1
00:00:01,720 --> 00:00:08,200
Speaker 1: All zone media welcome to it could happen here a

2
00:00:08,240 --> 00:00:12,600
Speaker 1: show about things falling apart. One such thing frequently falling

3
00:00:12,600 --> 00:00:18,000
Speaker 1: apart is any notion of privacy or digital privacy. Ever,

4
00:00:18,239 --> 00:00:21,440
Speaker 1: encroaching surveillance is one of the biggest global issues affecting

5
00:00:21,480 --> 00:00:25,640
Speaker 1: free expression and a free press, both directly through surveillance

6
00:00:25,680 --> 00:00:29,880
Speaker 1: technology but also by chilling speech. I'm Garrison Davis, and

7
00:00:30,120 --> 00:00:34,520
Speaker 1: this past week, news has swept the Internet that ICE

8
00:00:34,680 --> 00:00:39,040
Speaker 1: is using software from an Israeli company called Paragon, which

9
00:00:39,120 --> 00:00:44,000
Speaker 1: allows ICE or DHS to secretly hack into any smartphone,

10
00:00:44,360 --> 00:00:48,840
Speaker 1: break encryption, access messages, track real time location, and turn

11
00:00:48,960 --> 00:00:53,639
Speaker 1: your iPhone or Android into a walking listening device, all

12
00:00:53,680 --> 00:00:57,920
Speaker 1: of which sounds very scary, and some of which is true,

13
00:00:58,680 --> 00:01:02,800
Speaker 1: though some of these class are exaggerated or even likely

14
00:01:02,880 --> 00:01:06,960
Speaker 1: false based on what we can currently infer from published research.

15
00:01:07,800 --> 00:01:11,200
Speaker 1: Due to legitimate fears, we live in a world of

16
00:01:11,319 --> 00:01:16,200
Speaker 1: surveillance paranoia, which can lead to surveillance myths. This is

17
00:01:16,240 --> 00:01:20,800
Speaker 1: a core function of the Panopticon. People should take ICE's

18
00:01:20,840 --> 00:01:25,720
Speaker 1: new enhanced smartphone surveillance capacity seriously, but to adequately do

19
00:01:25,880 --> 00:01:30,640
Speaker 1: so requires an accurate understanding of the threat model, which

20
00:01:30,680 --> 00:01:33,440
Speaker 1: we will get into later this episode with some help

21
00:01:33,680 --> 00:01:38,760
Speaker 1: from the Electronic Frontier Foundation. But first let's address the

22
00:01:39,000 --> 00:01:43,120
Speaker 1: newsworthy aspect of this story. What has actually changed recently.

23
00:01:43,840 --> 00:01:48,080
Speaker 1: DHS first contracted with the US branch of Paragon in

24
00:01:48,200 --> 00:01:52,360
Speaker 1: September of twenty twenty four, or two million dollars, but

25
00:01:52,480 --> 00:01:55,960
Speaker 1: later that October, the contract was put on hold thanks

26
00:01:55,960 --> 00:01:58,960
Speaker 1: to a Biden executive order restricting a government use of

27
00:01:59,040 --> 00:02:02,800
Speaker 1: foreign spyware, and ever since then the contract has been

28
00:02:02,800 --> 00:02:07,200
Speaker 1: frozen pending a compliance review. But then on September first,

29
00:02:07,320 --> 00:02:11,560
Speaker 1: twenty twenty five. Just last week, investigative journalist Jack Paulson

30
00:02:11,880 --> 00:02:15,320
Speaker 1: reported that the stop work order affecting the Paragon contract

31
00:02:15,560 --> 00:02:19,320
Speaker 1: had quietly been lifted, allowing Ice to follow through on

32
00:02:19,360 --> 00:02:23,680
Speaker 1: the contract and start using Paragon's spyware technology, most likely

33
00:02:23,840 --> 00:02:29,960
Speaker 1: including their flagship product, Graphite. What is Graphite? Great question

34
00:02:30,880 --> 00:02:34,840
Speaker 1: one that I felt underqualified to fully answer myself, so

35
00:02:35,000 --> 00:02:37,639
Speaker 1: I spoke with an expert, Cooper Quinton, of the Digital

36
00:02:37,720 --> 00:02:41,480
Speaker 1: Rights group the Electronic Frontier Foundation. You'll hear from him

37
00:02:41,560 --> 00:02:43,080
Speaker 1: throughout the episode.

38
00:02:43,400 --> 00:02:46,160
Speaker 2: My name is Cooper Quinton. I am a senior staff

39
00:02:46,160 --> 00:02:50,280
Speaker 2: technologist at the Electronic Frontier Foundation. There I do a

40
00:02:50,320 --> 00:02:53,840
Speaker 2: lot of different things. Most specifically, for the purposes of

41
00:02:53,840 --> 00:02:57,840
Speaker 2: this talk, I do malware research on malware that targets activists, journalists,

42
00:02:57,840 --> 00:03:03,239
Speaker 2: and civil society. So is a type of spyware that

43
00:03:03,480 --> 00:03:08,280
Speaker 2: is able to read your messages from your phone the

44
00:03:08,320 --> 00:03:10,760
Speaker 2: same way that you or you know, maybe a cop

45
00:03:10,800 --> 00:03:14,400
Speaker 2: could if they had physical access to your unlocked phone, right.

46
00:03:14,840 --> 00:03:17,760
Speaker 2: That is the main capability that it has. According to

47
00:03:17,800 --> 00:03:20,960
Speaker 2: the reporting published by Citizen Lab, its main job is

48
00:03:21,000 --> 00:03:25,560
Speaker 2: to hook into WhatsApp and into other encrypted chat apps

49
00:03:25,960 --> 00:03:28,680
Speaker 2: and just read the messages in those apps, like in

50
00:03:28,720 --> 00:03:32,040
Speaker 2: the messages you've already sent and any future messages that

51
00:03:32,120 --> 00:03:35,880
Speaker 2: you send. That's really it's the that's the meat of Graphite.

52
00:03:36,160 --> 00:03:40,360
Speaker 1: Something that sets Paragon apart from their fellow Israeli competitors

53
00:03:40,520 --> 00:03:44,240
Speaker 1: is that Paragon has marketed itself as the ethical choice

54
00:03:44,400 --> 00:03:47,960
Speaker 1: for spyware. One of their early investors in Israeli firm

55
00:03:48,000 --> 00:03:52,000
Speaker 1: called red Dot wrote, quote Paragon builds best in class

56
00:03:52,080 --> 00:03:56,960
Speaker 1: cyber intelligence software to empower democratic countries, providing cutting edge

57
00:03:57,000 --> 00:03:59,320
Speaker 1: capabilities that make the world safer.

58
00:03:59,760 --> 00:04:00,000
Speaker 2: Quote.

59
00:04:00,720 --> 00:04:03,920
Speaker 1: On their US website, Paragon says that they are quote

60
00:04:03,960 --> 00:04:08,880
Speaker 1: unquote empowering ethical cyber defense and that they provide customers

61
00:04:08,920 --> 00:04:12,680
Speaker 1: with quote ethically based tools, teams, and insights to disrupt

62
00:04:12,840 --> 00:04:18,760
Speaker 1: intractable threats unquote. Though they use the term cyber defense

63
00:04:19,000 --> 00:04:24,240
Speaker 1: on their US site, Paragon's startup page reads quote Paragon

64
00:04:24,440 --> 00:04:28,400
Speaker 1: is an offense focused cyber company using digital intelligence for

65
00:04:28,480 --> 00:04:32,919
Speaker 1: smartphone and internet surveillance solutions. The company applies strict moral

66
00:04:32,960 --> 00:04:36,839
Speaker 1: restrictions on itself, limiting its extraction of information from targeted

67
00:04:36,839 --> 00:04:41,840
Speaker 1: devices to conversations on chat apps. Paragon works solely with

68
00:04:41,920 --> 00:04:45,520
Speaker 1: police forces and intelligence agencies that meet the standards of

69
00:04:45,560 --> 00:04:51,040
Speaker 1: an enlightened democracy, which includes only thirty nine countries unquote.

