Web Excursions 2021-07-19
A summary of the Pegasus leak; the irreplaceable role played by Weibo despite of its abysmal product design.
Revealed: leak uncovers global abuse of cyber-surveillance weapon | Surveillance | The Guardian
What is in the data leak?
A list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group
the time and date that numbers were selected, or entered on to a system.
What does the leak indicate?
the potential targets NSO’s government clients identified in advance of possible surveillance.
does not reveal
whether there was an attempt to infect the phone with spyware such as Pegasus,
the company’s signature surveillance tool, or
whether any attempt succeeded.
forensic examinations found tight correlations between the time and date of a number in the data and the start of Pegasus activity
What did forensic analysis reveal?
Amnesty examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration.
Fifteen of the phones were Android devices, none of which showed evidence of successful infection.
However, unlike iPhones, phones that use Android do not log the kinds of information required for Amnesty’s detective work.
Which NSO clients were selecting numbers?
10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates.
What does NSO Group say?
What is HLR [home location register] lookup data?
a database that is essential to operating mobile phone networks.
keep records on the networks of phone users and their general locations, along with other identifying information that is used routinely in routing calls and texts.
can sometimes be used in the early phase of a surveillance attempt, when identifying whether it is possible to connect to a phone.
Response from NSO and governments | World news | The Guardian
HN comments
alex_duf [former software engineer at the Guardian]: Yes the news outlets are collaborating on stories too big for a single one.
The last I can remember was the Panama papers. They shared more than just information, but also technical infrastructure to do the investigation.
tedunangst: [According to the article], Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.
新闻实验室 Newsletter #283
微博的广场角色无人能够取代。
其实新浪微博并不是中国最早的微博客,但早于它出现的饭否等产品只能死掉,只有新浪微博可以存活,因为只有它才能和监管层之间达成默契和信任。
在中国,承担广场的角色需要的是民众的认可加上监管层的授权,缺一不可。
新浪微博正好具备了这两者,饭否少了后者,人民微博少了前者。
短期内,难以看到其他产品有同时具备这两种条件的可能。
但微博的其他角色已经被其他产品取代,包括:对陪伴的需求,对优质内容的阅读需求,对同温层社交的需求,对陌生人社交的需求,等等,它们被微信公号、被播客、被新的社交app、被newsletter共同取代。
或许,越来越多人的使用习惯已经变成:听说有瓜了,打开微博,平时就让它安静地躺在手机的某个角落吧。