Try to send the apk to the citizenlab first!
wow this thread! Would love an update if you have one.
3 Likes
in his ( Ron Diebert, Citizen Lab founder ) recent book â Chasing Shadows â he recounts a meeting he had with WH Intelligence, where he was lauded by all for his efforts and contributions âŚ
Absolutely do not use that laptop, you MUST throw it away (or donate it for analysis). They could have installed firmware level malware. They could have flashed your motherboardâs memory to replace the bios with a rogue one that looks identical. They could have done the same to every single part that contains any kind of memory, like the ssd controllers, network cards, option roms and so on.
Of course, the local police are not the FBI. Youâre not Edward Snowden. So itâs unlikely they installed a hidden firmware rootkit on your laptop. But itâs still possible. Always assume the worst.
3 Likes
Somehow missed this thread but absolute do not trust the laptopâs hardware. Like mentioned by @Yo there is many ways your device could still be bugged without the hard drive. I am afraid you have to buy new hardware.
As for the forensics. It is probably to late now, but it is best left to the experts in an untouched mode. Any interaction with it could interfere with it.
I went to read the book because of your comment. Thanks for telling me about it, I didnât even know he wrote a book.
Your comment is rather misleading because of omission.
There is a context behind that meeting with the White House, it was in December 2022, and the people running the White House then are not the same people running the White House now. Deibert and JSR (another Citizen Lab researcher) were specifically invited to the White House then because of the NSO Pegasus spying debacle. He also talks about the threats of the Israel lobby in the White House. Itâs not all black-and-white in the politics of any country around the world â not that Iâm defending them, but I took a cursory look at your past comments and you seem to see the US (as well as its politicians) as a fixed monolith which is either âall badâ or âall goodâ.
In fact, Deibert explicitly says that he recognizes the huge irony in which Citizen Labâs work got praised by White House officials who oversaw intelligence efforts, when Citizen Labâs work was in fact carried out under the explicit goal of countering those intelligence efforts for civil society.
Anyway, hereâs the relevant part of the book, which I quote word-for-word:
In November 2021, the US Commerce Department added several mercenary
spyware companies whose malfeasance we helped expose to a special âdesignated
entityâ listâincluding the notorious Israel-based mercenary spyware vendor
NSO Group. While the designation is mostly symbolicâit restricts the export
of a narrow class of US goods and services to firms on the deny listâitâs also a
kind of scarlet letter signaling to all concerned that doing business with these
firms is now taboo. NSO Groupâs valuation dropped by about a billion dollars
after being red-carded by the Commerce Departmentâs designation. That must
have hurt.A few weeks after that designation, Senator Ron Wyden, Congressman
Adam Schiff, and several other prominent lawmakers sent a letter to the Biden
administration advocating that the government go further and âpunishâ firms
like NSO Group and their executives with Global Magnitsky Act sanctionsâ
sanctions aimed at foreign autocrats and their oligarch benefactors involved in
human rights abuses. The work of the Citizen Lab was mentioned explicitly in
their letter too.Then, in the summer of 2022, the influential House Permanent Select
Committee on Intelligence convened hearings on mercenary spyware and
invited one of our senior researchers, John Scott-Railton (JSR), who leads our
targeted threats team, to testify alongside a prominent victim of mercenary
spyware, Carine Kanimba, and Googleâs head of threat intelligence, Shane
Huntley. The hearing was powerful. Kanimba, the daughter of Paul
Rusesabagina, whose bravery in the Rwandan genocide was portrayed in the
Hollywood movie Hotel Rwanda, relayed personal experiences that were
riveting, scary, and emotional. âIt is horrifying to me that they knew everything I
was doing, precisely where I was, who I was speaking with, my private thoughts
and actions, at any moment they desired,â Kanimba told the committee.
