ICE Partners with Israeli Phone Hacking Spyware

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
All zone media welcome to it could happen here a
show about things falling apart. One such thing frequently falling
apart is any notion of privacy or digital privacy. Ever,
encroaching surveillance is one of the biggest global issues affecting
free expression and a free press, both directly through surveillance

(00:25):
technology but also by chilling speech. I'm Garrison Davis, and
this past week, news has swept the Internet that ICE
is using software from an Israeli company called Paragon, which
allows ICE or DHS to secretly hack into any smartphone,
break encryption, access messages, track real time location, and turn

(00:48):
your iPhone or Android into a walking listening device, all
of which sounds very scary, and some of which is true,
though some of these class are exaggerated or even likely
false based on what we can currently infer from published research.
Due to legitimate fears, we live in a world of

(01:11):
surveillance paranoia, which can lead to surveillance myths. This is
a core function of the Panopticon. People should take ICE's
new enhanced smartphone surveillance capacity seriously, but to adequately do
so requires an accurate understanding of the threat model, which
we will get into later this episode with some help

(01:33):
from the Electronic Frontier Foundation. But first let's address the
newsworthy aspect of this story. What has actually changed recently.
DHS first contracted with the US branch of Paragon in
September of twenty twenty four, or two million dollars, but
later that October, the contract was put on hold thanks

(01:55):
to a Biden executive order restricting a government use of
foreign spyware, and ever since then the contract has been
frozen pending a compliance review. But then on September first,
twenty twenty five. Just last week, investigative journalist Jack Paulson
reported that the stop work order affecting the Paragon contract
had quietly been lifted, allowing Ice to follow through on

(02:19):
the contract and start using Paragon's spyware technology, most likely
including their flagship product, Graphite. What is Graphite? Great question
one that I felt underqualified to fully answer myself, so
I spoke with an expert, Cooper Quinton, of the Digital
Rights group the Electronic Frontier Foundation. You'll hear from him

(02:41):
throughout the episode.

Speaker 2 (02:43):
My name is Cooper Quinton. I am a senior staff
technologist at the Electronic Frontier Foundation. There I do a
lot of different things. Most specifically, for the purposes of
this talk, I do malware research on malware that targets activists, journalists,
and civil society. So is a type of spyware that

(03:03):
is able to read your messages from your phone the
same way that you or you know, maybe a cop
could if they had physical access to your unlocked phone, right.
That is the main capability that it has. According to
the reporting published by Citizen Lab, its main job is
to hook into WhatsApp and into other encrypted chat apps

(03:25):
and just read the messages in those apps, like in
the messages you've already sent and any future messages that
you send. That's really it's the that's the meat of Graphite.

Speaker 1 (03:36):
Something that sets Paragon apart from their fellow Israeli competitors
is that Paragon has marketed itself as the ethical choice
for spyware. One of their early investors in Israeli firm
called red Dot wrote, quote Paragon builds best in class
cyber intelligence software to empower democratic countries, providing cutting edge

(03:57):
capabilities that make the world safer.

Speaker 2 (03:59):
Quote.

Speaker 1 (04:00):
On their US website, Paragon says that they are quote
unquote empowering ethical cyber defense and that they provide customers
with quote ethically based tools, teams, and insights to disrupt
intractable threats unquote. Though they use the term cyber defense
on their US site, Paragon's startup page reads quote Paragon

(04:24):
is an offense focused cyber company using digital intelligence for
smartphone and internet surveillance solutions. The company applies strict moral
restrictions on itself, limiting its extraction of information from targeted
devices to conversations on chat apps. Paragon works solely with
police forces and intelligence agencies that meet the standards of

(04:45):
an enlightened democracy, which includes only thirty nine countries unquote.
One of Paragon's senior executives told Forbes in twenty twenty
one that they would only sell their technology to governments
that quote unquote abide by international norms and respect fundamental
rights and freedoms, and that quote authoritarian or non democratic

