Israeli company's spyware used to target corruption-fighting journalists and lawyers in Mexico

The NSO Group is an Israeli firm that describes itself as a "cyber warfare" company, dealing exclusively to governments, including the famously corrupt and dysfunctional government of Mexico. The NSO Group is presently for sale, with a $1 billion pricetag. Read the rest

Germany mulls sweeping surveillance bill, crypto backdoors and fingerprinting kids

Germany's interior ministry has announced sweeping new surveillance powers ahead of the coming national election, which would include the right to infect residents' computers with malware in order to spy on their encrypted communications (shades of the illegal Bundestrojaner program), ordering tech companies to deliberately introduce defects into their cryptography, and fingerprinting children as young as 6. Read the rest

Police now routinely crack and extract all phone data from arrestees

Muckrock filed Freedom of Information Requests with multiple US police forces to find out how they were using "mobile phone forensic extraction devices" -- commercial devices that suck all the data out of peoples' phones and make it available for offline browsing. Read the rest

Chinese law requiring internet companies to spy on users comes into effect this week

While China has enlisted its internet giants -- such as Weibo -- in its system of social control and surveillance for years, a new "cyber security law" will come into effect on Thursday that expands and formalizes this role for tech companies, with implications for non-Chinese companies doing business in China. Read the rest

UK Tories say they'll exploit Manchester's dead to ban working crypto in the UK

One of UK Prime Minister Theresa May's government ministers told a reporter from The Sun that the government is planning on invoking the "Technical Capabilities Orders" section of the Snoopers Charter, a 2016 domestic spying bill; the "orders" allow the government to demand that companies cease using working cryptography in their products and services, substituting it with deliberately defective code that can be broken. Read the rest

Thailand is losing the war on dissent, thanks to user notifications and HTTPS

Thailand's insane lese majeste laws make it radioactively illegal to criticize the royal family, reflecting a profound insecurity about the legitimacy of the ruling elites there that can only be satisfied through blanket censorship orders whenever one of the royals does something ridiculous, cruel or both (this happens a lot). Read the rest

The NSA no longer claims the right to read your email in case you're talking about foreigners

For more than a decade, the Electronic Frontier Foundation has been suing the NSA over its extraordinarily broad interpretation of its powers under Section 702 of the FISA Amendments Act -- a law that the NSA says gives it the power to spy on Americans any time they mention a foreigner. Read the rest

Iran sucks at censoring apps, so the Persian diaspora is using them for unfiltered political discussion

With a (symbolic) (but it's a potent symbol) election looming in Iran, the global Persian diaspora is not lacking for news organs that are producing the kind of unfiltered political news that would get you jailed or killed in Iran. Read the rest

Japan secretly funneled hundreds of millions to the NSA, breaking its own laws

The Intercept publishes a previously-unseen set of Snowden docs detailing more than $500,000,000 worth of secret payments by the Japanese government to the NSA, in exchange for access to the NSA's specialized surveillance capabilities, in likely contravention of Japanese privacy law (the secrecy of the program means that the legality was never debated, so no one is sure whether it broke the law). Read the rest

A look inside the shady world of Flexispy, makers of "stalkerware" for jealous spouses

Motherboard's Joseph Cox continues his excellent reporting on Flexispy, a company that make "stalkerware" marketed to jealous spouses through a network of shady affiliates who feature dudes beating up their "cheating girlfriends" after catching them by sneaking spyware onto their devices. Read the rest

DEA bought zero-day exploits from disgraced cyber-arms dealer Hacking Team

A Freedom of Information Act request reveals that the DEA spent $575,000 buying access to weaponized zero-day exploits sold by Hacking Team, the hacked and disgraced Italian cyber-arms dealer who outfitted despots, dictators, the FBI, and America's local police departments. Read the rest

Hackers shut down stalkerware companies that spy for spouses and parents, delete and dump their files

Two hackers supplied Motherboard with 130,000 account details hacked from Retina-X and FlexiSpy, who market covert surveillance tools to jealous spouses and nervous parents -- tools that are intended to be covertly installed on their laptops and mobile devices in order to tap into their keystrokes, mics, calls, stored photos and other capabilities. Read the rest

The latest NSA dump from the Shadow Brokers tells you how to break into banks

The mysterious tragicomic hacking group The Shadow Brokers continues to dump incredibly compromising cyberweapons and internal information looted from the NSA, accompanied by Borat-compliant gibberish that reads like someone trying to make you guess whether there's a false flag in play, and if so, who is waving it. Read the rest

Technology should serve us, not boss us around

Today on the Tor-Forge blog, I write about the nearly inescapable temptation of trying to solve our problems with other peoples' actions by redesigning the technology they use to boss them around, rather than serving them. Read the rest

Stingray for criminals: spreading mobile malware with fake cellphone towers

Police who rely on vulnerabilities in crooks' devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries. Read the rest

Italy unveils a legal proposal to regulate government hacking

Internet traffic nowadays is mostly encrypted (“HTTPS”). Thus, for a few years now, Law Enforcement Agencies (LEA) have been facing far more challenges at gathering data through the interception of connections than they used to.

Cyberarms dealer's weapons used against Mexican soda-tax activists

NSO is an Israel cyberarms dealer, which buys or researches vulnerabilities in software and then weaponizes them; claiming that these cyberweapons will only be used by democratic governments and their police forces to attacks serious criminals and terrorists -- a claim repeated by its competitors, such as Italy's Hacking Team and Gamma Group. Read the rest

More posts