70
00:04:51,480 --> 00:04:54,240
Speaker 1: One of Paragon's senior executives told Forbes in twenty twenty

71
00:04:54,320 --> 00:04:56,960
Speaker 1: one that they would only sell their technology to governments

72
00:04:56,960 --> 00:05:01,000
Speaker 1: that quote unquote abide by international norms and respect fundamental

73
00:05:01,080 --> 00:05:05,919
Speaker 1: rights and freedoms, and that quote authoritarian or non democratic

74
00:05:05,960 --> 00:05:11,320
Speaker 1: regimes would never be customers. Unfortunately, Paragon was not pressed

75
00:05:11,400 --> 00:05:17,160
Speaker 1: on what their definition of authoritarian regimes includes. In recent reporting,

76
00:05:17,160 --> 00:05:20,039
Speaker 1: there's been a lot of misconceptions about the capabilities of

77
00:05:20,160 --> 00:05:25,160
Speaker 1: Paragon's main product, Graphite. The Guardian wrote, quote, by essentially

78
00:05:25,200 --> 00:05:28,119
Speaker 1: taking control of the mobile phone ice can not only

79
00:05:28,200 --> 00:05:31,320
Speaker 1: track in individuals whereabouts, read their messages, look at their photographs,

80
00:05:31,560 --> 00:05:34,800
Speaker 1: but also open and read information held on encrypted applications

81
00:05:34,839 --> 00:05:37,960
Speaker 1: like WhatsApp or signal. Spyware like Graphite can also be

82
00:05:38,040 --> 00:05:41,400
Speaker 1: used as a listening device through manipulation of the phone's

83
00:05:41,480 --> 00:05:45,960
Speaker 1: recorder unquote. But research into Graphite by the surveillance watchdog

84
00:05:46,000 --> 00:05:50,920
Speaker 1: group Citizen Lab has not indicated that Graphite has all

85
00:05:50,920 --> 00:05:54,320
Speaker 1: these capabilities or tries to quote unquote take control of

86
00:05:54,360 --> 00:05:58,520
Speaker 1: the entire device, But other tech journalists have since parroted

87
00:05:58,600 --> 00:06:02,720
Speaker 1: The Guardian's unfounded class that Graphite fully takes over a

88
00:06:02,800 --> 00:06:05,719
Speaker 1: phone and can record audio through the microphone.

89
00:06:06,120 --> 00:06:10,320
Speaker 2: This is actually less full featured than other spyware we've

90
00:06:10,320 --> 00:06:14,360
Speaker 2: seen in the past, like NSL groups, Pegasus spywere. Other

91
00:06:14,720 --> 00:06:17,000
Speaker 2: types of spyware that I've seen tend to have a

92
00:06:17,080 --> 00:06:20,320
Speaker 2: lot more capabilities, right, They have the capability of like

93
00:06:20,400 --> 00:06:25,000
Speaker 2: turning on GPS location tracking, the capability to turn on

94
00:06:25,080 --> 00:06:27,320
Speaker 2: a hot mic, to do all these other things. And

95
00:06:27,360 --> 00:06:30,640
Speaker 2: this seems as far as as far as Citizen Lab

96
00:06:30,680 --> 00:06:34,080
Speaker 2: has reported to not be present within the Graphite malware,

97
00:06:34,120 --> 00:06:38,640
Speaker 2: and I think this is because Paragon has presented themselves

98
00:06:38,640 --> 00:06:43,159
Speaker 2: as kind of being the quote unquote responsible malware manufacturer, right,

99
00:06:43,200 --> 00:06:45,960
Speaker 2: and they're like like trying to minimize the amount of

100
00:06:46,040 --> 00:06:48,680
Speaker 2: data they collect. It doesn't mean they couldn't add this

101
00:06:48,720 --> 00:06:51,000
Speaker 2: stuff in the future, but that's the that's the gist

102
00:06:51,040 --> 00:06:52,839
Speaker 2: of it. It's actually, you know, kind of a very

103
00:06:52,920 --> 00:06:56,120
Speaker 2: stripped down malware. I don't want to minimize like how

104
00:06:56,160 --> 00:06:59,160
Speaker 2: impactful it would be for this mawur to get all

105
00:06:59,160 --> 00:07:02,240
Speaker 2: of your messages. That could have a huge impact for people.

106
00:07:02,720 --> 00:07:06,480
Speaker 2: But we don't need to make up capabilities that our

107
00:07:06,520 --> 00:07:11,040
Speaker 2: adversary has, especially under fascism, right, Like we can we

108
00:07:11,080 --> 00:07:13,400
Speaker 2: can just work with the capabilities that we know they have.

109
00:07:14,320 --> 00:07:17,200
Speaker 1: A lot of reporting and discussion of Graphite and Paragon

110
00:07:17,480 --> 00:07:21,040
Speaker 1: frame it as an equivalent to nsoss by where Pegasus,

111
00:07:21,200 --> 00:07:24,440
Speaker 1: which has been banned in the United States for four years,

112
00:07:24,880 --> 00:07:28,520
Speaker 1: Pegasus seeks to completely hijack the target device more broadly,

113
00:07:28,960 --> 00:07:34,160
Speaker 1: similar to guardians claims about Graphite. But by forcing this comparison,

114
00:07:34,520 --> 00:07:38,760
Speaker 1: people might be inadvertently boosting Paragon's brand with free marketing

115
00:07:38,880 --> 00:07:41,320
Speaker 1: by making their product out to be something that I'm

116
00:07:41,320 --> 00:07:44,440
Speaker 1: sure Paragon would like to have people think it is,

117
00:07:45,120 --> 00:07:48,720
Speaker 1: but doesn't actually equate their realistic threat model, similar to

118
00:07:48,760 --> 00:07:54,040
Speaker 1: how predictions of an evil superintelligent AI actually currently serve

119
00:07:54,120 --> 00:07:56,880
Speaker 1: to boost the stock price of AI companies.

120
00:07:57,280 --> 00:07:59,200
Speaker 2: I think a lot of people are doing the work

121
00:07:59,440 --> 00:08:03,760
Speaker 2: for the these companies that are aligning themselves with fascism, right,

122
00:08:03,880 --> 00:08:08,200
Speaker 2: And I don't think it's a great trend actually, right, like,

123
00:08:08,200 --> 00:08:13,000
Speaker 2: like people are assuming that you know, Palateer is sort

124
00:08:13,000 --> 00:08:16,600
Speaker 2: of watching everything, right, and it really Palanteer is just

125
00:08:16,880 --> 00:08:22,360
Speaker 2: like fancy visual graphing software essentially, right, Like the danger

126
00:08:22,440 --> 00:08:25,920
Speaker 2: of Palenteer is combining these two government databases, right, this

127
00:08:26,080 --> 00:08:29,480
Speaker 2: mawere the GRAPHI mawere right, Like, yeah, it's it's not good,

128
00:08:29,600 --> 00:08:33,000
Speaker 2: but you know it's not magical, right, it's not omniscient.

129
00:08:33,080 --> 00:08:35,560
Speaker 2: It's not able to you know, I don't know, go

130
00:08:35,600 --> 00:08:37,960
Speaker 2: eat the fridge out of your food and you know,

131
00:08:38,080 --> 00:08:39,520
Speaker 2: beat up your dad or something like.

132
00:08:39,600 --> 00:08:42,920
Speaker 1: You know, well now we're talking now, Now that's a

133
00:08:42,960 --> 00:08:43,719
Speaker 1: good app.

134
00:08:44,200 --> 00:08:47,080
Speaker 2: If only if only chech bros could solve such social problems.

135
00:08:47,679 --> 00:08:49,000
Speaker 1: No, no, they would never.

136
00:08:49,400 --> 00:08:52,120
Speaker 2: No, but yeah, you know it's not it's not imagical, right,

137
00:08:52,120 --> 00:08:54,160
Speaker 2: And we don't need to do their work for them, right,

138
00:08:54,200 --> 00:08:56,640
Speaker 2: We don't need to do their myth making for them. Right,

139
00:08:56,920 --> 00:09:00,520
Speaker 2: A bigger threat to the majority of people in the

140
00:09:00,600 --> 00:09:05,679
Speaker 2: US is getting your phone seized by the cops. Right, totally.

141
00:09:05,880 --> 00:09:09,560
Speaker 2: There's nothing this maur can do, according to public reports,

142
00:09:09,559 --> 00:09:11,280
Speaker 2: at least that the cops can't do if they get

143
00:09:11,320 --> 00:09:12,520
Speaker 2: hold of your unlocked phone.

144
00:09:12,679 --> 00:09:16,560
Speaker 1: Right. Having phased idea or fordgit pass code is much

145
00:09:16,600 --> 00:09:20,959
Speaker 1: more dangerous to your digital security. Yes, as an average person,

146
00:09:21,120 --> 00:09:23,800
Speaker 1: even as it like anaged person, like going to a protest.

147
00:09:24,120 --> 00:09:29,720
Speaker 2: Yes, yes, absolutely absolutely. You know, Celebrate, which is the

148
00:09:29,760 --> 00:09:31,960
Speaker 2: machine that police plug your phone into you to make

149
00:09:32,000 --> 00:09:34,240
Speaker 2: a copy of all the data on it, is much

150
00:09:34,280 --> 00:09:37,600
Speaker 2: more dangerous to the average American than the Paragon is.

151
00:09:37,600 --> 00:09:39,080
Speaker 2: They're much more likely to encounter that.

