NSO Group

14 results back to index


pages: 350 words: 115,802

Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy by Laurent Richard, Sandrine Rigaud

activist lawyer, Airbnb, Amazon Web Services, centre right, Charlie Hebdo massacre, Chelsea Manning, citizen journalism, Citizen Lab, corporate governance, COVID-19, David Vincenzetti, Donald Trump, double helix, Edward Snowden, food desert, Jeff Bezos, Julian Assange, Kevin Kelly, knowledge worker, lockdown, Mohammed Bouazizi, NSO Group, offshore financial centre, operational security, Stuxnet, Tim Cook: Apple, unit 8200, WikiLeaks, Yom Kippur War, zero day

Our partners had gotten a very different message from NSO, or rather from the company’s hired lawyer in Washington, DC. “Our firm is defamation counsel to NSO Group,” was the opener. “It is evident that Forbidden Stories has already formulated (and intends to publish on its own platform) a false, preconceived, and highly damaging narrative regarding NSO Group—and that it intends to do so regardless of the actual facts.… We are putting OCCRP on formal notice that Forbidden Stories will publish defamatory falsehoods about NSO Group in its series of articles and that, should OCCRP elect to publish or republish any portion of those articles, OCCRP runs a substantial risk of publishing defamatory falsehoods.”

That’s how Claudio and Donncha caught them out. They found those domain names in the new infrastructure, and that told them who was running the system. This was NSO Group. This was Pegasus. “Each Pegasus Installation server or Command-and-Control (C&C) server hosted a web server on port 443 with a unique domain and TLS certificate,” they would write. “These edge servers would then proxy connections through a chain of servers, referred to by NSO Group as the ‘Pegasus Anonymizing Transmission Network.’” The search for new Pegasus domains matching the fingerprint also led Claudio and Donncha to a second victim.

When I opened the file, I skimmed through the short section containing the Pegasus-generated process names that Citizen Lab had recognized in each of the three new analyses and went straight to the money paragraph: “We conclude with high confidence,” it read, that all three iPhones “were successfully infected with NSO Group’s Pegasus spyware during the dates mentioned. Our high confidence conclusion stems from the fact that we have never seen the above process names used in a benign context, and we have only ever seen the above process names used in high-confidence cases of infection with NSO Group’s Pegasus spyware.” I posted my synopsis of the first stage of the peer review on the secure site that each of the partners could access, along with a pdf of the report Citizen Lab had forwarded, and I anticipated the collective sigh of relief from Pegasus Project collaborators all over the world.


Reset by Ronald J. Deibert

23andMe, active measures, air gap, Airbnb, Amazon Web Services, Anthropocene, augmented reality, availability heuristic, behavioural economics, Bellingcat, Big Tech, bitcoin, blockchain, blood diamond, Brexit referendum, Buckminster Fuller, business intelligence, Cal Newport, call centre, Cambridge Analytica, carbon footprint, cashless society, Citizen Lab, clean water, cloud computing, computer vision, confounding variable, contact tracing, contact tracing app, content marketing, coronavirus, corporate social responsibility, COVID-19, crowdsourcing, data acquisition, data is the new oil, decarbonisation, deep learning, deepfake, Deng Xiaoping, disinformation, Donald Trump, Doomsday Clock, dual-use technology, Edward Snowden, Elon Musk, en.wikipedia.org, end-to-end encryption, Evgeny Morozov, failed state, fake news, Future Shock, game design, gig economy, global pandemic, global supply chain, global village, Google Hangouts, Great Leap Forward, high-speed rail, income inequality, information retrieval, information security, Internet of things, Jaron Lanier, Jeff Bezos, John Markoff, Lewis Mumford, liberal capitalism, license plate recognition, lockdown, longitudinal study, Mark Zuckerberg, Marshall McLuhan, mass immigration, megastructure, meta-analysis, military-industrial complex, move fast and break things, Naomi Klein, natural language processing, New Journalism, NSO Group, off-the-grid, Peter Thiel, planetary scale, planned obsolescence, post-truth, proprietary trading, QAnon, ransomware, Robert Mercer, Sheryl Sandberg, Shoshana Zuboff, Silicon Valley, single source of truth, Skype, Snapchat, social distancing, sorting algorithm, source of truth, sovereign wealth fund, sparse data, speech recognition, Steve Bannon, Steve Jobs, Stuxnet, surveillance capitalism, techlash, technological solutionism, the long tail, the medium is the message, The Structural Transformation of the Public Sphere, TikTok, TSMC, undersea cable, unit 8200, Vannevar Bush, WikiLeaks, zero day, zero-sum game

“A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments,” New York Times. Retrieved from https://www.nytimes.com/2019/03/21/us/politics/government-hackers-nso-darkmatter.html NSO Group first came onto our radar in August 2016: Marczak B. and Scott-Railton, J. (August 2016). “The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender,” Citizen Lab Research Report No. 78, University of Toronto. Retrieved from https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ “Zero days” — or “open doors that the vendor does not know it should lock”: Lindsay, Restrained by design; Greenberg, A. (2012, March 23).

Perhaps the most notorious of the spyware companies we have been tracking is widely considered to be among the most sophisticated: Israel-based NSO Group, also known as Q Technologies, a company closely aligned with the Israeli Ministry of Defence. (Far from taming abuses connected to the spyware market, Israel’s Ministry of Defence routinely grants export licences for NSO’s sales, as well as those of other Israel-based surveillance companies.) NSO Group first came onto our radar in August 2016, when award-winning UAE-based human rights activist Ahmed Mansoor received two text messages on his iPhone, purporting to show evidence of torture in UAE prisons.214 As a human rights defender, Ahmed might have been tempted to click on those links.

As an activist, he engages in a multitude of conversations, some that he might reasonably assume are either private or secure, many through his desktop computer, others through his mobile device. The “intellectual property” of a spyware company like NSO Group consists of methods for taking advantage of these multiple networked connections, and finding and exploiting weak points in the constantly mutating and highly insecure digital infrastructure on which people like Omar depend. Surveillance companies employ thousands of well-paid, highly trained engineers to constantly scour operating systems, software, applications, hardware, platforms, routers, and networks for insecurities (in the case of NSO Group, many of them are veterans of Israel’s sophisticated Unit 8200 signals intelligence group).


pages: 651 words: 186,130

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth

4chan, active measures, activist lawyer, air gap, Airbnb, Albert Einstein, Apollo 11, barriers to entry, Benchmark Capital, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, blood diamond, Boeing 737 MAX, Brexit referendum, Brian Krebs, Citizen Lab, cloud computing, commoditize, company town, coronavirus, COVID-19, crony capitalism, crowdsourcing, cryptocurrency, dark matter, David Vincenzetti, defense in depth, digital rights, disinformation, don't be evil, Donald Trump, driverless car, drone strike, dual-use technology, Edward Snowden, end-to-end encryption, failed state, fake news, false flag, Ferguson, Missouri, Firefox, gender pay gap, George Floyd, global pandemic, global supply chain, Hacker News, index card, information security, Internet of things, invisible hand, Jacob Appelbaum, Jeff Bezos, John Markoff, Ken Thompson, Kevin Roose, Laura Poitras, lockdown, Marc Andreessen, Mark Zuckerberg, mass immigration, Menlo Park, MITM: man-in-the-middle, moral hazard, Morris worm, move fast and break things, mutually assured destruction, natural language processing, NSO Group, off-the-grid, offshore financial centre, open borders, operational security, Parler "social media", pirate software, purchasing power parity, race to the bottom, RAND corporation, ransomware, Reflections on Trusting Trust, rolodex, Rubik’s Cube, Russian election interference, Sand Hill Road, Seymour Hersh, Sheryl Sandberg, side project, Silicon Valley, Skype, smart cities, smart grid, South China Sea, Steve Ballmer, Steve Bannon, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, TED Talk, the long tail, the scientific method, TikTok, Tim Cook: Apple, undersea cable, unit 8200, uranium enrichment, web application, WikiLeaks, zero day, Zimmermann PGP

CHAPTER 13: GUNS FOR HIRE For a contemporary account of Francisco Partner’s private equity investment in NSO Group, see Orr Hirschauge, “Overseas Buyers Snap Up Two More Israeli Cyber Security Firms,” Haaretz, March 19, 2014. For the FBI’s first public statement on its “going dark” problem, see Valerie Caproni, General Counsel, FBI, Testimony Before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security, February 17, 2011. This later became NSO Group’s marketing pitch. For details on NSO Group’s pricing, see my 2016 account in the New York Times, “Phone Spying Is Made Easy. Choose a Plan,” September 3, 2016.

The leaks showed NSO charged clients $500,000 to hack just five BlackBerry phone users, or $300,000 for five Symbian users on top of that set-up fee. The company also charged an annual 17-percent maintenance fee. Hacking Team’s anxieties over NSO Group’s “over the air stealth installation” feature can be read in Hacking Team’s leaked emails available on WikiLeaks: wikileaks.org/hackingteam/emails/emailid/6619. I first learned of NSO Group’s relationship with Mexican government agencies from the leaks my source provided in 2016. Partnering with Azam Ahmed in Mexico, we were able to detail the Mexican consumer rights activists, doctors, journalists, international lawyers, and those targets’ families in our June 2017 exposés: Nicole Perlroth, “Invasive Spyware’s Odd Targets: Mexican Advocates of Soda Tax,” New York Times, February 12, 2017; Ahmed and Perlroth, “Spyware Meant to Foil Crime Is Trained on Mexico’s Critics,” New York Times, June 19, 2017; and Ahmed and Perlroth, “Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families,” New York Times, Jun 19, 2017.

To date, these inquiries have gone nowhere. NSO Group’s relationship with Finland has never been documented. To better understand why Finland would be interested in its spy tools, see Simon Tidsall, “Finland Warns of New Cold War over Failure to Grasp Situation in Russia,” Guardian, November 5, 2014, and Eli Lake’s interview with Finnish president Sauli Niinistö: “Finland’s Plan to Prevent Russian Aggression,” Bloomberg, June 12, 2019. Bill Marczak and John Scott-Railton, together with researchers at Lookout, were the first to publish research on NSO Group’s spyware in the UAE, and on Ahmed Mansoor specifically.


pages: 390 words: 115,303

Catch and Kill: Lies, Spies, and a Conspiracy to Protect Predators by Ronan Farrow

Airbnb, Bernie Sanders, Black Lives Matter, business intelligence, Citizen Lab, crowdsourcing, David Strachan, Donald Trump, East Village, fake news, forensic accounting, Jeff Bezos, Jeffrey Epstein, Live Aid, messenger bag, NSO Group, Peter Thiel, Plato's cave, Saturday Night Live, Seymour Hersh, Skype

Citizen Lab, which tracks state-backed efforts to hack and surveil journalists, had recently reported that NSO Group’s Pegasus software compromised an iPhone belonging to a friend of the journalist Jamal Khashoggi, not long before Saudi operatives cut Khashoggi to pieces with a bone saw. The investigation had prompted sharp criticism of NSO Group, which denied that its software was used to target Khashoggi but also refused to answer questions about whether the software had been sold to the Saudi government. Lambert wanted to know about Citizen Lab’s work on NSO Group. He asked whether there was any “racist element” to the focus on an Israeli group.

