#Pegasus spyware, which transforms a cellphone into a mobile surveillance hub, could have been deployed against a range of journalists and civil society actors in Mexico, KSA, Bahrain, Morocco, Togo, Israel, US, and UAE.

How to protect yourself? [Thread]
cpj.org/2018/10/cpj-sa…
#Pegasus gives the attacker the ability to monitor, record & collect existing & future data from the phone. This includes calls and information from messaging applications and real-time location data. The spyware is able to remotely activate the camera and microphone.
@citizenlab
Pegasus is designed to be installed on phones running iOS, Android, and BlackBerry OS without alerting the target to its presence. Journalists will likely only know if their phone has been infected if the device is inspected by a tech expert.
cpj.org/2018/10/cpj-sa…
Attackers create tailor-made messages that are sent to a specific journalist. These messages convey a sense of urgency and contain a link or a document which the journalist is encouraged to click on. The messages come in a variety of forms, including SMS, email, and WhatsApp.
Research by @citizenlab and @amnesty found that #Pegasus messages tend to take the following forms:

- Messages purporting to be from a known organization such as an embassy or a local news organization
- Messages that warn the target may be facing an immediate security threat
-Msgs that raise any work-related issue, such as covering an event that the target usually reports on
-Msgs that make appeals to personal matters, such as those relating to compromising photos of partners
-Financial msgs that reference purchases, credit cards, or banking details
Attackers can target personal and work phones. To better protect themselves & their sources, journalists should:

- Verify the link with the sender through a different channel of communication. This should preferably be through video or voice

#journosafe
cpj.org/2018/10/cpj-sa…
If the sender is not previously known to you, secondary channels may not provide successful verification of the links, as secondary channels may be set up by the adversary as part of an elaborate cover identity.

#digitalsecurity #pegasus #cpjemergencies
cpj.org/2018/10/cpj-sa…
If the link utilizes a URL shortener service like TinyURL/Bitly, input the link into a URL expander service. If the expanded link looks suspicious, for instance mimicking a local news website but not being quite the same, do not click the link and forward it to phishtank@cpj.org
If you feel you need to open the link, do not use your primary device. Open the link on a separate, secondary device that does not have any sensitive information or contact details, and is used solely for viewing links. Carry out a factory reset on the device regularly.
#Pegasus spyware can also be installed on your phone if an adversary gains physical access to the device. To reduce risk:

- Do not leave your device unattended and avoid handing over your phone to others

cpj.org/2018/10/cpj-sa…
When crossing a border or checkpoint ensure that you can see your phone at all times Turn off the phone before arriving at the checkpoint, and have a complex passphrase consisting of both letters and numbers. Be aware that if your phone is taken then the device may be compromised
If you are a freelance journalist or a journalist that does not have access to tech support, contact the @accessnow Helpline: accessnow.org/help/

If you have received a suspicious msg & believe you may have been targeted by Pegasus, please fwd the msg to phishtank@cpj.org
For more information on technology security we encourage journalists to review the CPJ's Security Guide's Chapter on Technology Security: cpj.org/reports/2012/0…

And see the digital safety information included in our Resource Center: cpj.org/emergency-resp…

#CPJEmergencies
If you believe your phone is infected by #Pegasus immediately stop using that phone and purchase another one. You should leave the suspected device in a place that does not compromise you or your surroundings.

Illustration by @citizenlab

cpj.org/2018/10/cpj-sa…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Committee to Protect Journalists

Committee to Protect Journalists Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @pressfreedom

Aug 7, 2018
CPJ Safety Advisory: Covering Protests in #Bangladesh cpj.org/2018/08/cpj-sa… #alert
Plan the assignment and ensure that you have a full battery on your mobile phone. Know the area you are going to. Work out in advance what you would do in an emergency. #CPJEmergencies
Always try to work with a colleague and have a regular check-in procedure with your base. #JournalistSafety
Read 20 tweets
Nov 28, 2017
#Vietnam: Blogger sentenced to 7 years for anti-state "propaganda"
cpj.org/2017/11/vietna…
Vietnamese authorities should immediately release the blogger Nguyen Van Hoa who was sentenced on Monday to seven years in prison on charges of disseminating "propaganda against the state."
In a one-day trial, a court in the province of #HaTinh sentenced Hoa to 7 years in prison and three years of house arrest under article 88 of the penal code, an anti-state provision that carries maximum 20-year prison terms for the offense of "propagandizing" against the state.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(