(05:05):
regimes would never be customers. Unfortunately, Paragon was not pressed
on what their definition of authoritarian regimes includes. In recent reporting,
there's been a lot of misconceptions about the capabilities of
Paragon's main product, Graphite. The Guardian wrote, quote, by essentially
taking control of the mobile phone ice can not only

(05:28):
track in individuals whereabouts, read their messages, look at their photographs,
but also open and read information held on encrypted applications
like WhatsApp or signal. Spyware like Graphite can also be
used as a listening device through manipulation of the phone's
recorder unquote. But research into Graphite by the surveillance watchdog
group Citizen Lab has not indicated that Graphite has all

(05:50):
these capabilities or tries to quote unquote take control of
the entire device, But other tech journalists have since parroted
The Guardian's unfounded class that Graphite fully takes over a
phone and can record audio through the microphone.

Speaker 2 (06:06):
This is actually less full featured than other spyware we've
seen in the past, like NSL groups, Pegasus spywere. Other
types of spyware that I've seen tend to have a
lot more capabilities, right, They have the capability of like
turning on GPS location tracking, the capability to turn on
a hot mic, to do all these other things. And

(06:27):
this seems as far as as far as Citizen Lab
has reported to not be present within the Graphite malware,
and I think this is because Paragon has presented themselves
as kind of being the quote unquote responsible malware manufacturer, right,
and they're like like trying to minimize the amount of
data they collect. It doesn't mean they couldn't add this

(06:48):
stuff in the future, but that's the that's the gist
of it. It's actually, you know, kind of a very
stripped down malware. I don't want to minimize like how
impactful it would be for this mawur to get all
of your messages. That could have a huge impact for people.
But we don't need to make up capabilities that our
adversary has, especially under fascism, right, Like we can we

(07:11):
can just work with the capabilities that we know they have.

Speaker 1 (07:14):
A lot of reporting and discussion of Graphite and Paragon
frame it as an equivalent to nsoss by where Pegasus,
which has been banned in the United States for four years,
Pegasus seeks to completely hijack the target device more broadly,
similar to guardians claims about Graphite. But by forcing this comparison,

(07:34):
people might be inadvertently boosting Paragon's brand with free marketing
by making their product out to be something that I'm
sure Paragon would like to have people think it is,
but doesn't actually equate their realistic threat model, similar to
how predictions of an evil superintelligent AI actually currently serve
to boost the stock price of AI companies.

Speaker 2 (07:57):
I think a lot of people are doing the work
for the these companies that are aligning themselves with fascism, right,
And I don't think it's a great trend actually, right, like,
like people are assuming that you know, Palateer is sort
of watching everything, right, and it really Palanteer is just
like fancy visual graphing software essentially, right, Like the danger

(08:22):
of Palenteer is combining these two government databases, right, this
mawere the GRAPHI mawere right, Like, yeah, it's it's not good,
but you know it's not magical, right, it's not omniscient.
It's not able to you know, I don't know, go
eat the fridge out of your food and you know,
beat up your dad or something like.

Speaker 1 (08:39):
You know, well now we're talking now, Now that's a
good app.

Speaker 2 (08:44):
If only if only chech bros could solve such social problems.

Speaker 1 (08:47):
No, no, they would never.

Speaker 2 (08:49):
No, but yeah, you know it's not it's not imagical, right,
And we don't need to do their work for them, right,
We don't need to do their myth making for them. Right,
A bigger threat to the majority of people in the
US is getting your phone seized by the cops. Right, totally.
There's nothing this maur can do, according to public reports,

(09:09):
at least that the cops can't do if they get
hold of your unlocked phone.

Speaker 1 (09:12):
Right. Having phased idea or fordgit pass code is much
more dangerous to your digital security. Yes, as an average person,
even as it like anaged person, like going to a protest.

Speaker 2 (09:24):
Yes, yes, absolutely absolutely. You know, Celebrate, which is the
machine that police plug your phone into you to make
a copy of all the data on it, is much
more dangerous to the average American than the Paragon is.
They're much more likely to encounter that.

