Connect with us

Technology

I spy: are smart doorbells creating a global surveillance network? | Life and style

Published

on

I have got a new doorbell. It’s brilliant. It should be; it cost £89. It’s a Ring video doorbell; you’ll have seen them around. There are others available, made by other companies, with other four-letter names such as Nest and Arlo. When someone rings my doorbell, I’m alerted on my smartphone. I can see who is there, and speak to them.

My phone is ringing! C major first inversion chord, arpeggiated, repeated, for the musically trained – you’ll recognise it if you’ve heard it. It’s a delivery. Amazon, as it happens; Amazon acquired Ring in 2018, reportedly for more than $1bn.

“Hi, Amazon guy, I’m not in… I mean, I’m upstairs.” I’m not, but I don’t want him – or anyone else – to know that. “Could you leave it behind the bins, please?”

Visitors don’t even have to ring the bell. I can set it to alert me when there is motion up to nine metres away from the door. Or I can just open the app on my phone and get a live feed of the street. “A lot happens at your front door,” says Ring in its marketing spiel.

Something happened at Luke Exelby’s front door. Luke, a lorry driver, was at home in Dunstable, Bedfordshire, watching telly in bed with his wife at about one in the morning (he works nights and keeps unconventional hours). A notification on his phone went off, alerting him that there was something moving at the front door.

A montage of front doors, made to look like faces
Photo manipulation: Peter Crowther. Photographs: Getty Images, Alamy

“I looked at it, and I saw a man was trying to get into our porch,” he tells me. Was he scared? “I’m quite a big bloke – I know that sounds a bit knobbish,” he laughs. “And to be honest he looked really old.” So Luke went downstairs. But by the time he got there, the man had scarpered.

In the morning Luke contacted the police, who sent round a forensics team. They told him there had been a couple of burglaries in the neighbourhood. Luke, who is signed up to a Ring Protect plan (from £2.50 a month), which allows him to save footage captured by his doorbell, shared his with the police. “Because we got a picture of the person’s face, and exactly where he put his hands on the door, they had his fingerprints. They could link his face and his fingerprints to the burglaries around the corner. They caught him straight away.”

Look on YouTube and you can find hours of footage captured by video doorbell cameras: attempted burglaries, package thefts, as well as some more bizarre episodes – weirdos, doorbell-lickers, even bears poking about (that was in California). A friend of a friend has a clip of a man having a poo on his neighbour’s doorstep. In the eight years since the Ring doorbell was invented (originally as Doorbot in 2013; its founder Jamie Siminoff appeared on Shark Tank, the American version of Dragons’ Den), it has evolved from a doorbell that replicates the “caller ID” on your phone into a self-installed global CCTV network. The millions of cameras around the world have not only provided the internet with a new genre of viral video, but fuelled the message boards of Neighbourhood Watch-style apps and groups.

Perhaps, most notably, it has even become a crime-solving tool: the last footage of Sarah Everard alive, before she was abducted while walking home in south London, was captured on a video doorbell. What seemed like a practical bit of kit has evolved far beyond its original scope. What next?


The police are certainly pleased about it. Det Supt Andy Smith of Suffolk constabulary first became aware of the benefits of this technology back in 2017. “One of Suffolk’s most prolific burglars was caught attempting to break into a residential property,” he tells me. “The occupier was away, but her doorbell system activated on her phone and she could see the individual trying to get in through the front door.”

She called the police, and they picked him up a couple of days later. The doorbell footage was instrumental, first in the police being alerted and, Smith says, “it actually recorded with some clarity the offence taking place. It was unequivocal evidence, very good facial capture.” The man pleaded guilty, and got a custodial sentence.

