Rendered at 16:48:25 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
petcat 2 days ago [-]
> In May 2026, Kouloglou contacted the Citizen Lab and we conducted a forensic analysis of artifacts from his iPhone. We found with high confidence that his device was successfully infected with Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.
matheusmoreira 2 days ago [-]
I wonder if we can forensically analyze our own phones to see if some nutjob with Pegasus has targeted us as well.
How many nutjobs with Pegasus are really running around out there?
bigiain 2 days ago [-]
Too many. By which I mean "more than zero". And yes, I'm including nation states as "nutjobs" for the purposes of this calculation.
chatmasta 2 days ago [-]
I think OP is more worried about one nutjob with a lot of targets.
beng-nl 8 hours ago [-]
Phegasus
0123456789ABCDE 1 days ago [-]
wouldn't that burn the capability rather quickly though?
theoreticalmal 2 days ago [-]
If I could deploy Pegasus to randoms, I probably would. Wouldn’t do anything with it, but it’d be a cool project
echoangle 2 days ago [-]
You would probably have to pay for it and wouldn’t then waste the opportunity on random targets without an expected payout, right?
catlifeonmars 2 days ago [-]
> you would probably have to pay for it
_probably_ is doing the heavy lifting here
2 days ago [-]
VWWHFSfQ 2 days ago [-]
>> Further validating our finding of targeting, our forensic analysis shows Kouloglou received multiple Apple threat notifications about targeting with mercenary spyware on three occasions: March 2, 2023, August 29, 2023, and April 10, 2024. It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.
>> Kouloglou reports to us that he did not recall receiving the Apple notifications we observed.
Am I understanding this correctly that Apple sent him notifications that he was being monitored and he ignored them?
pmontra 2 days ago [-]
"he did not recall receiving the Apple notifications" so he didn't notice them.
bawolff 2 days ago [-]
That is kind of surprising given he is on the comittee investigating pegasus. I'd assume someone on the comittee would be paying much more attention to this than a normal person.
I wonder what triggered him to suspect he was hacked then. Since presumably something triggered him to have his phone forensically investigated.
goobatrooba 22 hours ago [-]
People seem to have this fiction that parliamentarians working on a committee actually have some expertise. This can happen but is actually rare. They are not elected for skill but for political reasons, and then the parties pawn them to different committees.
So in other words he probably speaks about security, whatever his staffers feed him, but most likely has no clue whatsoever what it's about.
isodev 1 days ago [-]
> That is kind of surprising
Have you seen notifications on iOS? There are even notifications for the notifications.
But this type of notification I believe is delivered via iMessage and email. So unless you’re actively using iMessage or your icloud email then chances are all this is practically invisible.
tyre 2 days ago [-]
Or that Apple could either run searches on the names of affected users against publicly known members of government or have close relationship with governments to flag exactly this.
DANmode 2 days ago [-]
If he knew he was compromised, and was okay with it for one reason or another (like money or other coercion), this is what his cleanup would look like.
Not saying this is likely. Just another possibility.
arka2147483647 2 days ago [-]
Could those have been intercepted or suppressed somehow?
stavros 2 days ago [-]
It's possible, if the attacker controls the device enough. I don't think a big "you're being targeted" warning is something you don't notice, or forget.
chatmasta 2 days ago [-]
Do they send them via notification infrastructure or email? Personally I almost never check the email associated with my Apple ID so I would miss those. But if all my Apple devices were notifying me and I had a badge in Settings.app, I’d notice.
Then again, you’d think that’s the kinda thing malware developers would spend some time learning to hide from the user.
captn3m0 2 days ago [-]
Do we know how Apple sends these? Is it just a notification, or also email?
I wonder how they detect it, is it for known IOCs that they've already found elsewhere, or do they have heuristic detection that flags things that might need further investigation.
lostlogin 2 days ago [-]
I could be wrong here, but I can’t see any way of viewing old notifications.
It isn’t hard to accidentally dismiss one then wonder what it was. Why there isn’t there an interface for looking back?