Speaker 1 (09:39):
This is more of a niche gripe, but one that's
still important. There's been claims that quote ice can now
hack any phone and break encryption, but Graphite doesn't actually
quote unquote break encryption. It's not going after the encryption
on Signal or WhatsApp. Instead, Paragon tries to circumvent and

(10:00):
encryption by trying to gain access to content on a
targeted device once it's been unencrypted by an application like
WhatsApp for the user to read similar to how if
you have push notifications on for an application like Signal,
if the police seize your phone and push notifications display
messages from Signal, that doesn't mean the police have quote

(10:21):
unquote broken signals encryption. Now, in order for Graphit to
extract messages from your phone, it needs to get onto
your phone in the first place. Graphite is just the
implanted code that can read and extract your messages. First,
it needs to get onto your phone via what's called
an exploit, which is usually a message sent to a

(10:42):
phone number or a WhatsApp account that attacks a vulnerability
in your phone's code to gain permissions to load the
Graphight onto the messaging apps. Graphight and the exploit are
two separate programs that work together, but exploits need to
be frequently changed to keep up with soft where security updates,
and that's expensive. You need different exploits for Android and iOS.

(11:06):
Paragon has been using zero click exploits, meaning the owner
of the phone doesn't have to manually click a link
or intentionally download a file for the exploit to try
to gain permissions on the device. You don't have to
click or do anything. You just have to receive the
message and then the spyware gets to work, which is
very scary. But this technology cannot be deployed en mass

(11:29):
because of how expensive and specific it needs to be
in order to work.

Speaker 2 (11:33):
The other thing that I think is missing a lot
from the conversation about Graphite in particular, is that the
malware is just the program that runs when it gets
on your phone, and first, before they can install Graphite,
they have to get onto your phone through some sort
of exploit. If your phone is up to date and
fully passed, this will have to be a zero day exploit,

(11:53):
which means it's an exploit that has had zero days
for Apple or Google or whoever to fix it because
it is un known to them, and these exploits cost
millions of dollars right now. Paragon is not going to
pay that millions of dollars for each person they're exploiting,
but there is a large per person cost to Ice
for each person they're going to exploit, because Paragon doesn't

(12:16):
want to blow their zero day, which costs them millions
of dollars to either buy or develop themselves.

Speaker 1 (12:32):
Welcome back. I'd like to get into a little bit
of Paragon's backstory and how they've grown as a company.
Paragon was founded in twenty nineteen by former Israeli Prime
Minister A hood Brock and A Hood Schnorsen, a former
commander of the IDF's cyber Warfare Unit, basically Israel's equivalent
of the NSA called Unit to eight two hundred three.

(12:56):
Other Paragon co founders are also ex Israeli intelligence. The
startup got early financing from a Televiv investment fund called
Red Dot Capital, though Paragon also received backing from American
venture capital. In twenty twenty one, Forbes reported that the
Boston based Battery Ventures had invested between five to ten
million in Paragon. Bloomberg Capital has also supported the company.

(13:20):
In twenty twenty two, Paragon launched a U S subsidiary
and started recruiting former US Feds to help break into
the American market. The New York Times reported that the
DEA has used graphite as far back as twenty twenty two.
Former CIA assistant director John Finbar Fleming became the executive
chairman of Paragon US in January of twenty twenty four,

(13:43):
according to his LinkedIn. In December of twenty twenty four,
Paragon was acquired by AE Industrial Partners for nine hundred
million dollars. AE Industrial Partners is a Florida based private
equity fund with a specialized security portfolio. Once they bought Paragon,
emerged with another a asset, this cybersecurity company, red Lattice.