152
00:09:39,720 --> 00:09:42,080
Speaker 1: This is more of a niche gripe, but one that's

153
00:09:42,120 --> 00:09:46,080
Speaker 1: still important. There's been claims that quote ice can now

154
00:09:46,240 --> 00:09:50,720
Speaker 1: hack any phone and break encryption, but Graphite doesn't actually

155
00:09:50,800 --> 00:09:54,840
Speaker 1: quote unquote break encryption. It's not going after the encryption

156
00:09:54,960 --> 00:10:00,080
Speaker 1: on Signal or WhatsApp. Instead, Paragon tries to circumvent and

157
00:10:00,160 --> 00:10:02,920
Speaker 1: encryption by trying to gain access to content on a

158
00:10:02,960 --> 00:10:06,920
Speaker 1: targeted device once it's been unencrypted by an application like

159
00:10:07,040 --> 00:10:10,880
Speaker 1: WhatsApp for the user to read similar to how if

160
00:10:10,920 --> 00:10:13,680
Speaker 1: you have push notifications on for an application like Signal,

161
00:10:14,040 --> 00:10:18,080
Speaker 1: if the police seize your phone and push notifications display

162
00:10:18,280 --> 00:10:21,840
Speaker 1: messages from Signal, that doesn't mean the police have quote

163
00:10:21,880 --> 00:10:26,240
Speaker 1: unquote broken signals encryption. Now, in order for Graphit to

164
00:10:26,320 --> 00:10:29,480
Speaker 1: extract messages from your phone, it needs to get onto

165
00:10:29,520 --> 00:10:32,720
Speaker 1: your phone in the first place. Graphite is just the

166
00:10:32,760 --> 00:10:36,840
Speaker 1: implanted code that can read and extract your messages. First,

167
00:10:36,880 --> 00:10:39,440
Speaker 1: it needs to get onto your phone via what's called

168
00:10:39,440 --> 00:10:42,720
Speaker 1: an exploit, which is usually a message sent to a

169
00:10:42,720 --> 00:10:46,199
Speaker 1: phone number or a WhatsApp account that attacks a vulnerability

170
00:10:46,240 --> 00:10:49,240
Speaker 1: in your phone's code to gain permissions to load the

171
00:10:49,320 --> 00:10:53,319
Speaker 1: Graphight onto the messaging apps. Graphight and the exploit are

172
00:10:53,600 --> 00:10:57,600
Speaker 1: two separate programs that work together, but exploits need to

173
00:10:57,600 --> 00:11:01,120
Speaker 1: be frequently changed to keep up with soft where security updates,

174
00:11:01,480 --> 00:11:06,040
Speaker 1: and that's expensive. You need different exploits for Android and iOS.

175
00:11:06,800 --> 00:11:11,160
Speaker 1: Paragon has been using zero click exploits, meaning the owner

176
00:11:11,200 --> 00:11:13,920
Speaker 1: of the phone doesn't have to manually click a link

177
00:11:14,040 --> 00:11:17,040
Speaker 1: or intentionally download a file for the exploit to try

178
00:11:17,040 --> 00:11:20,360
Speaker 1: to gain permissions on the device. You don't have to

179
00:11:20,440 --> 00:11:22,280
Speaker 1: click or do anything. You just have to receive the

180
00:11:22,320 --> 00:11:25,720
Speaker 1: message and then the spyware gets to work, which is

181
00:11:25,920 --> 00:11:29,320
Speaker 1: very scary. But this technology cannot be deployed en mass

182
00:11:29,559 --> 00:11:32,079
Speaker 1: because of how expensive and specific it needs to be

183
00:11:32,280 --> 00:11:33,200
Speaker 1: in order to work.

184
00:11:33,520 --> 00:11:35,440
Speaker 2: The other thing that I think is missing a lot

185
00:11:35,440 --> 00:11:38,800
Speaker 2: from the conversation about Graphite in particular, is that the

186
00:11:38,920 --> 00:11:41,880
Speaker 2: malware is just the program that runs when it gets

187
00:11:41,920 --> 00:11:46,080
Speaker 2: on your phone, and first, before they can install Graphite,

188
00:11:46,160 --> 00:11:48,720
Speaker 2: they have to get onto your phone through some sort

189
00:11:48,720 --> 00:11:51,160
Speaker 2: of exploit. If your phone is up to date and

190
00:11:51,160 --> 00:11:53,600
Speaker 2: fully passed, this will have to be a zero day exploit,

191
00:11:53,640 --> 00:11:56,720
Speaker 2: which means it's an exploit that has had zero days

192
00:11:56,720 --> 00:11:59,520
Speaker 2: for Apple or Google or whoever to fix it because

193
00:11:59,559 --> 00:12:02,720
Speaker 2: it is un known to them, and these exploits cost

194
00:12:03,080 --> 00:12:05,839
Speaker 2: millions of dollars right now. Paragon is not going to

195
00:12:05,880 --> 00:12:08,720
Speaker 2: pay that millions of dollars for each person they're exploiting,

196
00:12:08,720 --> 00:12:13,080
Speaker 2: but there is a large per person cost to Ice

197
00:12:13,120 --> 00:12:15,920
Speaker 2: for each person they're going to exploit, because Paragon doesn't

198
00:12:16,000 --> 00:12:19,600
Speaker 2: want to blow their zero day, which costs them millions

199
00:12:19,640 --> 00:12:30,640
Speaker 2: of dollars to either buy or develop themselves.

200
00:12:32,559 --> 00:12:35,040
Speaker 1: Welcome back. I'd like to get into a little bit

201
00:12:35,040 --> 00:12:38,360
Speaker 1: of Paragon's backstory and how they've grown as a company.

202
00:12:39,360 --> 00:12:42,600
Speaker 1: Paragon was founded in twenty nineteen by former Israeli Prime

203
00:12:42,600 --> 00:12:46,400
Speaker 1: Minister A hood Brock and A Hood Schnorsen, a former

204
00:12:46,440 --> 00:12:51,560
Speaker 1: commander of the IDF's cyber Warfare Unit, basically Israel's equivalent

205
00:12:51,600 --> 00:12:56,200
Speaker 1: of the NSA called Unit to eight two hundred three.

206
00:12:56,240 --> 00:13:00,760
Speaker 1: Other Paragon co founders are also ex Israeli intelligence. The

207
00:13:00,760 --> 00:13:03,920
Speaker 1: startup got early financing from a Televiv investment fund called

208
00:13:04,040 --> 00:13:08,160
Speaker 1: Red Dot Capital, though Paragon also received backing from American

209
00:13:08,240 --> 00:13:11,760
Speaker 1: venture capital. In twenty twenty one, Forbes reported that the

210
00:13:11,800 --> 00:13:15,600
Speaker 1: Boston based Battery Ventures had invested between five to ten

211
00:13:15,679 --> 00:13:20,000
Speaker 1: million in Paragon. Bloomberg Capital has also supported the company.

212
00:13:20,760 --> 00:13:23,679
Speaker 1: In twenty twenty two, Paragon launched a U S subsidiary

213
00:13:23,880 --> 00:13:27,439
Speaker 1: and started recruiting former US Feds to help break into

214
00:13:27,480 --> 00:13:30,920
Speaker 1: the American market. The New York Times reported that the

215
00:13:31,000 --> 00:13:34,720
Speaker 1: DEA has used graphite as far back as twenty twenty two.

216
00:13:35,400 --> 00:13:39,840
Speaker 1: Former CIA assistant director John Finbar Fleming became the executive

217
00:13:39,920 --> 00:13:43,360
Speaker 1: chairman of Paragon US in January of twenty twenty four,

218
00:13:43,640 --> 00:13:47,560
Speaker 1: according to his LinkedIn. In December of twenty twenty four,

219
00:13:47,800 --> 00:13:52,760
Speaker 1: Paragon was acquired by AE Industrial Partners for nine hundred

220
00:13:52,880 --> 00:13:57,240
Speaker 1: million dollars. AE Industrial Partners is a Florida based private

221
00:13:57,240 --> 00:14:02,480
Speaker 1: equity fund with a specialized security portfolio. Once they bought Paragon,

222
00:14:02,800 --> 00:14:08,000
Speaker 1: emerged with another a asset, this cybersecurity company, red Lattice.

223
00:14:08,400 --> 00:14:11,280
Speaker 1: Back in twenty twenty one, Paragon had about fifty employees,

224
00:14:11,920 --> 00:14:15,200
Speaker 1: now it has over five hundred. In June of twenty

225
00:14:15,240 --> 00:14:18,240
Speaker 1: twenty five, they were hiring one hundred and fifty more.

226
00:14:18,840 --> 00:14:22,440
Speaker 1: Just a week ago, executive chairman John Finbar Fleming shared

227
00:14:22,520 --> 00:14:26,840
Speaker 1: a recruitment post that red Lattice was hiring quote emerging

228
00:14:27,000 --> 00:14:32,920
Speaker 1: and offensive cyber engineers unquote. Next, let's discuss the biggest

229
00:14:33,040 --> 00:14:36,240
Speaker 1: case study of Graphite being deployed that we know of.