Edit: below it says there are emails and notices on web login.
wwind123 1 days ago [-]
If a notification is dismissed on iphone, there's indeed no central UI to see it again on the phone. That's a sad state of iphone. Many people have asked, but Apple just doesn't care enough to do it. Now I hope this kind of high-profile security incidents could nudge Apple towards taking action.
brookst 1 days ago [-]
Any source for that “Apple just doesn’t care”, as opposed to thinking there are security/privacy tradeoffs or other considerations that cut against such a feature?
crewindream 1 days ago [-]
Ok, apple does not care, but gives “security/privacy” consideration as a public reason for not doing anything.
wwind123 22 hours ago [-]
With modern cryptography techniques, Apple could certainly do it if they cared enough. I guess the potential benefit doesn't justify the potential effort and cost related to the change, from Apple management point of view.
Y-bar 1 days ago [-]
If Apple can store the sms/iMessage, and email history, and health/journal history, and my Wallet payment history, in a safe manner I would think Apple can store notification history in a safe manner. How would notifications be meaningfully different from these?
I think the proof of Apple’s level of care is in their lack of attention to this issue.
DANmode 1 days ago [-]
> How would notifications be meaningfully different from these?
Ephemeral transit layer owned by third-parties constantly,
vs
cold storage of secrets your architecture owns from start to finish.
Y-bar 1 days ago [-]
> Ephemeral transit layer owned by third-parties constantly
This is a good description of SMS and RCS.
23 hours ago [-]
DANmode 1 days ago [-]
and also a good description of Apple APN notifications being pushed to a Garmin watch,
or a car,
or your off-brand earbuds.
Y-bar 1 days ago [-]
Which, again, is not meaningfully different. Yet it seems you insinuated so. Can you explain in detail?
DANmode 23 hours ago [-]
Hopefully it wasn’t you who flagged me after asking me to explain in detail…
Y-bar 11 hours ago [-]
I did not flag you, but I certainly see why someone might.
DANmode 5 hours ago [-]
Go on.
23 hours ago [-]
DANmode 23 hours ago [-]
[flagged]
kakacik 1 days ago [-]
If they cared, they would give user triple confirm option to choose for example.
Oh wait this is apple, they always know whats best for the user and do the choices for them, even when wrong. So all is as expected
CalRobert 1 days ago [-]
Or he lied about noticing them to avoid embarrassment.
saintfire 2 days ago [-]
I mean his device was pwnd completely. Its not a stretch that attempts to warn are suppressed.
That or he didn't notice or could have assumed the notice itself was one of many phishing attempts against large orgs.
If I saw a notification that my account was compromised by Pegasus I'd personally assume phishing.
stavros 2 days ago [-]
Kouloglou is a famous investigative journalist, not you and me. Yes you and I might think we're being scammed, but someone who actually spent a lot of their life getting death threats probably would pay more attention.
benjiro29 2 days ago [-]
Fairly sure that if anybody using a advanced piece of hacking software, they are also going to delete any messages that are related to detection of such hardware.
PC viruses used to do that stuff going back so many years ago. Suppressing any notification under Windows, by disabling the AV software, its notifications, windows notifications related to it.
So it will amaze me that this is not done by any modern espionage software. Especially as the notification methods are known. Given that his device is hacked, that means a lot of avenues are under control of the espionage software. Even mails etc ... So impersonating the end user, to confirm they read a warning, is extreme easy.
I find it rather odd that people are so fixated on the idea if Kouloglou read it or not.
stavros 2 days ago [-]
Maybe the software can only exfiltrate information, rather than change it.
benjiro29 2 days ago [-]
If i was going to write software on this level, that will be used by governments. There is no way, its going to be a nice little program that only extract information.
Its going to have every trick in the book (and outside it), to stay hidden. And it will have payloads to alter its behavior, updates, etc...
Nobody is going to pay you big fat money envelops for software that anybody can write in a afternoon. You want it to be as capable as ever, and you do not want it found!
stavros 2 days ago [-]
I mean maybe the exploits they found weren't good enough to allow them to do whatever they want with the phone.
EA-3167 2 days ago [-]
That seems to be the case, although he claims to have somehow missed them. Overall this is one of those stories that's obviously an outrage, except for the fact that every country on Earth spies on the rest, and quite a few private entities do as well. Still the way the game is played if you get caught you have to act ashamed, and the people catching you get to gloat.
