John Scott-Railton
@jsrailton.bsky.social
Chasing digital badness. Senior Researcher at Citizen Lab, but words here are mine.
8/ I believe NSO does not change.
They've churned through countless lobbyists to persuade you that they are turning over a new leaf
But in the end it's always the same story.
Activists, elections, politicians, dissidents getting their lives turned upside down.
Story
www.wsj.com/tech/israeli...
They've churned through countless lobbyists to persuade you that they are turning over a new leaf
But in the end it's always the same story.
Activists, elections, politicians, dissidents getting their lives turned upside down.
Story
www.wsj.com/tech/israeli...
November 9, 2025 at 10:16 PM
8/ I believe NSO does not change.
They've churned through countless lobbyists to persuade you that they are turning over a new leaf
But in the end it's always the same story.
Activists, elections, politicians, dissidents getting their lives turned upside down.
Story
www.wsj.com/tech/israeli...
They've churned through countless lobbyists to persuade you that they are turning over a new leaf
But in the end it's always the same story.
Activists, elections, politicians, dissidents getting their lives turned upside down.
Story
www.wsj.com/tech/israeli...
7/ Even in Trump 1, the admin was concerned about Pegasus proliferation.
And in 2021 with a clear-eyed assessment that NSO was harming US national security and foreign policy objectives.
What followed? Entity listing, visa bans, and an executive order on spyware. Plus congressional action..
And in 2021 with a clear-eyed assessment that NSO was harming US national security and foreign policy objectives.
What followed? Entity listing, visa bans, and an executive order on spyware. Plus congressional action..
November 9, 2025 at 10:14 PM
7/ Even in Trump 1, the admin was concerned about Pegasus proliferation.
And in 2021 with a clear-eyed assessment that NSO was harming US national security and foreign policy objectives.
What followed? Entity listing, visa bans, and an executive order on spyware. Plus congressional action..
And in 2021 with a clear-eyed assessment that NSO was harming US national security and foreign policy objectives.
What followed? Entity listing, visa bans, and an executive order on spyware. Plus congressional action..
6/ Today NSO desperately wants to be relieved of the consequences of their own choices.
Their 'secret' tech keeps getting discovered.
They've lost in American court.
Their valuation cratered.
They're scandal-ridden
Don't believe the spin. Now, I think they want a bailout.
Their 'secret' tech keeps getting discovered.
They've lost in American court.
Their valuation cratered.
They're scandal-ridden
Don't believe the spin. Now, I think they want a bailout.
November 9, 2025 at 10:12 PM
6/ Today NSO desperately wants to be relieved of the consequences of their own choices.
Their 'secret' tech keeps getting discovered.
They've lost in American court.
Their valuation cratered.
They're scandal-ridden
Don't believe the spin. Now, I think they want a bailout.
Their 'secret' tech keeps getting discovered.
They've lost in American court.
Their valuation cratered.
They're scandal-ridden
Don't believe the spin. Now, I think they want a bailout.
5/ NSO doesn't just help foreign governments hack American companies.
They scoff at American law.
Don't take my word for it.
After getting sued for breaking the law and hacking WhatsApp users.. they kept doing it.
By @lorenzofb.bsky.social
techcrunch.com/2025/05/30/e...
They scoff at American law.
Don't take my word for it.
After getting sued for breaking the law and hacking WhatsApp users.. they kept doing it.
By @lorenzofb.bsky.social
techcrunch.com/2025/05/30/e...
November 9, 2025 at 10:11 PM
5/ NSO doesn't just help foreign governments hack American companies.
They scoff at American law.
Don't take my word for it.
After getting sued for breaking the law and hacking WhatsApp users.. they kept doing it.
By @lorenzofb.bsky.social
techcrunch.com/2025/05/30/e...
They scoff at American law.
Don't take my word for it.
After getting sued for breaking the law and hacking WhatsApp users.. they kept doing it.
By @lorenzofb.bsky.social
techcrunch.com/2025/05/30/e...
4/ NSO's business model: hacking 🇺🇸American companies.
NSO sources vulnerabilities in US products.
Then weaponizes them to fuel Pegasus hacking by foreign governments.
Diminishing the value of American tech & making us all less safe.
NSO sources vulnerabilities in US products.
Then weaponizes them to fuel Pegasus hacking by foreign governments.
Diminishing the value of American tech & making us all less safe.
November 9, 2025 at 10:10 PM
4/ NSO's business model: hacking 🇺🇸American companies.