It inspired a collaboration: Ring gave Suffolk constabulary a number of doorbells to hand out in areas of higher crime. Smith says they have seen tangible results, and the scheme has been useful in tackling not just burglary, but also domestic violence, antisocial behaviour, car crime. He describes it as “a massive benefit in terms of fighting crime. I would encourage any member of the public to think about this or similar technology.” Ring have since handed out free or discounted doorbells to several other police forces, including Leicestershire, Humberside and Hertfordshire. In Wiltshire, residents with video doorbells are being asked to register on a police database.

Smith tells me about a couple of other incidents where a video doorbell camera has helped secure a conviction. A 45-year-old man from Lowestoft was caught on camera and subsequently jailed for attempted burglary. And a 40-year-old man, also from Lowestoft (is Lowestoft is the crime capital of Britain?) was convicted of the same offence with Ring’s help.

Smith says his force is using doorbell footage more and more often. “It features heavily in terms of house-to-house inquiries. If we have a major crime, then we will scope a particular area out.” This is happening in high-profile cases, too – police appealing to the public to check the footage on their doorbell cameras, or their car dashcams, to help their investigations.

In January this year, Corey Rice, 19, pleaded guilty at Sheffield Crown Court to wounding, attempted robbery and possession of a blade. While trying to steal a gold bracelet, he stabbed its owner twice on his own doorstep in Rotherham. The man’s girlfriend managed to get him into the house, covered in blood and struggling to breathe. He was taken to hospital where his chest was drained and his lung re-expanded. He survived. The incident was captured on their Ring doorbell.

Prosecutor Conor Quinn thinks the footage, which was presented to Rice’s legal team, played a big part in Rice’s decision to plead guilty. “Without it he may well have had a trial,” Quinn tells me. And who knows how that would have gone, “where you’ve got one person’s word against another. The footage was instrumental in supporting the complainant’s version of the incident.” Had Rice pleaded not guilty, Quinn says he would have played the footage in court. Rice was sentenced to seven years in prison.


I am already feeling more secure since I got my new doorbell. It’s as though I’m always at home (forget the fact that, thanks to the pandemic, I basically am always at home). Phone alert, ding ding ding. Here we go again. Not a ring at the bell this time, just motion near the door. And it’s only my girlfriend, coming home. Wonder why, at this time. I’ll ask her. “Hey!”

She jumps. “Fuck off, creepy talking doorbell spy,” she says, and goes inside, slamming the door, before I get the chance to ask her. I love my girlfriend, she’s such a luddite when it comes to new technology. Apologies for her language. Actually, why is she home, I wonder? I’m sure she said she was going to be out all day today. Maybe I’ll just keep it on live view for a while, then give her another little surprise when she comes out again.

A red front door with binoculars sticking out of the letterbox
Suffolk police say smart doorbells are, ‘a massive benefit in fighting crime’. Photo manipulation: Peter Crowther. Photographs: Getty Images, Alamy

It’s fun, watching out from my own front door, when I’m not there. There goes the bus – driver not wearing a mask, maybe I’ll report him? And that black cat, on the scrounge for food… Oh, and now doing a poo, not on the doorstep, like the horrible man on my friend’s friend’s neighbour’s, but in our raised bed, right on the radishes. And Paul over the road, off to work. Late start today, Paul.

Who are these two, at my door, ringing the bell? Jehovah’s Witnesses, perhaps? I’m not sure I like the look of them, to be honest – it’s probably just because I’ve never seen them before. I could save the footage and share it with my neighbours. Have you seen these two, do you know who they are, or what they’re up to? Posts like these are rife on neighbourhood sites such as Nextdoor, or on local WhatsApp or Facebook groups, increasingly popular since we all started spending so much time at home.

In the US, Ring has an app of its own, called Neighbors, which lets people share, view and comment on crime and security information in their communities. It’s not available in the UK at the moment, and Ring won’t say whether it’s going to be. But the company has filed a patent for creating a “suspicious persons” database, using images taken by the doorbells. The machines currently don’t have facial recognition capabilities, unlike some rival products such as Google Nest.

