Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It was a normal day when Jay Gibson received an unexpected notification on his iPhone. “Apple has detected that your iPhone is attempting to engage in espionage,” the message read.
Ironically, Gibson worked for a company that developed the kind of spyware that could lead to such information. However, he was surprised to receive a notification on his phone. He called his father, turned it off, put his phone away, and went to buy another one.
“I was panicking,” he told TechCrunch. It was messy. It was very confusing.
Gibson is one of a growing number of people receiving notices from companies like apple, Googleand WhatsAppall of which send similar warnings about spyware attacks to their users. Technology companies are increasingly alerting their users when they are the target of government hacking, especially those using proprietary spyware such as. Intellexa, The NSO teamand Paragon Solutions.
But although Apple, Google, and WhatsApp are vigilant, they are not involved in what happens next. Tech companies direct their users to people who can help, but then the companies leave.
This is what happens when you receive one of these warnings.
Warning
You have received notifications that you are the target of government hackers. Now what?
First, think deeply. These companies have telemetry information about their users and what happens on all their devices and online accounts. These tech giants have security teams that have been hunting, studying, and analyzing this type of malicious activity for years. If they think you’ve followed them, they’re probably right.
It is important to note that for Apple and WhatsApp notifications, receiving them does not mean that you have been hacked. It is possible that the hacking attempt failed, but they will tell you that someone tried.
In the case of Google, it is possible that the company blocked the attack, telling you that you can log into your account and make sure that you have the authentication of many things (such as a physical security key or passkey), and turn it on again Advanced Security Programwhich also requires a security key and adds additional security features to your Google account. In other words, Google will tell you how to better protect yourself in the future.
In the Apple ecosystem, you have to turn it on Lockdown Modewhich changes several security features that make it difficult for hackers to access your Apple devices. apple has been saying that it has never seen a successful hack against a user with Lockdown Mode enabled, but no system is perfect.
Mohammed Al-Maskati, director of Access Now’s Digital Security Helpline, a 24/7 global team of security experts who investigate cases of espionage against civiliansshared with TechCrunch the advice that the service offers to people who are worried about being targeted by government spying programs.
These recommendations include keeping your operating systems and software up-to-date; Apple’s change Lockdown Modeand Google Advanced Security for accounts and on Android devices; beware of suspicious links and attachments; restart your phone frequently; and respond to changes in the way your device works.
contact us
Have you received notifications from Apple, Google, or WhatsApp about being contacted by spyware? Or do you have information about spyware developers? We want to hear from you. From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Reach out for help
What happens next depends on who you are.
There are open source and downloadable tools that anyone can use to detect suspected spyware attacks on their devices, requiring little technical knowledge. You can use it Mobile Verification Toolkitor MVT, a tool that it allows you to view plot screens on your own, perhaps as a first step before seeking help.
If you don’t want or can’t use MVT, you can go straight to someone who can help. If you are a journalist, critic, academic, or human rights activist, there are several organizations that can help.
You can turn to Access Now is the Digital Security Helpline. You can also contact Amnesty International, which has his own group of researchers and sufficient knowledge of these cases. Or, you can come The Citizen Labdigital rights group at the University of Toronto, which has been investigating the abuse of spyware for nearly 15 years.
If you are a journalist, Reporters Without Borders it also has a digital security lab that provides investigation of suspected fraud and monitoring.
Outside these groups of people, politicians or business leaders, for example, will have to go elsewhere.
If you work for a large company or political party, you probably have a well-informed security team you can turn to. They may not have the specific information to investigate in depth, but then they probably know who to turn to, even if Access Now, Amnesty, and Citizen Lab can’t help those outside of civil society.
Otherwise, there aren’t many major or political sites to turn to, but we’ve asked and found these below. We cannot confirm everything about these organizations, or confirm them directly, but based on the opinions of people we trust, it is necessary to explain them.
Perhaps the best known of these security companies are iVerifywhich creates an Android and iOS app, and provides users with the ability to conduct in-depth forensic investigations.
Matt Mitchell, a well-known security expert who have been helping vulnerable people to protect themselves from scrutiny have a new beginning, called Connection Security Groupwhich provides this type of support.
Jessica Hyde, a forensic researcher with extensive experience in government and public sector organizations, has her own so-called startup. Hexordiaand is committed to investigating suspected hacks.
The cybersecurity company Lookout, which has events analysis government spyware all around the world, they have an online form which allows people to get help with Internet security research related to malware, device damage, and more. Corporate threat teams and forensics experts can get involved.
Then, there is Costin Raiu, who leads Picture of TLPBLACKa small group of security researchers who worked for Kaspersky’s Global Research and Analysis Group, or GReAT. Raiu was the leader of this group when his group found the most advanced terrorists from the United States, Russia, Iran, and other countries. Raiu told TechCrunch that people who suspect they have been hacked can email him directly.
Research
What happens next depends on who you go to for help.
In many cases, the organization you reach out to will need to conduct a preliminary investigation by looking at a diagnostic report file that you can create on your device, which you can share with the investigators remotely. At this point, this does not mean that you should give your device to anyone else.
This first step can identify the symptoms of a disease or illness. It might not even matter. In both cases, the investigators may want to dig deeper, which may require you to send a backup of your device, or your actual device. At that time, the investigators will do their job, which may take some time because today’s spying software tries to hide and remove its methods, and tell you what happened.
Unfortunately, today’s spyware programs can’t stop traffic. The modus operandi today, according to Hassan Selmi, who heads the response team Get the Helpline for Security Nowit’s a “smash and grab” method, meaning that when spyware enters a target’s device, it steals as much information as possible, and then tries to remove everything and remove it. This is thought to be the case when spyware developers are trying to protect their products and hide their activities from researchers and investigators.
If you are a journalist, critic, academic, human rights activist, the groups that support you may ask you if you want to declare that you have been beaten, but you don’t have to. They will be happy to help you without taking public notice. There may be good reasons for discovery, though: To criticize the fact that the government targeted you, which may have the side effect of warning others like you about the dangers of spyware; or expose a spyware company by showing that their customers are abusing their technology.
We hope you will not receive one of these notifications. But we also hope that if you do, you will find this book useful. Be safe out there.