NSO sources vulnerabilities in US products.
Then weaponizes them to fuel Pegasus hacking by foreign governments.
Diminishing the value of American tech & making us all less safe.
NSO sources vulnerabilities in US products.
Then weaponizes them to fuel Pegasus hacking by foreign governments.
Diminishing the value of American tech & making us all less safe.
3/ NSO helped hack Americans like Carine Kanimba.
Her father Paul, who saved over 1000 lives, was kidnapped by the government of Rwanda for exercising his freedom of Speech.
While Carine was fighting for his freedom & meeting with US lawmakers, she was hacked with Pegasus.
Her father Paul, who saved over 1000 lives, was kidnapped by the government of Rwanda for exercising his freedom of Speech.
While Carine was fighting for his freedom & meeting with US lawmakers, she was hacked with Pegasus.
November 9, 2025 at 10:09 PM
3/ NSO helped hack Americans like Carine Kanimba.
Her father Paul, who saved over 1000 lives, was kidnapped by the government of Rwanda for exercising his freedom of Speech.
While Carine was fighting for his freedom & meeting with US lawmakers, she was hacked with Pegasus.
Her father Paul, who saved over 1000 lives, was kidnapped by the government of Rwanda for exercising his freedom of Speech.
While Carine was fighting for his freedom & meeting with US lawmakers, she was hacked with Pegasus.
2/ Most people know that Pegasus spyware has a mountain of abuse cases around the globe.
But for ~a decade, NSO has also profited from enabling foreign governments to hack American citizens phones.
And US officials.
But for ~a decade, NSO has also profited from enabling foreign governments to hack American citizens phones.
And US officials.
November 9, 2025 at 10:07 PM
2/ Most people know that Pegasus spyware has a mountain of abuse cases around the globe.
But for ~a decade, NSO has also profited from enabling foreign governments to hack American citizens phones.
And US officials.
But for ~a decade, NSO has also profited from enabling foreign governments to hack American citizens phones.
And US officials.
UPDATE: NSO just hired former Trump ambassador to Israel.
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
November 9, 2025 at 10:05 PM
UPDATE: NSO just hired former Trump ambassador to Israel.
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
YIKES: NSO floats Pegasus spyware used in hypothetical "time of domestic crisis" in 🇺🇸America.
I believe they won't stop lobbying until they get Pegasus into USA.
To hack Americans. 1/
I believe they won't stop lobbying until they get Pegasus into USA.
To hack Americans. 1/
November 7, 2025 at 8:36 PM
YIKES: NSO floats Pegasus spyware used in hypothetical "time of domestic crisis" in 🇺🇸America.
I believe they won't stop lobbying until they get Pegasus into USA.
To hack Americans. 1/
I believe they won't stop lobbying until they get Pegasus into USA.
To hack Americans. 1/
2/ Francesco Nicodemo, the latest Italian Paragon target to speak out, has this to say.
Thoughtful words.
(1st pic = machine trans)
Thoughtful words.
(1st pic = machine trans)
November 6, 2025 at 9:10 PM
2/ Francesco Nicodemo, the latest Italian Paragon target to speak out, has this to say.
Thoughtful words.
(1st pic = machine trans)
Thoughtful words.
(1st pic = machine trans)
2/ POV: and you can't get back to sleep because you feel like a renter in every monetized corner of your own life...
And while you can't sleep, your mattress topper is sending an astonishing 16 gigabytes of data/month to your sleep landlord.
And while you can't sleep, your mattress topper is sending an astonishing 16 gigabytes of data/month to your sleep landlord.
October 21, 2025 at 10:08 AM
2/ POV: and you can't get back to sleep because you feel like a renter in every monetized corner of your own life...
And while you can't sleep, your mattress topper is sending an astonishing 16 gigabytes of data/month to your sleep landlord.
And while you can't sleep, your mattress topper is sending an astonishing 16 gigabytes of data/month to your sleep landlord.
POV: you can't sleep because Amazon is down.
Design thinking that inserts brittle dependence into our lives.
While extracting fees for life.
Don't be these guys.
Design thinking that inserts brittle dependence into our lives.
While extracting fees for life.
Don't be these guys.
October 21, 2025 at 9:57 AM
POV: you can't sleep because Amazon is down.
Design thinking that inserts brittle dependence into our lives.
While extracting fees for life.
Don't be these guys.
Design thinking that inserts brittle dependence into our lives.