This name was real: the agent was Aharon Almog-Assouline, a retired Israeli security official later reported to have been involved in a string of Black Cube operations. Black Cube and NSO Group would later deny any connection to the operation against Citizen Lab. But in many of the meetings Ostrovskiy had described to me over the preceding months, Almog-Assouline had been there, appearing to target figures who criticized NSO Group and argued that its software was being used to hunt journalists. Black Cube was furious about the botched operation. The agency ordered that everyone with knowledge of the matter be polygraphed immediately.

But Sleeper rebuffed my every plea for identifying information, to get on an encrypted call, to meet in person. “I can understand your editors’ concern although I’m afraid to reveal my identity. Every online method can be monitored these days… its hard for me to trust it wont come back at me,” Sleeper wrote. “I’m sure you know NSO so I’m not interested in taking unnecessary risks.” NSO Group was an Israeli cyber intelligence firm, famed for its Pegasus software, which could take control of a cell phone and strip-mine it for data. It had been used to target dissidents and journalists around the world. But Sleeper kept sending information from the encrypted email address, and it always checked out.


pages: 448 words: 117,325

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World by Bruce Schneier

23andMe, 3D printing, air gap, algorithmic bias, autonomous vehicles, barriers to entry, Big Tech, bitcoin, blockchain, Brian Krebs, business process, Citizen Lab, cloud computing, cognitive bias, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, cuban missile crisis, Daniel Kahneman / Amos Tversky, David Heinemeier Hansson, disinformation, Donald Trump, driverless car, drone strike, Edward Snowden, Elon Musk, end-to-end encryption, fault tolerance, Firefox, Flash crash, George Akerlof, incognito mode, industrial robot, information asymmetry, information security, Internet of things, invention of radio, job automation, job satisfaction, John Gilmore, John Markoff, Kevin Kelly, license plate recognition, loose coupling, market design, medical malpractice, Minecraft, MITM: man-in-the-middle, move fast and break things, national security letter, Network effects, Nick Bostrom, NSO Group, pattern recognition, precautionary principle, printed gun, profit maximization, Ralph Nader, RAND corporation, ransomware, real-name policy, Rodney Brooks, Ross Ulbricht, security theater, self-driving car, Seymour Hersh, Shoshana Zuboff, Silicon Valley, smart cities, smart transportation, Snapchat, sparse data, Stanislav Petrov, Stephen Hawking, Stuxnet, supply-chain attack, surveillance capitalism, The Market for Lemons, Timothy McVeigh, too big to fail, Uber for X, Unsafe at Any Speed, uranium enrichment, Valery Gerasimov, Wayback Machine, web application, WikiLeaks, Yochai Benkler, zero day

Chuck Seegert (8 Oct 2014), “Hackers develop DIY remote-monitoring for diabetes,” Med Device Online, http://www.meddeviceonline.com/doc/hackers-develop-diy-remote-monitoring-for-diabetes-0001. 64had used it to spy on journalists: John Scott-Railton et al. (19 Jun 2017), “Reckless exploit: Mexican journalists, lawyers, and a child targeted with NSO spyware,” Citizen Lab, https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso. 64dissidents, political opponents: John Scott-Railton et al. (29 Jun 2017), “Reckless redux: Senior Mexican legislators and politicians targeted with NSO spyware,” Citizen Lab, https://citizenlab.ca/2017/06/more-mexican-nso-targets. 64international investigators: John Scott-Railton et al. (10 Jul 2017), “Reckless III: Investigation into Mexican mass disappearance targeted with NSO spyware,” Citizen Lab, https://citizenlab.ca/2017/07/mexico-disappearances-nso. 64lawyers: John Scott-Railton et al. (2 Aug 2017), “Reckless IV: Lawyers for murdered Mexican women’s families targeted with NSO spyware,” Citizen Lab, https://citizenlab.ca/2017/08/lawyers-murdered-women-nso-group. 64anti-corruption groups: John Scott-Railton et al. (30 Aug 2017), “Reckless V: Director of Mexican anti-corruption group targeted with NSO group’s spyware,” Citizen Lab, https://citizenlab.ca/2017/08/nso-spyware-mexico-corruption. 64and people who supported a tax on soft drinks: John Scott-Railton et al. (11 Feb 2017), “Bitter sweet: Supporters of Mexico’s soda tax targeted with NSO exploit links,” Citizen Lab, https://citizenlab.ca/2017/02/bittersweet-nso-mexico-spyware. 64The products of FinFisher: Bill Marczak et al. (15 Oct 2015), “Pay no attention to the server behind the proxy: Mapping FinFisher’s continuing proliferation,” Citizen Lab, https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation. 65And it does—through bribery: Glenn Greenwald (2014), No Place to Hide: Edward Snowden, the NSA, and the U.S.

GOVERNMENTS ALSO USE THE INTERNET FOR SURVEILLANCE AND CONTROL Governments want to surveil and control us for their own purposes, and they use the same insecure systems that corporations have given us to do it. In 2017, the University of Toronto’s research center Citizen Lab reported on the Mexican government’s surveillance of what it considered political threats. The country had purchased surveillance software—spyware—from the cyberweapons manufacturer NSO Group, and had used it to spy on journalists, dissidents, political opponents, international investigators, lawyers, anti-corruption groups, and people who supported a tax on soft drinks. Many other countries use Internet spyware to surveil their residents. The products of FinFisher, another commercial spyware company, were found in 2015 to be used by Bosnia, Egypt, Indonesia, Jordan, Kazakhstan, Lebanon, Malaysia, Mongolia, Morocco, Nigeria, Oman, Paraguay, Saudi Arabia, Serbia, Slovenia, South Africa, Turkey, and Venezuela.

Most countries don’t have either the budget or the expertise to develop this caliber of surveillance and hacking tools. Instead, they buy surveillance and hacking tools from cyberweapons manufacturers. These are companies like FinFisher’s seller Gamma Group (Germany and the UK), HackingTeam (Italy), VASTech (South Africa), Cyberbit (Israel), and NSO Group (also Israel). They sell to countries like the ones I listed in the beginning of this section, allowing them to hack into computers, phones, and other devices. They even have a conference, called ISS World and nicknamed the “Wiretappers’ Ball,” and they explicitly market their products to repressive regimes for this purpose.


pages: 447 words: 111,991

Exponential: How Accelerating Technology Is Leaving Us Behind and What to Do About It by Azeem Azhar

"Friedman doctrine" OR "shareholder theory", "World Economic Forum" Davos, 23andMe, 3D printing, A Declaration of the Independence of Cyberspace, Ada Lovelace, additive manufacturing, air traffic controllers' union, Airbnb, algorithmic management, algorithmic trading, Amazon Mechanical Turk, autonomous vehicles, basic income, Berlin Wall, Bernie Sanders, Big Tech, Bletchley Park, Blitzscaling, Boeing 737 MAX, book value, Boris Johnson, Bretton Woods, carbon footprint, Chris Urmson, Citizen Lab, Clayton Christensen, cloud computing, collective bargaining, computer age, computer vision, contact tracing, contact tracing app, coronavirus, COVID-19, creative destruction, crowdsourcing, cryptocurrency, cuban missile crisis, Daniel Kahneman / Amos Tversky, data science, David Graeber, David Ricardo: comparative advantage, decarbonisation, deep learning, deglobalization, deindustrialization, dematerialisation, Demis Hassabis, Diane Coyle, digital map, digital rights, disinformation, Dissolution of the Soviet Union, Donald Trump, Double Irish / Dutch Sandwich, drone strike, Elon Musk, emotional labour, energy security, Fairchild Semiconductor, fake news, Fall of the Berlin Wall, Firefox, Frederick Winslow Taylor, fulfillment center, future of work, Garrett Hardin, gender pay gap, general purpose technology, Geoffrey Hinton, gig economy, global macro, global pandemic, global supply chain, global value chain, global village, GPT-3, Hans Moravec, happiness index / gross national happiness, hiring and firing, hockey-stick growth, ImageNet competition, income inequality, independent contractor, industrial robot, intangible asset, Jane Jacobs, Jeff Bezos, job automation, John Maynard Keynes: Economic Possibilities for our Grandchildren, John Maynard Keynes: technological unemployment, John Perry Barlow, Just-in-time delivery, Kickstarter, Kiva Systems, knowledge worker, Kodak vs Instagram, Law of Accelerating Returns, lockdown, low skilled workers, lump of labour, Lyft, manufacturing employment, Marc Benioff, Mark Zuckerberg, megacity, Mitch Kapor, Mustafa Suleyman, Network effects, new economy, NSO Group, Ocado, offshore financial centre, OpenAI, PalmPilot, Panopticon Jeremy Bentham, Peter Thiel, Planet Labs, price anchoring, RAND corporation, ransomware, Ray Kurzweil, remote working, RFC: Request For Comment, Richard Florida, ride hailing / ride sharing, Robert Bork, Ronald Coase, Ronald Reagan, Salesforce, Sam Altman, scientific management, Second Machine Age, self-driving car, Shoshana Zuboff, Silicon Valley, Social Responsibility of Business Is to Increase Its Profits, software as a service, Steve Ballmer, Steve Jobs, Stuxnet, subscription business, synthetic biology, tacit knowledge, TaskRabbit, tech worker, The Death and Life of Great American Cities, The Future of Employment, The Nature of the Firm, Thomas Malthus, TikTok, Tragedy of the Commons, Turing machine, Uber and Lyft, Uber for X, uber lyft, universal basic income, uranium enrichment, vertical integration, warehouse automation, winner-take-all economy, workplace surveillance , Yom Kippur War

Cunningham, ‘Preparing the Cyber Battlefield: Assessing a Novel Escalation Risk in a Sino-American Crisis’, Texas National Security Review, October 2020 <http://tnsr.org/2020/10/preparing-the-cyber-battlefield-assessing-a-novel-escalation-risk-in-a-sino-american-crisis/> [accessed 23 April 2021]. 71 Jens Stoltenberg, ‘Nato Will Defend Itself’, Prospect Magazine, 27 August 2019 <https://www.prospectmagazine.co.uk/world/nato-will-defend-itself-summit-jens-stoltenberg-cyber-security> [accessed 12 March 2020].” 72 ‘CyberPeace Institute Calls for Accountability of Intrusion as a Service’, CyperPeace Institute, 10 January 2021 <https://cyberpeaceinstitute.org/news/cyberpeace-institute-calls-for-accountability-of-intrusion-as-a-service>. 73 ‘Western Firms Should Not Sell Spyware to Tyrants’, The Economist, 12 December 2019 <https://www.economist.com/leaders/2019/12/12/western-firms-should-not-sell-spyware-to-tyrants> [accessed 26 April 2021]. 74 Bill Marczak et al., ‘The Great IPwn: Journalists Hacked with Suspected NSO Group IMessage “Zero-Click” Exploit’, The Citizen Lab, 20 December 2020 <https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/> [accessed 26 April 2021]. 75 Vincen Boulanin, Limits on Autonomy in Weapons Systems (SIPRI, 2020) <https://www.sipri.org/sites/default/files/2020-06/2006_limits_of_autonomy.pdf>. CHAPTER 8: EXPONENTIAL CITIZENS 1 ‘Dear Mark Zuckerberg.