230
00:14:36,760 --> 00:14:40,480
Speaker 1: On January thirty first, twenty twenty five, Meta's encrypted messaging

231
00:14:40,480 --> 00:14:44,720
Speaker 1: app WhatsApp sent a notification to ninety accounts that their

232
00:14:44,760 --> 00:14:48,680
Speaker 1: smartphones were suspected of being targeted by spyware, which has

233
00:14:48,720 --> 00:14:53,040
Speaker 1: since been traced to the Paragon product Graphite. People targeted

234
00:14:53,080 --> 00:14:57,120
Speaker 1: were journalists, human rights activists, and members of civil society

235
00:14:57,320 --> 00:15:01,640
Speaker 1: across Europe and the Mediterranean, but Timer based out of Italy.

236
00:15:02,440 --> 00:15:07,040
Speaker 1: This was a zero day and zero click exploit, meaning

237
00:15:07,040 --> 00:15:10,800
Speaker 1: it both attacked to previously unknown vulnerability and required zero

238
00:15:11,040 --> 00:15:15,040
Speaker 1: user interaction to infect the device. At first, the Italian

239
00:15:15,080 --> 00:15:20,560
Speaker 1: government denied knowledge, but Paragon canceled two contracts with customers

240
00:15:20,600 --> 00:15:25,000
Speaker 1: in Italy, and a parliamentary oversight committee later confirmed the

241
00:15:25,000 --> 00:15:29,280
Speaker 1: Italian government was using Paragon technology for spyware attacks against

242
00:15:29,480 --> 00:15:33,760
Speaker 1: c migration activists. One thing that's interesting to me is

243
00:15:33,800 --> 00:15:35,920
Speaker 1: that we talk about this technology is being very expensive,

244
00:15:36,040 --> 00:15:38,720
Speaker 1: very individual, they have to individually target you. But then

245
00:15:38,760 --> 00:15:41,520
Speaker 1: you see, you know, ninety people on WhatsApp, and you're like,

246
00:15:41,600 --> 00:15:43,520
Speaker 1: that's that's a lot of people. So you can talk

247
00:15:43,520 --> 00:15:46,640
Speaker 1: about how this attack was like structured and what we've

248
00:15:46,720 --> 00:15:47,400
Speaker 1: learned from it.

249
00:15:47,840 --> 00:15:51,480
Speaker 2: For sure, ninety people is a lot of people for

250
00:15:51,640 --> 00:15:55,200
Speaker 2: such a targeted attack, although it's you know, in terms

251
00:15:55,240 --> 00:15:59,000
Speaker 2: of most malware, like most commercial mawer, ninety people would

252
00:15:59,040 --> 00:16:01,920
Speaker 2: be a very very small attack, right, Like it wouldn't

253
00:16:02,000 --> 00:16:04,080
Speaker 2: be worth your time, So you know, it depends on

254
00:16:04,120 --> 00:16:05,000
Speaker 2: the scale of things.

255
00:16:05,280 --> 00:16:08,880
Speaker 3: I don't know what the scale of Italian civil society is, right,

256
00:16:08,960 --> 00:16:12,160
Speaker 3: but ninety people is likely I think a small fraction

257
00:16:12,360 --> 00:16:15,720
Speaker 3: of the whole of Italian civil society, right, But yeah,

258
00:16:15,760 --> 00:16:17,520
Speaker 3: those so those people.

259
00:16:17,200 --> 00:16:21,360
Speaker 2: That were targeted by Paragon, the ones that we know about.

260
00:16:21,440 --> 00:16:25,560
Speaker 2: You know, one was a Italian anti fascist journalist, right,

261
00:16:25,680 --> 00:16:27,800
Speaker 2: I think another there were a couple of other journalists

262
00:16:27,840 --> 00:16:32,400
Speaker 2: that were covering migration issues, and you know, just a

263
00:16:32,600 --> 00:16:37,280
Speaker 2: sort of a large swath across Italian civil society. So

264
00:16:37,360 --> 00:16:41,160
Speaker 2: the way they were targeted was on WhatsApp. They were

265
00:16:41,160 --> 00:16:43,440
Speaker 2: added to a group and then they were sent a

266
00:16:43,480 --> 00:16:47,000
Speaker 2: malicious PDF which they didn't even have to open, and

267
00:16:47,040 --> 00:16:49,120
Speaker 2: they didn't have to approve being added to the group.

268
00:16:49,680 --> 00:16:52,560
Speaker 2: But as soon as that malicious PDF was received by

269
00:16:52,560 --> 00:16:56,800
Speaker 2: their WhatsApp app, but by their WhatsApp client, WhatsApp client

270
00:16:56,920 --> 00:17:00,440
Speaker 2: processed the PDF and it contained code which exploited WhatsApp

271
00:17:00,560 --> 00:17:04,479
Speaker 2: and allowed Graphite to start running. So Graphie doesn't actually

272
00:17:04,520 --> 00:17:07,600
Speaker 2: install anything. To get a little bit technical, Graphie only

273
00:17:07,680 --> 00:17:10,920
Speaker 2: runs in memory of the phone, right, It only runs

274
00:17:10,920 --> 00:17:14,600
Speaker 2: in the like temporary RAM so to speak. Okay, Right,

275
00:17:14,640 --> 00:17:17,439
Speaker 2: So rebooting the phone would have cleared out of the

276
00:17:17,440 --> 00:17:20,600
Speaker 2: Graphite infection and they would have had to reinfect the person. Interesting,

277
00:17:20,680 --> 00:17:23,840
Speaker 2: right in this case. Yeah, it's possible that in the

278
00:17:23,840 --> 00:17:27,280
Speaker 2: future Paragon will find a way to make Graphite persistent.

279
00:17:28,000 --> 00:17:31,479
Speaker 2: But it does make it more stealthy, It makes it

280
00:17:31,520 --> 00:17:35,600
Speaker 2: harder to detect, It makes it harder to forensically analyze

281
00:17:35,600 --> 00:17:38,600
Speaker 2: for people like citizen Lab and like eff if it

282
00:17:38,760 --> 00:17:41,439
Speaker 2: just runs in memory, sure, right, so it kind of

283
00:17:41,480 --> 00:17:43,600
Speaker 2: makes sense that they would want to keep running it

284
00:17:43,640 --> 00:17:45,680
Speaker 2: in memory, even though rebooting it would clear out the

285
00:17:45,720 --> 00:17:47,640
Speaker 2: infection because you can just reinfect the.

286
00:17:47,560 --> 00:17:50,840
Speaker 1: Person, even like like developers like WhatsApp or like Apple

287
00:17:50,960 --> 00:17:53,760
Speaker 1: might have a harder time, like yeah, realizing that they've

288
00:17:53,800 --> 00:17:55,960
Speaker 1: been attacked. If it can get cleared out so quickly,

289
00:17:56,000 --> 00:17:56,639
Speaker 1: I guess.

290
00:17:56,760 --> 00:18:00,480
Speaker 2: Yeah, absolutely absolutely, And in this case, WhatsApp had realized

291
00:18:00,520 --> 00:18:04,080
Speaker 2: they had been attacked, they quickly figured out the pattern,

292
00:18:03,760 --> 00:18:08,479
Speaker 2: and you know, to their credit, warned everybody immediately. Often,

293
00:18:08,560 --> 00:18:11,680
Speaker 2: the only way I think people will find out they've been,

294
00:18:12,280 --> 00:18:15,880
Speaker 2: you know, infected by this spywear is if WhatsApp or

295
00:18:16,080 --> 00:18:20,000
Speaker 2: you know, somebody else maybe Apple warned you. That's not great,

296
00:18:20,600 --> 00:18:22,959
Speaker 2: but it is, but it is better than the alternative

297
00:18:22,960 --> 00:18:24,560
Speaker 2: where they just don't warn you at all.

298
00:18:24,720 --> 00:18:28,119
Speaker 1: Right, After the targets were notified of the spyware attack,

299
00:18:28,440 --> 00:18:32,679
Speaker 1: some including journalists and migrant refugee activists in Italy, agreed

300
00:18:32,680 --> 00:18:36,080
Speaker 1: to participate in a forensic analysis of Graphite by citizen Lab.

301
00:18:36,600 --> 00:18:40,080
Speaker 1: They found that Paragon spyware had spread from WhatsApp to

302
00:18:40,160 --> 00:18:43,760
Speaker 1: at least two other apps on the device. In April

303
00:18:43,800 --> 00:18:46,560
Speaker 1: of twenty twenty five, we got forensic confirmation of Graphite

304
00:18:46,600 --> 00:18:51,080
Speaker 1: spyware on iPhone with a zero click exploit attacking I message.