It's silly, but it's a show the public never tires of.
healthworker 2 days ago [-]
In this case he was investigating misuse of Pegasus spyware specifically, and was targeted with it while doing so. That's obstruction of justice, morally speaking, and would feel very scary, in that it would make you feel that this company might be so powerful that investigating it is personally dangerous.
EA-3167 2 days ago [-]
That's certainly the feeling the story is meant to engender yes.
crewindream 1 days ago [-]
Alternate spin: He now has a conflict of interest. He’s now too biased to work on the committee.
DANmode 1 days ago [-]
For who?
hammock 2 days ago [-]
The US does not spy on Five Eyes government leadership or that of Israel. And perhaps more: in the wake of Snowden, which obliterated many diplomatic relationships the U.S. has with other countries, Obama issued a directive that the U.S. would not monitor heads of state and government of close friends and allies (even outside Five Eyes) unless there was a compelling national security reason. As far as we know that directive has remained in force with each successive administration as well.
They spy on most others though. Germany’s Merkel, successive French presidents etc all had their phones hacked by US there is widely reported news of.
"In December 2010, leaked US diplomatic cables indicated senior New Zealand Defence Ministry officials had been spying for the United States, secretly briefing the United States embassy on Cabinet discussions about the Iraq War."
Nothing has changed post-Snowden, other than that the general public have gone back into a state of apathy on the subject of reigning in their out of control surveillance state.
aetch 1 days ago [-]
I didn’t say anything has changed, the 2010 example he mentioned is pre Snowden.
matheusmoreira 2 days ago [-]
> The US does not spy on Five Eyes government leadership or that of Israel.
Doubt.
> unless there was a compelling national security reason
There always is.
EA-3167 2 days ago [-]
Absolutely, and there's the same compelling reason for them to spy on the on the US in turn. I can't emphasize this enough, everyone is spying on everyone else. Close alliances give the impression that they don't because they tend to handle scandals in-house, it's for everyone's benefit to do so in most cases. Snowden's disclosure was a very unusual event and put everyone in a position of needing to act shocked, appalled, and put on a big show for the public; sweeping it under the rug was impossible. For all that many here would wish otherwise, Snowden wasn't a watershed though, it was a blip.
hammock 2 days ago [-]
> Doubt
Can you substantiate your doubt with even one piece of hard evidence?
matheusmoreira 2 days ago [-]
Sure. The NSA exists, and it routinely violates the rights of the USA's own citizens, the ones that actually have constitutional rights. The idea that it would suddenly draw the line on foreigners is just absurd.
MomsAVoxell 2 days ago [-]
It violates everyones’ human rights - not just the US’ own citizens - because human rights are universal whether some American thinks it or not.
jonnybgood 2 days ago [-]
Yes, the US has an intelligence agency called the NSA, which works with intelligence agencies in the five eyes. There is something called the five eyes agreement that does draw that line.
matheusmoreira 2 days ago [-]
> There is something called the five eyes agreement that does draw that line.
> In 1951, Mossad and the Central Intelligence Agency agreed not to spy on each other and US and Israeli services cooperated closely since then.
> Nevertheless, there were strong indications afterwards of ongoing Israeli espionage against the United States, confirmed by the 1985 arrest of Israeli spy Jonathan Pollard, one of the most damaging security leaks in US history.
> Israeli espionage reached a high-profile peak in the mid-1980s, shattering assumptions that allies "do not spy on each other".
senordevnyc 1 days ago [-]
I'm curious what peril your cynicism about the five eyes agreement has saved you from.
matheusmoreira 23 hours ago [-]
The peril of sleeping easy at night, comfortable in the fantasy where no one would ever spy on me just because they pinky promised not to. Not keen on believing evil bits either.
crewindream 1 days ago [-]
1. I think burden of proof is on the opposite side. (Previous legislations/directives were circumvented without problem)
2.Asking for hard evidence of top spies secretly spying on heads of other states is … (not sure if there is a word for it; some blend between: unrealistic, unreasonable and oxymoron’ish. If they do their job well, you will not find it out, also it might be illegal or punishable to present such evidence)
Hizonner 2 days ago [-]
Can you substantiate your certainty with anything other than the public statements of people whose job is to lie about things like that?
benjiro29 2 days ago [-]
> As far as we know that directive has remained in force with each successive administration as well.
