Originally published at: https://boingboing.net/2020/01/22/saw-and-pwn.html
…
As an aside, I wonder if Mister Bone Saw will have any difficulty getting henchmen to do his dirty work now that he’s executed of few of them.
What surprises me a bit about this is that you can just exfiltrate several gigabytes of data from the phone of someone with crazy money and a more than passing acquaintance with technology(not sure how techie Bezos is personally but he clearly knows something about hiring tech expertise).
Short of using some near-zero-function General Dynamics Mission Systems horror phone you can’t really pay for much OS/app level security above the commercial standard; but traffic analysis and IDS type stuff is something you can add on for money, and not overwhelming amounts of it; and if someone is watching in that way bulk exfiltration is hard to hide.
Did he in fact have this and that’s why he brought in a forensics team? Did he just assume that he wasn’t a target? Didn’t want IT scrutinizing what his personal phone does?
I do wonder what the actual security flaw was. Was it as simple as the world’s richest man having a guessable password? Or was it some next level super secret spy shit?
This hack is one step removed from his doing the script-kiddie dirty work himself (I’m sure that at least one techie in his employ will end up in prison or worse). At least this will give a lot of wealthy and powerful people a reason to remove Prince Bone Saw from their Whatsapp and other social media groups.
It seems very odd that MBS would get involved in this. I can see the appeal of keeping tabs on Bezos but the personal whatsapp malware touch seems like an odd way to go about it.
The malware that Bin Salman is accused of using bears a striking resemblance to the tools that NSO Group
So, next level super secret spy shit
“exfiltrated”? wouldn’t it just be easier to say “stolen”?
Yeah, it’s a good thing that someone close to the President isn’t whatsapp buddies with the slaughter prince. Especially someone who couldn’t get a security clearance. That would be bad.
Crown Prince of Saudi Arabia accused of hacking Jeff Bezos’ phone with malware-laden WhatsApp message
Oh, I’m almost positive that this is just a mishap and all that MbS did was to try to sign up for Amazon Prime.
Also the timing is weird. Prince Bonesaw supposedly pWnd Bezos in 2018 and copied out gigs of data. In February 2019 MacKenzie and Jeff divorce. Shortly before that there were emails
In addition to the “below the belt selfie — otherwise colloquially known as a ‘d_ck pick’” — The Enquirer obtained a further nine images.
Mr. Pecker, otherwise colloquially known as “Mr. Catch and Kill”, somehow ended up with receipts from Jeff’s phone and proceeded to shake down Jeff.
So basically this is Trump.
It’s early, I haven’t got my “click through and read the damn summary first” module turned on yet. You are correct. Super secret spy shit.
If during the last thousand seconds you have received any High-Beyond-protocol packets from “Arbitration Arts,” discard them at once. If they have been processed, then the processing site and all locally netted sites must be physically destroyed at once. We realize that this means the destruction of solar systems, but consider the alternative. You are under Transcendent attack.
I guessing but… Someone on the WhatsApp team probably thought it would be really cool to treat video data as executable code. (Maybe it was a clever buffer overrun hack, but no bounds checking in this day?)
So it’s some excuse-mossad super spy shit that you cans hire if you have enough money.
Well, unless you trust your IT people implicitly, that could be another source of leaks.
In general, I think that should be impossible with iOS sandboxing. Do any of the articles say what kind of phone it is?
If the people sentenced were even actually the ones responsible, and not some random dissidents - the Saudis have kept secret their names, and the trial was all out of the public eye.
That’s an excellent point.
I never thought it would be possible for me to feel sorry for Jeff. It sucks to have your personal details hacked by a known murderer.
You don’t necessarily need implicit trust; there are a variety of arrangements for setting up your system’s auditing so that the watchers watch one another; and it’s also a lot easier to come down like a ton of bricks on people you already have full details on and contracts with, rather than hackers unknown or foreign state actors; but even if they maintain professional discretion in terms of not selling you out to the tabloids I suspect that knowing that IT is watching you can be a bit of a downer for certain activities. Probably a bit of a downer for IT, as well, but that doesn’t help you.
This topic was automatically closed after 5 days. New replies are no longer allowed.