More than 2,000 US police and fire departments have partnered with Ring. This allows them to contact users in a particular area and ask them to provide footage from the app to help with an investigation. In 2020, requests for footage were made relating to 22,335 incidents. Some police departments have offered discounted or free Ring doorbells in exchange for a promise to register them with law enforcement and submit requested footage.

But, in contrast to the experience of Suffolk constabulary’s Smith, US media reports have disputed Ring’s crime-busting effectiveness. In spite of some high-profile cases where a doorbell captured footage of a crime (the kidnapping of an eight-year-old girl in Fort Worth, for example), an investigation by NBC News found that there was little evidence of Ring leading to arrests or reducing crime overall. Rather, police were spending a lot of time reviewing footage of raccoons.

Ring says it doesn’t have any formal partnerships with police forces in the UK. “Police forces do not have access to Ring customers’ devices, recorded videos or live streams,” a spokesperson told me. “Police in the UK only have access to customers’ video recordings if a customer chooses to download and share them. Customers are in total control of the information they choose to share.”

They wouldn’t tell me how many Ring doorbells they’ve sold in the UK or in the world, but in various official communications they have referred to “millions”. In my road, roughly a quarter of doorbells are now video doorbells. In Luke Exelby’s street in Dunstable, it’s about half, he says.

A montage of front doors, all made to look like faces
Photo manipulation: Peter Crowther. Photographs: Getty Images, Alamy

Not everyone is thrilled about this. Silkie Carlo of civil liberties organisation Big Brother Watch has concerns about who else might be watching. She points towards reporting by The Intercept in 2019 which found Ring customer video feeds had been accessible, unencrypted, to the company’s Ukraine-based research and development team.

Carlo says it’s about data collection. “That’s the purpose of these devices; we’re really just on the precipice of this as an issue.” You buy the device, sign up to the plan, “then you’re in this data-sharing, cloud storage relationship with them, paying monthly fees. Their ability to be in your home, in your domestic environment, is hugely profitable, probably more so than the product.”

Mariano delli Santi, legal and policy officer at digital campaigning organisation Open Rights Group, says it’s part of a fundamental shift in the very nature of the internet. “The internet didn’t used to be a place where people were surveilled. Do you remember a cartoon of a dog surfing the internet, which says: on the internet, nobody knows you’re a dog? That’s what it used to be like.”

His example of how far it has come from that, and everyone (and his dog, presumably) knowing you’re a dog? “The United States surveillance programmes that were covered extensively by your newspaper.” He’s talking about the NSA files, as revealed by Edward Snowden in 2013. “The government realised that corporations had a huge pool of data about what people were conducting online. And they could just access that with data access requests.”

He’s not saying the same is going on with footage from video doorbells, only that it could. And that a network of cameras provided by the same company can be – and has been – abused. “It was abused, for example, during Black Lives Matter protests [in California in 2020]: police authorities in the US sent requests to owners of Ring doorbells to identify the people who were protesting.”

This kind of technology can promote racial profiling. In the US in 2019, Vice looked at more than 100 videos posted on the Neighbors app over a two‑month period, and found that the majority of people reported as “suspicious” were people of colour. In the same year, US Democratic senator Edward Markey wrote to Amazon chief executive Jeff Bezos raising concerns that collaborations between Ring and law enforcement could disproportionately affect minorities. He said sharing footage with police “could easily create a surveillance network that places dangerous burdens on people of colour” and fuel “racial anxieties”. More than 30 civil rights organisations wrote an open letter calling on US government officials to end Amazon Ring’s police partnerships.

Chris Gilliard, an expert in privacy and surveillance, as well as a professor of English at Macomb Community College, near Detroit, wasn’t surprised by the Vice reporting. “The problem with these technologies is that they exacerbate and allow people to amplify their existing prejudices,” he tells me on the phone from Michigan. “So if Ring didn’t exist, or Neighbors didn’t exist, and a racist person saw a black guy riding his bike down the street and they thought, ‘Oh, that guy doesn’t live in our neighbourhood,’ they had limited options of what they could do. They couldn’t take to a platform and broadcast it to dozens or hundreds of people.”