People can state a lot, as long as your not caught.
Nothing prevent you from having the UK spy on the Germans, and feeding that intel back. Or Israel, or ... Hey, the US did not spy on a EU ally. Well, not directly and it neatly bypassed any official statements.
They might have simply gone to one of those secret court hearings and have it bypassed with a gag order in place. Officially its not done, unofficially, its been approved.
The whole "as long as you do not tell me your doing it" approach, and the politicians involve maintain deniability (even if they had the wink).
And you do not need to specific target the head off state. Plenty of side routes to still get information on meetings, that involve those heads of states. Even if your not "directly" spying on them.
So no, its a naïve way of thinking. Maybe in 20 years from now we find out, that they did spy on EU leaders. Maybe directly, maybe indirectly ... even with that directive in place. I will be amazed if they did not. Its the US we are talking about.
codedokode 1 days ago [-]
> unless there was a compelling national security reason
But there never is a lack of compelling national security reasons.
kakacik 1 days ago [-]
There is some directive (not law, not constitution - not that those are untouchable now) and we expect current us government to adhere to it, just because it would be nice?
Color me extremely sceptical.
Hizonner 2 days ago [-]
> every country on Earth spies on the rest,
It's entirely possible an EU country did this; they're only vaguely guessing Belarus or whoever. In most countries, it's a big deal if the spies are caught spying on the domestic government.
> quite a few private entities do as well.
It's a risky game, doing that. You don't get any of the professional courtesies, and you're not usually eligible for the prisoner exchanges.
freehorse 2 days ago [-]
> we note an overlap between the first infection and a previously identified Pegasus campaign targeting Russian and Belarusian-speaking exiled journalists and activists in Europe, suggesting a Pegasus customer with authorization to spy in multiple European countries is responsible.
Who has "authorization to spy in multiple European countries"?
In this older article [0] about one of the mentioned russian exiles case it is mentioned that estonia and netherlands have used pegasus outside their borders, but there could be also others with such license
> the Netherlands’ General Intelligence and Security Service (AIVD) and an unnamed Estonian government agency, appear to use Pegasus extensively outside their borders, including within multiple European countries
However if the link between the russian exiles cases and kouloglou checks (through use of same mode of attack), a country like estonia sounds more likely. However, it can always be that an agency with access to pegasus uses it collaborating with/on behalf of an agency without.
It's authorisation by the Israeli company providing Pegasus. So anyone who either pays enough or is serving Israeli interests.
1 days ago [-]
elorant 2 days ago [-]
Around that time a lot of politicians in Greece had their phones hacked by Pegasus. It's an ongoing scandal in Greece that never got fully resolved, although all evidence indicate that it was an operation orchestrated by the office of the prime minister in coordination with the local intelligence service. So I wouldn't call that an attack against the European parliament.
tsoukase 21 hours ago [-]
No, it was the Predator rootkit that presumably was introduced directly from the PM to infect many politicians, even of his own party. This lead to the uncovering of the long-standing agricultural scandal of OPEKEPE gov org and is going to lead to the largest constitutional change in modern Greek history, after and only if he wins the elections next spring: among others lifting of minister immunity and reduction of the number of parliament members. Through the revelation of corrupt politicians' acts based on their phone data leakage, the public opinion turns against them and accepts the changes easier.
freehorse 2 days ago [-]
small correction, that is predator/intellexa, not pegasus/nso. So this is different
Everything looks like a nail if you have a hammer.
zx8080 1 days ago [-]
> It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.
Wow, so Apple is able to detect threat, but does not remove or prevent it, and waits silently for months before notifying a user?
If this is not a security theatre I don't know what is.
hulitu 1 days ago [-]
> I don't know what is.
PRISM.
bawolff 2 days ago [-]
One interesting thing here, is they imply that both confidential personal medical information and confidential gov docs might have been compromised via the same phone.
Does EU parliment not have a policy of seperating work and personal devices?
dewey 2 days ago [-]
Having a policy and what happens in the real world are most of the time very different things (Understandably, as the line between work and personal time is often blurry).
bawolff 2 days ago [-]
True but one would hope though that people dealing with national security would follow more than your average employee.
throw0101d 2 days ago [-]
> True but one would hope though that people dealing with national security would follow more than your average employee.