While extracting fees for life.
Don't be these guys.
3/ Here's a plain language of #Amazon #AWS updates:
12:11AM Pacific: something is up, error rates spike
12:51: Getting worse
1:25: Looks like the hotspot is DynamoDB at US-EAST-1
2:01: It's problem with DNS resolution [Root cause!]
2:22: We've put in initial mitigations, not over yet.
12:11AM Pacific: something is up, error rates spike
12:51: Getting worse
1:25: Looks like the hotspot is DynamoDB at US-EAST-1
2:01: It's problem with DNS resolution [Root cause!]
2:22: We've put in initial mitigations, not over yet.
October 20, 2025 at 9:30 AM
2/ Today's Amazon outage is the convergence of a few trends.
While Amazon has multiple regions, US-EAST1 is *the* region for a ton of services.
Second, more and more of the internet is moving to hosting by a handful hyperscalers.
So, when things go wrong there, they go wrong everywhere.
While Amazon has multiple regions, US-EAST1 is *the* region for a ton of services.
Second, more and more of the internet is moving to hosting by a handful hyperscalers.
So, when things go wrong there, they go wrong everywhere.
October 20, 2025 at 9:26 AM
2/ Today's Amazon outage is the convergence of a few trends.
While Amazon has multiple regions, US-EAST1 is *the* region for a ton of services.
Second, more and more of the internet is moving to hosting by a handful hyperscalers.
So, when things go wrong there, they go wrong everywhere.
While Amazon has multiple regions, US-EAST1 is *the* region for a ton of services.
Second, more and more of the internet is moving to hosting by a handful hyperscalers.
So, when things go wrong there, they go wrong everywhere.
Your favorite thing is down because DynamoDB at Amazon's AWS US-EAST-1 Regionwoke up with Main Character Syndrome.
This is the default /legacy backbone for a ton of things.
Including Amazon's own stuff.
Massive outages.
Here's what's going on & what we know 1/
This is the default /legacy backbone for a ton of things.
Including Amazon's own stuff.
Massive outages.
Here's what's going on & what we know 1/
October 20, 2025 at 9:24 AM
Your favorite thing is down because DynamoDB at Amazon's AWS US-EAST-1 Regionwoke up with Main Character Syndrome.
This is the default /legacy backbone for a ton of things.
Including Amazon's own stuff.
Massive outages.
Here's what's going on & what we know 1/
This is the default /legacy backbone for a ton of things.
Including Amazon's own stuff.
Massive outages.
Here's what's going on & what we know 1/
3/ In this attack, the blockchain is used like a dead drop resolver, allowing the attackers to update the command & control server with a simple transaction.
Great work by Blas Kojusner, Robert Wallace, Joseph Dobson at Mandiant / Google Threat Intel
Great work by Blas Kojusner, Robert Wallace, Joseph Dobson at Mandiant / Google Threat Intel
October 18, 2025 at 5:50 PM
3/ In this attack, the blockchain is used like a dead drop resolver, allowing the attackers to update the command & control server with a simple transaction.
Great work by Blas Kojusner, Robert Wallace, Joseph Dobson at Mandiant / Google Threat Intel
Great work by Blas Kojusner, Robert Wallace, Joseph Dobson at Mandiant / Google Threat Intel
2/ It only cost the 🇰🇵DPRK $1.37 USD in transaction fees per malware update.
Blockchains are a fascinating, predictable evolution for for nation state attackers.
And Blockchain explorers are a natural target.
It's unlikely to stop here.
Blockchains are a fascinating, predictable evolution for for nation state attackers.
And Blockchain explorers are a natural target.
It's unlikely to stop here.
October 18, 2025 at 5:49 PM
2/ It only cost the 🇰🇵DPRK $1.37 USD in transaction fees per malware update.
Blockchains are a fascinating, predictable evolution for for nation state attackers.
And Blockchain explorers are a natural target.
It's unlikely to stop here.
Blockchains are a fascinating, predictable evolution for for nation state attackers.
And Blockchain explorers are a natural target.
It's unlikely to stop here.
NEW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
October 18, 2025 at 5:48 PM
NEW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
Report cloud.google.com/blog/topics/...
EW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
October 18, 2025 at 5:47 PM
EW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
2/ Altho massive punitive damages jury award against NSO Group ($167m) got reduced by the court, as is expected in cases where it is so large (to 9x compensatory damages)...