We might start by taking on hacking. In 2021, the CyberPeace Institute called for preventative action against commercially available hacking software – memorably termed ‘intrusion as a service’.72 Here too, a key goal would be to ban private companies from developing malicious software. Take the NSO Group, a private firm which develops software purportedly used as spyware by malicious actors.73 Their blockbuster product is Pegasus, which allegedly targets individuals’ phones and then takes them over. So far, dozens of journalists and activists around the world allege that Pegasus has been used to spy on them.74 Looking to the future, we need to develop a legal framework to govern the use of autonomous weapons.

.), 73 linear value chains, 101 LinkedIn, 26, 110, 121, 237, 238 Linkos Group, 197 Linux OS, 242 Lipsey, Richard, 45 lithium-ion batteries, 40, 51 lithium, 170 localism, 11, 166–90, 252, 255 log files, 227 logarithmic scales, 20 logic gates, 18 logistic curve, 25, 30, 51, 52, 69–70 London, England, 180, 181, 183 London Underground, 133–4 looms, 157 Lordstown Strike (1972), 125 Lotus Development Corporation, 99 Luddites, 125, 253 Lufa Farms, 171–2 Luminate, 240 lump of labour fallacy, 139 Lusaka, Zambia, 15 Lyft, 146, 148 machine learning, 31–4, 54, 58, 88, 127, 129, 143 MacKinnon, Rebecca, 223 Maersk, 197, 199, 211 malaria, 253 Malaysia Airlines Flight 17 shootdown (2014), 199 Malta, 114 Malthus, Thomas, 72–3 malware, 197 Man with the Golden Gun, The (1974 film), 37 manufacturing, 10, 39, 42–4, 46, 166–7, 175–9 additive, 43–4, 46, 48, 88, 166, 169, 175–9 automation and, 130 re-localisation, 175–9 subtractive, 42–3 market saturation, 25–8, 51, 52 market share, 93–6, 111 Marshall, Alfred, 97 Massachusetts Institute of Technology, 18, 147, 202, 238 Mastercard, 98 May, Theresa, 183 Mayors for a Guaranteed Income, 189 McCarthy, John, 31 McKinsey, 76, 94 McMaster University, 178 measles, 246 Mechanical Turk, 142–3, 144, 145 media literacy, 211–12 meningitis, 246 Mexico, 202 microorganisms, 42, 46, 69 Microsoft, 16–17, 65, 84–5, 88, 98–9, 100, 105, 108, 122, 221 Bing, 107 cloud computing, 85 data collection, 228 Excel, 99 internet and, 84–5, 100 network effect and, 99 Office software, 98–9, 110, 152 Windows, 85, 98–9 Workplace Productivity scores, 152 Mill, John Stuart, 193 miniaturisation, 34–5 minimum wage, 147, 161 misinformation, 11, 191, 192, 200–204, 209, 212, 217, 225, 247–8 mobile phones, 76, 121 see also smartphones; telecom companies Moderna, 245, 247 Moixa, 174 Mondelez, 197, 211 Mongol Empire (1206–1368), 44 monopolies, 10, 71, 94, 95, 114–24, 218, 255 Monopoly (board game), 82 Montreal, Quebec, 171 mood detection systems, 152 Moore, Gordon, 19, 48 Moore’s Law, 19–22, 26, 28–9, 31, 34, 63, 64, 74 artificial intelligence and, 32, 33–4 Kodak and, 83 price and, 41–2, 51, 68–9 as social fact, 29, 49 superstar companies and, 95 time, relationship with, 48–9 Moravec, Hans, 131 Moravec’s paradox, 131–2 Motorola, 76 Mount Mercy College, Cork, 57 Mozilla Firefox, 242 Mumbai, India, 181 mumps, 246 muskets, 54–5 MySpace, 26–7 Nadella, Satya, 85 Nagorno-Karabakh War (2020), 206–7 napalm, 216 NASA (National Aeronautics and Space Administration), 56 Natanz nuclear site, Iran, 196 National Health Service (NHS), 87 nationalism, 168, 186 NATO (North Atlantic Treaty Organization), 191, 213 Netflix, 104, 107, 109, 136, 137, 138, 139, 151, 248 Netherlands, 103 Netscape Communicator, 6 networks, 58–62 network effects, 96–101, 106, 110, 121, 223 neural networks, 32–4 neutral, technology as, 5, 220–21, 254 new wars, 194 New York City, New York, 180, 183 New York Times, 3, 125, 190, 228 New Zealand, 188, 236 Newton, Isaac, 20 Nigeria, 103, 145, 182, 254 Niinistö, Sauli, 212 Nike, 102 nitrogen fertilizers, 35 Nixon, Richard, 25, 114 Nobel Prize, 64, 74, 241 Nokia, 120 non-state actors, 194, 213 North Korea, 198 North Macedonia, 200–201 Norway, 173, 216 NotPetya malware, 197, 199–200, 211, 213 Novell, 98 Noyce, Robert, 19 NSO Group, 214 nuclear weapons, 193, 195–6, 212, 237 Nuremberg Trials (1945–6), 208 O’Reilly, Tim, 107 O’Sullivan, Laura, 57–8, 60 Obama, Barack, 205, 214, 225 Ocado, 137 Ocasio-Cortez, Alexandria, 239 Oculus, 117 oDesk, 144 Ofcom, 8 Ofoto, 84 Ogburn, William, 85 oil industry, 172, 250 Houthi drone attacks (2019), 206 OAPEC crisis (1973–4), 37, 258 Shamoon attack (2012), 198 Standard Oil breakup (1911), 93–4 Olduvai, Tanzania, 42 online shopping, 48, 61, 62, 75, 94, 102, 135 open-source software, 242 Openreach, 123 Operation Opera (1981), 195–6, 209 opium, 38 Orange, 121 Organisation for Economic Co-operation and Development (OECD), 119, 167 Osborne Computer Corporation, 16 Osborne, Michael, 129 Osirak nuclear reactor, Iraq, 195–6, 209 Ostrom, Elinor, 241 Oxford University, 129, 134, 203, 226 pace of change, 3 pagers, 87 Pakistan, 145, 205 palladium, 170 PalmPilot, 173 panopticon, 152 Paris, France, 181, 183 path dependence, 86 PayPal, 98, 110 PC clones, 17 PeerIndex, 8, 201, 237 Pegasus, 214 PeoplePerHour, 144 PepsiCo, 93 Perez, Carlota, 46–7 pernicious polarization, 232 perpetual motion, 95, 106, 107, 182 Petersen, Michael Bang, 75 Phan Thi Kim Phuc, 216–17, 224, 225 pharmaceutical industry, 6, 93, 250 phase transitions, 4 Philippines, 186, 203 Phillips Exeter Academy, 150 phishing scams, 211 Phoenix, Arizona, 134 photolithography, 19 Pigou, Arthur Cecil, 97 Piketty, Thomas, 160 Ping An Good Doctor, 103, 250 Pix Moving, 166, 169, 175 PKK (Partîya Karkerên Kurdistanê), 206 Planet Labs, 69 platforms, 101–3, 219 PlayStation, 86 plough, 157 Polanyi, Michael, 133 polarisation, 231–4 polio, 246 population, 72–3 Portify, 162 Postel, Jon, 55 Postings, Robert, 233 Predator drones, 205, 206 preprints, 59–60 price gouging, 93 price of technology, 22, 68–9 computing, 68–9, 191, 249 cyber-weapons, 191–2 drones, 192 genome sequencing, 41–2, 252 renewable energy, 39–40, 250 printing press, 45 public sphere, 218, 221, 223 Pulitzer Prize, 216 punctuated equilibrium, 87–8 al-Qaeda, 205, 210–11 Qatar, 198 quantum computing, 35 quantum physics, 29 quarantines, 12, 152, 176, 183, 246 R&D (research and development), 67–8, 113, 118 racial bias, 231 racism, 225, 231, 234 radicalisation pathways, 233 radiologists, 126 Raford, Noah, 43 Raz, Ze’ev, 195, 209 RB, 197 re-localisation, 11, 166–90, 253, 255 conflict and, 189, 193, 194, 209 Reagan, Ronald, 64, 163 religion, 6, 82, 83 resilience, 257 reskilling, 159–60 responsibility gap, 209 Restrepo, Pascual, 139 Reuters, 8, 56, 132 revolutions, 87 Ricardo, David, 169–70, 177 rights, 240–41 Rise of the Robots, The (Ford), 125 Rittenhouse, Kyle, 224 Roche, 67 Rockefeller, John, 93 Rohingyas, 224 Rome, ancient, 180 Rose, Carol, 243 Rotterdam, Netherlands, 56 Rule of Law, 82 running shoes, 102, 175–6 Russell, Stuart, 31, 118 Russian Federation, 122 disinformation campaigns, 203 Estonia cyberattacks (2007), 190–91, 200 Finland, relations with, 212 Nagorno-Karabakh War (2020), 206 nuclear weapons, 237 Ukraine cyberattacks (2017), 197, 199–200 US election interference (2016), 217 Yandex, 122 S-curve, 25, 30, 51, 52, 69–70 al-Sahhaf, Muhammad Saeed, 201 Salesforce, 108–9 Saliba, Samer, 184 salt, 114 Samsung, 93, 228 San Francisco, California, 181 Sandel, Michael, 218 Sanders, Bernard, 163 Sandworm, 197, 199–200, 211 Santander, 95 Sasson, Steve, 83 satellites, 56–7, 69 Saturday Night Fever (1977 soundtrack), 72 Saudi Arabia, 108, 178, 198, 203, 206 Schmidt, Eric, 5 Schwarz Gruppe, 67 Second Machine Age, The (Brynjolfsson and McAfee), 129 self-driving vehicles, 78, 134–5, 141 semiconductors, 18–22, 28–9, 48–9, 52, 113, 251 September 11 attacks (2001), 205, 210–11 Shamoon virus, 198 Shanghai, China, 56 Shannon, Claude, 18 Sharp, 16 Shenzhen, Guangdong, 182 shipping containers, 61–2, 63 shopping, 48, 61, 62, 75, 94, 102, 135 Siemens, 196 silicon chips, see chips Silicon Valley, 5, 7, 15, 24, 65, 110, 129, 223 Sinai Peninsula, 195 Sinclair ZX81, 15, 17, 21, 36 Singapore, 56 Singles’ Day, 48 Singularity University, 5 SixDegrees, 26 Skydio R1 drone, 208 smartphones, 22, 26, 46, 47–8, 65, 86, 88, 105, 111, 222 Smith, Adam, 169–70 sneakers, 102, 175–6 Snow, Charles Percy, 7 social credit systems, 230 social media, 26–8 censorship on, 216–17, 224–6, 236 collective bargaining and, 164 data collection on, 228 interoperability, 121, 237–8 market saturation, 25–8 misinformation on, 192, 201–4, 217, 247–8 network effect, 98, 223 polarisation and, 231–4 software as a service, 109 solar power, 37–8, 53, 65, 77, 82, 90, 171, 172, 173, 249, 250, 251 SolarWinds, 200 Solberg, Erna, 216 South Africa, 170 South Korea, 188, 198, 202 Southey, Robert, 80 sovereignty, 185, 199, 214 Soviet Union (1922–91), 185, 190, 194, 212 Spain, 170, 188 Spanish flu pandemic (1918–20), 75 Speedfactory, Ansbach, 176 Spire, 69 Spotify, 69 Sputnik 1 orbit (1957), 64, 83 stagflation, 63 Standard and Poor, 104 Standard Oil, 93–4 standardisation, 54–7, 61, 62 Stanford University, 32, 58 Star Wars franchise, 99 state-sized companies, 11, 67 see also superstar companies states, 82 stirrups, 44 Stockholm International Peace Research Institute, 208 Stockton, California, 160 strategic snowflakes, 211 stress tests, 237 Stuxnet, 196, 214 Sudan, 183 superstar companies, 10, 11, 67, 94–124, 218–26, 252, 255 blitzscaling, 110 collective bargaining and, 163 horizontal expansion, 111–12, 218 increasing returns to scale, 108–10 innovation and, 117–18 intangible economy, 104–7, 118, 156 interoperability and, 120–22, 237–9 monopolies, 114–24, 218 network effect, 96–101, 121 platform model, 101–3, 219 taxation of, 118–19 vertical expansion, 112–13 workplace cultures, 151 supply chains, 61–2, 166–7, 169, 175, 187, 252 surveillance, 152–3, 158 Surviving AI (Chace), 129 Sutskever, Ilya, 32 synthetic biology, 42, 46, 69, 174, 245, 250 Syria, 186 Taiwan, 181, 212 Talkspace, 144 Tallinn, Estonia, 190 Tang, Audrey, 212 Tanzania, 42, 183 TaskRabbit, 144 Tasmania, Australia, 197 taxation, 10, 63, 96, 118–19 gig economy and, 146 superstar companies and, 118–19 Taylor, Frederick Winslow, 150, 152, 153, 154 Tel Aviv, Israel, 181 telecom companies, 122–3 Tencent, 65, 104, 108, 122 territorial sovereignty, 185, 199, 214 Tesco, 67, 93 Tesla, 69, 78, 113 Thailand, 176, 203 Thatcher, Margaret, 64, 163 Thelen, Kathleen, 87 Thiel, Peter, 110–11 3D printing, see additive manufacturing TikTok, 28, 69, 159–60, 219 Tisné, Martin, 240 Tomahawk missiles, 207 Toyota, 95 trade networks, 61–2, 166–7, 169, 175 trade unions, see collective bargaining Trading Places (1983 film), 132 Tragedy of the Commons, The (Hardin), 241 transistors, 18–22, 28–9, 48–9, 52, 113, 251 transparency, 236 Treaty of Westphalia (1648), 199 TRS-80, 16 Trump, Donald, 79, 119, 166, 201, 225, 237 Tufekci, Zeynep, 233 Turing, Alan, 18, 22 Turkey, 102, 176, 186, 198, 202, 206, 231 Tversky, Amos, 74 23andMe, 229–30 Twilio, 151 Twitch, 225 Twitter, 65, 201, 202, 219, 223, 225, 237 two cultures, 7, 8 Uber, 69, 94, 102, 103, 106, 142, 144, 145 Assembly Bill 5 (California, 2019), 148 engineering jobs, 156 London ban (2019), 183, 188 London protest (2016), 153 pay at, 147, 156 satisfaction levels at, 146 Uber BV v Aslam (2021), 148 UiPath, 130 Ukraine, 197, 199 Unilever, 153 Union of Concerned Scientists, 56 unions, see collective bargaining United Arab Emirates, 43, 198, 250 United Autoworkers Union, 162 United Kingdom BBC, 87 Biobank, 242 Brexit (2016–20), 6, 168 collective bargaining in, 163 Covid-19 epidemic (2020–21), 79, 203 DDT in, 253 digital minilateralism, 188 drone technology in, 207 flashing of headlights in, 83 Golden Triangle, 170 Google and, 116 Industrial Revolution (1760–1840), 79–81 Luddite rebellion (1811–16), 125, 253 misinformation in, 203, 204 National Cyber Force, 200 NHS, 87 self-employment in, 148 telecom companies in, 123 Thatcher government (1979–90), 64, 163 United Nations, 87, 88, 188 United States antitrust law in, 114 automation in, 127 Battle of the Overpass (1937), 162 Capitol building storming (2021), 225 China, relations with, 166 Cold War (1947–91), 194, 212, 213 collective bargaining in, 163 Covid-19 epidemic (2020–21), 79, 202–4 Cyber Command, 200, 210 DDT in, 253 drone technology in, 205, 214 economists in, 63 HIPA Act (1996), 230 Kenosha unrest shooting (2020), 224 Lordstown Strike (1972), 125 manufacturing in, 130 misinformation in, 202–4 mobile phones in, 76 nuclear weapons, 237 Obama administration (2009–17), 205, 214 polarisation in, 232 presidential election (2016), 199, 201, 217 presidential election (2020), 202–3 Reagan administration (1981–9), 64, 163 self-employment in, 148 September 11 attacks (2001), 205, 210–11 shipping containers in, 61 shopping in, 48 solar energy research, 37 Standard Oil breakup (1911), 93–4 taxation in, 63, 119 Trump administration (2017–21), 79, 119, 166, 168, 201, 225, 237 Vietnam War (1955–75), 216 War on Terror (2001–), 205 universal basic income (UBI), 160, 189 universal service obligation, 122 University of Cambridge, 127, 188 University of Chicago, 63 University of Colorado, 73 University of Delaware, 55 University of Oxford, 129, 134, 203, 226 University of Southern California, 55 unwritten rules, 82 Uppsala Conflict Data Program, 194 UpWork, 145–6 USB (Universal Serial Bus), 51 Ut, Nick, 216 utility providers, 122–3 vaccines, 12, 202, 211, 245–7 Vail, Theodore, 100 value-free, technology as, 5, 220–21, 254 Veles, North Macedonia, 200–201 Véliz, Carissa, 226 Venezuela, 75 venture capitalists, 117 vertical expansion, 112–13, 116 vertical farms, 171–2, 251 video games, 86 Vietnam, 61, 175, 216 Virological, 245 Visa, 98 VisiCalc, 99 Vodafone, 121 Vogels, Werner, 68 Wag!