The more important you are the more you may think that exceptions can be made for you.
seb1204 1 days ago [-]
Then it seems the person is not suitable if they don't understand the gravity and their exposure
drdexebtjl 2 days ago [-]
From what I understood, he took his compromised work phone to the hospital, and the concern is that it may have recorded conversations that contained personal medical information.
He didn’t have medical information on the phone.
rich_sasha 1 days ago [-]
If you're off sick and need to provide a doctor's letter, at some point it will need to touch your employer servers. Just one example.
codedokode 1 days ago [-]
Isn't it the problem with software architecture choices like large monolitic kernels, lots of unnecessary telemetry/marketing services, legacy APIs, unsafe languages like C, lack of static analysis, etc?
You should threat a phone as an infected ground and do not keep anything important there.
Some leaders simply do not use smartphones and are protected from electronic spyware.
spixy 1 days ago [-]
Which is difficult since smartphones are used as 2FA, and not every service has web interface, only mobile one (some banks, chats, dating, uber, etc..)
DANmode 1 days ago [-]
m.uber.com
Never had a bank without a usable web app. You should consider the same!
Stop shooting the web in the foot.
port11 23 hours ago [-]
With the banks I use, the difference is:
A) on mobile, use my face or 6-digit pin to get in.
B) on web, go get my wallet where my ID is, hunt for the USB digital ID reader, grab a USB-C adapter, put everything together, and either confirm the certificate with a PIN I always forget or use the bank’s own calculator for a login code.
Not exactly a fair setup for the web.
laughing_man 14 hours ago [-]
My bank supports Ubikeys for 2FA, but you cannot disable the SMS authentication. So you may as well use your phone.
DANmode 5 hours ago [-]
Way more common than it should be.
codedokode 19 hours ago [-]
My bank supports both SMS and push notification for 2FA. Also PIN code in an app is probably local and doesn't protect from a kernel exploit. I hope you do not keep too much money in the bank.
port11 7 hours ago [-]
I think the in-app PIN code and/or biometric ID is merely a convenience to avoid typing your password all the time. I’ve never used a banking app that doesn’t offer both, and then ask for your real login details every now and then.
As a stay-at-home dad: my bank account is indeed not worth attacking.
DANmode 23 hours ago [-]
If you want to sacrifice security for convenience, that’s a different conversation than “I’m forced to”.
Storing credentials and passkeys in browser password manager (backed up to Google or Apple) and using autofill is pretty normal stuff for mobile users today.
(Not being able to find your credentials or keep your gear in order is also not a great reason to shoot the web in the foot!)
juliusceasar 1 days ago [-]
This couldn't have happened without the knowlege of Israeli government.
"The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense."
vivzkestrel 1 days ago [-]
- extremely stupid question: can they hack you with pegasus spyware if you use a nokia 1100?
- if yes -> extremely stupid suggestion: why cant people in government positions use a nokia 1100 as work phone and some other phone as a personal phone?
Cider9986 1 days ago [-]
If you're using a nokia, there's no need for expensive mercenary spyware because your messages and calls aren't E2EE.
If they did want to use spyware, it would be significantly cheaper because that phone is (decades?) out of date misses (thousands?) security patches.
0x_rs 2 days ago [-]
Just for context, some european contries have been abusing spyware such as Pegasus so much Israeli firms have cut ties with them, one such example below with Italy. Others have pointed out Greece and Poland. It's quite laughable that a member of the EU parliament would be subject to the same kind of spying activities innocent journalists, activists and possibly normal people are, all of that by the member states of the union, directly contributing to the Israeli companies developing and spreading malware.
Cutting ties after there has been an outcry is damage controll. I would assume that the product is still available under another sub vendor to the same people.
omnimus 2 days ago [-]
Of course it's damage control. The post just tries to paint the europeans as incompetent to hold the power. The company making spyware is somehow wise, righteous and saintly.
permalac 1 days ago [-]
The catalan MEPs also were targeted with Pegasus, and I don't remember the details but at that time the only client were nation states, so Spain was the one to hire the service. Nothing happened.
throw1234567891 1 days ago [-]
They’ll quickly make up some law forcing someone to do something, or throw some hefty fine at someone, and it’ll be sorted pronto. Someone’s gotta be held responsible.
