Figure 3 - uploaded by Bahr Abdulrazzak
Content may be subject to copyright.
Source publication
In this post, we develop new Internet scanning techniques to identify 45 countries in which operators of NSO Group’s Pegasus spyware may be conducting operations.
* Between August 2016 and August 2018, we scanned the Internet for servers associated with NSO Group’s Pegasus spyware. We found 1,091 IP addresses that matched our fingerprint and 1,014...
Citations
... Additionally, the scope of these studies also seems to fall short, considering the unprecedented pace of proliferation. According to Marczak et al. (2018) from the Citizen Lab, while most cyber capability indices cover about thirty countries or less, the notorious Israeli cyber intelligence firm NSO Group provides services to operations in forty-five countries. 24 Furthermore, based on a document that surfaced during a lawsuit, another Israeli spyware firm, Candiru was negotiating deals with clients from over sixty countries. ...
The recent emergence of mercenary spyware like Pegasus or Russia’s ongoing conventional warfare in Ukraine, supplemented by a cyber offensive we never experienced before, made cybersecurity even more critical. Despite the considerable research in the field, it seems that academia and the private sector have not been able to keep up with the growing importance of security and privacy resulting from the significant increase in cyber threats to critical services, infrastructure and human rights. Research on cyber capabilities tends to focus on the general understanding of the field and pays less attention to the rapid spread of increasingly advanced offensive cyber capabilities. Correctly assessing the capabilities of others and recognising the steps necessary to develop their own capabilities are essential for any country in combating future cybersecurity challenges. However, since there is no consensus on describing even basic cyber capabilities, current research uses different interpretations and usually lacks offensive capabilities altogether. In this article, I discuss the problem of assessing, measuring and evaluating offensive cyber capabilities, starting from the different definitions of some related terms through the various cyber power indices, right down to the talent behind cybersecurity, and perhaps the most promising indicators for assessing offensive capabilities.
... All external talks focused on worst-case scenarios, and referred outlandish threat models, to convey the message that "information security is important". They presented (1) attacks for which security champions can not prepare (e. g., the sophisticated Pegasus spyware [51] by S5), (2) outdated threats (e. g., that attackers can easily spy on private information in public WiFi (S6), which is not the case anymore [29], as https encryption is common and even mandatory under the GDPR, or the myth that emails are like postcards and anyone can read them (S4), which is not the case anymore for the same reason), (3) attacks that are impossible outside of an artificial lab environment (e. g., a reverse proxy on the own local machine of the expert to read and manipulate website traffic that would otherwise be encrypted, by S5), and (4) advices that are unusable for the majority of people (e. g., that one should in general surf the web via the Tor browser 7 (S1), which would in practice shrink the number of websites and services one can access dramatically). Additionally, the vast majority of advice was just a list of don'ts that significantly restrict users instead of providing useful and secure behaviors: do not use wireless keyboards, no public WiFi, no public USB charging stations, do not plug a foreign flash drive into your computer, deactivate Bluetooth on your devices, do not use foreign cloud providers, do not store corporate data on private devices, do not use TikTok. ...
... Additionally, proposed or proven cases of blockchain technology for clinical and genomic applications such as EHR access control, [36 37] privacy-preserving modeling, [38][39][40][41][42][43] genomic access logging, [44] gene-drug interaction data sharing, [45] clinical image sharing, [46] training certificates, [47] and patient data sharing consents [48] suggest that the use of blockchain networks may support consortium communications, adding its inherent advantages of immutability, distributedness, and high availability to current solutions. 21 ...
... Also, the Source/Target Query Number and the File Type fields were parsed from the Source/Target File Name fields. 21 Table 1. Information captured from the COVID-19 consortium private GitHub repository. ...
Objective:
We aimed to develop a distributed, immutable, and highly available cross-cloud blockchain system to facilitate federated data analysis activities among multiple institutions.
