An NSO Pegasus Example
Roman Giertych, you are in a higher than average risk category being tightly associated with political opposition. It sucks to be the cautionary tale for others doesn't it? I know dats right.
“I don't have to worry about secret agents. I live in a European country.”🙄
“The “jaw-droppingly aggressive” tempo and intensity of the targeting — day-by-day, even hour-by-hour — suggested “a desperate desire to monitor his communications,” Scott-Railton said. It was so unrelenting that the iPhone became useless and Giertych abandoned it.
“This phone was with me in my bedroom and it was with me when I went to confession. They scanned my life totally,” he said.”
The Polish lawyer’s iPhone eventually became unusable? The series of glitches before The Brickening should have been an obvious clue. Breadcrumbs must have been flying out of his phone. It's a wonder he didn't lose an eye.
It just goes to show don't use exploits if you can use misconfigurations. You are less likely to put out someone's eye in the process too.
That “scanned my life totally” part is a real mind bender for anyone who finds themselves under intense, real-time surveillance by the way. I definitely get it. Giertych, you had your phone with you at all times day and night?😱 You even took it to confession?😱😱😱
Finding endpoint and midpoint intrusion is easier than one might think. All hacking tools throw breadcrumbs. Pegasus throws out lots of breadcrumbs too. I have some examples from my research. Pegasus isn't undetectable as the click bait articles about the “menace of Pegasus” seem to imply. We know the payload is delivered by an exploit most of the time nowadays even if those exploits weren't getting caught by sharp eyes and brains. Too many crashes, shutdowns, or freezes on penetration. Then the phone gets bat shitty at times too. Spyware developers can't test their code against every conceivable combination of operating system, operating system level, API, and user apps. That's an odd one down on 28. Hey, wait a minute! The last update I read about is supposed to be on 31.
There are too many variables and plenty of edge cases. Spyware can't be widely and extensively beta tested. Duh. It's spyware. You gotta kinda keep that put away for the most part and not let too many peeps know about it. The targets are the beta test.
Usually spyware, even Pegasus, acts like a nightly though, so the spyware and some other code are gonna end up driving straight at each other in a game of chicken someday, but neither one ever moves over. Probably svchost is doing its usual and trying to get everyone to play nice, but spyware usually doesn't have any sense at all. The spyware be saying “move over bitch.” The other code is saying “this is my right of way. Get lost motherfucker,” then kaboom!
An analogy is useful rather than all my techno talk. Any common criminal can break into your house. That isn't impressive. A person who surreptitiously breaks into another's home one time merely to look a bit then leave might not be detected. If a person takes up full time residence in another's home then that person will be caught eventually.
How long it takes to catch the intruder depends on the incredulity level of the homeowner and his or her observation skills. It also depends on what the intruder does. Does he stay in a quiet, out of the way place and rarely move? Is he always out and about in the house messing around with things?
It's the same with hacking and surveillance. Don’t be intimidated by tech. You don’t need sophisticated tech skills, just a very good eye for detail, a good memory, and lower your incredulity. Don't be so naive. You would have to be living a meaningless life if you never had at least one government agency or a couple of respectable black hats checking you out.
So why aren’t more people aware and catching their surveillance? Are they intimidated by tech? Naive about the world? Can't stand techno geekery? It requires no tech knowledge at all to realize that your cell phone should not be crashing or act possessed. People in high risk groups take their phones to confession? They carry them around out in the open while discussing financial crimes? Why!!!!!!😱
Marshall McLuhan explains it.
“Only puny secrets need protection. Big discoveries are protected by public incredulity.”
The big discovery I made in my research after Snowden's monkeyshines is the huge amount of espionage and surveillance worldwide. Targets are commercial and government entities, research facilities, mid to upper level bureaucrats and politicians, watering holes like Laura Poitras, attorneys, VIP’s and journalists, political opposition, activists, criminals obviously, “militia” members whatever that is, foreign spies and embassy personnel, and anyone with a specialized body of knowledge or access to a desirable database, even just a database of credit cards or bank accounts.
Somebody wants your boring research data on feed conversion ratios by fish density and feeding schedule. Garandamtee it.
If you are an investigative journalist, or you are involved with government opposition, or you are an activist of some sort in a sketchy nation that plays loose with the rules, assuming they even have any, then you need to be squeaky clean.
You could be put under surveillance as a fishing expedition, then get busted if your surveillance finds something. Their odds of finding something eventually are pretty good if your surveillance hangs around long enough.
Machiavelli said everyone is guilty of something, so you probably are too. I'm not here to judge you. Machiavelli has your number. He's got all our numbers. I'm just trying to help you keep your scandalous secrets on the down low and your perversions pervilicious.
Are you in one of the above high risk groups? Pay your taxes. Don't hide income. Always convert your money at the official government rate. At least improve your game. If you are going to commit financial crimes make them work for it.
You need to be a model citizen in all respects anywhere near your mobile phone if it is outside of a Faraday bag. Revenge surveillance, and fishing expeditions (to cripple or besmirch journalists, political opposition, and activists) appear to be common in some nations.
Bag it up if you must go to an illegal exchange house, whorehouse, drug house, or any abode of questionable law and/or public morals. Confession? I bet that was a surveillance mother lode. Those Poles take their Catholicism seriously. They are always sinning and partying like good Catholics. Then they let it all hang out in the confession box like good Catholics do too.
If we gotta start with the basics then let me remind peeps in high risk groups not to become an NSO or government pornstar either, unless you like that sorta thing. With NSO on your phone it’s like Jesus is watching you all the time, except NSO can be double bagged.
You shouldn't have a wife and a secret girlfriend, especially not if you are associated with political opposition or may have annoyed a sketchy government. Wifey might get a call from a “friend of a friend” who feels obligated to inform her of this betrayal and give her the time and place of your next rendezvous.
Don't be smoking wacky tobaky if it isn't legal in your country. Po Po gets an “anonymous” tip. Po Po pulls you over alleging that you “crossed the center line.” Po Po claims to smell marijuana in your car. Car search ensues. Busted!
Tight surveillance knows everything about you, when you are driving drunk, meeting side chicky, slapping the salami, watching porn, or transporting drugs, alcohol, or marijuana to a friend's house.
Those are just a few examples. Sketchy governments are only limited by their imaginations. Intelligence agency management personnel or the higher ups in your government only have to make a single phone call to set you up for arrest or scandalous exposure. It may look completely coincidental, just pure bad luck.
Giertych was arrested for a financial crime after the disclosure by Citizen Lab of his surveillance. This crime is being used as justification for his surveillance. Personally I believe his surveillance was a fishing expedition in hopes of finding a crime or in hopes of gathering intelligence about the political strategies of the opposition party. The political party in power in Poland just got lucky and found a pretext to justify Giertych's surveillance after the fact.
Machiavelli is right. Everyone is guilty of something. Fishing expeditions catch fish. That's why they are so useful. A Faraday bag or two and some common sense can keep your private life private from a minor pest like NSO.