A summary of the Pegasus leak; the irreplaceable role played by Weibo despite of its abysmal product design.
What is in the data leak?
A list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group
the time and date that numbers were selected, or entered on to a system.
What does the leak indicate?
the potential targets NSO’s government clients identified in advance of possible surveillance.
does not reveal
whether there was an attempt to infect the phone with spyware such as Pegasus,
the company’s signature surveillance tool, or
whether any attempt succeeded.
forensic examinations found tight correlations between the time and date of a number in the data and the start of Pegasus activity
What did forensic analysis reveal?
Amnesty examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration.
Fifteen of the phones were Android devices, none of which showed evidence of successful infection.
However, unlike iPhones, phones that use Android do not log the kinds of information required for Amnesty’s detective work.
Which NSO clients were selecting numbers?
10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates.
What does NSO Group say?
What is HLR [home location register] lookup data?
a database that is essential to operating mobile phone networks.
keep records on the networks of phone users and their general locations, along with other identifying information that is used routinely in routing calls and texts.
can sometimes be used in the early phase of a surveillance attempt, when identifying whether it is possible to connect to a phone.
alex_duf [former software engineer at the Guardian]: Yes the news outlets are collaborating on stories too big for a single one.
The last I can remember was the Panama papers. They shared more than just information, but also technical infrastructure to do the investigation.
tedunangst: [According to the article], Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.