2nd eth talk readyyy

src/decks/surveillance.md

@@ -0,0 +1,510 @@
+---
+title: "Surveillance"
+---
+<!-- .slide: data-auto-animate -->
+
+<img src="/img/kitten_cropped.png" class="r-stretch"/>
+
+# surveillance and what we can do against it
+## [maia arson crimew](https://maia.crimew.gay)
+
+---
+<!-- .slide: data-auto-animate -->
+
+<img src="/img/kitten_cropped.png" class="r-stretch"/>
+
+## maia arson crimew
+
+* is 25 years old <!-- .element: class="fragment" -->
+* uses it(/she) pronouns <!-- .element: class="fragment" -->
+* has (allegedly) been a hacktivist since 2019 <!-- .element: class="fragment" -->
+* got indicted in 2021 ^-^ oopie <!-- .element: class="fragment" -->
+* leaked the 2019 version of the US no fly list in 2023 <!-- .element: class="fragment" -->
+* is an investigative journalist and columnist <!-- .element: class="fragment" -->
+
+---
+
+## agenda
+
+* stalkerware
+* verkada
+* using their tools against them
+* OSINT, or: how to find adrian dittmann
+* my friendship with luís montenegro \<3
+* the telemessage saga
+* HackingTeam and swiss universities?
+* the fight starts with you
+
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate data-auto-animate-restart -->
+
+## stalkerware
+
+<small>*background illustration by [Mukky's World](https://mukkysworld.neocities.org/)*</small>
+
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## stalkerware
+
+* commercially available spyware
+* mostly used to spy on spouses or kids <!-- .element: class="fragment" -->
+* hidden from the target <!-- .element: class="fragment" -->
+* usually requires brief physical access <!-- .element: class="fragment" -->
+* between $20-$200+/month <!-- .element: class="fragment" -->
+
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## stalkerware
+
+we surveil ourselves and each other,</br>this is more and more normalized
+
+Note:
+not just stalkware, also
+- snap map
+- airtags
+- strava
+
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## stalkerware
+
+governments love stalkerware too
+
+Note:
+
+- examples from june 2024 mspy leak
+- stalkerware is in legal gray area, presumably much easier to acquire than government grade spyware, even for governments
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## stalkerware
+
+governments love stalkerware too
+
+<img src="/img/decks/surveillance/yaniv.jpg"/>
+
+Note:
+
+- email from 2014
+- yaniv azani
+- cto of national cyber unit of israel police
+- attempting to buy whitelabelled mspy for israel
+- did not come to fruition
+
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## stalkerware
+
+governments love stalkerware too
+
+<img src="/img/decks/surveillance/irgoun.jpg"/>
+
+Note:
+
+- email from 2016
+- luc schwab (swiss national)
+- ran an israeli security/mercenary company (now runs one in geneva)
+- asking for whitelabel mspy for government customers
+- presumably for israel, only one named
+- mspy turns them down but adds them to a potential list of future whitelabel partners
+
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## stalkerware
+
+other interested government agencies included:
+
+* more private security companies working with goverments
+* royal thai police
+* vietnam defense ministry
+* nebraska national guard
+* united arab emirates
+* italian law enforcement
+* tasmanian police
+
+Note:
+
+- i found no sale occuring
+- just mspy receiving this manyr equests means others probably receive just as many
+- governments may be using others
+- flexispy (other big player) for example offers whitelabel solution
+
+---
+<!-- .slide: data-background-image="/img/posts/fuckstalkerware-5/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## stalkerware
+
+* stalkerware services are constantly being hacked
+* most shut down under the pressure <!-- .element: class="fragment" -->
+* constant hacks and bad press make it hard to run a profitable business <!-- .element: class="fragment" -->
+* hacks also allow us an insight into the industry <!-- .element: class="fragment" -->
+
+Note:
+
+Stalkerware constantly getting hacked is also a good reason why no one should ever use that kind of software
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/verkada.jpg" data-background-opacity="0.2" data-auto-animate data-auto-animate-reset -->
+
+## verkada
+
+<img src="/img/decks/surveillance/bloomberg.jpg"/>
+
+Note:
+
+- shortly before indictment in 2021
+- alongside hacking group
+- breached cloud based surveillance startup verkada
+- accessing over 150k cameras, primarily in the US
+- cameras inside:
+- tesla factories & dealerships
+- cloudflare headquarters
+- jails, health clinics and hospitals
+
+kicked off massive discussion about surveillance
+
+Ramble i guess
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/verkada.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## verkada
+
+<img src="/img/decks/surveillance/ftc.jpg"/>
+
+Note:
+
+- fined 2.95mil usd by FTC 
+- for security lapse and violation of CAN-SPAM act
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/tesla-fire.jpg" data-background-opacity="0.2" -->
+
+## using their tools against them
+
+Note:
+
+- society built around surveillance has a flaw
+- its surveillance
+- data collected by said surveillance and the tools used for surveillance can be used by journalists and hacktivists
+
+verkada is one such example, in the following there is some more
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.2" data-auto-animate data-auto-animate-reset -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+Note:
+
+* OSINT stands for open source intelligence
+* its a form of intelligence that relies on publicly available data.