Mbs: The Rise to Power of Mohammed Bin Salman by Ben Hubbard

"World Economic Forum" Davos, Ayatollah Khomeini, Bellingcat, bitcoin, Citizen Lab, Donald Trump, fake news, it's over 9,000, Jeff Bezos, knowledge economy, Mark Zuckerberg, medical residency, megacity, Mohammed Bouazizi, NSO Group, RAND corporation, ride hailing / ride sharing, Rosa Parks, Rubik’s Cube, Silicon Valley, Snapchat, SoftBank, Steve Bannon, Steve Jobs, Tim Cook: Apple, urban planning, WikiLeaks, women in the workforce, Yom Kippur War

At least four others were targeted around the same time: two prominent Saudi dissidents in London, a researcher for Amnesty International, and a Saudi activist in Canada named Omar Abdulaziz. Technology researchers with a group called “Citizen Lab” at the University of Toronto concluded that hackers linked to Saudi Arabia had launched the attacks with software from NSO Group, an Israeli company. Some of the targets had fallen into the trap, including Abdulaziz, who had recently struck up a friendship with Khashoggi. (A spokesperson for NSO Group said the company did not comment on specific cases but that its product was “not a tool to target journalists for doing their job or to silence critics.”) Abdulaziz was in his late twenties and had moved to Canada years before on a Saudi government scholarship.

researcher for Amnesty International: “Amnesty International staff targeted with malicious spyware,” Amnesty International, Aug. 1, 2018, and author interview, Yahya Assiri, July 2019. struck up a friendship with Khashoggi: “The Kingdom Came to Canada,” Citizen Lab, Oct. 1, 2018. “doing their job or to silence critics”: Author correspondence, NSO Group spokesperson, Aug. 2019. The company said its technology has helped governments save “an untold number of lives” by helping prevent terrorist attacks, stop drug and sex trafficking, and rescue kidnapped children. It says it investigates reports of misuse and responds appropriately, including by shutting down its clients’ ability to use its products.


pages: 1,380 words: 190,710

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield

air gap, anti-pattern, barriers to entry, bash_history, behavioural economics, business continuity plan, business logic, business process, Cass Sunstein, cloud computing, cognitive load, continuous integration, correlation does not imply causation, create, read, update, delete, cryptocurrency, cyber-physical system, database schema, Debian, defense in depth, DevOps, Edward Snowden, end-to-end encryption, exponential backoff, fault tolerance, fear of failure, general-purpose programming language, Google Chrome, if you see hoof prints, think horses—not zebras, information security, Internet of things, Kubernetes, load shedding, margin call, microservices, MITM: man-in-the-middle, NSO Group, nudge theory, operational security, performance metric, pull request, ransomware, reproducible builds, revision control, Richard Thaler, risk tolerance, self-driving car, single source of truth, Skype, slashdot, software as a service, source of truth, SQL injection, Stuxnet, the long tail, Turing test, undersea cable, uranium enrichment, Valgrind, web application, Y2K, zero day

Policing domestic activity Governments may also break into systems to police domestic activity. In a recent example, NSO Group, a cybersecurity contractor, sold software to various governments that allowed private surveillance of communications between people without their knowledge (through the remote monitoring of mobile phone calls). Reportedly, this software was intended to surveil terrorists and criminals—relatively noncontroversial targets. Unfortunately, some of NSO Group’s government customers have also used the software to listen in on journalists and activists, in some cases leading to harassment, arrest, and even possibly death.3 The ethics of governments using these capabilities against their own people is a hotly debated topic, especially in countries without strong legal frameworks and proper oversight.