This is likely cold comfort to NSO since I think the injunction seriously dims value of NSO's spyware product.
This is likely cold comfort to NSO since I think the injunction seriously dims value of NSO's spyware product.
October 17, 2025 at 11:39 PM
2/ Altho massive punitive damages jury award against NSO Group ($167m) got reduced by the court, as is expected in cases where it is so large (to 9x compensatory damages)...
This is likely cold comfort to NSO since I think the injunction seriously dims value of NSO's spyware product.
This is likely cold comfort to NSO since I think the injunction seriously dims value of NSO's spyware product.
NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
October 17, 2025 at 11:37 PM
NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
2/ Apple is introducing Target Flags which speeds the process of getting exploits found & submitters rewarded.
This faster tempo is also a strike against the mercenary spyware ecosystem.
And the expanded categories also hit more widely against commercial surveillance vendors.
This faster tempo is also a strike against the mercenary spyware ecosystem.
And the expanded categories also hit more widely against commercial surveillance vendors.
October 10, 2025 at 3:34 PM
2/ Apple is introducing Target Flags which speeds the process of getting exploits found & submitters rewarded.
This faster tempo is also a strike against the mercenary spyware ecosystem.
And the expanded categories also hit more widely against commercial surveillance vendors.
This faster tempo is also a strike against the mercenary spyware ecosystem.
And the expanded categories also hit more widely against commercial surveillance vendors.
NEW: fresh trouble for mercenary spyware companies like NSO.
#Apple is launching fat bounties on the zero-click exploits that feed the supply chain behind products like Pegasus & Paragon's Graphite.
With bonuses, exploit developers can land $5 million payouts.
security.apple.com/blog/apple-s...
#Apple is launching fat bounties on the zero-click exploits that feed the supply chain behind products like Pegasus & Paragon's Graphite.
With bonuses, exploit developers can land $5 million payouts.
security.apple.com/blog/apple-s...
October 10, 2025 at 3:33 PM
NEW: fresh trouble for mercenary spyware companies like NSO.
#Apple is launching fat bounties on the zero-click exploits that feed the supply chain behind products like Pegasus & Paragon's Graphite.
With bonuses, exploit developers can land $5 million payouts.
security.apple.com/blog/apple-s...
#Apple is launching fat bounties on the zero-click exploits that feed the supply chain behind products like Pegasus & Paragon's Graphite.
With bonuses, exploit developers can land $5 million payouts.
security.apple.com/blog/apple-s...
5/ I believe NSO's goal has always been to bring Pegasus spyware to Americans phones.
NSO even set up a company to push spyware to police departments around the 🇺🇸country.
Their rep gave city cops demos hacking phones with American numbers...
storage.courtlistener.com/recap/gov.us...
NSO even set up a company to push spyware to police departments around the 🇺🇸country.
Their rep gave city cops demos hacking phones with American numbers...
storage.courtlistener.com/recap/gov.us...
October 10, 2025 at 11:43 AM
5/ I believe NSO's goal has always been to bring Pegasus spyware to Americans phones.
NSO even set up a company to push spyware to police departments around the 🇺🇸country.
Their rep gave city cops demos hacking phones with American numbers...
storage.courtlistener.com/recap/gov.us...
NSO even set up a company to push spyware to police departments around the 🇺🇸country.
Their rep gave city cops demos hacking phones with American numbers...
storage.courtlistener.com/recap/gov.us...
3/ NSO Group is blacklisted by the Commerce Dept.
A good part of why it has stayed there is that Pegasus was extensively used to hack US officials...
The company has been a clear national security threat...
By @ellenwapo.bsky.social & @timstarks.bsky.social
www.washingtonpost.com/national-sec...
A good part of why it has stayed there is that Pegasus was extensively used to hack US officials...
The company has been a clear national security threat...
By @ellenwapo.bsky.social & @timstarks.bsky.social
www.washingtonpost.com/national-sec...
October 10, 2025 at 11:39 AM
3/ NSO Group is blacklisted by the Commerce Dept.
A good part of why it has stayed there is that Pegasus was extensively used to hack US officials...
The company has been a clear national security threat...
By @ellenwapo.bsky.social & @timstarks.bsky.social
www.washingtonpost.com/national-sec...
A good part of why it has stayed there is that Pegasus was extensively used to hack US officials...
The company has been a clear national security threat...
By @ellenwapo.bsky.social & @timstarks.bsky.social
www.washingtonpost.com/national-sec...