305
00:18:51,320 --> 00:18:53,919
Speaker 1: Citizen Lab was able to analyze the devices of a

306
00:18:53,960 --> 00:18:57,399
Speaker 1: prominent European journalist who requested to remain anonymous, and an

307
00:18:57,480 --> 00:19:01,199
Speaker 1: Italian journalist linked to the previous cluster of attacks in Italy.

308
00:19:01,680 --> 00:19:05,359
Speaker 1: iPhone is slightly harder to target than your average Android,

309
00:19:05,680 --> 00:19:08,560
Speaker 1: but certainly not impervious to this sort of attack, as

310
00:19:08,560 --> 00:19:11,680
Speaker 1: we've seen from these examples in Europe. To date, citizen

311
00:19:11,760 --> 00:19:17,520
Speaker 1: Lab has also identified suspected Paragon deployments in Australia, Canada, Cyprus, Denmark, Israel,

312
00:19:17,640 --> 00:19:21,760
Speaker 1: and Singapore. Though the encrypted messaging app Signal is not

313
00:19:21,960 --> 00:19:25,440
Speaker 1: mentioned in the citizen Lab reporting, their analysis did find

314
00:19:25,480 --> 00:19:28,320
Speaker 1: that graph Fight had the capability of going after several

315
00:19:28,400 --> 00:19:31,560
Speaker 1: different messaging apps, and it's probably safe to assume that

316
00:19:31,680 --> 00:19:34,520
Speaker 1: Signal would be one of the apps that Paragon would

317
00:19:34,560 --> 00:19:38,359
Speaker 1: want to extract messages from. We don't have much information

318
00:19:38,560 --> 00:19:43,439
Speaker 1: about this spyware targeting Signal, possibly because Signal does not

319
00:19:43,600 --> 00:19:46,760
Speaker 1: have as large of an international user base compared to

320
00:19:46,840 --> 00:19:51,000
Speaker 1: other apps like WhatsApp, I Message or Telegram, despite Signal

321
00:19:51,080 --> 00:19:55,560
Speaker 1: being much more secure. So what can you do? Though

322
00:19:55,600 --> 00:19:59,720
Speaker 1: Graphite might not be the total phone hijacking super spy

323
00:19:59,760 --> 00:20:02,439
Speaker 1: away that the Guardian and others claim it to be,

324
00:20:02,880 --> 00:20:06,840
Speaker 1: it still poses a significant security threat. Some basic digital

325
00:20:06,880 --> 00:20:11,000
Speaker 1: security precautions apply here. Get into a habit of regular

326
00:20:11,160 --> 00:20:16,520
Speaker 1: digital cleaning. Remove unnecessary content from your device, save space.

327
00:20:17,160 --> 00:20:21,000
Speaker 1: Old photos can be uploaded to an external encrypted hard

328
00:20:21,040 --> 00:20:25,119
Speaker 1: drive in question. If you really need years of messages

329
00:20:25,160 --> 00:20:29,120
Speaker 1: stored on your phone, use an encrypted chat app like Signal,

330
00:20:29,160 --> 00:20:32,679
Speaker 1: which has disappearing messages so that there isn't a large

331
00:20:32,720 --> 00:20:36,399
Speaker 1: backlog of communications that could be suddenly accessed by a

332
00:20:36,440 --> 00:20:40,520
Speaker 1: hostile actor. Be very wary of cloud backups. They are

333
00:20:40,560 --> 00:20:43,280
Speaker 1: often one of the least secure aspects of your digital life,

334
00:20:43,720 --> 00:20:47,120
Speaker 1: especially if they are unencrypted, and though it won't deter

335
00:20:47,440 --> 00:20:51,120
Speaker 1: zero click exploits, it's still best practice to avoid clicking

336
00:20:51,359 --> 00:20:54,359
Speaker 1: mysterious links or downloading files and photos is sent to

337
00:20:54,400 --> 00:20:57,960
Speaker 1: your phone. Another tip is to regularly reboot your phone.

338
00:20:58,160 --> 00:21:01,359
Speaker 1: Contrary to claims that once your phone been targeted by graphites,

339
00:21:01,400 --> 00:21:06,840
Speaker 1: now compromised forever something called malware persistence. To our current knowledge,

340
00:21:07,080 --> 00:21:11,439
Speaker 1: rebooting can wipe Paragon's exploits. It does not appear that

341
00:21:11,560 --> 00:21:15,359
Speaker 1: Paragon spyware is at the moment reboot persistent, and it

342
00:21:15,400 --> 00:21:18,400
Speaker 1: seems that rebooting would actually remove it from the phone.

343
00:21:18,720 --> 00:21:22,040
Speaker 2: My reading is that rebooting it would remove the malware

344
00:21:22,080 --> 00:21:24,199
Speaker 2: from your phone until you were re exploit. Which so

345
00:21:24,359 --> 00:21:27,240
Speaker 2: you know, if you just reboot and you don't update,

346
00:21:27,320 --> 00:21:29,400
Speaker 2: or you know, the zero day isn't out yet, right,

347
00:21:29,960 --> 00:21:31,480
Speaker 2: they're just going to run the exploit again.

348
00:21:31,560 --> 00:21:31,679
Speaker 1: Right.

349
00:21:31,800 --> 00:21:33,240
Speaker 2: I think it's a fair bet that they're just going

350
00:21:33,240 --> 00:21:35,440
Speaker 2: to run the exploit again. But it would be.

351
00:21:35,440 --> 00:21:37,680
Speaker 4: Enough to get it off for that time, right, And

352
00:21:37,760 --> 00:21:41,199
Speaker 4: I mean, I think as far as in mitigation, my

353
00:21:41,280 --> 00:21:44,200
Speaker 4: friend recommends that people like reboot their phone every morning

354
00:21:44,240 --> 00:21:45,960
Speaker 4: when they're brushing their teeth, right, And I don't think

355
00:21:46,000 --> 00:21:49,040
Speaker 4: it's a bad bit of security hygiene.

356
00:21:49,520 --> 00:21:51,440
Speaker 2: If these guys are going due, in fact, you might

357
00:21:51,480 --> 00:21:53,639
Speaker 2: as well make it, you know, more of a headache

358
00:21:53,680 --> 00:21:55,320
Speaker 2: for them, right, You might as well make it more

359
00:21:55,320 --> 00:21:57,560
Speaker 2: costly to them, because there is going to be a

360
00:21:57,640 --> 00:21:59,760
Speaker 2: charge to them for each time they have to reinfect you.

361
00:22:00,520 --> 00:22:04,040
Speaker 2: But yeah, it's certainly I think overblown to say that.

362
00:22:04,440 --> 00:22:06,040
Speaker 2: You know, once it's on your phone, it's on your

363
00:22:06,040 --> 00:22:08,239
Speaker 2: phone forever. There's you know, you just got to, you know,

364
00:22:08,320 --> 00:22:11,119
Speaker 2: throw your one thousand dollars phone in the trash and

365
00:22:11,160 --> 00:22:13,280
Speaker 2: go buy another one. Like, no, you can you know,

366
00:22:13,359 --> 00:22:15,520
Speaker 2: if you don't feel safe, just rebooting it, right, like

367
00:22:15,560 --> 00:22:18,040
Speaker 2: a factory reset, that would be the next step, right,

368
00:22:18,080 --> 00:22:20,800
Speaker 2: I think that would that would most likely get rid

369
00:22:20,840 --> 00:22:24,600
Speaker 2: of any persistence mechanisms that were installed. I'm not familiar

370
00:22:24,640 --> 00:22:27,720
Speaker 2: with any iOS mower certainly that would survive a factory reset.

371
00:22:28,240 --> 00:22:30,919
Speaker 1: But probably the most important thing besides using signal is

372
00:22:30,960 --> 00:22:34,639
Speaker 1: to keep your phone software updated. That's the simplest and

373
00:22:34,720 --> 00:22:38,080
Speaker 1: best way to make it harder for spyware like graphites

374
00:22:38,160 --> 00:22:40,639
Speaker 1: to make it onto your phone in the first place.

375
00:22:41,040 --> 00:22:44,600
Speaker 1: Out of date software has many more known vulnerabilities to attack.

376
00:22:45,119 --> 00:22:49,120
Speaker 1: For extra protection, enable lockdown mode on iPhone or advanced

377
00:22:49,119 --> 00:22:50,680
Speaker 1: Protection on Android.