Materials and methods:
We pre-processed 9,166 COVID-19 Structured Query Language (SQL) code, summary statistics, and user activity logs, from the GitHub repository of the Reliable Response Data Discovery for COVID-19 (R2D2) Consortium. The repository collected local summary statistics from participating institutions and aggregated the global result to a COVID-19-related clinical query, previously posted by clinicians on a website. We developed both on-chain and off-chain components to store/query these activity logs and their associated queries/results on a blockchain for immutability, transparency, and high availability of research communication. We measured run-time efficiency of contract deployment, network transactions, and confirmed the accuracy of recorded logs compared to a centralized baseline solution.
Results:
The smart contract deployment took 4.5 seconds on average. The time to record an activity log on blockchain was slightly over 2 seconds, versus 5-9 seconds for baseline. For querying, each query took on average less than 0.4 seconds on blockchain, versus around 2.1 seconds for baseline.
Discussion:
The low deployment, recording, and querying times confirm the feasibility of our cross-cloud, blockchain-based federated data analysis system. We have yet to evaluate the system on a larger network with multiple nodes per cloud, to consider how to accommodate a surge in activities, and to investigate methods to lower querying time as the blockchain grows.
Conclusion:
Blockchain technology can be used to support federated data analysis among multiple institutions.
... We see that users still believed that this advice is true even though it is no longer given but rather discouraged. Another misconception participants from all countries agreed to was "My PC can get infected with malware by clicking on a link" (Q15-10) -which is only true in cases of sophisticated zero-click attacks like Pegasus [25] that only aim at single high-value targets. In the vast majority of cases, when browser and operating system are kept up-to-date, clicking on a link is not sufficient to install malware on a computer. ...
Misconceptions about digital security and privacy topics in the general public frequently lead to insecure behavior. However, little is known about the prevalence and extent of such misconceptions in a global context. In this work, we present the results of the first large-scale survey of a global population on misconceptions: We conducted an online survey with n = 12, 351 participants in 12 countries on four continents. By investigating influencing factors of misconceptions around eight common security and privacy topics (including E2EE, Wi-Fi, VPN, and malware), we find the country of residence to be the strongest estimate for holding misconceptions. We also identify differences between non-Western and Western countries, demonstrating the need for region-specific research on user security knowledge, perceptions, and behavior. While we did not observe many outright misconceptions, we did identify a lack of understanding and uncertainty about several fundamental privacy and security topics.
... The Citizen Lab report identified what appears to be a significant expansion of Pegasus use in the GCC. Overall, at least six operators have been identified with significant operations in the GCC, two of which appear to be mostly focused on the UAE, one focused mostly on Bahrain, and another focused on Saudi Arabia (Marczak et al. 2018). ...
Media when reporting about the refugees and immigrant communities is blamed for its failure in reporting objectively about the new citizen. The media organizations have not changed their reporting style to share globalized values, especially when reporting about certain culture, that still carry stereotyped representations (Ezz El Din, 2016; Hafez, 2009). Journalism has a major role in enhancing democracy and citizenship (Hanitzsch, & Vos., 2018). With the increase in mobility and migration to Europe there are new citizens that need to be integrated in the new communities. Studies about the media reporting of the Other, especially Muslim immigrants, show that they are reported in a stereotypical manner (Bullock and Jafri, 2000; Martin and Phelan, 2002; Kabir, 2006; Christoph, 2012; Sadar, 2014; Abdelhady and Malmberg, 2018; Holzberg, et al., 2018). One of the main issues that contribute to such constructions is the way reporters refer and write about a certain group and which voices are used in the news reporting, hence create a criticism on how the journalism profession is practiced (Christoph, 2012, Ezz El Din, 2016).
Hence it is relevant to study the opportunities for a more constructive approach in reporting on immigrants. Constructive Journalism is based on journalists’ understanding of social issues and their contribution in the societal integration, security, and well-being. It promotes new ways of reporting where it offers alternative information and possible solutions (Aitamurto & Varma, 2018; Rotmeijer, 2019). There are also other forms of journalism that stresses on the journalistic reporting for the society’s well-being that fits under the “umbrella” of constructive journalism among which is Peace Journalism (McIntyre & Sobel, 2018).