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+<img src="/img/decks/surveillance/adrian-x.jpg"/>
+
+Note:
+
+* Adrian Dittmann is a twitter influencer
+* posts about crypto and AI
+* massive fan of elon musk. 
+* blew up because people believed he was an alt of musks
+* he talks somewhat similarly to musk and often praises him
+* this did not seem quite right to me
+* started invesigating with ryan fae last december
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+<img src="/img/posts/adrian-dittmann/snusbase.png"/>
+
+Note:
+
+* quick search for his alleged name on paid breach tool
+* brings up an email address and a location in fiji
+* breached from an ai background removal tool in 2024
+</br>
+</br>
+* fiji would make sense
+* dittman previously stated he is german, grew up in gibraltar and morocco and now lives in oceania
+* this would also explain his accent
+* german guy growing up in english speaking countries and private schools would def sound similar to a south african billionaire
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+<img src="/img/decks/surveillance/osintindustries.jpg"/>
+
+Note:
+
+* search for his email on osint.industries
+* i receive free journalist access to osint industries
+* shows number of other accounts
+* german and fijian phone number
+* google account with a single maps review in fiji
+* review talks about steaks, this will be more relevant later
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.7" data-auto-animate -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+Note: 
+
+* google search for "dittmann fiji" shows a dittmann family in fiji
+* they own various companies in germany, switzerland and fiji
+</br>
+</br>
+* family company registrations show they are originally from germany
+* they then lived in gibraltar for a while and moved to fiji around 2012
+* flags in brothers instagram bio confirm this too
+</br>
+</br>
+* main relevant company is aquam insula (luxury water and yachting supplies company)
+* a youtube video on the fiji government channel shows opening of companies "maritime lifestyle warehouse
+* footage shows adrian dittmann and his partner in foreground (see slide)
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+<img src="/img/posts/adrian-dittmann/ring.png"/>
+
+Note:
+
+* in same video we see a ring on fiji adrians finger
+* this matches a ring visible in some of twitter adrians steak cooking streams.
+* as i said steaks are oddly relevant to this
+* there is even more evidence we go over in our article
+* for anyone still skeptical after having seen our original reporting:
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+<img src="/img/decks/surveillance/facereveal.jpg"/>
+
+Note:
+
+* more on the steak streams
+* about a month after initial reporting
+* post on bluesky from someone archiving all adrian dittmann streams
+* reflection of his face is visible in a steak cooking stream
+
+---
+<!-- .slide: data-background-image="/img/posts/adrian-dittmann/cover.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## OSINT
+### or, how to find Adrian Dittmann
+
+Note:
+
+- ramble on adrian and musk relationship, why musk played along
+- just a quick example of how powerful osint is for journalism and not just for government ingelligence
+- ultimately investigative journalism is also just intelligence
+</br>
+</br>
+- but what about the rich and powerful?