(14:08):
Back in twenty twenty one, Paragon had about fifty employees,
now it has over five hundred. In June of twenty
twenty five, they were hiring one hundred and fifty more.
Just a week ago, executive chairman John Finbar Fleming shared
a recruitment post that red Lattice was hiring quote emerging
and offensive cyber engineers unquote. Next, let's discuss the biggest

(14:33):
case study of Graphite being deployed that we know of.
On January thirty first, twenty twenty five, Meta's encrypted messaging
app WhatsApp sent a notification to ninety accounts that their
smartphones were suspected of being targeted by spyware, which has
since been traced to the Paragon product Graphite. People targeted

(14:53):
were journalists, human rights activists, and members of civil society
across Europe and the Mediterranean, but Timer based out of Italy.
This was a zero day and zero click exploit, meaning
it both attacked to previously unknown vulnerability and required zero
user interaction to infect the device. At first, the Italian

(15:15):
government denied knowledge, but Paragon canceled two contracts with customers
in Italy, and a parliamentary oversight committee later confirmed the
Italian government was using Paragon technology for spyware attacks against
c migration activists. One thing that's interesting to me is
that we talk about this technology is being very expensive,

(15:36):
very individual, they have to individually target you. But then
you see, you know, ninety people on WhatsApp, and you're like,
that's that's a lot of people. So you can talk
about how this attack was like structured and what we've
learned from it.

Speaker 2 (15:47):
For sure, ninety people is a lot of people for
such a targeted attack, although it's you know, in terms
of most malware, like most commercial mawer, ninety people would
be a very very small attack, right, Like it wouldn't
be worth your time, So you know, it depends on
the scale of things.

Speaker 3 (16:05):
I don't know what the scale of Italian civil society is, right,
but ninety people is likely I think a small fraction
of the whole of Italian civil society, right, But yeah,
those so those people.

Speaker 2 (16:17):
That were targeted by Paragon, the ones that we know about.
You know, one was a Italian anti fascist journalist, right,
I think another there were a couple of other journalists
that were covering migration issues, and you know, just a
sort of a large swath across Italian civil society. So

(16:37):
the way they were targeted was on WhatsApp. They were
added to a group and then they were sent a
malicious PDF which they didn't even have to open, and
they didn't have to approve being added to the group.
But as soon as that malicious PDF was received by
their WhatsApp app, but by their WhatsApp client, WhatsApp client
processed the PDF and it contained code which exploited WhatsApp

(17:00):
and allowed Graphite to start running. So Graphie doesn't actually
install anything. To get a little bit technical, Graphie only
runs in memory of the phone, right, It only runs
in the like temporary RAM so to speak. Okay, Right,
So rebooting the phone would have cleared out of the
Graphite infection and they would have had to reinfect the person. Interesting,

(17:20):
right in this case. Yeah, it's possible that in the
future Paragon will find a way to make Graphite persistent.
But it does make it more stealthy, It makes it
harder to detect, It makes it harder to forensically analyze
for people like citizen Lab and like eff if it
just runs in memory, sure, right, so it kind of

(17:41):
makes sense that they would want to keep running it
in memory, even though rebooting it would clear out the
infection because you can just reinfect the.

Speaker 1 (17:47):
Person, even like like developers like WhatsApp or like Apple
might have a harder time, like yeah, realizing that they've
been attacked. If it can get cleared out so quickly,
I guess.

Speaker 2 (17:56):
Yeah, absolutely absolutely, And in this case, WhatsApp had realized
they had been attacked, they quickly figured out the pattern,
and you know, to their credit, warned everybody immediately. Often,
the only way I think people will find out they've been,
you know, infected by this spywear is if WhatsApp or
you know, somebody else maybe Apple warned you. That's not great,

(18:20):
but it is, but it is better than the alternative
where they just don't warn you at all.

