Web Excursions 2021-07-19

A summary of the Pegasus leak; the irreplaceable role played by Weibo despite of its abysmal product design.


Revealed: leak uncovers global abuse of cyber-surveillance weapon | Surveillance | The Guardian

  • What is in the data leak?

    • A list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group

    • the time and date that numbers were selected, or entered on to a system.

  • What does the leak indicate?

    • the potential targets NSO’s government clients identified in advance of possible surveillance.

    • does not reveal

      • whether there was an attempt to infect the phone with spyware such as Pegasus,

      • the company’s signature surveillance tool, or

      • whether any attempt succeeded.

    • forensic examinations found tight correlations between the time and date of a number in the data and the start of Pegasus activity

  • What did forensic analysis reveal?

    • Amnesty examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration.

    • Fifteen of the phones were Android devices, none of which showed evidence of successful infection.

      • However, unlike iPhones, phones that use Android do not log the kinds of information required for Amnesty’s detective work.

  • Which NSO clients were selecting numbers?

    • 10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates.

  • What does NSO Group say?

  • What is HLR [home location register] lookup data?

    • a database that is essential to operating mobile phone networks.

    • keep records on the networks of phone users and their general locations, along with other identifying information that is used routinely in routing calls and texts.

    • can sometimes be used in the early phase of a surveillance attempt, when identifying whether it is possible to connect to a phone.

Response from NSO and governments | World news | The Guardian

HN comments

  • alex_duf [former software engineer at the Guardian]: Yes the news outlets are collaborating on stories too big for a single one.

    • The last I can remember was the Panama papers. They shared more than just information, but also technical infrastructure to do the investigation.

  • tedunangst: [According to the article], Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.


新闻实验室 Newsletter #283

  • 微博的广场角色无人能够取代。

    • 其实新浪微博并不是中国最早的微博客,但早于它出现的饭否等产品只能死掉,只有新浪微博可以存活,因为只有它才能和监管层之间达成默契和信任。

    • 在中国,承担广场的角色需要的是民众的认可加上监管层的授权,缺一不可。

    • 新浪微博正好具备了这两者,饭否少了后者,人民微博少了前者。

    • 短期内,难以看到其他产品有同时具备这两种条件的可能。

  • 但微博的其他角色已经被其他产品取代,包括:对陪伴的需求,对优质内容的阅读需求,对同温层社交的需求,对陌生人社交的需求,等等,它们被微信公号、被播客、被新的社交app、被newsletter共同取代。

  • 或许,越来越多人的使用习惯已经变成:听说有瓜了,打开微博,平时就让它安静地躺在手机的某个角落吧。