378
00:22:51,160 --> 00:22:54,600
Speaker 2: So the reason it's important to keep your phone up

379
00:22:54,600 --> 00:22:57,840
Speaker 2: to date and always install the latest security updates, even

380
00:22:57,880 --> 00:22:59,240
Speaker 2: if it's a pain in the ass, and I know

381
00:22:59,280 --> 00:23:03,240
Speaker 2: it's a pain in the app is because this makes

382
00:23:03,320 --> 00:23:06,440
Speaker 2: an attacker have to use zero day exploits. So, if

383
00:23:06,480 --> 00:23:09,200
Speaker 2: you have an old version of the software on your phone,

384
00:23:09,240 --> 00:23:14,840
Speaker 2: there are known exploits. Known exploits are you know, more

385
00:23:14,920 --> 00:23:18,399
Speaker 2: or less free, right, They are already out there, They

386
00:23:18,440 --> 00:23:20,960
Speaker 2: are already burned. They do not matter, right like the

387
00:23:21,000 --> 00:23:25,160
Speaker 2: company already knows about them. An exploit loses basically all

388
00:23:25,200 --> 00:23:28,280
Speaker 2: of its value as soon as you know the company

389
00:23:28,280 --> 00:23:31,000
Speaker 2: knows about it, and it's patched. Right, So, if you

390
00:23:31,160 --> 00:23:32,920
Speaker 2: have out of date software on your phone, if you

391
00:23:32,920 --> 00:23:35,800
Speaker 2: have out of data software in a computer, it changes

392
00:23:35,840 --> 00:23:39,600
Speaker 2: the entire economics of attacking. Right, It's basically free for

393
00:23:39,760 --> 00:23:42,600
Speaker 2: me to exploit your phone at this point, and I

394
00:23:42,760 --> 00:23:44,399
Speaker 2: you know, I will exploit it as many times as

395
00:23:44,440 --> 00:23:46,359
Speaker 2: I want. And I don't care if that exploit is burned.

396
00:23:46,400 --> 00:23:49,280
Speaker 2: I don't care if you find it, because again it's free, right.

397
00:23:49,720 --> 00:23:52,919
Speaker 2: Zero A exploits for especially for Apple, for like you know,

398
00:23:53,400 --> 00:23:58,879
Speaker 2: Android pixel phones, for graphene, the alternative Android OS not

399
00:23:59,000 --> 00:24:03,480
Speaker 2: graphite is giving me real problems lately. Zero D explots

400
00:24:03,520 --> 00:24:07,280
Speaker 2: meaning explicit that the manufacturer does not know about and

401
00:24:07,320 --> 00:24:11,000
Speaker 2: has not had a chance to patch, cost millions of

402
00:24:11,080 --> 00:24:15,080
Speaker 2: dollars for these platforms and a zero click exploit where

403
00:24:15,200 --> 00:24:18,560
Speaker 2: where the victim doesn't have to interact with it at all. Right,

404
00:24:18,560 --> 00:24:20,199
Speaker 2: I don't have to click a link, I don't have

405
00:24:20,280 --> 00:24:23,399
Speaker 2: to do something. You just send me, you know, a PDF,

406
00:24:23,520 --> 00:24:26,879
Speaker 2: an infected PDF or a magic file, right or something,

407
00:24:27,480 --> 00:24:30,879
Speaker 2: and my phone is infected. Those are the most expensive

408
00:24:30,920 --> 00:24:34,080
Speaker 2: above all, Right, those those are sort of the those

409
00:24:34,119 --> 00:24:38,320
Speaker 2: are the golden ticket for malwaur companies, right a million.

410
00:24:38,480 --> 00:24:41,600
Speaker 2: These cost millions of dollars and if you burn it, right,

411
00:24:41,680 --> 00:24:44,560
Speaker 2: if it gets caught, like like you know what happened

412
00:24:44,600 --> 00:24:48,760
Speaker 2: with WhatsApp and citizen lab in Italy, Right, that's millions

413
00:24:48,760 --> 00:24:51,600
Speaker 2: of dollars down the drain for para con. You know

414
00:24:51,640 --> 00:24:54,560
Speaker 2: they're going to pass that on to the Italian government

415
00:24:54,640 --> 00:24:58,760
Speaker 2: to ice to whoever their contractors are. Right, So keeping

416
00:24:58,800 --> 00:25:02,480
Speaker 2: your phone up to date really changes the economics of

417
00:25:02,600 --> 00:25:05,200
Speaker 2: running a malware attack against you, right, Like anybody can

418
00:25:05,280 --> 00:25:07,639
Speaker 2: run you know out of their office old you know

419
00:25:07,840 --> 00:25:11,160
Speaker 2: end day, right, more than zero day malware attacks against

420
00:25:11,200 --> 00:25:12,919
Speaker 2: any me, right Like, those are cheap. But if your

421
00:25:12,920 --> 00:25:16,160
Speaker 2: stuff is patched now, it's good, it's it's it totally

422
00:25:16,280 --> 00:25:17,960
Speaker 2: changes the entire game. And you've got to be doing

423
00:25:18,000 --> 00:25:20,960
Speaker 2: really good work for ICE to want to burn that

424
00:25:21,040 --> 00:25:21,800
Speaker 2: much money on you.

425
00:25:22,400 --> 00:25:25,520
Speaker 1: All these tips can make it considerably harder and more importantly,

426
00:25:26,000 --> 00:25:29,880
Speaker 1: extremely expensive for this spyware to get onto your device.

427
00:25:30,520 --> 00:25:34,159
Speaker 1: These exploits could only be deployed against individual targets, and

428
00:25:34,200 --> 00:25:38,800
Speaker 1: that gets quite expensive. Just because ICE could theoretically hack

429
00:25:38,840 --> 00:25:41,480
Speaker 1: your phone, that doesn't mean that your phone is necessarily

430
00:25:41,560 --> 00:25:45,080
Speaker 1: at a high risk of being hacked by ICE. Who

431
00:25:45,119 --> 00:25:48,400
Speaker 1: are the possible targets for graphite spyware? Who is at

432
00:25:48,480 --> 00:25:52,320
Speaker 1: higher risk? Journalists who report on ICE and immigration, people

433
00:25:52,320 --> 00:25:56,760
Speaker 1: who work for immigration advocacy organizations, immigration lawyers, as well

434
00:25:56,800 --> 00:26:00,920
Speaker 1: as high profile activists. It goes without saying that anything

435
00:26:01,000 --> 00:26:04,160
Speaker 1: you do on your phone or on the Internet carries

436
00:26:04,200 --> 00:26:17,679
Speaker 1: a level of inherent risk. We'll close this episode with

437
00:26:17,840 --> 00:26:21,560
Speaker 1: a longer segment from my interview with Cooper discussing who's

438
00:26:21,600 --> 00:26:25,439
Speaker 1: at the most risk of ICE using Paragon software and

439
00:26:25,520 --> 00:26:30,800
Speaker 1: more of Cooper's recommended surveillance mitigation practices. This is not

440
00:26:30,840 --> 00:26:33,160
Speaker 1: something that can be deployed at a protest and sweep

441
00:26:33,240 --> 00:26:35,879
Speaker 1: up you know, thousands of people. This this does go

442
00:26:35,960 --> 00:26:38,800
Speaker 1: after like individuals because of its cost and the way

443
00:26:38,840 --> 00:26:41,600
Speaker 1: that it needs to be deployed. Who are the people

444
00:26:41,600 --> 00:26:44,400
Speaker 1: that you would say are most at risk of this?

445
00:26:44,560 --> 00:26:47,040
Speaker 1: Like is this here like your local like you know,

446
00:26:47,200 --> 00:26:50,439
Speaker 1: food not Bombs organizer, or like an immigration lawyer?

447
00:26:50,520 --> 00:26:50,639
Speaker 2: Like?

448
00:26:50,880 --> 00:26:53,760
Speaker 1: Right, who should be concerned? I guess and and take

449
00:26:53,880 --> 00:26:55,560
Speaker 1: take this threat like more seriously?

450
00:26:56,280 --> 00:27:02,479
Speaker 2: Definitely, I think people who should be concerned. I mean

451
00:27:02,520 --> 00:27:04,439
Speaker 2: you hit the nail on the head, right that the

452
00:27:04,520 --> 00:27:07,480
Speaker 2: people that should be concerned about this are people who

453
00:27:07,560 --> 00:27:12,440
Speaker 2: have you know, been a special pain in the ass

454
00:27:12,480 --> 00:27:16,600
Speaker 2: for ice and pisicure. Right, you know, people who might

455
00:27:16,680 --> 00:27:21,359
Speaker 2: be under HSI investigation. Right, people who you know have

456
00:27:21,520 --> 00:27:25,560
Speaker 2: been threatened by the president or by Pam BONDI you

457
00:27:25,560 --> 00:27:29,280
Speaker 2: know specifically, right, like had their name called out specifically, right,

458
00:27:29,800 --> 00:27:34,000
Speaker 2: people who are you know, very loud, very active, right,

459
00:27:34,119 --> 00:27:38,040
Speaker 2: Like the sort of leaders what's the term tall poppies, Right,

460
00:27:38,119 --> 00:27:42,120
Speaker 2: Like the people that are really have their head sticking

461
00:27:42,119 --> 00:27:44,040
Speaker 2: out right in a way that's like very public and

462
00:27:44,160 --> 00:27:46,720
Speaker 2: very well known. If you have risen to the level

463
00:27:46,760 --> 00:27:50,359
Speaker 2: where like Tom Homan knows your name personally, right, that

464
00:27:50,480 --> 00:27:53,840
Speaker 2: makes it a pretty good chance that you know, you

465
00:27:53,920 --> 00:27:56,199
Speaker 2: might become a target of this, right, Like, that's that's

466
00:27:56,240 --> 00:27:57,560
Speaker 2: who we're talking about.

