when governments hack opponents

When Governments Hack Opponents Bill Marczak First, Bahraini - PowerPoint PPT Presentation

Aug 20, 2023 •242 likes •902 views

When Governments Hack Opponents Bill Marczak First, Bahraini jailers armed with stifg rubber hoses beat the 39-year-old school administrator and human rights activist in a windowless room... Then, they dragged him upstairs for questioning by

  1. When Governments Hack Opponents Bill Marczak

  4. First, Bahraini jailers armed with stifg rubber hoses beat the 39-year-old school administrator and human rights activist in a windowless room... Then, they dragged him upstairs for questioning by a uniformed offjcer armed with another kind of weapon: transcripts of his text messages and details from Abdul Ghani al-Khanjar Bahraini Activist personal mobile phone conversations...

  6. Activist communication tools...

  10. “Cred”

  13. If you get a suspicious email or message, send it to me!

  14. If you get a suspicious email or message, send it to me! Hey Bill, I got a weird email! Ahmed Mansoor UAE Activist

  15. The Data

  18. Order to uncover the user of an IP address of @alkawarahnews Batelco (residential ISP) Mohammed Salah Acting Chief Prosecutor, Capital Region

  19. “It is a secret investigation involving private methods of our department that cannot be disclosed” Col. Fawaz al-Sumaim Bahrain Cyber Crime Unit

  20. (Arrested activist) Greetings, I am a translator of the revolution. Do you need translation of this?

  21. (Arrested activist) Greetings, I am a translator of the revolution. Do you need translation of this?

  22. (Arrested activist)

  23. (Arrested activist)

  26. Sketch: Social Engineering

  27. “New secrets about torture of Ahmed Mansoor Emiratis in state prisons” UAE Activist

  28. Nice Bait, we’ll take it!

  29. Nice Bait, we’ll take it! Factory-Reset iPhone (Wi-Fi Only)

  30. Nice Bait, we’ll take it! Wi-Fi Factory-Reset Intercept & iPhone record Internet (Wi-Fi Only) traffjc

  31. Nice Bait, we’ll take it! Wi-Fi Factory-Reset Intercept & The Internet iPhone record Internet (Wi-Fi Only) traffjc

  32. Nice Bait, we’ll take it! Wi-Fi Factory-Reset Intercept & The Internet iPhone record Internet (Wi-Fi Only) traffjc Type in the link from Mansoor...

  33. … and what happens next will SHOCK YOU! Safari window closes!

  34. … and what happens next will SHOCK YOU! Safari window closes! Tring [sic] to download bundle!

  35. CVE-2016-4657 Visiting a maliciously crafted website may lead to arbitrary code execution CVE-2016-4655 An application may be able to disclose kernel memory CVE-2016-4656 An application may be able to execute arbitrary code with kernel privileges

  36. CVE-2016-4657 Visiting a maliciously crafted website may lead to arbitrary code execution CVE-2016-4655 An application may be able to disclose kernel memory CVE-2016-4656 An application may be able to execute arbitrary code with kernel privileges

  40. Attribution

  42. When we clicked again, redirect to: https://sms.webadv.co/redirect.aspx

  43. When we clicked again, redirect to: https://sms.webadv.co/redirect.aspx <html><head><meta http-equiv='refresh' content='0;url=http://www.google.com' /><meta http-equiv='refresh' content='1;url=http://www.google.com' /><title></title></head><body></body></html>

  44. When we clicked again, redirect to: https://sms.webadv.co/redirect.aspx <html><head><meta http-equiv='refresh' content='0;url=http://www.google.com' /><meta http-equiv='refresh' content='1;url=http://www.google.com' /><title></title></head><body></body></html> Wow, that's weird!

