Denies everything, as governments open probes into the company and its wares
The NSO Group, a purveyor of spyware it hopes governments and law enforcement bodies will use to fight terrorism, has announced it will not answer any further questions about allegations raised by Amnesty International and Forbidden Stories that its products have been widely misused.
The company on Wednesday published a missive titled "Enough is Enough" that opens as follows:
The document goes on to state that the list of alleged targets "is not a list of targets or potential targets of Pegasus" and that "The numbers in the list are not related to NSO group".
"Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false," the statement adds.
Amnesty International and Forbidden Stories, plus the 17 media outlets privy to the documents allegedly detailing the leak, stand by their analysis and reporting. Indeed, the media outlets continue to report the contents of the list, recently revealing that French President Emmanuel Macron and a number of cabinet members were included in the list of those whose phones were touched by Pegasus.
Macron has said France will investigate the software.
- India IT minister denies illegal use of NSO Pegasus spyware
- Amnesty International and French media protection org claim massive misuse of NSO spyware
- Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
- Israeli spyware maker NSO channels Hollywood spy thrillers in appeal for legal immunity in WhatsApp battle
Mexican President Andrés Manuel has also ordered investigations, and called for the release of WikiLeaks boss Julian Assange for first alerting the world to the sort of pervasive surveillance Pegasus enables – with or without misuse.
In Hungary, the opposition is calling for investigations into suggestions that they've been targeted by the government. And in India, some are calling for investigations into how NSO was used as a catspaw to discredit the nation's government.
The NSO Group's post states it "will thoroughly investigate any credible proof of misuse of its technologies, as we always had, and will shut down the system where necessary".
There is no evidence it's shut down Pegasus – just its PR department. ®
Other stories you might like
US senators warn China's Digital Yuan could compromise Olympic athletes
Meanwhile, Tokyo games ticket holder data leaks, and those affected can't even use their seats
Three US senators have written to their nation's Olympic Committee with a request that it "forbid American athletes from receiving or using Digital Yuan during the Beijing Olympics" – a reference to the Winter Games scheduled to commence on February 4th, 2022.
"While the Chinese Communist Party insists their efforts are aimed at digitizing bank notes and coins, Olympic athletes should be aware that the Digital Yuan may be used to surveil Chinese citizens and those visiting China on an unprecedented scale," wrote [PDF] Senators Marsha Blackburn (R-Tennessee), Roger Wicker (R-Mississippi) and Cynthia Lummis (R-Wyoming).
The conservative trio added that China "hopes that they [athletes] will maintain Digital Yuan wallets on their smartphones and continue to use it upon return.
NPM is Now Providing Malware – or was until recently
Password-stealing package outed by security firm evokes sense of déjà vu
Like other software package registries – repositories of code libraries for specific tasks – NPM, which was acquired last year by Microsoft's GitHub, has proven to be an effective mechanism for spreading malicious software. Developers tend to trust the modules they download from such services and typically incorporate them into their projects without much scrutiny.
On Wednesday, ReversingLabs, a software security analysis firm, said it had identified password-stealing code in the
nodejs_net_serverpackage distributed via NPM.
Money can't buy you love: Huawei continues to throw fistfuls of dollars at US lobbying efforts
Another year, and Chinese tech bogeyman is still on the blocklist
Huawei says it is looking to facilitate a "deeper, mutual understanding" with the US government despite remaining on the security naughty step, and is continuing to spend millions lobbying American officials in areas such as broadband and mobile technology.
According to the latest lobbying disclosures from the US Senate, Huawei Technologies USA Inc spent $1.06m in the three months to the end of June on issues related to the Leading Infrastructure For Tomorrows America Act and the Accessible, Affordable Internet for All Act, both of which deal with the rollout of broadband infrastructure.
In Q1 2021, Huawei spent $180,000 on areas described as "defence and national security issues" and "general trade" along with other legislation that deals with the rollout of telecoms networks and personal data.
Gloom-dwelling subterranean robots battle for million-dollar DARPA prize
SubT Challenge pits high-tech rescue drones against one another in upsettingly non-violent combat
Legendarily loopy US military (and now also non-military) ideas factory DARPA has launched a $1m competition for underground robots.
This September, the SubT Challenge will pit eight teams against each other in a series of tests in the Louisville Mega Cavern, deep under the surface of the US state of Kentucky.
Sadly, despite the number of entrants lending itself to a one-on-one elimination contest, culminating in a mighty fight to the death between the last two 'bots standing after destroying their foes in a traditional knockout structure, all eight teams will compete alongside each other in tests to detect certain items and situations vital in rescue work.
Spanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijacking
'PlugWalkJoe' also said to have meddled with TikTok, SnapChat
The Spanish National Police have, at the request of America, arrested UK citizen Joseph O’Connor in Estepona, Spain, in connection with the July 2020 takeover of more than 130 Twitter accounts.