Both are good resources for anyone designing secure and reliable systems, as their findings are still relevant today. 2 As an example of how complicated this space can be, not all attackers in such conflicts are part of an organized military. For example, Dutch attackers reportedly compromised the US military during the Persian Gulf War (1991) and offered stolen information to the Iraqi government. 3 NSO Group’s activities have been researched and documented by The CitizenLab, a research and policy laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto. For an example, see https://oreil.ly/IqDN_. 4 There is some debate about who coined this term and what it means, but it became widely used after 1996 when it was adopted by Hacktivismo, a group associated with the Cult of the Dead Cow (cDc). 5 Anonymous is a moniker that a wide variety of people use for hacktivist (and other) activities.

Liberia, Criminal Actors libFuzzer, How Fuzz Engines Work linters, Automated Code Inspection Tools LLVM Clang, How Fuzz Engines Work load balancing, Defendable Architecture load shedding, Load shedding location separation, Location Separation-Isolation of confidentialityaligning physical and logical architecture, Aligning physical and logical architecture isolation of confidentiality, Isolation of confidentiality isolation of trust, Isolation of trust location-based trust, Isolation of trust Lockheed Martin, Intelligence gathering loggingattackers' bypassing of, Small Functional APIs budget for, Budget for Logging collecting appropriate/useful logs, Collect Appropriate and Useful Logs-Budget for Logging designing for immutability, Design Your Logging to Be Immutable determining which security logs to retain, Determine Which Security Logs to Retain-Network-based logging and detection intersection of security and reliability, Investigating Systems and Logging logs as attack target, Reliability Versus Security: Design Considerations privacy issues, Take Privacy into Consideration reliability issues, Reliability Lonestar, Criminal Actors lost causes, value of, Pick Your Battles low-dependency service, Low-dependency components-Low-dependency components M malicious actions, recovery from, Malicious Actions malware reports, Threat Intelligence MASVN (minimum acceptable security version numbers), Minimum Acceptable Security Version Numbers-Minimum Acceptable Security Version Numbers mean time to detection (MTTD), Monitoring and Alerting mean time to repair (MTTR), Monitoring and Alerting meetings, in crisis management situations, Meetings Mehta, Neel, Example: Growing Scope—Heartbleed memory corruption, checksums and, Distinguish horses from zebras memory-safe languages, Use memory-safe languages mental modelsidempotency and, Pay attention to idempotent operations understandability and, Mental Models microservicesdesigning for change with, Use Microservices-Example: Google’s frontend design Google's frontend design, Example: Google’s frontend design Google-internal framework, Example: Microservices and the Google Web Application Framework rate-limiting mechanism as, Design to Go as Quickly as Possible (Guarded by Policy) role separation, Role Separation military, cyber warfare and, Military purposes Miller, Matt, Use memory-safe languages minimum acceptable security version numbers (MASVN), Minimum Acceptable Security Version Numbers-Minimum Acceptable Security Version Numbers Mission Control program, Build Empathy mission, of IR team, Establish a Team Charter mistakes, threat modeling and, Threat modeling insider risk MIT (Massachusetts Institute of Technology), Attacker Profiles mitigation doc, Scoping the Recovery mitigation strategies, advanced (see advanced mitigation strategies) MITRE, Tactics, Techniques, and Procedures morale issuesIC's responsibility for, Morale on incident response teams, Establish a Team Charter motivations, of attacker, Attacker Motivations MTTD (mean time to detection), Monitoring and Alerting MTTR (mean time to repair), Monitoring and Alerting multi-party authorization (MPA), Multi-Party Authorization (MPA)code review as, Require Code Reviews reliability and, Investing in a Widely Used Authorization Framework resilience and, Resilience unilateral insider risk protection, Three-Factor Authorization (3FA) multicomponent failure testing, Multicomponent testing multilevel nesting, Avoid Multilevel Nesting mutation testing, When to Write Unit Tests N NASA, Culture of Inevitably nation-state actors, protecting systems from, Protecting your systems from nation-state actors(see also governments) Netflix, Fuzz Testing network intrusion detection systems (NIDSs), Network-based logging and detection nonfunctional requirements, Nonfunctional Requirements nontechnical risks, Costs and nontechnical risks North Korea, Attacker Motivations notes, keeping during recovery, Recovery Logistics, Postmortems NotPetya ransomware, Risk Assessment Considerations NSA, Risk Assessment Considerations NSO Group, Policing domestic activity O observability, improving, Improve observability OIDC (OpenID Connect), Identities, Example: Identity model for the Google production system OL (operations lead), Establishing Your Incident Team one-time passwords (OTPs), Example: Strong second-factor authentication using FIDO security keys-Example: Strong second-factor authentication using FIDO security keys one-time programmable (OTP) devices, Rolling back firmware and other hardware-centric constraints OODA (observe, orient, decide, act) loop, Parallelizing the Incident open source componentsfor Google custom CA, Securing Third-Party and Open Source Components third-party insider threats, Third-party insiders OpenID Connect (OIDC), Identities, Example: Identity model for the Google production system OpenSSHconfiguration distribution via, POSIX API via OpenSSH custom OpenSSH ForceCommand, Custom OpenSSH ForceCommand OpenSSL library, Evolution, Example: Growing Scope—Heartbleed operating parameters, IR team, Define Operating Parameters for Engaging the IR Team operating system logs, Operating system logs Operation Aurora, Protecting your systems from nation-state actors, After the Recovery operational overload, Set aside time for debugging and investigations, Know what’s normal for your system operational security (OpSec)crisis management, Operational Security-Operational Security hypothetical crisis management example, Communications and Operational Security trading good OpSec for the greater good, Trading Good OpSec for the Greater Good operations lead (OL), Establishing Your Incident Team OSS-Fuzz, Example: ClusterFuzz and OSSFuzz OTP (one-time programmable) devices, Rolling back firmware and other hardware-centric constraints OTPs (one-time passwords), Example: Strong second-factor authentication using FIDO security keys-Example: Strong second-factor authentication using FIDO security keys overcommunication, Example: Increasing HTTPS usage, Misunderstandings, Overcommunicate and Be Transparent overprovisioning, Defender’s Strategy P panic rooms, Graceful Failure and Breakglass Mechanisms parallelizing an incident, Parallelizing the Incident Park Jin Hyok, Attacker Motivations partial restores, Persistent data passwords, On Passwords and Power Drills patch, defined, Short-Term Change: Zero-Day Vulnerability payment processing system design (case study), Example: Payment Processing-Security riskssecurity/reliability considerations, Security and reliability considerations third-party service provider for sensitive data, Using a third-party service provider to handle sensitive data-Security risks Peach Fuzzer, How Fuzz Engines Work penetration testers, Vulnerability Researchers, Special Teams: Blue and Red Teams permissions, Classifying Access Based on Risk persistent data, Persistent data personally identifiable information (PII), Security and reliability considerations Petya ransomware, Risk Assessment Considerations phishing attackcredential rotation and, Credential and Secret Rotation recovery from, Large-Scale Phishing Attack-Large-Scale Phishing Attack two-factor authentication to address risk of, Example: Strong second-factor authentication using FIDO security keys phone bridges, Communications physical location, Location Separation-Isolation of confidentiality PII (personally identifiable information), Security and reliability considerations pivot points, The Investigative Process playbooks, IR team, Create Detailed Playbooks poisoned regions, Dynamic Program Analysis police (see law enforcement agencies) policiesavoiding automated unsupervised changes, A foothold for humans creating unambiguous, Create Unambiguous Policies POSIX API, Small Functional APIs, POSIX API via OpenSSH postmortems, Postmortems-Postmortems, Building a Culture of Security and Reliability, Culture of Inevitably post_install command, Host management prestaging (disaster planning), Prestaging Systems and People Before an Incident-Processes and Proceduresconfiguring systems, Configuring Systems processes and procedures, Processes and Procedures training, Training pre_rm command, Host management priority models, IR teams and, Establish Severity and Priority Models privacy, logging and, Take Privacy into Consideration productionintersection of security and reliability, From Design to Production safe proxies in production environments, Safe Proxies in Production Environments-Safe Proxies in Production Environments single system testing/fault injection, Single system testing/fault injection testing response in production environments, Testing Response in Production Environments productivityincreasing, Increase Productivity and Usability-Increase Productivity and Usability least privilege and, Impact on User Productivity profile, attacker, Attacker Profiles program analysisdynamic, Dynamic Program Analysis-Dynamic Program Analysis static, Static Program Analysis-Formal Methods(see also static analysis) Project Shield, Defendable Architecture provenancebinary, Binary Provenance-What to put in binary provenance, Data Sanitization data sanitization and, Data Sanitization ensuring unambiguous provenance, Ensure Unambiguous Provenance provenance-based deployment policies, Provenance-Based Deployment Policies-Implementing policy decisions proxies, Proxiesbenefits of, Safe Proxies in Production Environments downsides of, Safe Proxies in Production Environments safe (see safe proxies (case study)) pseudonymization, Take Privacy into Consideration publicly trusted certificate authority (CA), Case Study: Designing, Implementing, and Maintaining a Publicly Trusted CA-Conclusion Purple Team, Evaluating Responses, Special Teams: Blue and Red Teams Pwn2Own, Speed Matters Pwnium, Speed Matters Q quality-of-service (QoS) controls, Graceful Degradation quarantine (isolation)assets, Isolating Assets (Quarantine)-Isolating Assets (Quarantine) compartments and, Controlling the Blast Radius R random errors, recovery from, Random Errors ransomware attacks, Criminal ActorsPetya, Risk Assessment Considerations responses based on culture, Triaging the Incident Rapid (software release tool at Google), System Rebuilds and Software Upgrades rate-limiting mechanism, Design to Go as Quickly as Possible (Guarded by Policy) readability, Rollout Strategy recovery, Recovery and Aftermath-Credential and Secret Rotation, Examples-Targeted Attack Requiring Complex Recoveryaftermath of, After the Recovery-Postmortems attacker's response to, How will your attacker respond to your recovery effort?