Ring has come under fire for a number of security breaches, with hackers able to access systems remotely. In 2019 an investigation by tech website Gizmodo found it could pinpoint the locations of tens of thousands of Ring users using data from posts on the Neighbors app. In January last year, four Ring employees were sacked for accessing customer video feeds in a manner that “exceeded what was necessary for their job functions”.

A Ring doorbell camera mounted on a featherboarded home
A Ring doorbell camera on a home. Photograph: Jessica Hill/AP

Ring says protecting customers’ privacy, security and control over their devices and personal information is paramount to them. In 2020, they launched an in-app dashboard that allows users to change privacy and security settings. They have also introduced a second layer of verification to help prevent unauthorised users gaining access to a Ring account, and will soon be rolling out end-to-end encryption to UK customers. Ring says that none of its employees have unrestricted access to customer data and all personal information is treated as highly confidential.

Gilliard, in Michigan, sees a sinister corporate plan. “A thing like Ring belongs on the entire spectrum of Amazon’s move towards surveillance and control – not only of workers, but also of consumers, and of space in general,” he says. “The intent is to create a massive web of surveillance in an attempt to try to shape the way people live their lives. It’s an attempt to replace a real sense of community with a notion of community that’s mediated by Amazon.”

Big Brother Watch’s Carlo has further concerns about what this kind of tech is doing to us. Is Silicon Valley enabling a generation of digital curtain-twitchers? “It effectively changes the nature of the world we live in,” she says. “The fact that when you walk down a street, your presence is being logged.”


Meet David from London – he’d rather not share his surname. He and his wife got a Ring doorbell after they moved into their new house, when their toddler was a baby. They were getting a lot of deliveries, and often weren’t in to receive them. “It’s very useful to be able to say: ‘Can you put it behind the bin,’” he says.

Plus they live in an area where there is some crime and antisocial behaviour. “It does make us feel a bit more secure.” Then there was an incident, a postman ringing the bell when neither of them was at home. “You can see him muttering something, I couldn’t quite make it out, but something like ‘for fuck’s sake’ or ‘fucking typical’. It was quite aggressive.”

David, who is signed up to the Ring Protect Plan, tweeted Royal Mail, attaching the footage. They said it wasn’t clear what the postman had said; as far as he knows, no action was taken. How would David have felt if the postie had been fired, I wonder, for swearing in frustration at work – something everyone has done – when he thought he was alone? Without the Ring doorbell, the incident wouldn’t have been an incident; David would never have known, and just come home to a note on the doormat. “It did make me think about that complaining culture and whether we are snooping,” he admits.

David says that his street’s WhatsApp group does sometimes share footage of people they think look suspicious, particularly after, say, someone’s car has been broken into. This, says Carlo, is a dangerous path to go down. “Neighbourhood citizen policing – we’re talking about a personal-tech-based surveillance state. I don’t think we’re there now, but in five, six, seven years we could create that kind of environment.”

A montage of front doors, all made to look like faces
Photo manipulation: Peter Crowther. Photographs: Getty Images, Alamy

David talks to his toddler on the doorbell, who calls it the ding-dong. Sometimes he uses it to check that their cleaner isn’t cutting hours; their previous cleaner was consistently leaving 20 minutes early. Babysitters, too. “I think it’s useful to have in the back of your mind that you know when people are coming or going.”

It is turning us all into spies, then. Carlo thinks so. “New technology lends itself to that. If you think, even 10 years ago, the lengths someone would have to go to, to get this kind of covert CCTV, with motion sensors, in the home. Now it’s the default, in a way.”