The US Department of Justice said that, in addition to the alleged Twitter account joyride, O'Connor, 22, has been charged in a federal district court in northern California with computer intrusions tied to the commandeering of TikTok and Snapchat user accounts. He has also been accused of cyberstalking a juvenile, and faces extradition to the United States.
A year ago, the Twitter accounts of various celebrities including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates, Tesla CEO Elon Musk, former US president Barack Obama, and others were briefly commandeered to promote a Bitcoin scam.
The old New: Windows veteran explains that menu item
'Maybe that's what you do, but that's not what everybody does'
Microsoft veteran Raymond Chen has addressed a question that has occurred to most Windows users one time or another: why does Windows have a "New" menu?
Right-clicking in an empty space on the desktop or file explorer fires up a context menu in Windows. The menu has a number of actions including a 'New' menu item (or 'New item' in current Windows 11 Preview builds) that pops an empty file with the necessary extension in the desired location.
Hijacked, rampaging infrastructure will kill humans by 2025 – Gartner
Ransomware efforts will inevitably lead to threats to life as attacks on OT go OTT
Rise of The Machines Rampaging cyber hoods will be using compromised machinery and systems to kill humans by 2025, according to cheerfully optimistic new predictions from research company Gartner.
The warning around what Gartner calls "operational technology (OT) environments" – which it described as "hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events", so basically industry and infrastructure with moving parts – comes following an increase in assaults on such systems, frequently in connection to ransomware attacks or simple state-sponsored hooliganism.
While such attacks can be dangerous, any threat they currently pose is typically a secondary effect of the avarice of the perpetrators: a ransomware attacker shutting down a water company is not usually trying to cause customers of the affected company to die from dehydration, for example. They just want to inconvenience everyone enough for the company to pay up. There have been exceptions.
How does SAP know business travel is back? Its expenses software unit is still breathing
Want to dust off that flash luggage set? We Concur, says German giant
Business travel is back – kinda – said SAP as it filed results showing total calendar Q2 revenue down 1 per cent year-on-year to €6.67bn.
The German software giant's reason for optimism on tiny inflight meals and misguided airport shopping was performance of its Concur software business, which had been kiboshed by the pandemic.
SAP said it had seen the "first signs of recovery in travel and expense management with the easing of global travel restrictions, which led to Concur stabilising its sequential performance for the first time since the pandemic began."
Google Cloud's Intrusion Detection Service attempts to make security 'invisible' but cost will be the big giveaway
Fancy new system shown off at online summit
Google has introduced a new Intrusion Detection Service together with "Adaptive Protection" for its cloud firewall, but such services make security a costly feature.
The Chocolate Factory's inaugural digital security summit ran yesterday, where the company talked up its notion of "invisible security". CEO Thomas Kurian encouraged businesses to transfer their "digital assets" to the cloud in order to benefit from "cloud-native security." According to GM and VP of Cloud Security Sunil Potti, invisible security means "security technologies are designed in... security operations as a silo disappears."
It was soon apparent that achieving this goal is some distance away. The big announcement at the event was a new service called Google IDS (Intrusion Detection Service), which requires security operation skills to set up and maintain.
Former ad exec sticks Steve Jobs' 1973 job application in a scanner for physical-versus-digital NFT auction
Olly Joshi talks environmental issues, fundraising, and whether he'd hire '70s Jobs himself
A former ad exec is trying to make some cash history by pitting two copies of a job application penned by Apple co-founder Steve Jobs in 1973 against each other at auction – one the original physical copy, and the other a cryptocurrency-backed non-fungible token (NFT).
"The Steve Jobs hand-written 1973 job application auction aims to highlight the modern shift in perceived value – the physical or the digital," self-styled "digital entrepreneur" Olly Joshi wrote in the auction's announcement. "Testing this with a piece of history from arguably the most influential tech entrepreneur of our time, is very special."
To quantify that claimed shift, a race of sorts between the auction of a physical item and the auction of its digital twin in the form of an NFT. The physical job application was acquired by Joshi at auction just a few months ago for a whopping $224,750 – a major payout for the previous owner who had stumped up $174,757 in 2018, itself an impressive return on investment for the buyer who picked it up in 2017 for a mere $18,750.
Will it bend? That is the question: Arm boffins boast of first flexible 32-bit chip
Plastic-backed TFT part positioned as perfect for the Internet of Things
Researchers at chip designer Arm have shown off a prototype microprocessor - dubbed PlasticARM - built on flexible plastic, letting it curve around surfaces and even flex backwards and forwards.
Fabricated using a combination of metal-oxide, thin-film transistors (TFTs) and a flexible plastic substrate, offered commercially by PragmatIC as FlexLogIC, the PlasticARM is more or less a fully functional implementation of Arm's Cortex-M0+ core. The difference: you can bend it without the cracking sound you'd get from a traditional silicon chip.
Flexible circuits aren't new, but Arm claims PlasticARM is a breakthrough: a working 32-bit microprocessor boasting around 12 times the logic gates of its nearest competition. The only snag: all it can do, at the moment, is run through a test program burned into its read-only memory.