CalRobert 1 days ago [-]
Would lockdown mode on iOS stop this?
inigyou 1 days ago [-]
Probably, that's the point of it, however your smartphone becomes a very dumbphone in lockdown mode, intentionally to reduce attack surface. It's only really practical if you just need a dumb phone system endpoint to send and receive SMS and PSTN calls and check the time.
r3trohack3r 1 days ago [-]
I keep my phone in lockdown mode and haven’t noticed too many problems day-to-day.
A few minor inconveniences (webGL doesn’t work, the magic automatic code from SMS keyboard integration is gone, etc.) but overall the phone is still a smart phone.
CalRobert 23 hours ago [-]
Mine has been on lockdown mode for months and all I’ve noticed is some images not loading on sites.
jojobas 2 days ago [-]
Euro Parliament/Euro Commission are comically open to espionage. French/Belgian counterintelligence are not allowed to do much, and there is little in terms of EU counterintelligence.
greatgib 2 days ago [-]
There will be no real consequence, as always, just more paperwork, so how to expect that anything will change?
Hizonner 2 days ago [-]
How is it that any NSO employee is still able to travel outside Israel without getting arrested? Seems like they're involved in criminal conspiracies in like half the countries in the world.
Almost every country spies on almost every other country. If it was a declaration of war, we'd be at world war nonstop since the time of Jesus Christ.
shevy-java 2 days ago [-]
Not quite surprising. The more important question is: how much are lobbyists paid to sell out data of EU citizens to US corporations here? Will they prevail?
There is enough money to go around for certain.
r3trohack3r 2 days ago [-]
Pro tip: if you’re going to try a propoganda - don’t be so transparent on your redirect.
thin_carapace 2 days ago [-]
if you believe that the parent comment is propaganda, would you care to share why exactly you believe that the average european citizen benefits from mass surveillance funnelled through american channels?
r3trohack3r 2 days ago [-]
Two things can be true. The most compelling redirects refocus the conversation on another truth.
thin_carapace 2 days ago [-]
the average person isnt taught to handle cognitive dissonance, maybe thats why lying by omission is such an effective propaganda technique. thank you for clarifying your perspective
jongjong 2 days ago [-]
It feels like they've been paid to sell out the users themselves, not just the data. It's weird that EU is so dependant on US tech when it comes to media platforms... While there are alternatives out there. In a lot of related areas in tech, it feels like suppression.
leonidasrup 2 days ago [-]
"PRISM is a code name for a program under which the United States National Security Agency (NSA) collects internet communications from various U.S. internet companies.
The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012
"
This might be taken as hyperbolic, but the EU seems to have trouble building anything.
jongjong 2 days ago [-]
This is where I disagree as a software engineer who has seen EU products built and not adopted... I've also built products myself which were fully functioning and scalable but not widely adopted. Building is not the bottleneck.
It feels like there is a limit on distribution. Just getting people to try a product is incredibly hard. Very hard to reach them and ads feel like they're only served to bots.
DocTomoe 2 days ago [-]
Network effects are real. It is hard to convince people to move over to your platform if the selling argument is 'not quite there yet, but we got you covered on the minilib front, plus it's less usable because of our weird interpretation of our own data protection laws'.
jongjong 2 days ago [-]
Yes and my perspective is that GDPR has harmed EU startups and helped US companies by virtue of them being incumbents and having the resources to dedicate to compliance. Probably can't be fixed as easily now because of corporate culture around standards like SOC2 and ISO27001... Which I think are more harmful to security than helpful as they create complacency and hinder progress by creating barriers.
r_lee 1 days ago [-]
that is most of the EU legislation
making/operating companies, getting access to banking, hiring, etc..
all those things are catered towards multinationals by endless bureaucracy and requirements that need consultants/lawyers
it's by design
inigyou 1 days ago [-]
At the same time there are plenty of European companies, so clearly the increased barriers aren't a deal breaker.
r_lee 1 days ago [-]
so you think if there were barriers then there would be no European companies or what?
stavros 2 days ago [-]
There's a decision to be made whether corporations should be allowed to do anything they want or not. The countries that choose to let them do what they want, will obviously give them an advantage over the countries that don't.
