecosystem of public relations & lobbying firms using hackers for hire.

Sometimes they are used to silence critics & advocacy groups.

Like US nonprofits doing climate advocacy.

Our investigation into a group we christened #DarkBasin uncovered a sprawling #India-based hack-for-hire operation.

They enabled US corporations to outsource lawbreaking.

https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/
#infosec #cybersecurity #malware #hacking #climatechange #climatecrisis #exxon #phishing

I'd bet my bottom dollar that this "unnamed...PR and lobbying firm" knows exactly who they are...

...and are no doubt experiencing an afternoon of the purest panic.

Using the offshore hack-for-hire ecosystem has been largely consequence-free for the middlemen & the ultimate beneficiaries of stolen information.

The tide may be turning & this latest arrest suggests that more consequences may be inbound.

#hacking #infosec #spyware #malware #cybersecurity #phishing #India

BREAKING: #Israeli private investigator arrested for cyberespionage on behalf of American PR firm.

Caught by UK under #RedNotice from 🇺🇸US while boarding a flight.

BIG TWIST in a wild case that began w/our @citizenlab investigation into indian hack-for-hire group #belltrox

Sound familiar?

Because Amit Forlit is the *second* PI from #Israel arrested in similar way for this case.

First = convicted.

https://www.reuters.com/world/israeli-private-eye-arrested-uk-over-alleged-hacking-us-pr-firm-2024-05-02/

#hacking #cybersecurity #infosec #malware #espionage #intelligence

Beauty of an #infosec sticker:)

Edit: the creator made it from here!

https://observatory.db.erau.edu/generators/signs/

Hello friends, I've seen the below image come up a few times elsewhere and am going to expound a little!

While the hyperlinks in the image display correctly, those aren't actually the addresses of those sites! Instead, they're the Internationalized Domain Name replacements - examples of what are called IDN Homograph Attacks.

It's incredibly hard to include all characters from all active alphabets in the mechanisms that resolve domain names - so currently that letter set is restricted, and instead uses a translation system called Punycode to move between a visual URL with the correct characters and a domain name your computer can actually resolve to a website.

So while neurovagrant[.]com is fine either way, nӘ̃urovagrant[.]com isn't! The actually domain would be xn--nurovagrant-rkg322d[.]com.

Notice that xn-- ! That's what tells browsers and other software that it's an IDN domain, and to try and translate it.

Attackers use this to their benefit. So:

xn--mcrosoft-security-teams-1ec[.]com can appear in your email, on your twitter feed, in other places visually as: mícrosoft-security-teams[.]com

You may think you're signing in to check your retirement at vanguarɗ[.]com but it's actually sent you to xn--vanguar-4cd[.]com

A link that appears as vḙnmo[.]com actually sends you to the website xn--vnmo-q64a[.]com

They even target kids! Take a look at xn--rblox-jua[.]com - which looks like röblox[.]com in most settings. Note the diacritical mark above the first o.

If anything looks off, there's a reason. Always view links with skepticism, don't click on things unnecessarily, and always sign into the sites you use by going to the domain name you know.

Stay frosty out there, friends.

#cybersecurity #infosec #StayFrosty

"Citizen, leave a copy of your home keys at the police station."

Hmm, people won't like that.

How about, "home-builders have a social responsibility ...[and must give police copies of all house keys]"

Much better.

#Europol taking another stab at the encryption fight.

#Encryption #privacy #infosec #cybersecurity #europe #surveillance

I've been using the words "Bumpy" and "Smooth" to describe a lot of functions, processes, plays, capabilities, lately.

And sometimes, when I say things like "I get what you are trying to do here, but this feels very bumpy to me", I sometimes get some weird looks.

You've all likely heard the mantra "Slow is Smooth, and Smooth is Fast", popularised by the Navy Seals and or other SPECOPS groups.

Well this is essentially that. Smooth ways of operating, processes, functions etc, are ones that are consistent, well understood and as a by product of that, produce quality results at speed.

Notice I said as a by product. I roll my eyes every time I hear software engineering leaders who chant on about Agility, and Speed. Those are things you get, when you go well. And to do well, you need Smooth Operations .. https://www.youtube.com/watch?v=4TYv2PhG89A

On the other side of the coin, bumpy operations, processes, functions etc are those where results are variable, quality is not a focus and the general mental models and understanding of the people performing them is not aligned.

Bumpy eats up resources, it slows people down, it leads to mistakes that need to be addressed reactively, causing yet more Bumpiness.

If you want to go fast? Go Well. Go Smooth. Invest in consistency, documentation, shared understandings, metrics.

On top of that, automating Bumpy things is hard. Automating Smooth things is easier, and automation itself brings a new level of Smooth. A new level of Fast. A new level of Going Well.

Oh yeah, and applying #AI to Bumpy things leads to much sorrow.

#infosec #smoothisfast #bumpyisslow

Sade - Smooth Operator - Official - 1984

Sade – Smooth OperatorDirector - Julien Temple - September 1984 The official YouTube channel for the British iconic band Sade www.sade.comSade (vocals) Stuar...

^YouTube

So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.

How can you push a tool that siphons data to a third party onto a security-critical system?

What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?

#infosec #security #openai #microsoft #windowsserver #copilot

2/
Baroque conspiracy theories were floated and amplified by various groups seeking to discredit the victims and our findings.

The formula was repeated for each victim we & others like Amnesty's Security Lab surfaced.

Didn't work, but if you'd asked me in 2022 if whether Poland's government would ever officially confirm spyware cases *to victims*, it would have seemed hopelessly optimistic.

Remarkable.

#Disinformation #poland #polska #infosec #cybersecurity #spyware #malware

OFFICIAL CONFIRMATION:🇪🇺MEP Krzysztof Brejza is a #Pegasus spyware victim, per #Poland's national prosecutor's office.

He was incessantly infected with spyware while coordinating opposition political strategy during Polish parliamentary elections.

After we publicly confirmed our findings, Brejza was targeted w/unrelenting, orchestrated disinformation. And harassment.

For a time, we @citizenlab were also a target. 1/

#infosec #cybersecurity #spyware #malware #PiS #Polska