The constructive approaches are counteracting the negativity in reporting and call for a better way and a better quality in news reporting. This paper aims to study if those models can be used when reporting about immigrants as an alternative to traditional reporting that reproduces the same dichotomous and stereotypical images. The models could contribute, if applied in journalistic news texts, to more balanced constructions of immigrants, i.e. the new citizens. Applying constructive approaches in reporting can provide alternative ways of reporting that contrast with how the media is most often considered to work.
Using principles of constructive journalism and peace journalism as a theoretical framework and Critical Discourse analysis as a methodological approach I analyze the local Swedish newspaper Barometern coverage on immigrants in Sweden between 2017-2021.
Key words: constructive journalism, peace journalism, Othering, stereotypes, local news, Sweden
... According to Citizen Lab, Abdulaziz was sent a text message that purported to inform him of an upcoming delivery after he made a purchase on Amazon. Clicking on the 'exploit link' infected Abdulaziz's phone with Pegasus, an internationally marketed spyware product from the Israeli firm NSO Group (Marczak et al 2018). Later reports claimed that the CSMA's access to Abdulaziz's communications revealed his co-ordination with Khashoggi (reportedly hatching plans to resist the state's social media weaponisation) only months before the latter's murder in Istanbul by Saudi agents (Kirkpatrick 2018). ...
... This gives rise to justified fear of the potential use of the surveillance system by secret services in breach of the law, and by extension of citizens' rights and freedoms (cf. Marczak, 2018;Bodnar, 2019;Kaili, 2019, Applications by the Ombudsman..., VII.519.2.2019.AG). ...
The material scope of the research problem presented in the text encompasses the issues concerned with operational surveillance that the Polish civilian counter-intelligence service, i.e. the Internal Security Agency (in Polish abbreviated as ABW-Agencja Bezpieczeństwa Wewnętrznego), is authorised to. The main purpose of the analysis is to assess the changes introduced as a result of the passing of the so-called Surveillance Act in 2016. The Act was supposed to introduce new regulations with regard to the powers concerning operational surveillance and obtaining of ICT data, granted to particular secret and police services. The said changes were enforced by the judgment of the Constitutional Tribunal, which in 2014 found numerous violations of the provisions of the Constitutions of the Republic of Poland caused by the existing regulations authorising the services to engage in particular operational and investigative actions. In order to elaborate the material scope of the research problem, and to present the conclusions, the following research questions have been presented in the text: Do the legal regulations concerning the powers vested in the Polish civilian counter-intelligence service within operational surveillance infringe individual rights and freedoms (e.g. the right to privacy, protection of personal information, privacy of correspondence), and if so, then to what extent? Functional and pro-constitutional interpretations have been applied to assess the provisions regulating the powers of the Internal Security Agency with regard to operational surveillance and obtaining of ICT data. The functional interpretation focuses on the function of selected legal solutions, whereas the pro-constitutional interpretation focuses on the assessment of legal solutions in the context of the principles of a democratic state ruled by law, as well as human rights and freedoms. As regards the pro-constitutional interpretation, the tool used for assessment is the test of proportionality, i.e. the rule used for interpreting legal norms according to the degree and legitimacy of the interference in individual rights and freedoms.
... Unsurprisingly, Poland has continued expanding its surveillance capabilities by outsourcing to national and international corporations. According to a technical and academic report, Poland has deployed "Pegasus" surveillance malware created by NSO Group, a surveillance technology corporation based in Israel (Marczak et al. 2018). The report led journalists and political opposition to inquire whether the malware was purchased and deployed by security and intelligence agencies. ...