  46. plan: Use zmap to Fetch /redirect.aspx from every ipv4 address (2 32 = 4,294,967,296 ) 1. 2. Check which responses are the same as our fingerprint: <html><head><meta http-equiv='refresh' content='0;url=http://www.google.com' /><meta http-equiv='refresh' content='1;url=http://www.google.com' /><title></title></head><body></body></html>

  47. Result: 149 ip addresses New plan: look at historical internet scanning data for the 149 ip addresses https://shodan.io/ https://censys.io/ https://opendata.rapid7.com/

  48. Result: 19 ip addresses returned in response to a fetch for / \xef\xbb\xbf<HTML><HEAD><META HTTP-EQUIV="refresh" CONTENT="0;URL=http://www.google.com/"> <TITLE></TITLE></HEAD><BODY> </BODY></HTML>

  49. Result: 19 ip addresses returned in response to a fetch for / \xef\xbb\xbf<HTML><HEAD><META HTTP-EQUIV="refresh" CONTENT="0;URL=http://www.google.com/"> <TITLE></TITLE></HEAD><BODY> </BODY></HTML> New plan: what else returned this?

  50. Result: 19 ip addresses returned in response to a fetch for / \xef\xbb\xbf<HTML><HEAD><META HTTP-EQUIV="refresh" CONTENT="0;URL=http://www.google.com/"> <TITLE></TITLE></HEAD><BODY> </BODY></HTML> New plan: what else returned this? Result: 89 IP addresses including: Admin Organization: Nso Group Admin Street: P.O Box 4166 Admin City: Hertzelia Admin Country: IL Admin Email: IT@nsogroup.com

  51. "NSO Group is a leader in the field of Cyber warfare." “… a powerful and unique monitoring tool, called Pegasus , which allows remote and stealth monitoring and full data extraction from remote targets devices via untraceable commands." "...exclusively for the use of Government, Law Enforcement and Intelligence Agencies."

  52. Fingerprint #1 Fingerprint #2 19 IPs Ahmed Mansoor 2013-2014 2016

  54. Why do NSO servers return Google redirects? <html><head><meta http-equiv='refresh' content='0;url=http://www.google.com' /><meta http-equiv='refresh' content='1;url=http://www.google.com' /><title></title></head><body></body></html> \xef\xbb\xbf<HTML><HEAD><META HTTP-EQUIV="refresh" CONTENT="0;URL=http://www.google.com/"> <TITLE></TITLE></HEAD><BODY> </BODY></HTML>

  55. Why do NSO servers return Google redirects? <html><head><meta http-equiv='refresh' content='0;url=http://www.google.com' /><meta http-equiv='refresh' content='1;url=http://www.google.com' /><title></title></head><body></body></html> \xef\xbb\xbf<HTML><HEAD><META HTTP-EQUIV="refresh" CONTENT="0;URL=http://www.google.com/"> <TITLE></TITLE></HEAD><BODY> </BODY></HTML> Decoy Page: “redirect or customize undesired remote … landing on the server”

  56. Fake Apache Decoy Pages (Hacking Team)

  57. Fake Apache Decoy Pages (Hacking Team) Apache Hacking Team HTTP/1.1 404 Not Found HTTP/1.1 404 NotFound Date: $DATE Connection: close Server: $SERVER Content-Type: text/html Content-Length: $LENGTH Content-length: $LENGTH Connection:close Server: Apache/2.4.4 (Unix) OpenSSL/1.0.0g Content-Type: text/html ; charset=$CHARSET

  58. Fake Apache Decoy Pages (FinFisher) Apache FinFisher HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden Date: $DATE GMT Date: $DATE UTC Server: Apache Server: Apache Vary: Accept-Encoding Vary: Accept-Encoding Content-Length: 321 Content-Length: 321 Content-Type: text/html; charset=iso-8859-1 Content-Type: text/html; charset=iso-8859-1

  59. Fake Apache Decoy Pages (FinFisher) Apache FinFisher <html><body><h1>It <!DOCTYPE HTML PUBLIC ``-//IETF//DTD HTML works!</h1></body></html> 2.0//EN''> <html> <head> <title>200 OK</title> </head> <body> <h1>It works!</h1> </body></html>