pages: 302 words: 85,877

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn

"World Economic Forum" Davos, 4chan, A Declaration of the Independence of Cyberspace, Andy Rubin, Apple II, autonomous vehicles, Berlin Wall, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, Cambridge Analytica, Chelsea Manning, Citizen Lab, commoditize, corporate governance, digital rights, disinformation, Donald Trump, dumpster diving, Edward Snowden, end-to-end encryption, fake news, Firefox, Gabriella Coleman, Google Chrome, Haight Ashbury, independent contractor, information security, Internet of things, Jacob Appelbaum, Jason Scott: textfiles.com, John Gilmore, John Markoff, John Perry Barlow, Julian Assange, Laura Poitras, machine readable, Mark Zuckerberg, military-industrial complex, Mitch Kapor, Mondo 2000, Naomi Klein, NSO Group, Peter Thiel, pirate software, pre–internet, Ralph Nader, ransomware, Richard Stallman, Robert Mercer, Russian election interference, self-driving car, Sheryl Sandberg, side project, Silicon Valley, Skype, slashdot, Steve Jobs, Steve Wozniak, Steven Levy, Stewart Brand, Stuxnet, tech worker, Whole Earth Catalog, WikiLeaks, zero day

Despite such claims, researchers often found repressive regimes deploying wares from companies like UK- and Germany-based Gamma Group and Italian firm Hacking Team against human rights advocates, journalists, and minority-party politicians. Much later, a devastating series of four front-page reports in the New York Times, driven by Citizen Lab findings, documented Israeli company NSO Group’s Pegasus spyware being used against Mexican journalists, politicians, and others in Mexico, including officials investigating mass disappearances and even anti-obesity campaigners. Mexico’s president ordered an investigation that the FBI concluded was a sham. Time and time again, the lab’s independent academic structure gave it a way to write about what others could not.

See Tucker, Chris 9/11 attacks, 113–114, 116–117, 119, 133, 187 Ninja Strike Force (NSF), 6, 62–63, 81, 116–117, 121, 129–130, 177, 193–196 Noisebridge, 155 No Logo: Taking Aim at the Brand Bullies (Klein), 96 nonprofits, 102, 130, 132, 152, 164, 182, 188 Noonan, Timothy (Matlock), 195–196 NORAD, 58 NPR, 67 NSO Group, 133 Obama, Barack (administration), 104, 168, 204 Obscure Images. See Leonard, Paul O’Donnell, Adam (Javaman), 104–105, 141, 152, 156–157, 193 political fundraising by, 1–2, 4–6, 201–202 Olson, Parmy, 145, 149 Omega. See Kubecka, Misha Onion Router. See Tor OpenCola, 127 OpenNet Initiative, 132 open-source projects, 108, 113, 123, 127 operating systems, 63, 92 software, 26, 46, 78, 98, 163 Operation Tunisia, 149–150 Oracle, 74, 122 O’Rourke, Robert “Beto” (Psychedelic Warlord), 5–7, 15–17, 92–93, 141, 188–192, 196, 201–207 Osband, Robert (Cheshire Catalyst), 19, 55 Oxblood Ruffin.


pages: 295 words: 84,843

There's a War Going on but No One Can See It by Huib Modderkolk

AltaVista, ASML, Berlin Wall, Big Tech, call centre, COVID-19, disinformation, Donald Trump, drone strike, Edward Snowden, end-to-end encryption, Evgeny Morozov, fake news, Fall of the Berlin Wall, Firefox, Google Chrome, information security, Jacob Appelbaum, John Markoff, Julian Assange, Laura Poitras, machine translation, millennium bug, NSO Group, ransomware, Skype, smart meter, speech recognition, Stuxnet, undersea cable, unit 8200, uranium enrichment, WikiLeaks, zero day

Characteristically, the Netherlands’ solution is one of compromise between the governing parties, under which intelligence agencies won’t be allowed to buy exploits from contractors who also sell weapons to dubious regimes. But how do we define ‘dubious’? One of the most notable suppliers, the Israeli NSO Group, sells spyware to the United Arab Emirates (UAE), a country that heavily suppresses freedom of speech. Does that qualify as dubious? What if the Emir of the UAE wiretaps journalists and dissidents using this Israeli software, as has actually happened? Does that cross the line? The law to enlarge cybersecurity therefore also curbs a free internet.

., here, here, here Naomi, here NASA, here, here, here Natanz, here, here, here National Health Service (NHS), here, here National Security Agency (NSA), here, here, here, here, here, here, here, here, here, here, here and Belgacom, here, here, here and Farsi translators, here ‘fishing with dynamite’, here and Gemalto, here and ‘Greek Watergate’, here hardware modifications, here number of employees, here relations with Netherlands, here, here, here Snowden files, here, here, here, here, here, here, here and SolarWinds attack, here and Somalia surveillance, here, here Tailored Access Operations, here NATO, here, here, here NCC Group, here ndsmovies.com, here New York City truck attack, here New York Times, here, here, here NICE Systems, here Nijmegen Queen’s Day festival, here Nixon, Richard, here North Korea, here, here, here, here, here, here, here, here Northwave, here Norwegian University of Science and Technology (NTNU), here NotPetya virus, here, here, here Novaja Gazeta, here NRC Handelsblad, here, here, here, here, here, here, here, here, here NSO Group, here Obama, Barack, here, here, here, here Ocean’s Eleven, here, here OHM2013, here Operation Moonlight Maze, here Operation Olympic Games, here Opstelten, Ivo, here OPTA, here Organisation for the Prohibition of Chemical Weapons (OPCW), here Oxford Internet Institute, here P10 filtering system, here Paauw, Frank, here Pakistan, here, here, here, here, here Pals, Ludo, here Paris bombings, here Paulissen, Wilbert, here PayPal, here, here, here Penn, Sean, here Pentagon, here, here Pérez Dolset, Javier, here Perlroth, Nicole, here Petri, Hans, here ‘Phed’, here phishing emails, here Plasterk, Ronald, here, here, here, here, here Pluijmers, René, here Poitras, Laura, here Politico, here PornHub, here Poroshenko Petro, here Port of Rotterdam, here, here, here, here, here Premier League, here Preneel, Bart, here PricewaterhouseCoopers, here Prigozhin, Yevgeny, here, here Prins, Ronald, here, here, here, here, here, here, here, here, here privacy, here, here, here, here, here Project Victor, here Proximus, here Public Prosecution Service Rotterdam, here Putin, Vladimir, here, here, here, here, here, here Q-Park, here Raiu, Costin, here Rajoy, Mariano, here Regin virus, here, here, here, here Regional Internet Registry for Europe, here Remarque, Philippe, here Renault, here Replay, here Rheinmetall, here, here, here Rid, Thomas, here Robbe, Edwin, here, here Robbe, José, here, here, here, here Robbe, Ruud, here, here Robin, here, here, here Rosneft, here RSA Conference, here Russia Today, here Russian–Dutch relations, here Russian Internet Research Agency (IRA), here Russian Unit 74455, here, here, here Rutte, Mark, vii, here, here, here ‘Sabu’, here Salisbury poisonings, here satellite communications, here, here, here Saudi Arabia, here, here Schiphol Airport, here, here, here, here, here Schneier, Bruce, here Schook, Dick, here SCM, here September 11 attacks, here ShimRatReporter, here Shymkiv, Dmytro, here SIGINT, here SIGINT Development Conference, here, here Signal, here Sinaloa Cartel, here Singapore Press Holdings, here Skripal, Sergei, here Smith, Brad, here SNAP, here Snowden, Edward, here, here, here, here, here, here, here, here, here, here, here, here, here Sochi Winter Olympics, here, here SolarWinds, here, here Somalia, here Sony PlayStation network, here speech transcription software, here Spetsnaz, here SPÖ Social Democratic Party (Austria), here SSL certificates, here Standaert, Geert, here Starr, Barbara, here Startpage.com, here Stasi, here Steman, Jochem, here, here Stone, Chris, here Stoyanov, Ruslan, here STRAP system, here Stuxnet virus, here, here, here, here, here, here, here submarines, here surveillance software, Israeli, here SVR, here, here, here Symbolon project, here Tails OS, here, here Tamene, Yared, here telecommunications billing, here Thomas, Gordon, here Tiger telephones, here TNT Express, here Triton virus, here Trouw, here TrueCrypt, here Trump, Donald, here, here, here, here, here, here, here Turkey, here, here, here, here Turksema, Hans, here TV5 Monde, here Tweakers website, here U., Etienne, here UCN, here Uijlenbroek, Jaap, here UK Home Office, here UK National Crime Agency, here Ukraine, here, here, here, here, here, here, here, here, here, here and annexation of Crimea, here, here, here, here, here, here ultracentrifuges, here, here United Arab Emirates, here United Nations, here University of Tromsø, here University of Twente, here US Democratic Party, here, here, here, here, here, here US Department of Defense, here, here US Department of Homeland Security, here, here US Joint Chiefs of Staff, here, here US presidential elections, here, here, here, here, here, here US State Department, here, here Utrecht child support services, here V., Johan, here van Bergen, Jurre, here van de Beek, Martijn, here van der Heijden, A.


pages: 319 words: 89,192

Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies by Barry Meier

Airbnb, business intelligence, citizen journalism, Citizen Lab, commoditize, coronavirus, corporate raider, COVID-19, digital map, disinformation, Donald Trump, fake news, false flag, forensic accounting, global pandemic, Global Witness, index card, Jeffrey Epstein, Julian Assange, Londongrad, medical malpractice, NSO Group, offshore financial centre, opioid epidemic / opioid crisis, Ponzi scheme, Ronald Reagan, Russian election interference, Silicon Valley, Silicon Valley startup, Skype, SoftBank, sovereign wealth fund, Steve Jobs, WikiLeaks

Another investigation looked at how the Mexican government was spying on its political opponents. As part of its mission, Citizen Lab also tracked a hidden industry that produced advanced malware capable of infecting the cellphones of unsuspecting users and monitoring their conversations, emails, texts, and physical location. One kingpin of that dark domain was NSO Group, an Israeli company that produced a spyware program known commonly as Pegasus. The government of Saudi Arabia had used Pegasus to infect the phones of its critics, including friends of Jamal Khashoggi, the opinion writer for The Washington Post who was murdered and dismembered by Saudi agents inside the country’s embassy in Istanbul.