Speaker 1 (18:24):
Right, After the targets were notified of the spyware attack,
some including journalists and migrant refugee activists in Italy, agreed
to participate in a forensic analysis of Graphite by citizen Lab.
They found that Paragon spyware had spread from WhatsApp to
at least two other apps on the device. In April
of twenty twenty five, we got forensic confirmation of Graphite

(18:46):
spyware on iPhone with a zero click exploit attacking I message.
Citizen Lab was able to analyze the devices of a
prominent European journalist who requested to remain anonymous, and an
Italian journalist linked to the previous cluster of attacks in Italy.
iPhone is slightly harder to target than your average Android,
but certainly not impervious to this sort of attack, as

(19:08):
we've seen from these examples in Europe. To date, citizen
Lab has also identified suspected Paragon deployments in Australia, Canada, Cyprus, Denmark, Israel,
and Singapore. Though the encrypted messaging app Signal is not
mentioned in the citizen Lab reporting, their analysis did find
that graph Fight had the capability of going after several
different messaging apps, and it's probably safe to assume that

(19:31):
Signal would be one of the apps that Paragon would
want to extract messages from. We don't have much information
about this spyware targeting Signal, possibly because Signal does not
have as large of an international user base compared to
other apps like WhatsApp, I Message or Telegram, despite Signal
being much more secure. So what can you do? Though

(19:55):
Graphite might not be the total phone hijacking super spy
away that the Guardian and others claim it to be,
it still poses a significant security threat. Some basic digital
security precautions apply here. Get into a habit of regular
digital cleaning. Remove unnecessary content from your device, save space.

(20:17):
Old photos can be uploaded to an external encrypted hard
drive in question. If you really need years of messages
stored on your phone, use an encrypted chat app like Signal,
which has disappearing messages so that there isn't a large
backlog of communications that could be suddenly accessed by a
hostile actor. Be very wary of cloud backups. They are

(20:40):
often one of the least secure aspects of your digital life,
especially if they are unencrypted, and though it won't deter
zero click exploits, it's still best practice to avoid clicking
mysterious links or downloading files and photos is sent to
your phone. Another tip is to regularly reboot your phone.
Contrary to claims that once your phone been targeted by graphites,

(21:01):
now compromised forever something called malware persistence. To our current knowledge,
rebooting can wipe Paragon's exploits. It does not appear that
Paragon spyware is at the moment reboot persistent, and it
seems that rebooting would actually remove it from the phone.

Speaker 2 (21:18):
My reading is that rebooting it would remove the malware
from your phone until you were re exploit. Which so
you know, if you just reboot and you don't update,
or you know, the zero day isn't out yet, right,
they're just going to run the exploit again.

Speaker 1 (21:31):
Right.

Speaker 2 (21:31):
I think it's a fair bet that they're just going
to run the exploit again. But it would be.

Speaker 4 (21:35):
Enough to get it off for that time, right, And
I mean, I think as far as in mitigation, my
friend recommends that people like reboot their phone every morning
when they're brushing their teeth, right, And I don't think
it's a bad bit of security hygiene.

Speaker 2 (21:49):
If these guys are going due, in fact, you might
as well make it, you know, more of a headache
for them, right, You might as well make it more
costly to them, because there is going to be a
charge to them for each time they have to reinfect you.
But yeah, it's certainly I think overblown to say that.
You know, once it's on your phone, it's on your
phone forever. There's you know, you just got to, you know,
throw your one thousand dollars phone in the trash and

(22:11):
go buy another one. Like, no, you can you know,
if you don't feel safe, just rebooting it, right, like
a factory reset, that would be the next step, right,
I think that would that would most likely get rid
of any persistence mechanisms that were installed. I'm not familiar
with any iOS mower certainly that would survive a factory reset.

Speaker 1 (22:28):
But probably the most important thing besides using signal is
to keep your phone software updated. That's the simplest and
best way to make it harder for spyware like graphites
to make it onto your phone in the first place.
Out of date software has many more known vulnerabilities to attack.
For extra protection, enable lockdown mode on iPhone or advanced

(22:49):
Protection on Android.