You and I, however, are not corporations, so maybe it's in our best interest if they actually aren't allowed to do whatever they want.
_probably_ is doing the heavy lifting here
>> Kouloglou reports to us that he did not recall receiving the Apple notifications we observed.
Am I understanding this correctly that Apple sent him notifications that he was being monitored and he ignored them?
I wonder what triggered him to suspect he was hacked then. Since presumably something triggered him to have his phone forensically investigated.
So in other words he probably speaks about security, whatever his staffers feed him, but most likely has no clue whatsoever what it's about.
Have you seen notifications on iOS? There are even notifications for the notifications.
But this type of notification I believe is delivered via iMessage and email. So unless you’re actively using iMessage or your icloud email then chances are all this is practically invisible.
Not saying this is likely. Just another possibility.
Then again, you’d think that’s the kinda thing malware developers would spend some time learning to hide from the user.
>A Threat Notification is displayed at the top of the page after the user signs into account.apple.com.
>Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple Account.
You can see what it looks like in https://reddit.com/r/iphone/comments/1c10jai/i_have_received...
I wonder how they detect it, is it for known IOCs that they've already found elsewhere, or do they have heuristic detection that flags things that might need further investigation.
It isn’t hard to accidentally dismiss one then wonder what it was. Why there isn’t there an interface for looking back?
Edit: below it says there are emails and notices on web login.
I think the proof of Apple’s level of care is in their lack of attention to this issue.
Ephemeral transit layer owned by third-parties constantly,
vs
cold storage of secrets your architecture owns from start to finish.
This is a good description of SMS and RCS.
or a car,
or your off-brand earbuds.
Oh wait this is apple, they always know whats best for the user and do the choices for them, even when wrong. So all is as expected
That or he didn't notice or could have assumed the notice itself was one of many phishing attempts against large orgs.
If I saw a notification that my account was compromised by Pegasus I'd personally assume phishing.
PC viruses used to do that stuff going back so many years ago. Suppressing any notification under Windows, by disabling the AV software, its notifications, windows notifications related to it.
So it will amaze me that this is not done by any modern espionage software. Especially as the notification methods are known. Given that his device is hacked, that means a lot of avenues are under control of the espionage software. Even mails etc ... So impersonating the end user, to confirm they read a warning, is extreme easy.
I find it rather odd that people are so fixated on the idea if Kouloglou read it or not.
Its going to have every trick in the book (and outside it), to stay hidden. And it will have payloads to alter its behavior, updates, etc...
Nobody is going to pay you big fat money envelops for software that anybody can write in a afternoon. You want it to be as capable as ever, and you do not want it found!
It's silly, but it's a show the public never tires of.
They spy on most others though. Germany’s Merkel, successive French presidents etc all had their phones hacked by US there is widely reported news of.
https://en.wikipedia.org/wiki/United_States_espionage_in_Aus...
"In December 2010, leaked US diplomatic cables indicated senior New Zealand Defence Ministry officials had been spying for the United States, secretly briefing the United States embassy on Cabinet discussions about the Iraq War."
https://en.wikipedia.org/wiki/Foreign_espionage_in_New_Zeala...
Doubt.
> unless there was a compelling national security reason
There always is.
Can you substantiate your doubt with even one piece of hard evidence?
Believe such nonsense at your own peril.
https://en.wikipedia.org/wiki/Israeli_espionage_in_the_Unite...
> In 1951, Mossad and the Central Intelligence Agency agreed not to spy on each other and US and Israeli services cooperated closely since then.
> Nevertheless, there were strong indications afterwards of ongoing Israeli espionage against the United States, confirmed by the 1985 arrest of Israeli spy Jonathan Pollard, one of the most damaging security leaks in US history.
> Israeli espionage reached a high-profile peak in the mid-1980s, shattering assumptions that allies "do not spy on each other".