She thinks it is selling fear, because fear is almost as profitable as data – and that there are further dangers, even within the domestic environment. “You are recording the details of your life, and you can see how, when there is conflict, that could easily become part of the picture. Imagine what that would mean in the context of an abusive or controlling relationship: ‘You say you got back at 12 last night, but actually it was 12.30, or 1am.’ Or, ‘Why were you with that person?’”

Interesting that earlier, Det Supt Smith – who, incidentally, is fully aware of the civil liberties issues – was talking about how this technology is useful in fighting domestic violence; and now Carlo is talking about how it could also form part of the picture of domestic abuse or coercive control. Both right, I’m sure. Then there’s Luke Exelby, who says one of the reasons he got a Ring doorbell in the first place was to check up – in a worried dad way – on his four teenage daughters while he’s off working nights. “I keep telling them: text me when you get home. They never do, though. The notifications let me know when they get home. My kids know I’m not trying to spy on them.”

Ding ding ding, phone alert! It’s my girlfriend, leaving the house. She looks over at the doorbell, at me; she knows. Then she comes a bit closer, with a look that says don’t you bloody dare. Think I’ll leave it this time.

Source link

Technology

For a true display of wealth, dab printer ink behind your ears instead of Chanel No. 5 • The Register

Published

on

Printer ink continues to rank as one of the most expensive liquids around with a litre of the home office essential costing the same as a very high-end bottle of bubbly or an oak-aged Cognac.

Consumer advocate Which? has found that ink bought from printer manufactures can be up to 286 per cent more expensive than third-party alternatives.

Dipping its nib in one inkwell before delicately wiping off the excess on some blotting paper, Which? found that a multipack of colour ink (cyan, magenta, yellow) for the WorkForce WF-7210DTW printer costs £75.49 from Epson.

“This works out at an astonishing £2,410 a litre – or £1,369 for a pint,” said Which?.

The consumer outfit also reported that since the Epson printer also requires a separate Epson black cartridge for £31.99, it takes the combined cost of replacement inks for the Workforce printer to a wallet-busting £107.98.

On the other hand, if people ditched the brand and opted for a full set of black and colour inks from a reputable third-party supplier, it would cost just £10.99 – less than a tenth of the price.

Printing has become essential for plenty of workers holed up at home during the pandemic. The survey by Which? of 10,000 consumers found 54 per cent use their printer at least once a week. Which? said it estimates an inkjet cartridge would need to be replaced three times a year.

The report discovered tactics used by the big vendors to promote the use of “approved”, “original”, and “guaranteed” ink supplies.

It found Epson devices, for example, flagging up a “non-genuine ink detected” message on its LCD screen when using a non-Epson cartridge, and HP printers are actively blocking customers from using non-HP supplies.

Adam French, a consumer rights champion at Which?, reckons this situation is simply unacceptable.

“Printer ink shouldn’t cost more than a bottle of high-end Champagne or Chanel No. 5,” said French. “We’ve found that there are lots of third-party products that are outperforming their branded counterparts at a fraction of the cost.”

In a rallying call to consumers he said that third-party ink should be a personal choice and not “dictated by the make of your printer.”

“Which? will continue to make consumers aware of the staggering cost differences between own-brand and third-party inks and give people the information they need to buy the best ink for their printer,” he said.

Which is exactly what the Consumers Association said almost 20 years ago when it reported that printer ink cost around £1,700 a litre. Then – as now – the Consumer Association advised consumers to steer clear of brand-name printer cartridges and pick cheaper alternatives instead.

The survey by Which? found that 16 third party brands beat the big brands in terms of ink prices.

Epson wasn’t the only printer biz to be singled out for sky-high ink prices. Canon, and HP were fingered too.

For its part, Epson said customers “should be offered choice… to meet their printing needs” and listed a number of options including its EcoTank systems and a monthly Ink Subscription service.

And in a nod to anyone looking to save money by using a third party, Epson said: “Finally, as non-genuine inks are not designed or tested by Epson we cannot guarantee that these inks will not damage the printer. Whilst Epson does not prevent the use of non-Epson inks, we believe that it is reasonable, indeed responsible, that a warning is displayed as any damage caused by the use of the inks may invalidate the warranty.”