Speaker 2 (22:51):
So the reason it's important to keep your phone up
to date and always install the latest security updates, even
if it's a pain in the ass, and I know
it's a pain in the app is because this makes
an attacker have to use zero day exploits. So, if
you have an old version of the software on your phone,
there are known exploits. Known exploits are you know, more

(23:14):
or less free, right, They are already out there, They
are already burned. They do not matter, right like the
company already knows about them. An exploit loses basically all
of its value as soon as you know the company
knows about it, and it's patched. Right, So, if you
have out of date software on your phone, if you
have out of data software in a computer, it changes

(23:35):
the entire economics of attacking. Right, It's basically free for
me to exploit your phone at this point, and I
you know, I will exploit it as many times as
I want. And I don't care if that exploit is burned.
I don't care if you find it, because again it's free, right.
Zero A exploits for especially for Apple, for like you know,
Android pixel phones, for graphene, the alternative Android OS not

(23:59):
graphite is giving me real problems lately. Zero D explots
meaning explicit that the manufacturer does not know about and
has not had a chance to patch, cost millions of
dollars for these platforms and a zero click exploit where
where the victim doesn't have to interact with it at all. Right,
I don't have to click a link, I don't have

(24:20):
to do something. You just send me, you know, a PDF,
an infected PDF or a magic file, right or something,
and my phone is infected. Those are the most expensive
above all, Right, those those are sort of the those
are the golden ticket for malwaur companies, right a million.
These cost millions of dollars and if you burn it, right,

(24:41):
if it gets caught, like like you know what happened
with WhatsApp and citizen lab in Italy, Right, that's millions
of dollars down the drain for para con. You know
they're going to pass that on to the Italian government
to ice to whoever their contractors are. Right, So keeping
your phone up to date really changes the economics of

(25:02):
running a malware attack against you, right, Like anybody can
run you know out of their office old you know
end day, right, more than zero day malware attacks against
any me, right Like, those are cheap. But if your
stuff is patched now, it's good, it's it's it totally
changes the entire game. And you've got to be doing
really good work for ICE to want to burn that
much money on you.

Speaker 1 (25:22):
All these tips can make it considerably harder and more importantly,
extremely expensive for this spyware to get onto your device.
These exploits could only be deployed against individual targets, and
that gets quite expensive. Just because ICE could theoretically hack
your phone, that doesn't mean that your phone is necessarily
at a high risk of being hacked by ICE. Who

(25:45):
are the possible targets for graphite spyware? Who is at
higher risk? Journalists who report on ICE and immigration, people
who work for immigration advocacy organizations, immigration lawyers, as well
as high profile activists. It goes without saying that anything
you do on your phone or on the Internet carries
a level of inherent risk. We'll close this episode with

(26:17):
a longer segment from my interview with Cooper discussing who's
at the most risk of ICE using Paragon software and
more of Cooper's recommended surveillance mitigation practices. This is not
something that can be deployed at a protest and sweep
up you know, thousands of people. This this does go
after like individuals because of its cost and the way

(26:38):
that it needs to be deployed. Who are the people
that you would say are most at risk of this?
Like is this here like your local like you know,
food not Bombs organizer, or like an immigration lawyer?

Speaker 2 (26:50):
Like?

Speaker 1 (26:50):
Right, who should be concerned? I guess and and take
take this threat like more seriously?

Speaker 2 (26:56):
Definitely, I think people who should be concerned. I mean
you hit the nail on the head, right that the
people that should be concerned about this are people who
have you know, been a special pain in the ass
for ice and pisicure. Right, you know, people who might

(27:16):
be under HSI investigation. Right, people who you know have
been threatened by the president or by Pam BONDI you
know specifically, right, like had their name called out specifically, right,
people who are you know, very loud, very active, right,
Like the sort of leaders what's the term tall poppies, Right,

(27:38):
Like the people that are really have their head sticking
out right in a way that's like very public and
very well known. If you have risen to the level
where like Tom Homan knows your name personally, right, that
makes it a pretty good chance that you know, you
might become a target of this, right, Like, that's that's
who we're talking about.

