Partial Fixed Transcript
A Few years ago I set the goal for Israel of becoming one of the top 5 cyber-security powers in the world . . .
And it’s really surveillance software capable of accessing microphones, cameras and other data . . .
In today’s world, based on the evidence we have they are the worst of the worst . . .
This company, the CEOs name I think is Shalev Hulio is run in Israel. It was previously owned, actually buy an American venture capital firm. I believe they’ve been re-bought out, but it doesn’t really matter. Their entire business is praying on flaws in the critical infrastructure of all the software running on the most popular devices in the world. The number one target, right, is the iPhone. The number one target is the iPhone, and this is because the iPhone, as secure as it is relative to a lot of other phones, is a monoculture, right. Like if you, if you have an iPhone you get these little software update notification all the time. They’re like “hey please update to that that most recent version of iOS,” and that’s a fabulous thing, that’s a wonderful thing for security. Because the number one way that people’s devices get screwed, if it’s not just for user error, right like you enter your password somewhere you shouldn’t, it’s like a fake site that looks like Gmail but is not actually Gmail you just gave the guy your password, now he uses your password to login. but to actually break into a device is that it’s not patched right. Patched mean getting these little security updates, these little code updates that fix holes the researchers found in the security device. Well, Apples really good about rolling these out all the time for everybody in the world. The problem is basically all these different iPhones, right. You got an iPhone 6. You got an iPhone 8. You got an iPhone X. You’ve got an iPhone 3, whatever. These are all running a pretty narrow band of software versions. And so these guys go, if they want to target, for example Android phones, like Google phones, like a Samsung Galaxy or something like, there’s like a billion different phones made by billion different people, but half of them are completely out of date. But what it means is there is not one version of software running, its like ten thousand and this is actually bad for security on the individual level, but it’s good for security in a very unusual way, which is the guys who are developing the exploits, the guys like this NSO group who are trying to find ways to break into phones, they now have to have, like, 50 different handsets running 50 different versions of software, there all changing, they’ve got different hardware, they gotten different chipsets, I think they got different, like all kinds of technical variables that can screw up the way they attack your phone. And then when they find one, it only works like on this Samsung Galaxy line. It doesn’t work on, like, the Google pixel line. It doesn’t work on, like, a Nokia line, or something like. Where as they realize if they find a way to attack an iPhone, which actually, you know, this is difficult, this is really difficult stuff, now it works against basically every iPhone. And who has iPhones? All the rich people, right, all the important people, lawmakers, all the guys were . . . so they’ve made a business on basically attacking the iPhone and selling it to every two-bit Thug who runs a police department in the world. You know, they sell this to Saudi Arabia. They sell this to Mexico. And there’s a group of researchers in Canada working at a university called The Citizen Lab. And ah these guys are really like the best in the world at tracking what the NSO group is doing. If you want to learn about this stuff, the real stuff, look up Citizen Lab and the NSO Group and what they have found is all the people who are being targeted by the NSO Group, the class of people, the countries that are using this. And you know it’s not like the local police department in Germany trying to bust up, you know, a terrorism ring or something like that. It’s the Mexican government spying on the head of the Mexican opposition, or trying to look at human rights defenders who are investigating, like, student disappearances, or it’s people, like the friends and associates of Jamal Khashoggi who was murdered by the Saudi Government, or it’s people like dissidence in Bahrain. And these, like petrostates, these bad actors nationally will pay literally tens of millions of dollars each year just to have the ability to break into an iPhone for certain number of times. Because that’s how these guys do it. They sell their business plan. They go “we will let you break into any iPhone just by basically sending a text message is the phone number. All you need to find is the phone number of person is running an iphone and we will exploit something, like the easiest forms of exploit, or rather the easier types exploit, are where they send you a text message, right, and it’ll be like an iMessage or something like that and it’s got a link in it, so it’ll be like, “oh gosh, terrible news you know, your buddies father just died and we’re making funeral arrangements are you going to be there, it’s the day after tomorrow?” And when you click the link for the funeral arrangements it opens you web browser. And the web browser on your phone is always the biggest most complicated process in it right there’s a zillion lines of code and they’ll find one thing in that, where there’s a flaw that lets them feed instructions, not just to the browser, but basically escape the little sandbox that the browsers supposed to play in, where it can’t do anything harmful, and it will run out of this sandbox and it’ll ransack your your phone’s like hardwired operating system, the system image. It will like give them privileges to do whatever they want on your phone as if they are you, and as if they have a higher level of privileges than you, to change the phone’s operation permanently, right. And this is the problem is on the phone. You can replace the phone, right, and they’ll lose access to that but if they already use that to gain the passwords that you use to access, you know, your iCloud or whatever. When they have control the phone they’ve already got your photo roll, right. They’ve already got your contact list. They already have everything you’ve ever put in that phone, they already have. All your notes, they already have all your files, they already have everything that’s in your message history, right, they can pull that out immediately. And now, because they have all your contacts and things like that, they see that phone stop being active, they know you’ve changed your phone number. All they have to do is find a new phone number and then they can try to go after you again.
The benefit is with that old style of attack you get that message and you don’t click that link you’re somebody in a vulnerable class right you’ve had these kind of attack sent you before it looks suspicious you don’t know who this person is the number isn’t right something like that could you say that like you don’t cut them you don’t do anything with that but you send it to a group like citizen lab basically like a dummy phone like a sort of Trojan Horse to go to the site that would attack your phone and catch it and this is what the process that all of their research is based on their other types of attacks that actually don’t have these defenses against the litter for more scary but the bottom line is what is citizen What is the name of this research group at the University in Canada who basically studies a state-sponsored and corporate malware attacks against Civil Society it’s run by run by a guy named Ron deeper I believe you guys like the fact check me on that one I think he just published a book I actually was publishing a book about all of this, but it’s really they are the world leaders in my opinion in basically investigating these kind of attached to exposing the message true Public Service evidence on things and then you know you saw it that a woman that can go in search your house and this is the kind of thing in the context of cops that was specific place looking for specific things that are elements of a crime now you can do you you’ve heard all these things were like cops find a way to like stop somebody and they like are they all I smell pot or whatever they try to toss their car whenever or plain sight doctrines where they open the door in the guys that sounds Hawks I’m going to go do you know I see how a bong or something you know that’s for now you’re going to jail what’s up until I think it was 1967 in the United States instrumentalities of a crime for this company or whatever they couldn’t get they existed I get all the emails that you have a rope and him they couldn’t get your friends to turn over like an exchange of letters that you had with this person the fruits of the crime were the things that they robbed the bank the cops could get the sack of money the instrumentalities were the tools that were used tried like if you use Dynamite or a crowbar or they could seize all of those things but the idea that the cops can get everything the idea that the FBI is very much a new thing and nobody talks about that today we we just presume it’s normal we presume it’s okay. But between 1967 and today how many more records there are about your life and now things like how you live private things about you to have nothing to do with criminality and everything to do with the intimacy of who you are and the fact that all of that now today’s exposing not just to let say you love do you have Scupper let’s say you you know you you are like throwing cookouts for your local police department but every other government in the world to ask ourselves how much information do the authorities and they need to do their job or how much do we want them to have how much is proper inappropriately met and necessary and how much is too much and if we decide the cops shouldn’t have been so we decided why in the hell she Facebook or Google or somebody trying to sell you Nikes why should they have this hi