Forensic analysis from both the Citizen Lab and Amnesty International
determined that her phones had been hacked with NSO Groupâs spyware
multiple times, once around the time her father was kidnapped and later when
she was meeting with senior US government officials and members of Congress
to plead for their help with his release. That revelation was bad news for NSO
Group. Nothing like helping an autocrat to eavesdrop on meetings with US
policymakers to get you on the receiving end of congressional investigations.Late in 2022 we received the invitation to the White House to brief members
of the powerful National Security Council. And so it was that JSR and I arrived
to describe our research and to give our opinion on what we saw looming on the
horizon.As we settle into a paneled boardroom with a portrait of George Washington
flanked by statues of bald eagles presiding over our discussions, the small talk
soon gives way to introductions. âBefore we begin,â says the most senior
intelligence official in the room, âI want you to know what respect and
admiration there is around here [in the White House] for the work of the
Citizen Lab. None of this,â he continues, waving a hand at the stack of papers in
front of him, âwould be possible without your group.âI have a tough time concentrating for the next few minutes after those
remarks. While we deserve to be there because of our well-earned reputation, it is
still profoundly strange to hear it from a high-ranking official in this storied
building. The irony of the meeting is not lost on me either. When I founded the
Citizen Lab, I had a dream of building a university-based group that would use
the skills and techniques of evidence-based research to lift the lid on the internet
and expose wrongdoing in the digital realm. My aim was to have a group of top-
notch sleuths undertake âcounterintelligence for civil society.â At the time, it
was all aspirational. Now, here I was sitting with senior officials who oversaw the
most sophisticated intelligence operations on behalf of the most powerful
government in human historyâand they were telling me how much they
respected our work.As the meeting ends, we are escorted out of the Eisenhower Executive Office
Building to the covered causeway leading to the West Wing. A busy day, judging
by the armored black Chevrolet Suburbans with tinted windows and crowned
with antennas lining the inner driveway. I scan the rooftops and take in the
CCTV cameras and other sensors planted along the roof of the White House. I
imagine how fully and completely this particular space is under intense
electronic surveillance. Biometric scanners, cellphone interception gear,
explosives sensors, and who knows what else. No doubt about it: we are at the
apex of the intelligence-industrial complexâin more ways than we imagine, I
am sure.Later that day, as I walk through the airport on my way back to Toronto, I
lean down to scan the headlines of the Financial Times and one pops out:
âIsraelâs NSO Bets Its Future on Netanyahuâs Comeback.âFormer Israeli prime minister Benjamin Netanyahu, a convicted criminal,
stands at the precipice of a remarkable political revival. He is about to forge the
most right-wing and extremist political coalition in Israelâs history, which will
return him to power. It was Netanyahu who personally spearheaded the
commercialization of cybersecurity and Israelâs formidable signals intelligence
resources into a mercenary surveillance marketplace. And now heâs backâon
the verge of reclaiming power and authority and aligning himself with
ultraconservative and militaristic allies. Not a good omen.I imagine the industryâs high-paid lobbyists running circles around our visit
to the White House, pushing falsehoods about the Citizen Lab and our
investigations. There is always the prospect of something more insidious too. We
have already experienced several underhanded covert attempts to undermine our
work. What could be next? As I stare at the article, I think about the behind-the-
scenes maneuvering to obstruct our progress and impede our ability to carry out
investigations that might be on the wayâwith our funders, the University of
Toronto, Canadian authorities, or others.âDonât worry,â Shalev Hulio, one of the founders and then CEO of NSO
Group, is quoted in the Financial Times article. âNetanyahu is coming back.ââOh, you better believe Iâm worried,â I mutter as I toss the paper down and
head to the boarding gate.
I encourage you and anyone interested to read the book instead of relying on half-truths what people say online. Itâs best to make your own judgements on complex matters.
1 Like
Glad you are reading the book ⌠my open ended comment was to entice people to read it, as you said, to read and interpret the deeper workings for themselves âŚ
What certainly sets this book apart, is that he quotes many passages with proper notations at the end ⌠not a thriller, although it is, but with a scientific approach and proper documentation, the way science ought to be done.
No, there is no risk. Cellebrite is designed to be accessed locally, what you have is an agent which uses zero day to achieve superuser status. It possesses no ability to phone home. Cellebrite is designed to wipes syslogs that would reveal the method of achieving root level access, so you will not discover anything by sending your phone to someone.
Neither your phone or laptop are compromised because Cellebrite does not offer this service nor would it be legal in your situation. If someone wanted to compromise your device, they would do it without taking it from you in the first place, and they would not bring a search warrant/