  60. Spyware Command-and-Control

  61. Command and Control Victim Victim

  62. Command and Control Victim Proxy Proxy Proxy Victim "The Cloud"

  63. Command and Control Victim Proxy Monitoring Center Proxy Proxy Gateway / Firewall C&C Server Victim Government Agency Premises "The Cloud"

  64. Command and Control Scanning finds these... Victim Proxy Monitoring Center Proxy Proxy Gateway / Firewall C&C Server Victim Government Agency Premises "The Cloud"

  65. Command and Control Scanning finds these... Victim Proxy Monitoring … but not Center these Proxy Proxy Gateway / Firewall C&C Server Victim Government Agency Premises "The Cloud"

Recommend

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes Viral on Twitter By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

1.1k views • 3 slides
FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1 FC2015-RSDYK - Hack Pilot project: RSDYK2008 Trial to establish whether remote sensing in combination with geological knowledge can be used for

826 views • 10 slides
Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want FREEDOM! We want to use PEP313! Before we hack, Learn the internals Lexing - Tokenization - Read #define NEWLINE 4 #define INDENT

670 views • 36 slides
SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make Your Boots Slip-Proof May 18, Attach your Water hose. Wet your slide, this just helps for the first few slides. Once the kids get going, their

308 views • 3 slides
ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly 1, Paintings and Drawings by Vincent van Gogh Digitized and Put Online | Hacker News For people who don't live close to huge cities with big

269 views • 3 slides
Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications? Security Compass and NFC Currently we are devoting a lot of energy towards NFC

704 views • 35 slides
SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland university computer science 1 Another kind of CFGs p D ( ) x e x e D ( ) q Effects on edges. Nodes called Nodes are

310 views • 19 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland university computer science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy from x 2

223 views • 20 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland University, Computer Science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy

394 views • 22 slides
Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017 Saarland University, Computer Science 1 Code Generation Consists (roughly) of three parts: 1. Instruction Selection Select processor instructions for

282 views • 9 slides
Use of Subpoenas to Obtain Evidence Finding and Obtaining Admissions by Opponents on Twitter,

Use of Subpoenas to Obtain Evidence Finding and Obtaining Admissions by Opponents on Twitter,

Presenting a live 90-minute webinar with interactive Q&amp;A Securing Social Media Admissions: Investigative Strategies, Spoliation Warnings, Use of Subpoenas to Obtain Evidence Finding and Obtaining Admissions by Opponents on Twitter,

777 views • 73 slides
Artificial Intelligence Opponents that are challenging, or allies that are helpful Unit

Artificial Intelligence Opponents that are challenging, or allies that are helpful Unit

2/17/2012 Introduction to Artificial Intelligence (AI) Many applications for AI Computer vision, natural language processing, speech recognition, search But games are some of the more interesting Artificial Intelligence Opponents

303 views • 8 slides
Bicycle and Pedestrian Traffic Counts Transportation Task Force Bicycle and Pedestrian

Bicycle and Pedestrian Traffic Counts Transportation Task Force Bicycle and Pedestrian

North Central Texas Council of Governments North Central Texas Council of Governments North Central Texas Council of Governments North Central Texas Council of Governments North Central Texas Council of Governments North Central Texas Council

649 views • 38 slides
JANE DE GRAAFF #JoyfulFood advocate | Kitchen Hack Queen | TV Presenter | Food Writer | Public

JANE DE GRAAFF #JoyfulFood advocate | Kitchen Hack Queen | TV Presenter | Food Writer | Public

JANE DE GRAAFF #JoyfulFood advocate | Kitchen Hack Queen | TV Presenter | Food Writer | Public Speaker &amp; MC JANE DE GRAAFF #JoyfulFood advocate | Kitchen Hack Queen | TV Presenter | Food Writer | Public Speaker &amp; MC About Jane:

644 views • 5 slides
Large-scale statistical computing Hack-a-thon 17-18th March Atlanta Agenda Introduction