See also Steele, Christopher Miami Herald, 243 Microsoft track changes, 248 Millian, Sergei, 146–148, 152, 160, 210–211, 212, 262, 266–267 Mintz Group, 12 Mirtchev, Alexander, 24–28, 29 misdirection technique, 51–52 Missing Man (Meier), 285 Miss Universe Pageant, in Moscow, 122, 134 Mitchell, Andrea, 207 Mogilevich, Semion, 57 Moore, Rob anti-asbestos movement infiltration by, 38, 50–54 asbestos case fallout, 170–174 background, 33–38 career trajectory, 35, 37–38, 164–165, 170–174 health issues, 165 as possible whistleblower, 163–170 pretexting talent of, 34, 35–36 Morgenthau, Robert, 29 Moscow, John, 24, 83, 89, 113, 114, 122–123 Moscow Ritz-Carlton hotel, 2, 142–143, 186, 220, 267 Moscow Trump Tower, 133–134, 235 Mosk, Matthew, 149 Mossack Fonseca, 298 Mossad, 107 Motherboard (news website), 199 Mother Jones magazine, 66–68, 154–155, 183, 191 MSNBC, 192, 211–212, 241–242 Mueller, Robert, III, 211, 234–235, 244, 253 Mueller report, 234–236, 240, 242, 243 Mukasey, Michael, 123 Murdoch, Rupert, 17–18, 29, 73, 198, 213 Myers, Steven Lee, 157, 158 Nardello & Company, 12 Navigant Consulting, 12 Nazarbayev, Nursultan, 23–24, 25 NBC News, 207, 219 Nekrasov, Andrei, 121 Nello (restaurant), 119, 123–124, 247 Nelson, Jimmy, 260 New Matilda (publication), 173 The New Republic, 117 News Corporation, 17–18 Newseum, 121–122, 124–125 The News of the World, 73, 198 New York City, 77, 114, 119, 122 The New Yorker magazine, 7, 39, 111, 144, 160, 191, 204, 217, 241, 253 New York magazine, 42, 131–132, 235–236 The New York Times anonymous sources policy, 277 Black Cube deal and, 111–112 on Black Cube operatives, 204 Danchenko interview with, 270 Firtash interview with, 108 Fusion GPS and, 132, 144 on Hewlett-Packard, 44–45 on Kroll, 40 op-ed pieces by Simpson and Fritsch, 215 on “pinging” story, 156–158, 253 Simpson interview with, 69 on Steele dossier, 190, 191, 220, 235–236, 243 Nigeria, 43, 164–165 Novirex Sales, 179–180 NSO Group, 195–196, 202 Nunes, Devin, 214, 233 Obama, Barack, 2, 18, 66–68, 103, 108, 142, 158 Occidental College, 87–88 Ohr, Bruce, 139–140, 153, 154, 182, 213, 254 oligarchs. See also Kazakh Trio; specific oligarchs as Black Cube clients, 107 cyber-spying and, 198 Hollingsworth’s database on, 72 as K2 Intelligence clients, 49–50 newspaper founded by, 73–74 self-due diligence reviews and, 47–48 Trump Organization’s partnerships with, 133–134 1MDB scandal, 176–177 online profile management, 104–106 open records regulations and requests, 96–99, 130–132 open-source information, 134 Operation Hellenic, 26–28, 198 oppo (political opposition research), 63–69, 129–136, 181–183.


pages: 619 words: 177,548

Power and Progress: Our Thousand-Year Struggle Over Technology and Prosperity by Daron Acemoglu, Simon Johnson

"Friedman doctrine" OR "shareholder theory", "World Economic Forum" Davos, 4chan, agricultural Revolution, AI winter, Airbnb, airline deregulation, algorithmic bias, algorithmic management, Alignment Problem, AlphaGo, An Inconvenient Truth, artificial general intelligence, augmented reality, basic income, Bellingcat, Bernie Sanders, Big Tech, Bletchley Park, blue-collar work, British Empire, carbon footprint, carbon tax, carried interest, centre right, Charles Babbage, ChatGPT, Clayton Christensen, clean water, cloud computing, collapse of Lehman Brothers, collective bargaining, computer age, Computer Lib, Computing Machinery and Intelligence, conceptual framework, contact tracing, Corn Laws, Cornelius Vanderbilt, coronavirus, corporate social responsibility, correlation does not imply causation, cotton gin, COVID-19, creative destruction, declining real wages, deep learning, DeepMind, deindustrialization, Demis Hassabis, Deng Xiaoping, deskilling, discovery of the americas, disinformation, Donald Trump, Douglas Engelbart, Douglas Engelbart, Edward Snowden, Elon Musk, en.wikipedia.org, energy transition, Erik Brynjolfsson, European colonialism, everywhere but in the productivity statistics, factory automation, facts on the ground, fake news, Filter Bubble, financial innovation, Ford Model T, Ford paid five dollars a day, fulfillment center, full employment, future of work, gender pay gap, general purpose technology, Geoffrey Hinton, global supply chain, Gordon Gekko, GPT-3, Grace Hopper, Hacker Ethic, Ida Tarbell, illegal immigration, income inequality, indoor plumbing, industrial robot, interchangeable parts, invisible hand, Isaac Newton, Jacques de Vaucanson, James Watt: steam engine, Jaron Lanier, Jeff Bezos, job automation, Johannes Kepler, John Markoff, John Maynard Keynes: Economic Possibilities for our Grandchildren, John Maynard Keynes: technological unemployment, Joseph-Marie Jacquard, Kenneth Arrow, Kevin Roose, Kickstarter, knowledge economy, labor-force participation, land reform, land tenure, Les Trente Glorieuses, low skilled workers, low-wage service sector, M-Pesa, manufacturing employment, Marc Andreessen, Mark Zuckerberg, megacity, mobile money, Mother of all demos, move fast and break things, natural language processing, Neolithic agricultural revolution, Norbert Wiener, NSO Group, offshore financial centre, OpenAI, PageRank, Panopticon Jeremy Bentham, paperclip maximiser, pattern recognition, Paul Graham, Peter Thiel, Productivity paradox, profit maximization, profit motive, QAnon, Ralph Nader, Ray Kurzweil, recommendation engine, ride hailing / ride sharing, Robert Bork, Robert Gordon, Robert Solow, robotic process automation, Ronald Reagan, scientific management, Second Machine Age, self-driving car, seminal paper, shareholder value, Sheryl Sandberg, Shoshana Zuboff, Silicon Valley, social intelligence, Social Responsibility of Business Is to Increase Its Profits, social web, South Sea Bubble, speech recognition, spice trade, statistical model, stem cell, Steve Jobs, Steve Wozniak, strikebreaker, subscription business, Suez canal 1869, Suez crisis 1956, supply-chain management, surveillance capitalism, tacit knowledge, tech billionaire, technoutopianism, Ted Nelson, TED Talk, The Future of Employment, The Rise and Fall of American Growth, The Structural Transformation of the Public Sphere, The Wealth of Nations by Adam Smith, theory of mind, Thomas Malthus, too big to fail, total factor productivity, trade route, transatlantic slave trade, trickle-down economics, Turing machine, Turing test, Twitter Arab Spring, Two Sigma, Tyler Cowen, Tyler Cowen: Great Stagnation, union organizing, universal basic income, Unsafe at Any Speed, Upton Sinclair, upwardly mobile, W. E. B. Du Bois, War on Poverty, WikiLeaks, wikimedia commons, working poor, working-age population

In 2020 a list of about fifty thousand phone numbers was leaked to Forbidden Stories, an international organization striving to publish stories from and about journalists under repression around the globe. The numbers belonged to opposition politicians, human rights activists, journalists, and dissidents who were reportedly being hacked using the Pegasus spyware developed by the Israeli tech company NSO Group (named after the first names of its founders, Niv Karmi, Shalev Hulio, and Omri Lavie). (NSO denies any wrongdoing, saying that the software is provided only to “vetted government customers” and that these customers decide how to use it.) Pegasus is a “zero-click” software, meaning that it can be installed on mobile phones remotely and without requiring a user to click on any links—in other words, it can be installed without the user’s knowledge or consent.

The experimental study of the implications of the Great Firewall, and more context on its implications, is presented in Chen and Yang (2019). “What Orwell feared…” is from Postman (1985, xxi). “[U]nder a scientific…” is from Huxley (1958, 37). From Prometheus to Pegasus. On VK (VKontakte)’s spread and role in protests, see Enikolopov, Makarin, and Petrova (2020). On the NSO Group, see Bergman and Mazzetti (2022). The Pegasus story has been confirmed in widespread reporting by media sources that include the Washington Post, National Public Radio, the New York Times, the Guardian, and Foreign Policy: www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones; www.washingtonpost.com/world/2021/07/19/india-nso-pegasus; www.npr.org/2021/02/25/971215788/biden-administra tion-poised-to-release-report-on-killing-of-jamal-khashoggi; www.nytimes.com/2021/07/17/world/middleeast/israel-saudi-khashoggi-hacking-nso.html; www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus; and https://foreignpolicy.com/2021/07/21/india-israel-nso-pegasus-spyware-hack-modi-bjp-democracy-watergate.