As part of its investigation, Which? found that some HP printers use a system called “dynamic security” which recognises cartridges that use non-HP chips and stops them from working.

HP has tried to battle against third party ink makers trying to capture supplies sales by overhauling the model of its printer business: by shifting to ink tanks printers that come pre-loaded with supplies for an estimated timeframe; or by selling the printer hardware for more upfront and allowing biz customers or consumers to buy the supplies they want.

In response to Which?, HP said it “offers quality, sustainable and secure print supplies with a range of options for customers to choose from, including HP Instant Ink – a convenient printing subscription service with over 9 million users that can save UK customers up to 70 per cent on ink costs, with ink plans starting at £0.99 per month.”

Reg readers may remember the kerfuffle around HP’s Instant Ink. The free plan was reinstated, sort of. For existing customers.

Over at Canon, a spokesperson said third-party ink products can work with its printers, but the “technology inside is designed to function correctly with our genuine inks which are formulated specifically to work with Canon technology.”

“Customers are encouraged to use genuine inks to ensure the longevity of their printer, and also to ensure that their final prints are of a standard we deem Canon quality. In addition, the use of third party inks invalidates the warranty of the printer.”

With almost four in ten (39 per cent) people saying that they do not use third-party cartridges because of fears that they might not work with their printer, it might go some way to explain why more than half (56 per cent) of the consumers quizzed said they persist with using potentially pricey original-branded cartridges despite cheaper alternatives being available. ®

Source link

Continue Reading

Technology

Repligen to create 130 new jobs in Waterford site expansion

Published

on

The project adds to the 74 people already employed at the Artesyn Biosolutions facility acquired by Repligen in 2020.

Repligen Corporation is undertaking an expansion of its Waterford site which will see 130 new jobs created, Tánaiste and Minister for Enterprise, Trade and Employment Leo Varadkar, TD, has announced.

The life sciences company is building a new 3,000 sq m facility which will be a centre of excellence for single-use consumable products used in bioprocessing applications. The site currently hosts a 1,000 sq m facility employing 74 people, which was established by Ireland’s Artesyn Biosolutions before that company was acquired by Repligen last November.

Repligen Corporation is a multinational that produces bioprocessing products for use in the pharmaceutical manufacturing process. Headquartered in Massachusetts, the company has sites across the United States and in Estonia, France, Germany, Sweden and the Netherlands, as well as here in Ireland.

According to the company, the new building will be certified silver on the Leadership in Energy and Environmental Design (LEED) rating system from the US Green Building Council. The consumable products manufactured there will be used in filtration and chromatography systems during the production of vaccines and other biopharmaceutical products.

Commenting on the announcement, Varadkar said: “This is excellent news from Repligen with the creation of 130 new jobs in Waterford. It comes on foot of a major jobs announcement by Bausch and Lomb. Waterford is on the move as a centre for jobs and investment.

“I wish the team the very best with their expansion plans.”

James Bylund, senior vice-president at Repligen, added: “We are thrilled to continue the collaboration with the Irish Government and the IDA that was initiated by the Artesyn team. This build-out is an important step in expanding our capacity and establishing dual manufacturing sites for key single-use consumable products used in manufacture of biological drugs.

“With its LEED Silver designation, the facility is closely aligned with our commitment to responsible growth and sustainability.”

Dr Jonathan Downey, managing director at the Waterford facility, said: “Having delivered beyond our commitment in 2019 to bring new jobs to the region through our development of high-end manufacturing capabilities, we are energised and excited about our integration with Repligen and this next phase of growth.

“In addition to our expansion of Artesyn products, and the transfer of manufacturing of certain of Repligen’s current products to our Irish operations, we expect to be utilising the Irish sites to advance additional research, development and innovation programs.”

