You may have heard of Pegasus, a cyber weapon used by intelligence agencies to hack into the devices of political opponents.

 

Missing some Tweet in this thread? You can try to force a refresh

Thread Reader App

December 29, 2023

View Original

You may have heard of Pegasus, a cyber weapon used by intelligence agencies to hack into the devices of political opponents. 

Who created it? Which countries buy it? We'll tell you in the thread. 1/25 👇

Pegasus was created by NSO Group, an Israeli company specializing in the development of tools in the field of computer security and cyber espionage. The developers claim that they sell the program only to states so that they fight terrorists and criminals. 2/25 👇

In theory, Pegasus is able to access everything on the device - calls, SMS, files, social networks, instant messengers and geolocation. You can also turn on your microphone or camera and discreetly record what is happening nearby. 3/25 👇

As of 2020, Pegasus was installed on 50 thousand devices. And known targets include political dissidents, lawyers, journalists, human rights activists and politicians. 4/25 👇

Patient zero, with the help of which Pegasus was first discovered, was the famous dissident from the UAE Ahmed Mansour Al-Shehi. In 2016, he received an SMS with a link allegedly to material about torture in the country, but the human rights activist turned out to be smarter. 5/25 👇

He provided the link to The Citizen Lab, which deals with cybersecurity issues. Experts verified the message with Lookout and found that opening the link would have infected the device with highly sophisticated spyware. 6/25 👇

However, the UAE authorities soon sentenced Ahmed Mansour to 10 years in prison for “publishing fake news” about the United Arab Emirates. This reminds us of something... 7/25 👇

In 2020, unknown individuals leaked a list of Pegasus victims to the Forbidden Stories organization. Based on it, a large-scale investigation was carried out, in which Amnesty International and 17 media outlets around the world participated. 8/25 👇theguardian.com/world/2021/jul…

How it works? From 2016 to 2018, the preferred method was a phishing attack. The person was sent a message with a link that should interest him, and the site address was disguised as some real one. 9/25 👇

When a person clicked on the link, the attackers checked whether the specific device was supported and whether it had a vulnerability through which Pegasus could penetrate. If unsuccessful, he was redirected to the real page. 10/25 👇

Then developers began using zero-click attacks, which rely on software vulnerabilities and do not require user error. 11/25 👇

Pegasus first needs to find a vulnerability in the process to be able to run malicious code. For example, using push notifications or messages in iMessage and WhatsApp. Then vulnerabilities in the operating system come into play. 12/25 👇

To gain full access to the device, the attacking party needs to get out of the so-called “sandbox” - an isolated software environment in which applications run. It happens instantly. 13/25 👇

Any device or program has vulnerabilities. Developers regularly find and fix them. But until it is eliminated, you can use it freely. Vulnerabilities that developers are unaware of are called zero-day vulnerabilities. 14/25 👇

Different device models, OS versions and application versions will have their own set of vulnerabilities, so one solution will not work for everyone. But, if you have the resources, you can create a “catalogue” of vulnerabilities, which will contain an attack vector for most popular devices. 15/25 👇

Developers pay to find vulnerabilities, but often less than black market prices. For example, in 2016, Apple offered a maximum of $200 thousand for identifying vulnerabilities in devices. Google and Microsoft are half as much. 16/25 👇

At the same time, vulnerability buyers offered up to a million dollars for such finds. Today, the price for discovering a zero-click vulnerability in the latest version of iOS can reach $10 million. 17/25 👇

How much does it cost? NSO Group supplies Pegasus in the form of a software and hardware complex: servers and software. In addition to the installation license, customers pay to jailbreak each individual device. 18/25 👇

Information on the cost of Pegasus is not disclosed today. Eight years ago, according to an investigation by The New York Times, the license was sold for $500,000. A package for 10 device hacks costs $650 thousand. There is no doubt that it is even more expensive now. 19/25 👇

Previously, all information about the use of Pegasus came from totalitarian and authoritarian regimes. But in recent years, it has been increasingly used by European governments to spy on political opponents. 20/25 👇

🔹In 2019, Pegasus was purchased by German security forces 🔹In Spain, Pegasus was used to spy on supporters of Catalan independence 🔹In Poland, the Law and Justice party was accused of massively purchasing Pegasus licenses to spy on the opposition 🔹In Hungary, the software was used to spy on journalists 🔹Estonia purchased Pegasus in 2019 and carried out attacks in other EU countries. In total, the use of Pegasus was recorded in 14 European countries. 21/25 👇

Formally, the Russian Federation is deprived of access to Pegasus due to war and sanctions. However, in 2023, the phone of Meduza publisher Galina Timchenko was infected with spyware. It is not yet clear who was behind this. 22/25👇accessnow.org/publication/ha…

Perhaps the Kremlin was able to agree on the continuation of Pegasus supplies, bypassing the sanctions. Another option is that European security forces carried out the operation on their own initiative or in cooperation with Russian ones. 23/25 👇

If there is a Russian trace in this story, this only means that the intelligence services of different countries will always be able to agree and help each other, regardless of wars and sanctions. 24/25 👇

We tell you more in the video on the First Department channel: 25/25 👆

• • •

 

Secret methods of deception on the Bybit crypto exchange: Unraveling the tricks through P2P

By Alfsmm Agency 

casbt-osint.blogspot.com

View Original

In recent years, cryptocurrencies have moved from a narrow circle of interest to one of the main trends in the world of financial technology. Due to their decentralized structure, ability to provide anonymous transactions and the potential for significant growth in value, cryptocurrencies have attracted the attention of investors, traders and ordinary users around the world. In addition, they have opened up new prospects for cross-border transfers and investments without intermediaries and high commissions.

One of the main elements in the cryptocurrency ecosystem is P2P (peer-to-peer) exchange, which allows users to make transactions directly with each other without the intermediation of centralized structures. This method of exchange not only highlights the decentralized nature of cryptocurrencies, but also gives users greater flexibility and control over the terms of transactions. However, with the increasing popularity of P2P trading, the risk of encountering fraud increases, so it is important to choose a reliable platform for such transactions.

Bybit, one of the leading cryptocurrency exchanges nowadays, not only provides its clients with traditional trading tools, but also P2P exchange services. The platform has gained trust due to its reliability, ease of use and wide range of services provided. However, like any popular platform, Bybit is subject to the risk of fraud, which can negatively impact the experience of its users. In this article, we will dive into the world of P2P exchange on the Bybit platform, analyze how scammers can use this system to their advantage, and consider ways to protect against potential threats.

P2P (peer-to-peer) exchange is the process of direct trading of cryptocurrencies between participants without the participation of centralized intermediaries such as regular banks or crypto exchanges. In a P2P system, each participant acts as both a buyer and a seller, exchanging assets directly with other participants in the network. This process is carried out through specialized platforms that provide the necessary tools for safe trading, such as escrow systems and rating mechanisms.

Advantages of P2P exchange:

1. Decentralization: Disintermediation increases sustainability and reduces the risk of censorship.

2. Minimized fees: Direct trades between users reduce transaction costs compared to centralized exchanges.

3. Global accessibility: Users from different countries have the opportunity to exchange, even with limited access to traditional financial services.

4. Transaction flexibility: Users can define their own exchange terms, including exchange rates and payment methods.

Risks of P2P exchange:

1. Possibility of fraud: The P2P system increases the likelihood of encountering fraudsters, since transactions are carried out directly between users.

2. Cyber ​​Security: Users are responsible for protecting their accounts and funds from cyber threats.

3. Legal Risks: In certain jurisdictions, the legal status of P2P exchanges remains uncertain, which may lead to legal issues.

On P2P crypto exchanges, exchanges are usually carried out through a special section on the platform where users can post their offers to sell or buy cryptocurrencies. After placing an offer, other participants can view it and, if interested, initiate a transaction.

1. Offer selection: The buyer selects the most suitable offer and initiates the transaction.

2. Blocking of funds: Cryptocurrencies sold are temporarily blocked in the seller’s account in the platform’s escrow system to ensure the security of the transaction.

3. Payment: The buyer pays the seller in accordance with the terms of the transaction through one of the available payment methods.

4. Payment Confirmation: After receiving payment, the seller confirms the transaction on the platform.

5. Cryptocurrency release: The platform releases the cryptocurrency from the seller’s escrow account and transfers it to the buyer’s account.

To ensure security and trust between users, P2P platforms usually offer rating and feedback systems, as well as access to customer support to resolve disputes. These measures help users assess the reliability of their counterparties and provide a means to resolve potential problematic situations.

How scammers manipulate P2P on the Buy Bit platform: Illustration based on real cases - Deception schemes

Every day new negative reviews appear on the Internet, confirming the presence of scammers on the Bybit platform. Some clients claim that privacy policies leave them unprotected and force them to contact law enforcement.

Scheme #1

The client decided to purchase the USDT stablecoin through the Bybit platform. On the platform, he found a seller with only 8 open orders. The seller asked for a personal card number to make a transfer through personal messages and began to delay the process, making excuses for the human factor. Bybit set a 15-minute timer to complete the trade. In the last two minutes, the seller provided a card number, which turned out to belong to a third party. 30 seconds before the end of the timer, the buyer transferred 90 thousand rubles through the bank, but discovered that the timer on the platform had already expired when he returned. However, the "confirm payment" button remained active. Bybit immediately unfrozen the transferred amount for the scammer, who even requested confirmation in the form of a check from the bank. The client then checked the seller's profile again and discovered that there were no confirmed transactions in his history. The defrauded client turned to both the bank and Bybit for support. Since a minimum amount remained in the fraudster’s account, Bybit returned it to the defrauded client, and the bank reported that the client himself was to blame for what happened.

Scheme #2

A user on the ByBit platform chose LuckyTrade for a P2P exchange, which had already been blocked for fraudulent activity. During the transaction, LuckyTrade tried to convince the user to transfer cryptocurrency, allegedly claiming that funds had been received into the Baybit-Sberbank account. However, when the user did not agree to lose his funds, the scammer began using pressure methods, filing an appeal and posing as ByBit support, sending demanding messages to the user.

It is important not to succumb to such pressure and not to make sudden transfers, especially if there is no confirmation of the receipt of funds. The scammer likely used multiple accounts, including SoGOOD, to carry out his scams. This case highlights the importance of caution and background checks when transacting on P2P platforms.

Scheme #3

There are three parties involved in this deception scheme. Two scammers simultaneously communicate with one seller, using his trust and creating a situation of urgency to send cryptocurrency without proper verification. Sending assets without accurately identifying the source of payment poses a risk. There is a danger that the seller, being careless, may issue assets twice, resulting in receiving only part of the expected amount or being deceived altogether.

Scheme #4

Fraudsters pose as intermediaries in P2P transactions. The scammer pretends to be a seller or buyer of cryptocurrency on the Bybit platform, establishing contact with potential victims through external communication channels such as Telegram, WhatsApp or social networks. He offers his banking details and information about advertisements posted on Bybit in an attempt to deceive users.

In this scenario, the scammer shares his account details through external channels and asks the victim to confirm receipt by copying the information into the P2P order chat on the Bybit platform. The victim, unaware of the deception, sends the scammer’s account information to another platform participant, who is also not aware of the fraud. As a result, the victim sends cryptocurrency to an unsuspecting buyer, who then transfers fiat funds to the scammer’s account.

In such cases, it is difficult for the victim to get help from P2P platform specialists, since communication with the scammer took place outside the official platform.

Strategies for protecting and preventing fraud on P2P platforms

- Conducting transactions on peer-to-peer (P2P) exchange platforms requires increased attention to prevent possible fraudulent activities. Here are some effective strategies and tips to help you protect your operations.

Ensuring security for participants in P2P exchanges is critical and includes the following aspects:

• Enable two-factor authentication (2FA) : Be sure to enable 2FA for your account. This will add an extra layer of security and protect your account from unauthorized access.

• Use strong, unique passwords : Create and use strong passwords that are unique to each platform. Avoid reusing passwords to reduce the risk of a data breach.

• Website Authentication : Before logging into the platform, make sure that you are using the official website. Avoid clicking on suspicious links and check the URL to ensure it is genuine.

• Limit the use of external communication channels : Try to minimize the use of third-party communication services to conduct transactions. It is important to communicate and transact only through official communication channels on the platform to avoid the risk of fraud.

Mechanisms and approaches Bybit offers to ensure user security include:

1. Ratings and Reviews : Users can use ratings and reviews on the Bybit platform to assess the credibility of potential counterparties. This allows users to make informed decisions when choosing a partner for transactions.

2. Escrow Service : Bybit offers an escrow service that temporarily holds cryptocurrency during a transaction. This increases the level of security of transactions, providing protection for both the buyer and the seller.

3. Help Desk : In case of disputes or problems, users can seek help from Bybit Help Desk, which will help find solutions and resolve conflict situations.

4. Checking counterparties for P2P transactions : Users are advised to carefully check the profile, rating, transaction history and reviews of other participants about the counterparty. Be especially careful when interacting with new users or those with few transactions.

5. Requiring confirmation of data : Users should not hesitate to require the counterparty to confirm its data or provide additional information about the transaction if in doubt. This will help ensure the reliability of the transaction.

6. Handle demands with care : It is important not to give in to pressure from counterparties, especially if they require quick action. Users should take their time and analyze each step of the transaction in detail to avoid falling into fraudulent schemes.

Conclusions

In the world of cryptocurrencies and P2P exchanges on platforms such as Bybit, there is a certain risk of fraud. Users should be aware of this risk and take appropriate precautions. It is important to be extremely careful and actively use the security tools offered by the platform, such as two-factor authentication and complex passwords.

While platforms like Bybit are taking steps to ensure user safety, personal vigilance and caution remain key to protecting funds. You must be especially careful and not trust dubious offers or requests.

 

Secret methods of deception on the Bybit crypto exchange: Unraveling the tricks through P2P

By Alfsmm Agency 

casbt-osint.blogspot.com

View Original

In recent years, cryptocurrencies have moved from a narrow circle of interest to one of the main trends in the world of financial technology. Due to their decentralized structure, ability to provide anonymous transactions and the potential for significant growth in value, cryptocurrencies have attracted the attention of investors, traders and ordinary users around the world. In addition, they have opened up new prospects for cross-border transfers and investments without intermediaries and high commissions.

One of the main elements in the cryptocurrency ecosystem is P2P (peer-to-peer) exchange, which allows users to make transactions directly with each other without the intermediation of centralized structures. This method of exchange not only highlights the decentralized nature of cryptocurrencies, but also gives users greater flexibility and control over the terms of transactions. However, with the increasing popularity of P2P trading, the risk of encountering fraud increases, so it is important to choose a reliable platform for such transactions.

Bybit, one of the leading cryptocurrency exchanges nowadays, not only provides its clients with traditional trading tools, but also P2P exchange services. The platform has gained trust due to its reliability, ease of use and wide range of services provided. However, like any popular platform, Bybit is subject to the risk of fraud, which can negatively impact the experience of its users. In this article, we will dive into the world of P2P exchange on the Bybit platform, analyze how scammers can use this system to their advantage, and consider ways to protect against potential threats.

P2P (peer-to-peer) exchange is the process of direct trading of cryptocurrencies between participants without the participation of centralized intermediaries such as regular banks or crypto exchanges. In a P2P system, each participant acts as both a buyer and a seller, exchanging assets directly with other participants in the network. This process is carried out through specialized platforms that provide the necessary tools for safe trading, such as escrow systems and rating mechanisms.

Advantages of P2P exchange:

1. Decentralization: Disintermediation increases sustainability and reduces the risk of censorship.

2. Minimized fees: Direct trades between users reduce transaction costs compared to centralized exchanges.

3. Global accessibility: Users from different countries have the opportunity to exchange, even with limited access to traditional financial services.

4. Transaction flexibility: Users can define their own exchange terms, including exchange rates and payment methods.

Risks of P2P exchange:

1. Possibility of fraud: The P2P system increases the likelihood of encountering fraudsters, since transactions are carried out directly between users.

2. Cyber ​​Security: Users are responsible for protecting their accounts and funds from cyber threats.

3. Legal Risks: In certain jurisdictions, the legal status of P2P exchanges remains uncertain, which may lead to legal issues.

On P2P crypto exchanges, exchanges are usually carried out through a special section on the platform where users can post their offers to sell or buy cryptocurrencies. After placing an offer, other participants can view it and, if interested, initiate a transaction.

1. Offer selection: The buyer selects the most suitable offer and initiates the transaction.

2. Blocking of funds: Cryptocurrencies sold are temporarily blocked in the seller’s account in the platform’s escrow system to ensure the security of the transaction.

3. Payment: The buyer pays the seller in accordance with the terms of the transaction through one of the available payment methods.

4. Payment Confirmation: After receiving payment, the seller confirms the transaction on the platform.

5. Cryptocurrency release: The platform releases the cryptocurrency from the seller’s escrow account and transfers it to the buyer’s account.

To ensure security and trust between users, P2P platforms usually offer rating and feedback systems, as well as access to customer support to resolve disputes. These measures help users assess the reliability of their counterparties and provide a means to resolve potential problematic situations.

How scammers manipulate P2P on the Buy Bit platform: Illustration based on real cases - Deception schemes

Every day new negative reviews appear on the Internet, confirming the presence of scammers on the Bybit platform. Some clients claim that privacy policies leave them unprotected and force them to contact law enforcement.

Scheme #1

The client decided to purchase the USDT stablecoin through the Bybit platform. On the platform, he found a seller with only 8 open orders. The seller asked for a personal card number to make a transfer through personal messages and began to delay the process, making excuses for the human factor. Bybit set a 15-minute timer to complete the trade. In the last two minutes, the seller provided a card number, which turned out to belong to a third party. 30 seconds before the end of the timer, the buyer transferred 90 thousand rubles through the bank, but discovered that the timer on the platform had already expired when he returned. However, the "confirm payment" button remained active. Bybit immediately unfrozen the transferred amount for the scammer, who even requested confirmation in the form of a check from the bank. The client then checked the seller's profile again and discovered that there were no confirmed transactions in his history. The defrauded client turned to both the bank and Bybit for support. Since a minimum amount remained in the fraudster’s account, Bybit returned it to the defrauded client, and the bank reported that the client himself was to blame for what happened.

Scheme #2

A user on the ByBit platform chose LuckyTrade for a P2P exchange, which had already been blocked for fraudulent activity. During the transaction, LuckyTrade tried to convince the user to transfer cryptocurrency, allegedly claiming that funds had been received into the Baybit-Sberbank account. However, when the user did not agree to lose his funds, the scammer began using pressure methods, filing an appeal and posing as ByBit support, sending demanding messages to the user.

It is important not to succumb to such pressure and not to make sudden transfers, especially if there is no confirmation of the receipt of funds. The scammer likely used multiple accounts, including SoGOOD, to carry out his scams. This case highlights the importance of caution and background checks when transacting on P2P platforms.

Scheme #3

There are three parties involved in this deception scheme. Two scammers simultaneously communicate with one seller, using his trust and creating a situation of urgency to send cryptocurrency without proper verification. Sending assets without accurately identifying the source of payment poses a risk. There is a danger that the seller, being careless, may issue assets twice, resulting in receiving only part of the expected amount or being deceived altogether.

Scheme #4

Fraudsters pose as intermediaries in P2P transactions. The scammer pretends to be a seller or buyer of cryptocurrency on the Bybit platform, establishing contact with potential victims through external communication channels such as Telegram, WhatsApp or social networks. He offers his banking details and information about advertisements posted on Bybit in an attempt to deceive users.

In this scenario, the scammer shares his account details through external channels and asks the victim to confirm receipt by copying the information into the P2P order chat on the Bybit platform. The victim, unaware of the deception, sends the scammer’s account information to another platform participant, who is also not aware of the fraud. As a result, the victim sends cryptocurrency to an unsuspecting buyer, who then transfers fiat funds to the scammer’s account.

In such cases, it is difficult for the victim to get help from P2P platform specialists, since communication with the scammer took place outside the official platform.

Strategies for protecting and preventing fraud on P2P platforms

- Conducting transactions on peer-to-peer (P2P) exchange platforms requires increased attention to prevent possible fraudulent activities. Here are some effective strategies and tips to help you protect your operations.

Ensuring security for participants in P2P exchanges is critical and includes the following aspects:

• Enable two-factor authentication (2FA) : Be sure to enable 2FA for your account. This will add an extra layer of security and protect your account from unauthorized access.

• Use strong, unique passwords : Create and use strong passwords that are unique to each platform. Avoid reusing passwords to reduce the risk of a data breach.

• Website Authentication : Before logging into the platform, make sure that you are using the official website. Avoid clicking on suspicious links and check the URL to ensure it is genuine.

• Limit the use of external communication channels : Try to minimize the use of third-party communication services to conduct transactions. It is important to communicate and transact only through official communication channels on the platform to avoid the risk of fraud.

Mechanisms and approaches Bybit offers to ensure user security include:

1. Ratings and Reviews : Users can use ratings and reviews on the Bybit platform to assess the credibility of potential counterparties. This allows users to make informed decisions when choosing a partner for transactions.

2. Escrow Service : Bybit offers an escrow service that temporarily holds cryptocurrency during a transaction. This increases the level of security of transactions, providing protection for both the buyer and the seller.

3. Help Desk : In case of disputes or problems, users can seek help from Bybit Help Desk, which will help find solutions and resolve conflict situations.

4. Checking counterparties for P2P transactions : Users are advised to carefully check the profile, rating, transaction history and reviews of other participants about the counterparty. Be especially careful when interacting with new users or those with few transactions.

5. Requiring confirmation of data : Users should not hesitate to require the counterparty to confirm its data or provide additional information about the transaction if in doubt. This will help ensure the reliability of the transaction.

6. Handle demands with care : It is important not to give in to pressure from counterparties, especially if they require quick action. Users should take their time and analyze each step of the transaction in detail to avoid falling into fraudulent schemes.

Conclusions

In the world of cryptocurrencies and P2P exchanges on platforms such as Bybit, there is a certain risk of fraud. Users should be aware of this risk and take appropriate precautions. It is important to be extremely careful and actively use the security tools offered by the platform, such as two-factor authentication and complex passwords.

While platforms like Bybit are taking steps to ensure user safety, personal vigilance and caution remain key to protecting funds. You must be especially careful and not trust dubious offers or requests.