467
00:27:57,640 --> 00:27:59,480
Speaker 1: Well, and like as we've seen Italy, like that can

468
00:27:59,560 --> 00:28:03,400
Speaker 1: that can include like like anti fascist journalists, Yeah, definitely,

469
00:28:03,600 --> 00:28:07,760
Speaker 1: people who work for like migrant human rights organizations, Yes,

470
00:28:08,320 --> 00:28:11,960
Speaker 1: high profile activists. And I think like there's a real

471
00:28:12,000 --> 00:28:14,000
Speaker 1: concern with with you know, trying to comprise the phone

472
00:28:14,040 --> 00:28:16,440
Speaker 1: of journalists because of how journalists like talk to sources.

473
00:28:16,440 --> 00:28:19,200
Speaker 1: The journalists might have information about like other people besides

474
00:28:19,280 --> 00:28:21,919
Speaker 1: the journalists on their phone, and they may be targeting

475
00:28:22,119 --> 00:28:24,320
Speaker 1: through the journalists, but trying to get after other people

476
00:28:24,320 --> 00:28:27,000
Speaker 1: who they're talking to, same thing with like immigration lawyers,

477
00:28:27,000 --> 00:28:30,360
Speaker 1: and like, there is real concern about harm spreading from

478
00:28:30,359 --> 00:28:32,880
Speaker 1: those factors. And I think that's why if you are

479
00:28:32,920 --> 00:28:35,119
Speaker 1: in those sorts of like roles that like like a

480
00:28:35,200 --> 00:28:38,000
Speaker 1: human rights organization, a journalist, or a lawyer, you need

481
00:28:38,040 --> 00:28:43,080
Speaker 1: to be like extra careful about keeping your phone updated regularly,

482
00:28:43,120 --> 00:28:47,320
Speaker 1: engaging in like digital hygiene, having disappearing messages, maybe putting

483
00:28:47,320 --> 00:28:50,640
Speaker 1: on lockdown mode onto your iPhone, be very wary of

484
00:28:50,800 --> 00:28:55,400
Speaker 1: being added to mysterious group chats. These are just general

485
00:28:55,440 --> 00:28:58,560
Speaker 1: practices that are I think worthwhile to like engage in,

486
00:28:58,920 --> 00:29:00,800
Speaker 1: whether or not you're actually going to get to target by.

487
00:29:00,640 --> 00:29:04,280
Speaker 2: This absolutely, and I want to especially single out lockdown

488
00:29:04,360 --> 00:29:08,880
Speaker 2: mode there, Like, we are not aware of any infections

489
00:29:09,200 --> 00:29:14,200
Speaker 2: of any mowur right, Pegasis, Graphite right, any others that

490
00:29:14,520 --> 00:29:19,240
Speaker 2: have managed to successfully infect an iPhone on lockdown mode.

491
00:29:19,600 --> 00:29:22,160
Speaker 2: So if you are worried about this, lockdown mode is

492
00:29:22,200 --> 00:29:25,040
Speaker 2: the single most effective thing you can do to protect

493
00:29:25,080 --> 00:29:27,320
Speaker 2: yourself against this mowur right, is go turn on lockdown

494
00:29:27,480 --> 00:29:28,400
Speaker 2: if you're on Android.

495
00:29:28,640 --> 00:29:32,200
Speaker 5: I think Google calls its protection mode. Yeah, yeah, advanced

496
00:29:32,200 --> 00:29:36,680
Speaker 5: protection mode. So advanced protection mode used to be not

497
00:29:37,040 --> 00:29:40,480
Speaker 5: very comprehensive, and I think like with the new Android

498
00:29:40,840 --> 00:29:43,640
Speaker 5: update with Android sixteen that came out, you know, I

499
00:29:43,680 --> 00:29:45,720
Speaker 5: think like last week or something, it's.

500
00:29:45,640 --> 00:29:50,480
Speaker 2: Now much more comparable to lockdown mode. So you know,

501
00:29:50,520 --> 00:29:53,360
Speaker 2: I highly recommend churning that on if you're on Android.

502
00:29:53,480 --> 00:29:55,240
Speaker 1: All my homies love lockdown mode.

503
00:29:55,560 --> 00:30:00,080
Speaker 2: Yes, yes, that is the number one protection right. The

504
00:30:00,520 --> 00:30:04,480
Speaker 2: other thing I strongly recommend always, and I be this

505
00:30:04,560 --> 00:30:07,920
Speaker 2: drum like every day, is turn on disappearing messages. If

506
00:30:07,920 --> 00:30:10,960
Speaker 2: you're on Signal or WhatsApp, go turn on disappearing messages, right,

507
00:30:11,000 --> 00:30:13,280
Speaker 2: because this is good against you know a lot of

508
00:30:13,280 --> 00:30:15,840
Speaker 2: different things, right, Like, this is good against celebrate as

509
00:30:15,880 --> 00:30:19,400
Speaker 2: well as pegass as well as grab me right, Like,

510
00:30:20,000 --> 00:30:22,520
Speaker 2: if the messages are gone by the time you get infected,

511
00:30:22,560 --> 00:30:26,560
Speaker 2: there's no way to recover those, right, You're minimizing your footprint. Right, yep,

512
00:30:26,640 --> 00:30:29,040
Speaker 2: go delete old chats right like if you if you

513
00:30:29,080 --> 00:30:32,040
Speaker 2: get a second right, like we've all Google has trained

514
00:30:32,120 --> 00:30:35,160
Speaker 2: us to all be digital hoarders, right and keep depending.

515
00:30:35,160 --> 00:30:36,920
Speaker 2: How will you are twenty years of email, ten years

516
00:30:37,240 --> 00:30:37,600
Speaker 2: or whatever?

517
00:30:37,640 --> 00:30:37,760
Speaker 1: Right?

518
00:30:37,920 --> 00:30:41,960
Speaker 2: Never never delete anything, right, And that's don't ignore them,

519
00:30:42,000 --> 00:30:44,280
Speaker 2: ignore Google. Google doesn't want you to delete things because

520
00:30:44,280 --> 00:30:47,560
Speaker 2: they want to use all that data for selling you adds. Right,

521
00:30:47,600 --> 00:30:48,400
Speaker 2: delete everything.

522
00:30:48,560 --> 00:30:50,600
Speaker 1: I want more underwater data than.

523
00:30:50,600 --> 00:30:54,840
Speaker 2: Yes, yes, exactly, delete everything. Delete your files, you know,

524
00:30:54,960 --> 00:30:57,440
Speaker 2: like get rid of those old group chats, right, get

525
00:30:57,520 --> 00:30:59,280
Speaker 2: rid of those old chats that you don't need anymore.

526
00:30:59,560 --> 00:31:01,560
Speaker 1: You need to be like that lawyer in death note

527
00:31:02,120 --> 00:31:05,520
Speaker 1: delete yes, delete.

528
00:31:06,160 --> 00:31:07,080
Speaker 2: The death notefu.

529
00:31:10,600 --> 00:31:14,640
Speaker 1: Do you wanna plug citizen Labs slash eff and tell

530
00:31:14,640 --> 00:31:17,080
Speaker 1: people where to find both your work and then also

531
00:31:17,120 --> 00:31:21,000
Speaker 1: other people who are doing research into graphite? And like,

532
00:31:21,040 --> 00:31:23,600
Speaker 1: you know, if you've been suspected of being targeted by

533
00:31:23,640 --> 00:31:27,160
Speaker 1: you know, maybe a notification how you can participate in

534
00:31:27,200 --> 00:31:29,880
Speaker 1: forensic analysis to help everyone be more secure against this

535
00:31:29,880 --> 00:31:30,400
Speaker 1: in the future.