Large-scale statistical computing Hack-a-thon 17-18th March Atlanta Agenda Introduction

Large-scale statistical computing Hack-a-thon 17-18th March Atlanta Agenda Introduction Hack-a-thon PatientLevelPrediction R-package Track 1: Unit testing and continuous integration Track 2: Code base improvements Track 3: Learning

440 views • 28 slides
Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis Introduction Winter Semester 2014 Slides based on: H. Seidl, R. Wilhelm, S. Hack: Compiler Design, Volume 3, Analysis and Transformation, Springer

616 views • 27 slides
Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for

Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for

Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for Measurement Tools BECHA@ripe.net / @Ms_Multicolor BalCCoN 2014 | Novi Sad 1 Overview 2 Short intro to RIPE, RIPE NCC What is IPv6 &amp;

906 views • 74 slides
A Novel Method for Predicting the Power Output of Distributed Renewable Energy Resources

A Novel Method for Predicting the Power Output of Distributed Renewable Energy Resources

A Novel Method for Predicting the Power Output of Distributed Renewable Energy Resources Athanasios Aris Panagopoulos 1 Supervisor: Georgios Chalkiadakis 1 Technical University of Crete, Greece A thesis submitted to the Department of Electronic

561 views • 30 slides
Visual Object Tracking: An overview P a n H e , P h . D s t u d e n t @ U F M A L T L a b h

Visual Object Tracking: An overview P a n H e , P h . D s t u d e n t @ U F M A L T L a b h

Visual Object Tracking: An overview P a n H e , P h . D s t u d e n t @ U F M A L T L a b h t t p s : / / b e s t s o n n y . g i t h u b . i o / Tracking of single, arbitrary objects Problem. Track an arbitrary object with the sole

655 views • 41 slides
Mayor For a Day clickable Woodstock Museum National Historic Site Helpful words to know

Mayor For a Day clickable Woodstock Museum National Historic Site Helpful words to know

Mayor For a Day clickable Woodstock Museum National Historic Site Helpful words to know candidate = a person who applies to run in an election for a specific government position campaign = set time or action, in advance of an election, where

698 views • 11 slides
Document-oriented Prover Interaction with Isabelle/PIDE Makarius Wenzel Univ. Paris-Sud,

Document-oriented Prover Interaction with Isabelle/PIDE Makarius Wenzel Univ. Paris-Sud,

Document-oriented Prover Interaction with Isabelle/PIDE Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI December 2013 Project Paral-ITP ANR-11-INSE-001 Abstract LCF-style proof assistants like Coq, HOL, and Isabelle have been traditionally

500 views • 35 slides
The Better Care Exchange 30 th April 2015 Plan for the session Thanks for joining the webinar to

The Better Care Exchange 30 th April 2015 Plan for the session Thanks for joining the webinar to

The Better Care Exchange 30 th April 2015 Plan for the session Thanks for joining the webinar to launch the Better Care Exchange! Were really excited to share information about the tool and discuss how it can help you to deliver better care.

611 views • 22 slides
Mailing List Discussion: ppvpn@ppvpn.francetelecom.com (Un)Subscribe:

Mailing List Discussion: ppvpn@ppvpn.francetelecom.com (Un)Subscribe:

Chair(s): Rick Wilder rwilder@masergy.com Marco Carugi marco.carugi@francetelecom.com Mailing List Discussion: ppvpn@ppvpn.francetelecom.com (Un)Subscribe: sympa@ppvpn.francetelecom.com (UN)SUBSCRIBE ppvpn in the body

764 views • 16 slides
The Pompeii Bibliography and Mapping Project: A new Resource for Pompeii, a new Model Complex

The Pompeii Bibliography and Mapping Project: A new Resource for Pompeii, a new Model Complex

The Pompeii Bibliography and Mapping Project: A new Resource for Pompeii, a new Model Complex for Classical Sites Has it been done before? How do I do it? But 15,000+ total citations Pic of GYG (Was) Hard to access: expensive

428 views • 19 slides

More recommend