For the Saudi claims about a “rogue operation,” see www.reuters.com/article/us-saudi-khashoggi/saudi-arabia-calls-khashoggi-killing-grave-mistake-says-prince-not-aware-idUSKCN1MV0HI. The NSO response to Forbidden Stories appeared here: www.the guardian.com/news/2021/jul/18/response-from-nso-and-governments, beginning with “NSO Group firmly denies false claims made in your report.” NSO specifically rejected any involvement in the killing of Khashoggi: “As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi.” More broadly, NSO sums up its policy regarding how its technology is used this way: NSO “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets[,] yet [its customers] are obligated to provide us with such information under investigations.


pages: 569 words: 156,139

Amazon Unbound: Jeff Bezos and the Invention of a Global Empire by Brad Stone

activist fund / activist shareholder / activist investor, air freight, Airbnb, Amazon Picking Challenge, Amazon Robotics, Amazon Web Services, autonomous vehicles, Bernie Sanders, big data - Walmart - Pop Tarts, Big Tech, Black Lives Matter, business climate, call centre, carbon footprint, Clayton Christensen, cloud computing, Colonization of Mars, commoditize, company town, computer vision, contact tracing, coronavirus, corporate governance, COVID-19, crowdsourcing, data science, deep learning, disinformation, disintermediation, Donald Trump, Downton Abbey, Elon Musk, fake news, fulfillment center, future of work, gentrification, George Floyd, gigafactory, global pandemic, Greta Thunberg, income inequality, independent contractor, invisible hand, Jeff Bezos, John Markoff, Kiva Systems, Larry Ellison, lockdown, Mahatma Gandhi, Mark Zuckerberg, Masayoshi Son, mass immigration, minimum viable product, move fast and break things, Neal Stephenson, NSO Group, Paris climate accords, Peter Thiel, Ponzi scheme, Potemkin village, private spaceflight, quantitative hedge fund, remote working, rent stabilization, RFID, Robert Bork, Ronald Reagan, search inside the book, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, Snapchat, social distancing, SoftBank, SpaceX Starlink, speech recognition, Steve Ballmer, Steve Jobs, Steven Levy, tech billionaire, tech bro, techlash, TED Talk, Tim Cook: Apple, Tony Hsieh, too big to fail, Tragedy of the Commons, two-pizza team, Uber for X, union organizing, warehouse robotics, WeWork

The eventual report by Anthony Ferrante, a longtime colleague of de Becker’s and the former director for cyber incident response for the U.S. National Security Council, concluded that the promotional video about broadband prices that MBS had sent Bezos the previous year likely contained a copy of Pegasus, a piece of nearly invisible malware created by an Israeli company called NSO Group. Once the program was activated, Ferrante found, the volume of data leaving Bezos’s smartphone increased by about 3,000 percent. Some prominent cybersecurity experts questioned Ferrante’s conclusions amid an absence of more concrete forensic evidence. The massive “exfiltration of data” from the phone that Ferrante documented also happened to coincide with Bezos’s exchange of text messages and personal videos with Lauren Sanchez.

., 299, 301, 302, 306, 313 National Enquirer, 17, 319, 328–42, 344 National Equality Award, 297 National Portrait Gallery, 1–3, 382 National Press Club, 3 National Rifle Association, 301 National Security Council, 344 NDN Collective, 403 Netflix, 13, 98, 137–40, 142, 143, 145, 158, 401 Neuberger Berman, 185–86, 210 New America, 353 Newell Brands, 255 New Glenn rocket, 264, 272, 274, 277–79 New Kingdom, The, 345 New Shepard rocket, 264, 267, 269–71, 273, 274, 276, 278, 280, 283, 288, 310, 327 New York City advertising employees in, 250–51 Amazon offices in, 316 Long Island City as HQ2 location, 16, 301, 302, 305–16, 318, 319, 333 New Yorker, 155, 324, 328 New Yorker Presents, The, 144 New York Post, 309, 334, 341 New York Times, 54, 122, 126, 154, 314 exposé on Amazon’s working environment in, 95, 109–11, 113–14, 119, 295, 352 Niekerk, David, 110–13, 219, 221, 230, 312 Nielsen, 203 Nike, 180 9/11 terrorist attacks, 117 Nisqually earthquake, 7 Nordstrom, 253 Northrop Grumman, 279, 280 NSO Group, 344 Nuance, 27, 37 Obama, Barack, 132 administration of, 110, 270, 297, 311, 368 Obama, Michelle, 1, 132 Ocasio-Cortez, Alexandria, 16, 307, 308, 310 Oceanco, 347–48 O’Dell, Trip, 239 Office of the U.S. Trade Representative, 183 Olsavsky, Brian, 246 Omidyar, Pierre, 122 O’Neill, Gerard K., 281 OnePlus, 77 Onetto, Marc, 166, 218–21, 224, 225 OneWeb, 279 Oracle, 97–99, 173, 360, 361 Oscars, 137, 322 OSHA, 224 Osowski, Lukasz, 28 Outcast Agency, 324 Overstock, 373 paddle boards, 170, 374–75 Paramount Pictures, 158 Paris climate accords, 2, 381 Parkland shooting, 301 Paull, Michael, 146 Pecker, David, 328, 331–32, 334, 337–39, 341, 342, 345 Pegasus, 344 Pelosi, Nancy, 1 Penner, Greg, 90 People’s Production Company, 142 Pérez Sagaón, Abril, 85–86 Perry, Katy, 325 Perticucci, Roy, 392 Peterson, Matt, 97 phatic speech, 34–35 philanthropy, 15, 16, 244, 288, 290, 402–4 Bezos Day 1 Fund, 49, 324, 406 Bezos Earth Fund, 402–4, 406 Blue Origin and, 269, 281–82 of MacKenzie Scott, 323–24, 346, 402–3 Piacentini, Diego, 71, 73, 77, 79, 80, 83, 100, 104 Pichai, Sundar, 359, 369 Pitt, Brad, 325 Plugable Technologies, 176, 375–76 Pluimer, Larry, 181 Poitier, Sidney, 141 Politico, 124 Poovalingam, Vinoth, 76 PopSockets, 367–68 Porter, Brad, 399 Portrait of a Nation Prize, 1–2 Prakash, Shailesh, 123, 129–30 Prasad, Rohit, 35–38, 42, 47, 52 presidential candidates in 2020 election, 351, 353–55, 364 Price, Frank, 140–41 Price, Roy, 136, 137, 140–57 Prione Business Services, 77 Prisoner (Rezaian), 131 privacy, 23, 51–52 ProPublica, 237, 240 Procter & Gamble, 202, 246, 251 Project Kuiper, 404 Puerini, Gianna, 55–57, 59, 62, 64–66, 68 Purohit, Jagdish Raj, 92 Quidsi, 9–10, 193, 209, 222 Quinn, Sally, 133 Rabbit, 195, 238–39 Raghavan, Bali, 56, 58, 62 Rakuten Intelligence, 240–41 Ramji, Shiven, 251 Rashid, Taimur, 99 Ratner, Brett, 337 Rawlings, Mike, 300, 308 Raytheon, 280 Reagan, Ronald, 124 Reddit, 52 Refn, Nicolas Winding, 152 Reid, Toni, 45, 46, 51 Reliance Industries, 93, 384 research and development (R&D) expenses, 67 Reuters, 77, 210 Reveal, 224 Rezaian, Jason, 131–32 RFID chips, 57, 225 Rhimes, Shonda, 154 Riggs, Conrad, 145 Ring, 319, 367 Rivian Automotive, 4 Robb, Walter, 185 Robertson, James, 330, 332, 333 robotics, 55, 56, 213, 222–24, 388, 389 Rodriguez, Alex, 325 Rogers, Ty, 120 Rolle, Nina, 30, 289 Rolls-Royce, 280 Romanoffs, The, 152 Ronen, Assaf, 258 Rosa, Mike, 299 Rose, Charlie, 54 Rosenstein, Barry, 186 RosettiStarr, 360 Rosseter, Megan, 207–8 Roth, Mike, 216–17, 225, 229–31, 233 Rubinstein, David, 350 Ruffin, Scott, 233 Rupp, Chris, 104–7, 112 Russell, David O., 152 Russia, 272 Ryan, Fred, 124–25, 131, 133, 343 Safeway, 186, 192, 196 St.


pages: 339 words: 103,546

Blood and Oil: Mohammed Bin Salman's Ruthless Quest for Global Power by Bradley Hope, Justin Scheck

"World Economic Forum" Davos, augmented reality, Ayatollah Khomeini, Boston Dynamics, clean water, coronavirus, distributed generation, Donald Trump, Downton Abbey, Elon Musk, Exxon Valdez, financial engineering, Google Earth, high net worth, Jeff Bezos, Marc Andreessen, Mark Zuckerberg, Masayoshi Son, megaproject, MITM: man-in-the-middle, new economy, NSO Group, Peter Thiel, public intellectual, ride hailing / ride sharing, Sand Hill Road, Silicon Valley, SoftBank, South of Market, San Francisco, sovereign wealth fund, starchitect, Steve Bannon, Steve Jobs, tech billionaire, Tim Cook: Apple, trade route, traumatic brain injury, Travis Kalanick, Uber for X, urban planning, Virgin Galactic, Vision Fund, WeWork, women in the workforce, young professional, zero day

Those filed against the nation of Qatar were dismissed because of sovereign immunity, but those against companies allegedly working for Qatar were allowed to proceed as of early 2020. Each hack appeared to incite the other side to hack back harder. The UAE deployed a major listening operation, aided in part by software from an Israeli company called NSO Group Technologies. Based in Herzliya, its team of computer engineers and former government hackers had built a system called Pegasus that could compromise smartphones. It only sold the system to governments that it deemed would use it for acceptable purposes and required Israeli government permission for each sale.


pages: 389 words: 111,372

Raising Lazarus: Hope, Justice, and the Future of America’s Overdose Crisis by Beth Macy

2021 United States Capitol attack, Affordable Care Act / Obamacare, Bernie Sanders, big-box store, Black Lives Matter, coronavirus, COVID-19, critical race theory, crowdsourcing, defund the police, Donald Trump, drug harm reduction, Easter island, fake news, Haight Ashbury, half of the world's population has never made a phone call, knowledge economy, labor-force participation, Laura Poitras, liberation theology, mandatory minimum, mass incarceration, medical malpractice, medical residency, mutually assured destruction, New Journalism, NSO Group, obamacare, off grid, opioid epidemic / opioid crisis, Overton Window, pill mill, Ponzi scheme, QAnon, RAND corporation, rent-seeking, Ronald Reagan, shareholder value, single-payer health, social distancing, The Chicago School, Upton Sinclair, working poor, working-age population, Y2K, zero-sum game

Meanwhile Richard Sackler’s side of the family had compiled the many reporting errors committed on a website called Judgeforyourselves.info. One of their lawyers, Tom Clare, pointed me to the website in an e-mail, as he warned me to avoid making “any errors or false statements about my clients and the opioid crisis generally in your upcoming [Hulu] series.” Clare’s summer was a busy one. In July, he defended the Israeli firm NSO Group after its Pegasus spyware was exposed in the Washington Post as a democracy-threatening tool widely used to surveil the smartphones of reporters, activists, and government officials. “Elegantly nasty,” one critic described it. Clare’s defense of NSO was ironic, considering that Richard Sackler and other Purdue executives had once patented a “Self-Destructing Document and Email Messaging System,” their own wonky and ultimately useless attempt at ass-covering.