Disclaimer: This is just my opinion and thoughts
Pegasus used against Human Rights Groups
More details on Pegasus
For those who don't know sometime last year the Isreali Government developed a zero-click malware that was discovered late 2022. This type of malware is not only tough to detect but doesn't require any user interaction in order to get infected. This same malware has been reported to have been used on Human Rights groups despite being advertised as a tool to fight terrorism.
This was deinitely concerning to me because for the last year apple users have been revieving these mysterious security updates. Most of them don't even have a description in the patch notes for weeks or months. That indicate to me that they are still trying to secure the phone as much as possible and don't want to release publicly what they have fixed so that NSO can't use that information to patch their payload. There isn't much public information on how Pegasus works because, again, this payload is being advertised to government agencies and there is a conflict of interest between government agencies and cyber security where cyber security wants to patch vulnerabilities and government agencies wanting to keep those vulnerabilities so they can use those vulnerabilities to their advantage.
What made me post this is that I saw a short clip of Vicki Dillard talking about how the Western world is trying to distract us with this Ukraine vs Russia. It made me think about how all these different attack vectors have been used in this cyber war and I think about how this technology may be used against us. When you consider that Human Rights organizations have been targeted what is to say we won't be targeted, if we haven't been targeted already. We have been able to do a lot in spite of the barriers that social media and similar sites use to filter our message and information. When I think about the way that meta data and big data is used to create profiles on peoples habits and behaviors it makes me feel the FBI no longer need to infiltrate our organizations because they have all the tools at their disposal to spy without stepping foot into your home. For example we already have payloads that can screen capture all the acitivity happening on a phone in real time, access the cameras and having total control over someone's device BUT it usually requires that the victim downloads an apk or opens a file like a pdf or Word Doc. These payloads also have signatures that AV, IDPS and other monitoring software can detect but Pegasus can avoid all of that and only by meticulously monitoring your phone can you discover this payload. That's a tall task. I would like to see apps that can list all the connection Iphone has in the sameway the netstat comomand does. We don't have enough tools for IOS that allow you to really streamline the detective work.
Pegasus used against Human Rights Groups
More details on Pegasus
For those who don't know sometime last year the Isreali Government developed a zero-click malware that was discovered late 2022. This type of malware is not only tough to detect but doesn't require any user interaction in order to get infected. This same malware has been reported to have been used on Human Rights groups despite being advertised as a tool to fight terrorism.
This was deinitely concerning to me because for the last year apple users have been revieving these mysterious security updates. Most of them don't even have a description in the patch notes for weeks or months. That indicate to me that they are still trying to secure the phone as much as possible and don't want to release publicly what they have fixed so that NSO can't use that information to patch their payload. There isn't much public information on how Pegasus works because, again, this payload is being advertised to government agencies and there is a conflict of interest between government agencies and cyber security where cyber security wants to patch vulnerabilities and government agencies wanting to keep those vulnerabilities so they can use those vulnerabilities to their advantage.
What made me post this is that I saw a short clip of Vicki Dillard talking about how the Western world is trying to distract us with this Ukraine vs Russia. It made me think about how all these different attack vectors have been used in this cyber war and I think about how this technology may be used against us. When you consider that Human Rights organizations have been targeted what is to say we won't be targeted, if we haven't been targeted already. We have been able to do a lot in spite of the barriers that social media and similar sites use to filter our message and information. When I think about the way that meta data and big data is used to create profiles on peoples habits and behaviors it makes me feel the FBI no longer need to infiltrate our organizations because they have all the tools at their disposal to spy without stepping foot into your home. For example we already have payloads that can screen capture all the acitivity happening on a phone in real time, access the cameras and having total control over someone's device BUT it usually requires that the victim downloads an apk or opens a file like a pdf or Word Doc. These payloads also have signatures that AV, IDPS and other monitoring software can detect but Pegasus can avoid all of that and only by meticulously monitoring your phone can you discover this payload. That's a tall task. I would like to see apps that can list all the connection Iphone has in the sameway the netstat comomand does. We don't have enough tools for IOS that allow you to really streamline the detective work.