536
00:31:30,880 --> 00:31:34,120
Speaker 2: Yeah, for sure. So one of the best ways to

537
00:31:34,440 --> 00:31:37,640
Speaker 2: find out you've been targeted by state sponsored malware is

538
00:31:38,040 --> 00:31:41,880
Speaker 2: to get a notification from Apple or Google or WhatsApp

539
00:31:42,000 --> 00:31:44,440
Speaker 2: or some other large company that you have been targeted

540
00:31:44,440 --> 00:31:48,520
Speaker 2: by state sponsored malware. Typically, these notifications don't contain much

541
00:31:48,560 --> 00:31:51,480
Speaker 2: more information than we believe you've been targeted by a

542
00:31:51,560 --> 00:31:53,760
Speaker 2: nation of state or by state sponsored maware. But if

543
00:31:53,800 --> 00:31:56,960
Speaker 2: you do get one of those notifications, take it very seriously,

544
00:31:57,680 --> 00:32:00,640
Speaker 2: you know, reach out to access Now or to e

545
00:32:00,760 --> 00:32:04,239
Speaker 2: f F or to Citizen Lab and let us know, right,

546
00:32:04,280 --> 00:32:06,520
Speaker 2: and we will help figure out what's going on, right,

547
00:32:06,560 --> 00:32:09,880
Speaker 2: Like this is this is the number one indicator, right

548
00:32:09,880 --> 00:32:13,040
Speaker 2: because like this mallory is usually fairly stealthy, right, Like

549
00:32:13,120 --> 00:32:15,520
Speaker 2: it's not it's not actually, but you know, I don't

550
00:32:15,520 --> 00:32:20,400
Speaker 2: know flashing you're infected on your screen, right. But yeah,

551
00:32:20,560 --> 00:32:24,520
Speaker 2: Citizen Lab is always doing amazing work. I'm a fellow there,

552
00:32:24,600 --> 00:32:26,360
Speaker 2: so I get to work with them sometimes, which is

553
00:32:26,440 --> 00:32:30,600
Speaker 2: very exciting. They are based out of the Monks School

554
00:32:30,600 --> 00:32:34,040
Speaker 2: of Global Affairs at the University of Toronto and their

555
00:32:34,080 --> 00:32:36,400
Speaker 2: website is Citizen Lab dot org, where you can find

556
00:32:36,400 --> 00:32:39,240
Speaker 2: a lot of really excellent research on the types of

557
00:32:39,240 --> 00:32:41,000
Speaker 2: threats that target civil society.

558
00:32:41,280 --> 00:32:45,280
Speaker 1: Er erm, I have citizen lab dot c A. Oh,

559
00:32:45,480 --> 00:32:46,320
Speaker 1: but I'm Canadian.

560
00:32:46,440 --> 00:32:51,040
Speaker 2: You you are probably correct. I can never remember the.

561
00:32:50,960 --> 00:32:53,120
Speaker 1: Current as a Canadian. I was very I was very

562
00:32:53,120 --> 00:32:56,440
Speaker 1: put off by you erasing our nation's history, of our

563
00:32:56,520 --> 00:32:59,560
Speaker 1: of our coveted dot ca A. We love, we love

564
00:32:59,560 --> 00:33:00,160
Speaker 1: our dots.

565
00:33:00,080 --> 00:33:02,600
Speaker 2: The I'm not trying to start a war with Canada.

566
00:33:04,200 --> 00:33:06,400
Speaker 1: Well, many many people are, so.

567
00:33:06,800 --> 00:33:08,960
Speaker 2: Listen, I'm firmly on the side of Canada in the

568
00:33:08,960 --> 00:33:12,400
Speaker 2: war against Canada. Okay, please take me in please.

569
00:33:13,800 --> 00:33:17,920
Speaker 1: Yeah, your solidarity is a noted so.

570
00:33:17,960 --> 00:33:20,560
Speaker 2: Citizen lab dot org actually redirection cism laud dot c.

571
00:33:20,840 --> 00:33:21,880
Speaker 2: So we were both right.

572
00:33:21,840 --> 00:33:24,080
Speaker 1: There you go, or you were maybe more right.

573
00:33:24,760 --> 00:33:28,320
Speaker 2: So yeah, citizen law and yeah, they're they're really fantastic.

574
00:33:28,640 --> 00:33:30,800
Speaker 2: A lot of really good research going on there at

575
00:33:30,840 --> 00:33:33,560
Speaker 2: e f F dot org, the Electronic Frontier Foundation. We're

576
00:33:34,000 --> 00:33:37,680
Speaker 2: US based nonprofit, been around for thirty five years defending

577
00:33:38,200 --> 00:33:42,200
Speaker 2: civil liberties as they intersect with technology. So a lot

578
00:33:42,200 --> 00:33:44,360
Speaker 2: of a lot of free speech work, a lot of

579
00:33:44,640 --> 00:33:48,080
Speaker 2: you know, privacy and Fourth Amendment work, and we also

580
00:33:48,120 --> 00:33:50,760
Speaker 2: have a really excellent set of guides called the Surveillance

581
00:33:50,760 --> 00:33:53,480
Speaker 2: Self Defense Guides, which are at s SD dot e

582
00:33:53,640 --> 00:33:55,760
Speaker 2: f F dot org, which I highly recommend people go

583
00:33:55,840 --> 00:33:59,520
Speaker 2: and check out. It's the most sort of evergreen guide

584
00:33:59,600 --> 00:34:01,800
Speaker 2: for finding yourself online. A lot of the problem with

585
00:34:01,800 --> 00:34:03,640
Speaker 2: the online security guys that they get out of date

586
00:34:03,720 --> 00:34:06,240
Speaker 2: very quickly, and we have a totally whole, full time

587
00:34:06,280 --> 00:34:08,880
Speaker 2: person dedicated to making sure that our guides stay up

588
00:34:08,880 --> 00:34:09,200
Speaker 2: to date.

589
00:34:09,320 --> 00:34:10,960
Speaker 1: I'll put a link in the description.

590
00:34:11,200 --> 00:34:13,960
Speaker 2: Yeah, and we're a nonprofit member support a non profit,

591
00:34:14,080 --> 00:34:15,520
Speaker 2: so you know, if you like to work, throw us

592
00:34:15,520 --> 00:34:18,359
Speaker 2: a few bucks. We work for tips. And yeah, those

593
00:34:18,400 --> 00:34:20,319
Speaker 2: are the chwof places that I'm at that I want

594
00:34:20,320 --> 00:34:22,120
Speaker 2: to plug. Only other thing to plug. I guess you

595
00:34:22,160 --> 00:34:25,359
Speaker 2: can follow me on social media. I'm at cooperq dot

596
00:34:25,360 --> 00:34:29,680
Speaker 2: com on blue Sky and Cooper q at Masto dot

597
00:34:29,719 --> 00:34:31,719
Speaker 2: hackers dot town on Mastodon.

598
00:34:32,239 --> 00:34:36,080
Speaker 1: Hell yeah, yeah, all right, well, thank you so much.

599
00:34:36,280 --> 00:34:38,680
Speaker 1: Thank you for the work you do at EFF and

600
00:34:39,000 --> 00:34:39,839
Speaker 1: Citizen Lab.

601
00:34:39,960 --> 00:34:40,799
Speaker 2: Thank you. Yeah.

602
00:34:40,800 --> 00:34:42,799
Speaker 1: I guess we should also throw away our phone since

603
00:34:42,840 --> 00:34:44,920
Speaker 1: there's no way to use our phone safely anymore.

604
00:34:45,080 --> 00:34:47,960
Speaker 2: I mean, throwing away our phones isn't a terrible idea.

605
00:34:49,080 --> 00:34:50,399
Speaker 1: That's why I bat it. You know what, I could

606
00:34:50,400 --> 00:34:51,279
Speaker 1: be onto something I.

607
00:34:51,520 --> 00:34:54,960
Speaker 2: Think for our own sanity just in general.

608
00:34:55,320 --> 00:34:57,360
Speaker 1: No, I think they're making us more connected, and I

609
00:34:57,400 --> 00:34:59,920
Speaker 1: think they're making us more stable.

610
00:35:01,000 --> 00:35:03,960
Speaker 2: They are making us more connected, that's for sure. In

611
00:35:04,000 --> 00:35:06,680
Speaker 2: that I get five billion notifications per day. If that's

612
00:35:06,680 --> 00:35:07,560
Speaker 2: what connected means.

613
00:35:07,600 --> 00:35:13,800
Speaker 4: Yeah, all right, it could happen Here is a production

614
00:35:13,880 --> 00:35:14,840
Speaker 4: of cool Zone Media.

615
00:35:15,040 --> 00:35:18,080
Speaker 1: For more podcasts from cool Zone Media, visit our website

616
00:35:18,160 --> 00:35:21,760
Speaker 1: Coolzonemedia dot com, or check us out on the iHeartRadio app,

617
00:35:21,800 --> 00:35:25,399
Speaker 1: Apple Podcasts, or wherever you listen to podcasts. You can

618
00:35:25,440 --> 00:35:27,760
Speaker 1: now find sources for it could Happen here, listed directly

619
00:35:27,760 --> 00:35:28,920
Speaker 1: in episode descriptions.

620
00:35:29,239 --> 00:35:30,080
Speaker 2: Thanks for listening.