almet/blog.notmyidea.org
1
0
Fork 0
mirror of https://github.com/almet/notmyidea.git synced 2025-04-28 11:32:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
blog.notmyidea.org/content/Notes/2024-12-28-security-lab-surveillance.md
Alexis Métaireau 63461206d7
update
2025-01-15 15:56:09 +01:00

47 lines
2.1 KiB
Markdown
Raw Blame History

---
title: State of Surveillance, A year of digital threats to civil society
speaker: Jurre van Bergen
link: https://events.ccc.de/congress/2024/hub/en/event/state-of-surveillance-a-year-of-digital-threats-to-civil-society/---
tags: 38c3, spyware
---
*These are notes taken during and after the 38C3 conference in Hambourg. Notes might be a bit sketchy at times*
19 countries have been impacted by attacks on journalists and the civil society.
Spyware systems are sold for millions of euros. Each successful attack may cost 10-20+ thousand euros, according to intellexa quotes.
## Landscape is ever evolving - spyware
Modern iOs and android full chains are hard. Some states have moved to using tools like Cellebrite.
**Not a single victim has won a lawsuit aainst a spyware company.**
WhatsApp VS NSO Group, in 2019, they won (will be public in 2025), they violated the CFAA (hacking laws in the US) and the Californian equivalent.
Wintego. Found malicious domains targeting indonesia and two companies in Singapore.
Two spywares: WINT, used by singapore police. Helios is another one.
## NSO Group
They seem to be in 5 countries, known for Pegasus.
## Naraphorn "Bie" Onnkhaow
She was found 14 times infected with Pegasus, A student in Thailand. For democracy protest movements, that began in 2020.
They are connecting together the fact that activists with different genders can be at higher risk, because they fear that what's private goes public, as a pressure against them.
Thai court case against NSO: Human right defender from Thailand (Jatupat Boonpattararaksa), but he lost the case because he cannot connect the spyware with NSO itself.
## Novispy
A new spyware named "novispy", coming from Serbian Intelligence Agency.
- In Serbian, Krokodil (an NGO organising lecture festival) was targeted, they exported contacts while being interviewed.
- It was installing packages. They managed to recover screenshots they took.
IP range was the same than previous IP in FinFisher (a previous malware)
## Notable
There are IP ranges that were used for predator. Could be just blacklist them ?
Reference in a new issue View git blame Copy permalink