This chapter questions the common understanding that lack of trust is negative to strengthening democracy and that public lack of trust signals that a liberal democracy is in crisis. It notes how the contemporary drift toward authoritarianism within many established liberal democracies is often coupled with the ideologization of surveillance policies and practices to echo the discourses and goals of far-left and far-right populism. It then clarifies how a democratic lack of trust within civil society can constructively stem these drifts toward authoritarian tendencies, which are so commonly enabled by state and corporate surveillance practices. In order to do so, it establishes notions of trust, trustworthiness, and intelligent accountability and develops a militantly democratic approach to oversight of surveillance by civil society. Subsequently, three country-based cases are explored: Germany, Poland, and the United States, which share the political encroachment of far-right populism to varying degrees. Critically analyzing these cases clarifies the importance of a militant democratic approach to curtailing authoritarianism and also to reimagining and resemantizing the power and knowledge dynamics existent between civil society, the state, and corporations, in order to enable democratic oversight and ensure security upholding human rights and civil liberties.
... Analyzing 2.4 million public tweets on the main Arabic Twitter hashtag discussing Khashoggi's murder, Abrahams and Leber (2021) note that only 281 accounts pushed 80% of the content, with these accounts belonging to different camps backing and attacking Saud Arabia. The Khashoggi case magnifies the integration of digital repression and offline violent acts (Josua & Edel, 2021;Marczak et al., 2018). Preceding Khashoggi's murder, the journalist's private conversations with another Saudi dissident, Omar Abdulaziz, were obtained after Saudi authorities managed to infect Abdulaziz's phone with spyware (Kirkpatrick, 2018). ...
This paper deals with a case study that provides unique and original insight into social media credibility attacks against the Saudi journalist and activist, Jamal Khashoggi. To get the data, I searched all the state-run tweets sent by Arab trolls (78,274,588 in total), and I used Cedar, Canada’s supercomputer, to extract all the videos and images associated with references to Khashoggi. In addition, I searched Twitter’s full data archive to cross-examine some of the hashtag campaigns that were launched the day Khashoggi disappeared and afterwards. Finally, I used CrowdTangle to understand whether some of these hashtags were also used on Facebook and Instagram. I present here evidence that just a few hours after Khashoggi’s disappearance in the Saudi Consulate in Istanbul, Saudi trolls started a coordinated disinformation campaign against him to frame him as a terrorist, foreign agent for Qatar and Turkey, liar.... etc. The trolls also emphasized that the whole story of his disappearance and killing is a fabrication or a staged play orchestrated by Turkey and Qatar. The campaign also targeted his fiancée, Hatice Cengiz, alleging she was a spy, while later they cast doubt about her claims. Some of these campaigns were launched a few months after Khashoggi’s death. Theoretically, I argue that state-run disinformation campaigns need to incorporate the dimension of intended effect.
In this case study, the goal is to tarnish the reputation and credibility of Khashoggi, even after he died, in an attempt to discredit his claims and political cause, influence different audiences especially the Saudi public, and potentially reduce sympathy towards him.
... The most famous use of the software was against Joaquín Archivaldo Guzmán Loera, a man better known as El Chapo, by the Mexican government. Bahrain, Kazakhstan, Morocco, Saudi Arabia, and the United Arab Emirates also use the hacker software (Marczak et al., 2018). For example, Saud al-Qahtani, a lead adviser to the Crown Prince of Saudi Arabia used Pegasus to track the murdered journalist Jamal Khashoggi (Kirkpatrick, 2018) and target the iPhone of Emirati human rights activist, Ahmed Mansoor (Marczak & Scott-Railton, 2016). ...
Hacking is a set of practices with code that provides the state an opportunity to defend and expand itself onto the internet. Bringing together science and technology studies and sociology scholarship on boundary objects and boundary work, we develop a theory of the practices of the hacker state. To do this, we investigate weaponized code, the state’s boundary work at hacker conferences, and bug bounty programmes. In the process, we offer a depiction of the hacker state as aggressive, networked, and adaptive.
