Predator Files: Technical deep-dive into surveillance products - Printable Version +- Bezbedan Balkan (https://bezbedanbalkan.net) +-- Forum: Opšte teme (https://bezbedanbalkan.net/forum-1.html) +--- Forum: Vesti, zanimljivosti i razno (https://bezbedanbalkan.net/forum-26.html) +--- Thread: Predator Files: Technical deep-dive into surveillance products (/thread-998.html) |
Predator Files: Technical deep-dive into surveillance products - 1van - 11-26-2023 Quote:On 5 October 2023, a major global investigation – the “Predator Files” – was published exposing the proliferation of surveillance technologies around the world and the failure of governments and the European Union (EU) to properly regulate the industry. The Security Lab at Amnesty International is a technical partner in the “Predator Files”, a project coordinated by the European Investigative Collaborations (EIC) media network into the Intellexa alliance, the makers and marketers of the Predator spyware. As part of this collaboration, the Security Lab has reviewed technical documentation, marketing material and other records obtained by Der Spiegel and Mediapart – who are part of EIC – which shed light on the ecosystem of surveillance products offered by the Intellexa alliance. Details: https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/ RE: Predator Files: Technical deep-dive into surveillance products - 1van - 11-28-2023 Povezano: - https://www.accessnow.org/spyware-attack-in-serbia/ - https://citizenlab.ca/2023/11/serbia-civil-society-spyware/ RE: Predator Files: Technical deep-dive into surveillance products - 1van - 11-28-2023 Izvor: https://www.slobodnaevropa.org/a/srbija-vlast-spijunski-softver-tuzilastvo-share-nvo/32703352.html Quote:"Vidimo da su napadi bili vrlo slični vremenski, otprilike jedan minut razlike između napada. Dve odvojene osobe, dva odvojena Ajfona (iPhone)", rekla je za RSE Natalia Krapiva iz organizacije Access Now, pojašnjavajući nalaze. Quote:NSO grupa, kako dodaje, ne prodaje ovu vrstu softvera pojedincima, već nosioci licence moraju biti državne institucije. Quote:Istraživanje je, kako navodi, pokazalo da je napadač u telefone "ušao" preko aplikacije HomeKit koju imaju svi napredniji Apple telefoni. RE: Predator Files: Technical deep-dive into surveillance products - Petar - 11-29-2023 Koliko je meni jasno iz ovoga jeste da NSO razvija Zero-Click napade na osnovu Zero-Day propusta koje pronadju. To znaci da zrtva ne treba da uradi nista da bi napad bio uspesan, a napad obicno zapocinje kada napadac posalje specijalno dizajniranu SMS, email, ili neku drugu instant-messaging poruku. U prevodu NSO zna za propust za koji ni Apple ne zna i ima nacina da ga upotrebi na metu (korisnika iPhone-a) bez da ona ista treba da uradi/klikne.
Preporuka je da se omoguci Apple-ov LockDown mod zastite kako bi bar bili obavesteni o sumnjivim blokiranim aktivnostima na vasem iPhone-u. Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains - The Citizen Lab Kako se u iznad navedenom izvestaju CitizenLab-a navodi, nije uoceno da su napadi bili uspesni na uredjaje koji su imali LockDown mod upaljen. Postoji i softver koji se slobodno moze koristiti za forenziku telefona MVT. Ako ste meta od velikog znacaja i mislite da ste takodje targetirani po obavestenjima od Apple Threat Notification ili notifikaciji od LockDown-a na iPhone-u, moze te se obratiti: Lista jos korisnih kontakata: Tool: Find Emergency Resources - Consumer Reports Security Planner RE: Predator Files: Technical deep-dive into surveillance products - Petar - 11-29-2023 VirusTotal IoCs: * Cytrox (https://www.virustotal.com/gui/collection/452597908679766ab49a60fb22c09cdfd2f86494ab87605369b973ce9f43f64b/iocs) * Pegasus (https://www.virustotal.com/gui/collection/861cc7c9179861641bd28c05e56b69985923f42bf5b6b189ff47d5d2772cea1d) Domeni: novosti[.]bid politika[.]bid RE: Predator Files: Technical deep-dive into surveillance products - 1van - 11-30-2023 Da dodamo i ove: danas[.]bid, svetovid[.]bid, kormoran[.]bid i bumabar[.]bid Quote:BIRN je pronašao još nekoliko sumnjivih domena sa karakterističnim završetkom “.bid”, koji su izgleda bili rezervisani za žrtve u Srbiji. Pretpostavlja se da su i domeni “danas.bid”, “svetovid.bid” , “kormoran.bid” i “bumabara.bid” mogli biti zaraženi virusom. Posebno je interesantan domen “svetovid.bid” za koji postoji više indikatora da se radi o spajver programu, odnosno programu za nadzor. Izvor: https://about.fb.com/wp-content/uploads/2021/12/Threat-Report-on-the-Surveillance-for-Hire-Industry.pdf Izvor: https://birn.rs/izraelski-softveri-za-spijunazu-gradani-srbije-na-meti-predatora/ RE: Predator Files: Technical deep-dive into surveillance products - 1van - 11-30-2023 I povezano: Potencijalni dokaz da Srbija koristi komercijalni špijunski softver? Domeni: dnevnidogadjaji[.]com, filesharingbox[.]com RE: Predator Files: Technical deep-dive into surveillance products - 1van - 12-06-2023 Newsnight o špijuniranju pripadnika civilnog društva |