Source link

Continue Reading

Technology

Emmanuel Macron ‘pushes for Israeli inquiry’ into NSO spyware concerns | France

Published

on

Emmanuel Macron has reportedly spoken to the Israeli prime minister, Naftali Bennett, to ensure that the Israeli government is “properly investigating” allegations that the French president could have been targeted with Israeli-made spyware by Morocco’s security services.

In a phone call, Macron expressed concern that his phone and those of most of his cabinet could have been infected with Pegasus, hacking software developed by the Israeli surveillance firm NSO Group, which enables operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones from infected devices.

The leaked database at the heart of the Pegasus project includes Macron’s mobile phone number.

NSO has said Macron was not a “target” of any of its customers, meaning the company denies he was selected for surveillance using Pegasus. The company says that the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus.

The Pegasus project could not examine the mobile phones of the leaders and diplomats, and could therefore not confirm whether there had been any attempt to install malware on their phones.

Quick Guide

What is in the Pegasus project data?

Show

What is in the data leak?

The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group, which sells surveillance software. The data also contains the time and date that numbers were selected, or entered on to a system. Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International initially had access to the list and shared access with 16 media organisations including the Guardian. More than 80 journalists have worked together over several months as part of the Pegasus project. Amnesty’s Security Lab, a technical partner on the project, did the forensic analyses.

What does the leak indicate?

The consortium believes the data indicates the potential targets NSO’s government clients identified in advance of possible surveillance. While the data is an indication of intent, the presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempt succeeded. The presence in the data of a very small number of landlines and US numbers, which NSO says are “technically impossible” to access with its tools, reveals some targets were selected by NSO clients even though they could not be infected with Pegasus. However, forensic examinations of a small sample of mobile phones with numbers on the list found tight correlations between the time and date of a number in the data and the start of Pegasus activity – in some cases as little as a few seconds.

What did forensic analysis reveal?

Amnesty examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration. For the remaining 30, the tests were inconclusive, in several cases because the handsets had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, phones that use Android do not log the kinds of information required for Amnesty’s detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Amnesty shared “backup copies” of four iPhones with Citizen Lab, a research group at the University of Toronto that specialises in studying Pegasus, which confirmed that they showed signs of Pegasus infection. Citizen Lab also conducted a peer review of Amnesty’s forensic methods, and found them to be sound.

Which NSO clients were selecting numbers?

While the data is organised into clusters, indicative of individual NSO clients, it does not say which NSO client was responsible for selecting any given number. NSO claims to sell its tools to 60 clients in 40 countries, but refuses to identify them. By closely examining the pattern of targeting by individual clients in the leaked data, media partners were able to identify 10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. Citizen Lab has also found evidence of all 10 being clients of NSO.

What does NSO Group say?

You can read NSO Group’s full statement here. The company has always said it does not have access to the data of its customers’ targets. Through its lawyers, NSO said the consortium had made “incorrect assumptions” about which clients use the company’s technology. It said the 50,000 number was “exaggerated” and that the list could not be a list of numbers “targeted by governments using Pegasus”. The lawyers said NSO had reason to believe the list accessed by the consortium “is not a list of numbers targeted by governments using Pegasus, but instead, may be part of a larger list of numbers that might have been used by NSO Group customers for other purposes”. They said it was a list of numbers that anyone could search on an open source system. After further questions, the lawyers said the consortium was basing its findings “on misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers’ targets of Pegasus or any other NSO products … we still do not see any correlation of these lists to anything related to use of NSO Group technologies”. Following publication, they explained that they considered a “target” to be a phone that was the subject of a successful or attempted (but failed) infection by Pegasus, and reiterated that the list of 50,000 phones was too large for it to represent “targets” of Pegasus. They said that the fact that a number appeared on the list was in no way indicative of whether it had been selected for surveillance using Pegasus. 

What is HLR lookup data?