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/montenegro.jpg" data-background-opacity="0.2"  -->
+
+## my friendship with luís montenegro \<3
+
+<img src="/img/decks/surveillance/montenegro.jpg"/>
+
+<small>*Image credit: Lukas Gut, [Tiny Kitten vs. The 2nary System](https://www.ensemblefilm.ch/portfolio/tiny-kitten-vs-the-2nary-system-by-marisa-meier/), ensemble film*</small>
+
+Note:
+
+- who is luis montenegro
+- corrupt portuguese premier who just got reelected
+- number found by googling for the name of the front company he received bribes with
+- osint industries confirmed telegram and signal account with his name
+- i messaged both numbers to try and get comment on the developing corruption story
+- he never replied
+- out of curiosity i try calling him one day, he doesnt pick up
+- i try to call again later but call does not go through
+- conclusion: he saw my messages and decided to block me
+- you can just bully these people. its fun and its free
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/tmsgnl.jpg" data-background-opacity="0.4" data-auto-animate data-auto-animate-reset -->
+
+## the telemessage saga
+
+<small>*NOTE: this is a retelling of a very recent series of hacks based on publicly available information, parts of this may be inaccurate*</small>
+
+Note:
+
+- april 30st
+- us national security advisor mike waltz
+- photographed checking signal on phone during white house meeting by reuters photographer
+- previous signal incident with mike waltz
+- had invited journalist to secret chat discussing anti houthi war plans
+- journalists and hacktivists immediately spring into action
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/tmsgnl.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## the telemessage saga
+
+<img src="/img/decks/surveillance/404.jpg"/>
+
+Note:
+
+- may 1st
+- news stories pop up about how his signal app is modified
+- telemessage (israeli-american company, founded by unit 8200 guys)
+- provides archival regulation compliance for govts and financial institutions
+- lets employees use their preferred messengers while archiving
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/tmsgnl.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## the telemessage saga
+
+<img src="/img/decks/surveillance/telemessage-source.jpg"/>
+
+Note:
+
+By may 3rd the source code of the telemessage signal wrapper including hardcoded credentials leaks
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/tmsgnl.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## the telemessage saga
+
+<img src="/img/decks/surveillance/telemessage-hacked.jpg"/>
+
+Note: 
+
+- may 4th
+- telemessage is hacked
+- hackers found trivial vulnerability
+</br>
+</br>
+- archival backend has endpoint allowing server memory dumps
+- no auth requires
+- over the course of about a day about 400gb of data is collected
+</br>
+</br>
+- contained within are plain text messages and metadata such as contacts and group names
+- data is published by ddosecrets by may 19th
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/tmsgnl.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## the telemessage saga
+
+Note:
+
+According to reuters (full circle) and Micah Lee who analyzed the dataset it contained around 60 thousand messages from:
+- cbp officials
+- US diplomatic staffers
+- at least one white house staffer
+- members of the US secret service
+- dc police
+- employees of andreesen horowitz
+- jp morgan
+- others
+
+not only the government can spy on us, we can spy on them too. and its often way easier than you'd think.
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/hackback.jpg" data-background-opacity="0.2" data-auto-animate data-auto-animate-reset -->
+
+## HackingTeam and swiss universities?
+
+* HackingTeam is an italian cybersecurity and offensive intrusion and surveillance company<!-- .element: class="fragment" -->
+* their customers include governments all around the world<!-- .element: class="fragment" -->
+* in 2015 they are hacked by phineas fisher<!-- .element: class="fragment" -->
+* after their data leaked the italian government revokes their license to sell spyware outside europe<!-- .element: class="fragment" -->
+
+Note: 
+
+All around HackingTeam is one of the most notorious cyber surveillance vendors EVER.
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/hackback.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## HackingTeam and swiss universities?
+
+in 2019 the company is bought by the swiss/italian InTheCyber Group and turned into "Memento Labs"
+
+<img src="/img/decks/surveillance/inthecyber.jpg"/>
+
+Note:
+
+InTheCyber ceo and founder Paolo Lezzi claims that the company only provides spyware in compliance "with all the conditions of the international community, especially the western community". 
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/hackback.jpg" data-background-opacity="0.2" data-auto-animate -->
+
+## HackingTeam and swiss universities?
+
+<img src="/img/decks/surveillance/moniTOR.jpg"/>
+
+Note:
+
+- between 2020 and 2022
+- inthecyber and supsi
+- supsi is ticinesi sister of eth (as far as i understand it)
+- funding from inosuisse (federal science funding)
+- joint developed PrevenTer and MoniTor
+- preventer: voice recognition and transcription tool
+- moniTor: tor deanonymization tool
+- sold at surveillance converences in dubai and in other places, with customers everywhere
+- inthecyber also still sells surveillance tools, for example also in the gulf states
+
+
+InTheCyber and supsi also partner in various other cantonal and federal programs, including alliance SOS, a project in the canton of ticino that helps companies when they suffer cyber attacks.
+
+- memento labs employees also talked at a swiss department of foreign affairs training conference for governments in south east asia
+- they spoke from an "attacker perspective"
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/demo.jpg" data-background-opacity="0.2" -->
+
+## the fight starts with you!
+
+Note:
+
+- fight has to be fought on *all* fronts
+- stronger together
+- on the streets, hacktivists, journalists, or everywhere else future is built
+- join the fight with whatever means you have
+
+---
+<!-- .slide: data-background-image="/img/decks/surveillance/snadcat.jpg" data-background-opacity="0.4" -->
+
+## thanks for listening!
+
+you can find me:
+* on twitter: @awawawhoami
+* on bluesky: @crimew.gay
+* on instagram: @nyancrimew
+* on my website: maia.crimew.gay
+* at the apéro after the talks :p