Speaker 1 (27:57):
Well, and like as we've seen Italy, like that can
that can include like like anti fascist journalists, Yeah, definitely,
people who work for like migrant human rights organizations, Yes,
high profile activists. And I think like there's a real
concern with with you know, trying to comprise the phone
of journalists because of how journalists like talk to sources.
The journalists might have information about like other people besides

(28:19):
the journalists on their phone, and they may be targeting
through the journalists, but trying to get after other people
who they're talking to, same thing with like immigration lawyers,
and like, there is real concern about harm spreading from
those factors. And I think that's why if you are
in those sorts of like roles that like like a
human rights organization, a journalist, or a lawyer, you need
to be like extra careful about keeping your phone updated regularly,

(28:43):
engaging in like digital hygiene, having disappearing messages, maybe putting
on lockdown mode onto your iPhone, be very wary of
being added to mysterious group chats. These are just general
practices that are I think worthwhile to like engage in,
whether or not you're actually going to get to target by.

Speaker 2 (29:00):
This absolutely, and I want to especially single out lockdown
mode there, Like, we are not aware of any infections
of any mowur right, Pegasis, Graphite right, any others that
have managed to successfully infect an iPhone on lockdown mode.
So if you are worried about this, lockdown mode is

(29:22):
the single most effective thing you can do to protect
yourself against this mowur right, is go turn on lockdown
if you're on Android.

Speaker 5 (29:28):
I think Google calls its protection mode. Yeah, yeah, advanced
protection mode. So advanced protection mode used to be not
very comprehensive, and I think like with the new Android
update with Android sixteen that came out, you know, I
think like last week or something, it's.

Speaker 2 (29:45):
Now much more comparable to lockdown mode. So you know,
I highly recommend churning that on if you're on Android.

Speaker 1 (29:53):
All my homies love lockdown mode.

Speaker 2 (29:55):
Yes, yes, that is the number one protection right. The
other thing I strongly recommend always, and I be this
drum like every day, is turn on disappearing messages. If
you're on Signal or WhatsApp, go turn on disappearing messages, right,
because this is good against you know a lot of
different things, right, Like, this is good against celebrate as

(30:15):
well as pegass as well as grab me right, Like,
if the messages are gone by the time you get infected,
there's no way to recover those, right, You're minimizing your footprint. Right, yep,
go delete old chats right like if you if you
get a second right, like we've all Google has trained
us to all be digital hoarders, right and keep depending.
How will you are twenty years of email, ten years

(30:37):
or whatever?

Speaker 1 (30:37):
Right?

Speaker 2 (30:37):
Never never delete anything, right, And that's don't ignore them,
ignore Google. Google doesn't want you to delete things because
they want to use all that data for selling you adds. Right,
delete everything.

Speaker 1 (30:48):
I want more underwater data than.

Speaker 2 (30:50):
Yes, yes, exactly, delete everything. Delete your files, you know,
like get rid of those old group chats, right, get
rid of those old chats that you don't need anymore.

Speaker 1 (30:59):
You need to be like that lawyer in death note
delete yes, delete.

Speaker 2 (31:06):
The death notefu.

Speaker 1 (31:10):
Do you wanna plug citizen Labs slash eff and tell
people where to find both your work and then also
other people who are doing research into graphite? And like,
you know, if you've been suspected of being targeted by
you know, maybe a notification how you can participate in
forensic analysis to help everyone be more secure against this
in the future.

Speaker 2 (31:30):
Yeah, for sure. So one of the best ways to
find out you've been targeted by state sponsored malware is
to get a notification from Apple or Google or WhatsApp
or some other large company that you have been targeted
by state sponsored malware. Typically, these notifications don't contain much
more information than we believe you've been targeted by a

(31:51):
nation of state or by state sponsored maware. But if
you do get one of those notifications, take it very seriously,
you know, reach out to access Now or to e
f F or to Citizen Lab and let us know, right,
and we will help figure out what's going on, right,
Like this is this is the number one indicator, right
because like this mallory is usually fairly stealthy, right, Like

(32:13):
it's not it's not actually, but you know, I don't
know flashing you're infected on your screen, right. But yeah,
Citizen Lab is always doing amazing work. I'm a fellow there,
so I get to work with them sometimes, which is
very exciting. They are based out of the Monks School
of Global Affairs at the University of Toronto and their

(32:34):
website is Citizen Lab dot org, where you can find
a lot of really excellent research on the types of
threats that target civil society.