The term HLR, or home location register, refers to a database that is essential to operating mobile phone networks. Such registers keep records on the networks of phone users and their general locations, along with other identifying information that is used routinely in routing calls and texts. Telecoms and surveillance experts say HLR data can sometimes be used in the early phase of a surveillance attempt, when identifying whether it is possible to connect to a phone. The consortium understands NSO clients have the capability through an interface on the Pegasus system to conduct HLR lookup inquiries. It is unclear whether Pegasus operators are required to conduct HRL lookup inquiries via its interface to use its software; an NSO source stressed its clients may have different reasons – unrelated to Pegasus – for conducting HLR lookups via an NSO system.

Thank you for your feedback.

The Macron-Bennett phone call reportedly took place on Thursday, but was first reported by Israel’s Channel 12 News on Saturday evening after the end of Shabbat, the Jewish day of rest.

The prime minister’s office has declined to comment on the phone call or the two leaders’ conversation. According to Channel 12, an unnamed source said Bennett had stressed that the alleged events occurred before he took office in May, and that a commission was examining whether rules on Israel’s export of cyberweapons such as Pegasus should be tightened.

The Pegasus project – a consortium of 17 media outlets, including the Guardian – revealed last week that government clients around the world have used the hacking software sold by NSO to target human rights activists, journalists and lawyers.

The investigation has been based on forensic analysis of phones and analysis of a leaked database of 50,000 numbers, including that of Macron and those of heads of state and senior government, diplomatic and military officials, in 34 countries.

In multiple statements, NSO said the fact a number appeared on the leaked list was in no way indicative of whether it was selected for surveillance using Pegasus. “The list is not a list of Pegasus targets or potential targets,” the company said. “The numbers in the list are not related to NSO Group in any way.”

But the list is believed to provide insights into those identified as persons of interest by NSO’s clients. It includes people whose phones showed traces of NSO’s signature phone-hacking spyware, Pegasus, according to forensic analysis of their devices. The analysis was conducted by Amnesty International’s security lab, which discovered traces of Pegasus-related activity on 37 out of 67 phones that it analysed.

Q&A

What is the Pegasus project?

Show

The Pegasus project is a collaborative journalistic investigation into the NSO Group and its clients. The company sells surveillance technology to governments worldwide. Its flagship product is Pegasus, spying software – or spyware – that targets iPhones and Android devices. Once a phone is infected, a Pegasus operator can secretly extract chats, photos, emails and location data, or activate microphones and cameras without a user knowing.

Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International had access to a leak of more than 50,000 phone numbers selected as targets by clients of NSO since 2016. Access to the data was then shared with the Guardian and 16 other news organisations, including the Washington Post, Le Monde, Die Zeit and Süddeutsche Zeitung. More than 80 journalists have worked collaboratively over several months on the investigation, which was coordinated by Forbidden Stories.

Thank you for your feedback.

While the rest of the world grapples with the seismic consequences of the revelations, in Israel reaction has been muted. Meretz, a leftwing party long in opposition but now part of the new government coalition, has asked the defence ministry for “clarification” on the issue, but no party is seeking a freeze of export licences or an inquiry into NSO’s close links to the Israeli state under the tenure of the former prime minister Benjamin Netanyahu.

The defence minister, Benny Gantz, has defended export licences for the hacking tools, claiming that “countries that purchase these systems must meet the terms of use”, which are solely for criminal and terrorism investigations.

But as the mammoth impact of the disclosures has become clearer, the diplomatic pressure on Israel is mounting. On Thursday, the senior Israeli MP Ram Ben-Barak – a former deputy head of the Mossad spy agency – confirmed that the Israeli defence establishment had “appointed a review commission made up of a number of groups” to examine whether policy changes were needed regarding sensitive cyber exports.

US defence officials have also asked their Israeli counterparts for more details on the “disturbing” disclosures stemming from the Pegasus project, the Israeli newspaper Haaretz reported on Saturday.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!