Donncha Ó Cearbhaill
@donncha.is
Head of Security Lab - Amnesty International
Hunting spyware and unlawful surveillance targeting activists and civil society.
For help with digital forensics or suspect spyware threats contact: https://securitylab.amnesty.org/get-help/
Hunting spyware and unlawful surveillance targeting activists and civil society.
For help with digital forensics or suspect spyware threats contact: https://securitylab.amnesty.org/get-help/
Great Firewall Export: A new investigation by @amnesty.org
and partners reveals how Geedge Networks, a Chinese company is commercializing the tech behind China's notorious "Great Firewall".
A huge leak of Geedge data reveal their products, deployed in China, Pakistan, and Myanmar among others.
and partners reveals how Geedge Networks, a Chinese company is commercializing the tech behind China's notorious "Great Firewall".
A huge leak of Geedge data reveal their products, deployed in China, Pakistan, and Myanmar among others.
September 9, 2025 at 12:51 PM
Great Firewall Export: A new investigation by @amnesty.org
and partners reveals how Geedge Networks, a Chinese company is commercializing the tech behind China's notorious "Great Firewall".
A huge leak of Geedge data reveal their products, deployed in China, Pakistan, and Myanmar among others.
and partners reveals how Geedge Networks, a Chinese company is commercializing the tech behind China's notorious "Great Firewall".
A huge leak of Geedge data reveal their products, deployed in China, Pakistan, and Myanmar among others.
The two investigative journalist - who focus heavily on corruption by public officials and connected business figures - received infection links from an unknown number over Viber.
Amnesty was able to confirm with high-confidence that these were Pegasus infection links.
Amnesty was able to confirm with high-confidence that these were Pegasus infection links.
March 27, 2025 at 1:08 PM
The two investigative journalist - who focus heavily on corruption by public officials and connected business figures - received infection links from an unknown number over Viber.
Amnesty was able to confirm with high-confidence that these were Pegasus infection links.
Amnesty was able to confirm with high-confidence that these were Pegasus infection links.
📢 LAST CHANCE: Apply for @amnesty.org's Digital Forensic Fellowship!
Working with our team at the Security Lab, you'll learn the tech and investigative skills needed to expose how governments abuse advanced spyware and other surveillance tech against activists and civil society.
Working with our team at the Security Lab, you'll learn the tech and investigative skills needed to expose how governments abuse advanced spyware and other surveillance tech against activists and civil society.
January 21, 2025 at 11:22 AM
📢 LAST CHANCE: Apply for @amnesty.org's Digital Forensic Fellowship!
Working with our team at the Security Lab, you'll learn the tech and investigative skills needed to expose how governments abuse advanced spyware and other surveillance tech against activists and civil society.
Working with our team at the Security Lab, you'll learn the tech and investigative skills needed to expose how governments abuse advanced spyware and other surveillance tech against activists and civil society.
7/ There is much more tech info including Android forensic traces, Cellebrite exploit analysis, and possible Android zero-click spyware traces in the report.
We also have recommendations for mobile devices vendors on how to harden against these threats.
We also have recommendations for mobile devices vendors on how to harden against these threats.
December 16, 2024 at 9:58 AM
7/ There is much more tech info including Android forensic traces, Cellebrite exploit analysis, and possible Android zero-click spyware traces in the report.
We also have recommendations for mobile devices vendors on how to harden against these threats.
We also have recommendations for mobile devices vendors on how to harden against these threats.
5/ We documented seven individual spyware cases - three with NSO Group's Pegasus spyware, and with the newly discovered NoviSpy.
We found that NoviSpy has been active since at least 2019, and there are indications hundreds of devices may have been targeted in recent years.
We found that NoviSpy has been active since at least 2019, and there are indications hundreds of devices may have been targeted in recent years.
December 16, 2024 at 9:58 AM
5/ We documented seven individual spyware cases - three with NSO Group's Pegasus spyware, and with the newly discovered NoviSpy.
We found that NoviSpy has been active since at least 2019, and there are indications hundreds of devices may have been targeted in recent years.
We found that NoviSpy has been active since at least 2019, and there are indications hundreds of devices may have been targeted in recent years.
4/ We found that NoviSpy infections often occur during police encounters. In one shocking case, an activist went to BIA (Serbia's domestic intelligence service) to fill a complaint as a victim of a crime. During the 2 hour interview, BIA infected their phone
December 16, 2024 at 9:58 AM
4/ We found that NoviSpy infections often occur during police encounters. In one shocking case, an activist went to BIA (Serbia's domestic intelligence service) to fill a complaint as a victim of a crime. During the 2 hour interview, BIA infected their phone
2/ Our forensic investigation found a pattern where Cellebrite zero-day exploits were used to first bypass Android device lock screens and encryption before infection. Cellebrite UFED has also been used widely to extract data from phones of youth activists and protestors
December 16, 2024 at 9:58 AM
2/ Our forensic investigation found a pattern where Cellebrite zero-day exploits were used to first bypass Android device lock screens and encryption before infection. Cellebrite UFED has also been used widely to extract data from phones of youth activists and protestors
1/ In February 2024, During a supposedly routine police traffic stop, Serbian journalist Slaviša Milanov had his phone unlocked with Cellebrite and covertly hacked and infected with the #NoviSpy spyware by Serbian authorities
December 16, 2024 at 9:58 AM
1/ In February 2024, During a supposedly routine police traffic stop, Serbian journalist Slaviša Milanov had his phone unlocked with Cellebrite and covertly hacked and infected with the #NoviSpy spyware by Serbian authorities