Speaker 1 (32:41):
Er erm, I have citizen lab dot c A. Oh,
but I'm Canadian.

Speaker 2 (32:46):
You you are probably correct. I can never remember the.

Speaker 1 (32:50):
Current as a Canadian. I was very I was very
put off by you erasing our nation's history, of our
of our coveted dot ca A. We love, we love
our dots.

Speaker 2 (33:00):
The I'm not trying to start a war with Canada.

Speaker 1 (33:04):
Well, many many people are, so.

Speaker 2 (33:06):
Listen, I'm firmly on the side of Canada in the
war against Canada. Okay, please take me in please.

Speaker 1 (33:13):
Yeah, your solidarity is a noted so.

Speaker 2 (33:17):
Citizen lab dot org actually redirection cism laud dot c.
So we were both right.

Speaker 1 (33:21):
There you go, or you were maybe more right.

Speaker 2 (33:24):
So yeah, citizen law and yeah, they're they're really fantastic.
A lot of really good research going on there at
e f F dot org, the Electronic Frontier Foundation. We're
US based nonprofit, been around for thirty five years defending
civil liberties as they intersect with technology. So a lot
of a lot of free speech work, a lot of
you know, privacy and Fourth Amendment work, and we also

(33:48):
have a really excellent set of guides called the Surveillance
Self Defense Guides, which are at s SD dot e
f F dot org, which I highly recommend people go
and check out. It's the most sort of evergreen guide
for finding yourself online. A lot of the problem with
the online security guys that they get out of date
very quickly, and we have a totally whole, full time
person dedicated to making sure that our guides stay up

(34:08):
to date.

Speaker 1 (34:09):
I'll put a link in the description.

Speaker 2 (34:11):
Yeah, and we're a nonprofit member support a non profit,
so you know, if you like to work, throw us
a few bucks. We work for tips. And yeah, those
are the chwof places that I'm at that I want
to plug. Only other thing to plug. I guess you
can follow me on social media. I'm at cooperq dot
com on blue Sky and Cooper q at Masto dot
hackers dot town on Mastodon.

Speaker 1 (34:32):
Hell yeah, yeah, all right, well, thank you so much.
Thank you for the work you do at EFF and
Citizen Lab.

Speaker 2 (34:39):
Thank you. Yeah.

Speaker 1 (34:40):
I guess we should also throw away our phone since
there's no way to use our phone safely anymore.

Speaker 2 (34:45):
I mean, throwing away our phones isn't a terrible idea.

Speaker 1 (34:49):
That's why I bat it. You know what, I could
be onto something I.

Speaker 2 (34:51):
Think for our own sanity just in general.

Speaker 1 (34:55):
No, I think they're making us more connected, and I
think they're making us more stable.

Speaker 2 (35:01):
They are making us more connected, that's for sure. In
that I get five billion notifications per day. If that's
what connected means.

Speaker 4 (35:07):
Yeah, all right, it could happen Here is a production
of cool Zone Media.

Speaker 1 (35:15):
For more podcasts from cool Zone Media, visit our website
Coolzonemedia dot com, or check us out on the iHeartRadio app,
Apple Podcasts, or wherever you listen to podcasts. You can
now find sources for it could Happen here, listed directly
in episode descriptions.

Speaker 2 (35:29):
Thanks for listening.

All Episodes

Episode Transcript

It Could Happen Here News

Follow Us On

Hosts And Creators

Robert Evans

Garrison Davis

James Stout

Show Links

Popular Podcasts

On Purpose with Jay Shetty

NFL Daily with Gregg Rosenthal

The Joe Rogan Experience

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}ICE Partners with Israeli Phone Hacking Spyware