Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] Amnesty clarifies: The list of 50000 phone numbers not directly related to NSO (translate.goog)
25 points by msravi 4 days ago | hide | past | favorite | 19 comments

The headline is misleading. They were clarifying that the numbers on the list weren’t necessarily hacked. This has been abundantly clear since the beginning and the news agencies continue to make it clear in every article they do on it. Maybe I’m wrong but this post seems like blatant propaganda.

The Guardian's Headlines:

Revealed: leak uncovers global abuse of cyber-surveillance weapon

Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests

UAE linked to listing of hundreds of UK phones in Pegasus project leak

A special investigation into NSO Group, which sells hacking spyware to governments

The Washington Post:

Invisible surveillance: How spyware is secretly hacking smartphones

How Pegasus works, who is vulnerable and why it’s hard to protect yourself from hacks

Prime ministers, presidents and a king found on list that includes phone numbers targeted by spyware

All this with no inkling of where those 50000 names were obtained from or how they established a link between that list and Pegasus.

From a cherry-picked list of 67 numbers of which 37 were found to contain it - how do you establish a "link" between the list and Pegasus with that kind of sample?

What looks like propaganda?

Is this a reliable source? Anyhow, The Guardian and WaPo made clear the leak are not confirmed Pegasus targets, but rather:

> The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.


> The analysis also uncovered some sequential correlations between the time and date a number was entered into the list and the onset of Pegasus activity on the device, which in some cases occurred just a few seconds later.

Suggesting it may be a superset of pegasus targets. They managed to examine 57 phones on the list and found that 37 were infected.

> Is this a reliable source?

"The group also publishes Yedioth Ahronoth, the country's most widely circulated newspaper. The founder and publisher is Yoel Esteron, formerly the managing editor for Yedioth Ahronoth, and its editor is Galit Hemi. It is circulated nationwide and its articles feature regularly in the biggest Israeli news website 'Ynet' as well as in the printed edition of Yedioth Ahronoth."


Sounds like Pegasus let users add a bunch of numbers to “follow”, but maybe their tech wouldn’t allow them to be taken over, yet?

Maybe it would “ping” these numbers to see if they got ported to a vulnerable device/version but otherwise sit and follow them?

Or users could attack a device if they’re out of country but not if they’re in-country? Or vice versa?

If the article is true it doesn’t sounds like the list has anything directly to do with NSO.

It can be that the project just compiled a list of 50,000 high value targets and then assessed which of these has been targeted.

However, Amnesty is now clarifying, this is not the meaning of the list. "Amnesty International has never presented this list as a 'NSO Pegasus Spyware List', although some of the world's media may have done so," the organization said in a statement released Wednesday.


37 phone calls from journalists and human rights activists, on which forensic evidence was found that was pasted in Pegasus or was the target of the spyware.

So of the list of 50000 phone numbers 37 had evidence of Pegasus.

And no one knows where the list of 50000 came from.

"The authors of the study also performed an in-depth laboratory analysis of 67 telephones included in this list. The investigation revealed that more than half of them, 37 phones, found evidence of the activity of the Israeli Spyware"

So assuming that their sample is representative that would be 28906/50000 phones with Spyware on them.

"Amnesty, and the investigative journalists and media outlets they work with made it clear from the outset in very clear language that this is a list of numbers marked as numbers of interest to NSO customers"

.. and that is the real scandal. Even if Pegasus didn't actually hack eg Macrons iPhone, a spying company in a democratic state should not have his phone number. Of course, it could have been added to the list by the whistleblower, but the time when it was supposedly added (before a major conference with Marocco) and all the other numbers from his cabinet make this unlikely (what kind of whistleblower just knows phone numbers from powerful people around the world?)

That was President Macron's personal number, which he freely gave to journalists before being elected.

He is very tech-savvy and security-conscious, having been the target of Putin's election interference (Putin was trying to get the far-right candidate Marine Le Pen elected, just as he has supported the far-right AfD party in Germany), but his party had a better response than most because he had appointed tech entrepreneur Mounir Mahjoubi to lead its cybersecurity.

For classified or state business, he has a special Samsung Galaxy S7 with modified firmware and an older specialized flip-phone from Thalès called Teorem:



Now, if his iPhone were compromised, its microphones could be activated to listen in on his conversations. The French cybersecurity authorities are competent and it's highly unlikely they haven't planned for this, specially when they know the US eavesdropped on Angela Merkel's phone and France would be a higher-priority target for the US government given its sometimes ornery relationship. Their threat model certainly includes far more capable nation-state actors and capabilities than the watered-down version Israel will allow to be sold to Morocco, Saudi Arabia or any other tinpot country willing to pay.

Where is the list? Is it public or just being dripped to select journalists?

A group of ~30 media organizations has access to it.

It reminds me of the difference between Snowden and Assange. Snowden gave his material to a select group of journalists who carefully wrote articles and curated the information to be released whereas Assange would just publish the raw material.

Snowden was also pretty careless in how he handled the stolen data. Both Russia and China have obtained and decrypted the files, putting American and allied spies and agents at personal risk. It is unclear if Snowden enabled this, or simply underestimated how big of an espionage target he and the journalists would become.

It's not being dripped to journalists. They got the entire list and are releasing more prominent names in batches.

> authors of the study also performed an in-depth laboratory analysis of 67 telephones included in this list. The investigation revealed that more than half of them, 37 telephones, found evidence of the activity of the Israeli spyware.

Yes, 37 out of 67 that they got their hands on. They clearly didn't have the other 50k phones on hand to test.

Why is this being flagged now? Certainly seems relevant to “hacker news”.

It's being flagged because it's very misleading.

Amnesty has said been clear from the beginning that the numbers have been identified as being of interest but not necessarily hacked.

Is there a direct statement from Amnesty?

I don't think Amnesty is involved in the publication directly but every article I've read from multiple outlets explicitly mentions that numbers are from a potential targets list.

And they've been reaching out to individuals asking them for devices to analyze.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact