Internet shutdown types and taxonomy: tech behind network interference
Our guide explains network interferences to help people prepare for, circumvent, and document 8 different types of internet shutdowns.
Phase 1 - Mobilize Locally
Digital Security Education
Defending press freedom for the next generation
Help for Digital Defenders
U.S. Press Freedom Tracker - U.S. Press Freedom Tracker
The U.S. Press Freedom Tracker is a project that aims to comprehensively document press freedom incidents in the United States — such as the arrests of journalists, seizures of their equipment, interrogations and searches at the U.S. border, subpoenas to testify about sources, leak prosecutions and physical attacks. The Press Freedom Tracker documents cases across the country, involving national, state and local authorities.
#KeepItOn: fighting internet shutdowns around the world - Access Now , reach out to #KeepItOn Campaign Manager Felicia Anthonio at felicia@accessnow.org.
The #KeepItOn coalition brings together hundreds of civil society organizations and our allies from around the world – in government, international institutions, media, the private sector, and beyond – to fight for an end to internet shutdowns.
Aranya Project Free Open source version of spideroak
Sponsored by Spideroak. Aranya Project has 21 repositories available. Follow their code on GitHub.
Potential Secure Backups
Backblaze Online Computer Backup Free Trial
Never lose a file again. Get started backing up your files in the cloud for free today.
Introducing SecureDrop Protocol
This blog post is a part of a series about our research toward the next generation of the SecureDrop whistleblowing …
GlobaLeaks - Free and Open-Source Whistleblowing Software
Amnesty International used it in Pakistan and Saudi Arabia, in order to facilitate and secure dialogue with the organization’s lawyers and researchers residing within these countries.
The Prosecutor Office at the International Criminal Court (ICC) used it as a secure tool for witnesses to report on international crimes of genocide, of crimes against humanity and of war crimes, in the Libya and Central African Republic II.
Introducing WEBCAT: Web-based Code Assurance and Transparency
In this post, we introduce Web-based Code Assurance and Transparency, a project that supports verifiable in-browser code for single-page browser applications. Along with this post, we are publishing the WEBCAT project repository; follow-up posts will provide more detailed information.
WEBCAT is a multicomponent project; the easiest way to explain it is to start with the end-user experience. When a user visits a website that has enrolled in WEBCAT, before the site can load the content is checked against a signed manifest to ensure that it has not been tampered with
The users we’re trying to protect are engaged in an important, potentially high-stakes activity. Whether it’s using SecureDrop, GlobaLeaks, or another browser-based encryption tool
One use case that WEBCAT supports is that of site administrators self-hosting third-party applications — the backbone of the decentralized web. Self-hosted applications (like SecureDrop!)
WEBCAT is a project that lets application developers or service providers create and update signed artifacts attesting to the code that they are shipping; site owners enroll their domains that run these applications; and end users automatically verify that the code they are served is authentic
A signing script that allows application developers to generate a signed manifest to verify the content they intend to serve to users
An enrollment server to allow site owners to enroll their website
An updater service that builds a list of trusted signers per domain
A Firefox extension, to provide the end user an in-browser integrity checking mechanism, which blocks code that fails integrity checks for enrolled websites and warns the user.
We’ll have more to say in the weeks and months to come. In the meantime, we welcome your feedback: you can write to us at <securedrop@freedom.press> (PGP-encrypted), or find us on GitHub.
Directory
SecureDrop
Secure CommsSutty
Sutty crea sitios seguros, veloces y visibles para organizaciones, colectivas y activistas
CONGRESS lobby app
Censorship Resistant Tech
Simple Hosting - Gandi.net
Web hosting for websites and web applications of all sizes. Try your first instance of any size for free for 10 days with a free Gandi account. No credit card required.
Cape Shop
Cape Shop
Canada eSIM | Prepaid Canada data | aloSIM
Looking for Canada data? No matter where you are in the Great White North, a Canada eSIM can keep you online without Wi-Fi.
eSIM for Canada
Buy a prepaid eSIM for Canada with instant delivery. Stay connected without roaming fees. Easy & fast.
DIGITAL SECURITY HELPLINE - Access Now
Our Helpline provides 24/7 free of charge technical support for journalists, activists, and human rights defenders
Resources - Access Now
Resources Access Now’s team of policy experts, advocates, and technologists are finding solutions to help everyone protect themselves from digital threats
Forensic Methodology Report: How to catch NSO Group’s Pegasus
NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project, a collaborative investigation that involves more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories with technical support of Amnesty International’s Security Lab. Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware.
In our October 2019 report, we detail how we determined these redirections to be the result of network injection attacks performed either through tactical devices, such as rogue cell towers, or through dedicated equipment placed at the mobile operator.
free247downloads[.]com
, but also when using other apps.
WebKit local storage, IndexedDB folders, and more.
Safari’s Session Resource logs provide additional traces that do not consistently appear in Safari’s browsing history.
Maati Monjib visited https://yahoo.fr, and a network injection forcefully redirected the browser to documentpro[.]org before further redirecting to free247downloads[.]com and proceed with the exploitation.
iOS maintains records of process executions and their respective network usage in two SQLite database files called “DataUsage.sqlite” and “netusage.sqlite”
network usage databases contained records of a suspicious process called “bh”.
leveraged a vulnerability in the iOS JavaScriptCore Binary (jsc) to achieve code execution on the device
persistence on the device after reboot
“bh.c – Loads API functions that relate to the decompression of next stage payloads and their proper placement on the victim’s iPhone by using functions such as BZ2_bzDecompress, chmod, and malloc
herefore, we suspect that “bh” might stand for “BridgeHead”, which is likely the internal name assigned by NSO Group to this component of their toolkit.
The bh process first appeared on Omar Radi’s phone on 11 February 2019. This occurred 10 seconds after an IndexedDB file was created by the Pegasus Installation Server
At around the same time the file com.apple.CrashReporter.plist file was written in /private/var/root/Library/Preferences/, likely to disable reporting of crash logs back to Apple.
roleaboutd and msgacntd processes are a later stage of the Pegasus spyware which was loaded after a successful exploitation and privilege escalation with the BridgeHead payload.
Network injection is an effective and cost-efficient attack vector for domestic use especially in countries with leverage over mobile operators
iOS keeps a record of Apple IDs seen by each installed application in a plist file located at /private/var/mobile/Library/Preferences/com.apple.identityservices.idstatuscache.plist
spy phone
aadnk/whisper-webui · Getting quite a bit of "Thank you for watching!" during silence
With the VAD enabled, I've noticed that I'm getting quite a bit of "Thank you for watching!". This is not as noticeable without the VAD.
Cell Phone Extraction Software | Access Mobile Device Evidence with Cellebrite Premium
Premium, the leading cell phone data extraction software, legally unlock, decrypt, and extract critical digital evidence from the widest range of all mobile devices.
Cellebrite Inseyets Powered by UFED | Access & Extract Mobile Device Data
Explore the innovative features of Cellebrite Inseyets powered by UFED, revolutionizing the way of forensic examiners extract and access cell phone data.
How to Securely Wipe a Hard Drive on Your Mac
Spread the loveIf you’re planning on selling, donating or disposing of your Mac, it’s important to make sure all of your personal files and information are gone for good. The best way to accomplish this is to securely wipe your hard drive. Here’s how you can do it: 1. Create a backup: Before you start the process, make sure you have a backup of all your important files, so you don’t lose any data you may need in the future. 2. Disable FileVault: If you have FileVault enabled, you’ll need to disable it before wiping your hard drive. You can […]
home wifi hardening jCellebrite | End-to-End Digital Investigations Software & Platform
Cellebrite’s Digital Intelligence Suite of Forensic Solutions empowers law enforcement, governments, and enterprises to collect, review, analyze & manage data.
Cellebrite Inseyets | Cellebrite Federal Solutions
Cellebrite Training - Inseyets Courses - Cellebrite
USBKill - how to turn a USB stick into a kill switch that can force a computer to destroy what you were doing
Imagine that the authorities have an interest in what’s on your computer.