2.Asking for hard evidence of top spies secretly spying on heads of other states is … (not sure if there is a word for it; some blend between: unrealistic, unreasonable and oxymoron’ish. If they do their job well, you will not find it out, also it might be illegal or punishable to present such evidence)
People can state a lot, as long as your not caught.
Nothing prevent you from having the UK spy on the Germans, and feeding that intel back. Or Israel, or ... Hey, the US did not spy on a EU ally. Well, not directly and it neatly bypassed any official statements.
They might have simply gone to one of those secret court hearings and have it bypassed with a gag order in place. Officially its not done, unofficially, its been approved.
The whole "as long as you do not tell me your doing it" approach, and the politicians involve maintain deniability (even if they had the wink).
And you do not need to specific target the head off state. Plenty of side routes to still get information on meetings, that involve those heads of states. Even if your not "directly" spying on them.
So no, its a naïve way of thinking. Maybe in 20 years from now we find out, that they did spy on EU leaders. Maybe directly, maybe indirectly ... even with that directive in place. I will be amazed if they did not. Its the US we are talking about.
But there never is a lack of compelling national security reasons.
Color me extremely sceptical.
It's entirely possible an EU country did this; they're only vaguely guessing Belarus or whoever. In most countries, it's a big deal if the spies are caught spying on the domestic government.
> quite a few private entities do as well.
It's a risky game, doing that. You don't get any of the professional courtesies, and you're not usually eligible for the prisoner exchanges.
Who has "authorization to spy in multiple European countries"?
In this older article [0] about one of the mentioned russian exiles case it is mentioned that estonia and netherlands have used pegasus outside their borders, but there could be also others with such license
> the Netherlands’ General Intelligence and Security Service (AIVD) and an unnamed Estonian government agency, appear to use Pegasus extensively outside their borders, including within multiple European countries
However if the link between the russian exiles cases and kouloglou checks (through use of same mode of attack), a country like estonia sounds more likely. However, it can always be that an agency with access to pegasus uses it collaborating with/on behalf of an agency without.
[0] https://www.accessnow.org/publication/hacking-meduza-pegasus...
https://notesfrompoland.com/2026/02/26/poland-charges-former...
Everything looks like a nail if you have a hammer.
Wow, so Apple is able to detect threat, but does not remove or prevent it, and waits silently for months before notifying a user?
If this is not a security theatre I don't know what is.
PRISM.
Does EU parliment not have a policy of seperating work and personal devices?
The more important you are the more you may think that exceptions can be made for you.
He didn’t have medical information on the phone.
You should threat a phone as an infected ground and do not keep anything important there.
Some leaders simply do not use smartphones and are protected from electronic spyware.
Never had a bank without a usable web app. You should consider the same!
Stop shooting the web in the foot.
A) on mobile, use my face or 6-digit pin to get in.
B) on web, go get my wallet where my ID is, hunt for the USB digital ID reader, grab a USB-C adapter, put everything together, and either confirm the certificate with a PIN I always forget or use the bank’s own calculator for a login code.
Not exactly a fair setup for the web.
As a stay-at-home dad: my bank account is indeed not worth attacking.
Storing credentials and passkeys in browser password manager (backed up to Google or Apple) and using autofill is pretty normal stuff for mobile users today.
(Not being able to find your credentials or keep your gear in order is also not a great reason to shoot the web in the foot!)
"The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense."
- if yes -> extremely stupid suggestion: why cant people in government positions use a nokia 1100 as work phone and some other phone as a personal phone?
If they did want to use spyware, it would be significantly cheaper because that phone is (decades?) out of date misses (thousands?) security patches.
https://www.bbc.com/news/articles/cvgmzdjw24yo
A few minor inconveniences (webGL doesn’t work, the magic automatic code from SMS keyboard integration is gone, etc.) but overall the phone is still a smart phone.
There is enough money to go around for certain.
The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012 "
https://en.wikipedia.org/wiki/PRISM
It feels like there is a limit on distribution. Just getting people to try a product is incredibly hard. Very hard to reach them and ads feel like they're only served to bots.
making/operating companies, getting access to banking, hiring, etc..
all those things are catered towards multinationals by endless bureaucracy and requirements that need consultants/lawyers
it's by design
You and I, however, are not corporations, so maybe it's in our best interest if they actually aren't allowed to do whatever they want.