(last updated 02.22.2022)
(News story below is factual. Forensics investigators uncovered a web. Read for yourself: here)
(click image below to watch on decentralized Peertube channel - mirrors at bottom of page)
(SHARE the link/video! Help inform others on Telegram/Social Media + more!)
ππ ModifiedElephant Targeting: Journalists/Lawyers
This story hits particularly hard. Reminiscent of the benefits brought by strong, safe, backdoor-free encryption tools
(and the current international media attacks against E2EE).
When you look closer into the details of this ModifiedElephant story, to put short: it's suspicious.
Some of the later software used even includes the famous NSO Group's Pegasus (2019).
And yet, this APT continues attacking today (apparently well funded - but what do I know, could be organic 10 year campaign, right? π€).
Who benefits? And what group/organization can carry on a 10 year concerted effort to repeatedly target the same Human Rights activists, Journalists, Lawyers, and Academics, over and over again
(as the report suggests)?
Not only for long term surveillance, but later framed with fabricated evidence, for serious crimes they did not even commit (see: here)
Screenshots Shared Below:
(it is their good fortune a forensics company was able to go in and prove (forensically) the evidence was in fact fabricated/planted. That it came from the remote access tool transfers)
Scary insight into what appears to be an involved dark underworld.
Facts in this 10 year running case are alarming:
π« Human Rights π
Encryption is what allows Human Rights activism to exist/communicate, in the modern age of #biometrics/AI.
Over time, Human Rights have been shown to be a fragile thing. Much of our modern world is.
Some interest groups/thinktanks may see certain "rights" as something "in the way" to futuristic, ambitious data collection/surveillance capitalism related potential, even power/influence
(hard as this is for some to admit).
Privacy: #12 in the United Nations (UN) Universal Declaration Of Human Rights.#12 on the United Nations Universal Declaration Of Human Rights.
One Thing Is Certain: Without previous Human Rights activism of generations past, we would not have the same level of Human Rights/liberties we have today.
It is an imperative to speak up and continue standing up for Human Rights.
Otherwise, in the end, we lose.
π Encryption/Cryptography π
Encryption provides a multitude of benefits.
One of those being data "integrity". Data locked within an encrypted volume stays intact as long as it remains locked.
Veritably in its original/exact pre-encrypted form, bit by bit, until it reaches an unlocked state (provided the correct key).
There are various methodologies where cryptography and hash functions are used in the context of data integrity.
One of the more common we see, is what is broadly defined as a "fingerprint". Commonly seen in shortened hex form, unique hash of our key.
Providing a quick glance option to check on a key.
Matching the offered fingerprint to the known authentic key's fingerprint is what ensures communication and authentication situations are in fact, safe.
π Fingerprint Check Examples: ssh, gpg/pgp, web cert..
We also see MD5, SHA1, SHA256, SHA512 checksum/hashes: common/accurate tests to prove data within a file matches the source it was provided from.
Helping you detect any file changes (see my linked tutorials below this), and avoid a MITM (man in the middle) attack - a situation where a middle party (the man in the middle) replaces a given file with malware and/or modification.
Example: If a file is run through SHA256, an equally identical file will return the same hash.
And if the checksum does not match, do not run or install that file until further verification comparisons can be made (could be malicious!)
If an online file's hash/checksum does not match, it's a good idea to inform the developer. Even if the file/checksum is accurate, there could be a web based attack occurring.
#οΈβ£ Examples: Checksum Tutorials:
(screenshot sample below)
Checksums Intro Commands (+ screenshots)
Debian Based Video (Pop!_OS Used - any debian will do: check systemwide or by file/pkg)
Arch or Manjaro Based OS (check files/packages for modification systemwide)
𧩠Obfuscation
Encryption 'obfuscates' drive/volume contents: meaning, encrypted data/text (ciphertext) is unable to be read (ie: illegible) in its locked form, even with physical access to volume hardware
(until the key/pw unlocks it).
Only once that volume is unlocked, can it be read, or edited by those with physical access (this is why backdoors are nothing short of dangerous ideas!)
Prevention Of Physical Fabrication Of Evidence
We just finished learning: when a volume is encrypted, no one can read the files in this state - locked (as long as there is no backdoor or secondary keys/access vulnerabilities)
Additionally, when a partition is encrypted, no one can edit, or add any files to that volume - UNLESS there is a physical vulnerability built into the hardware/crypto.
THIS feature of crypto: preventing modification of a locked volume is the key to prevention of physical evidence tampering and planted/fabricated evidence.
Summary: If someone has physical access or possession of a device. As long as that device is fully encrypted with secure, strong encryption, no one can modify that data.
π Technicalities π»
Encryption Backdoor Consequences π
Any form of backdoor undermines all trust in the contents of an encrypted volume - nothing good can come of this.
Those willing to consider backdoored cryptography as a reliable proof, may have a serious integrity issue on their hands. I urge them to rethink their position.
In this world, others within physical access to a machine (even turned off) could negate all previously known integrity of the filesystem (due to additional access methods)
π End-To-End Comms (Backdoor Of Consequence)
With backdoored encryption for end to end encrypted communication, conversations would no longer carry the same integrity.
Journalist communication could become planted with false conversations (by those with the right access).
At the very least, intercepted. Self censored. Silenced.
A world where truth would become a thing of the past. Where self-censorship becomes the rule.
A world fearing self-expression.
In a world such as this, APT's like ModifiedElephant, could have their way,
In a world like this, we rue' the day.
πΊ Embedded YT:
Other Latest Video Watch Options:
[ πΊ Peertube ]
[ πΊ Bitchute ]
[ πΊ Odysee / LBRY ]
Sources: https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
π Help grow this by sharing the URL to help grow the community.
π Sharing this moves this content higher in the algorithm. Thanks in advance.
βοΈ Thanks for being a follower (it's FREE!). Followers get only the most important posts by email.
Thoughts, comments and any questions welcome below.
π Thank you for Sharing this (Telegram/Social media)
Don't forget to follow at the links below.
ποΈ LINKS/SERVICES
----------------------------------------------------------------------
π§ π GITEA SERVICE (.onion): Books, Code/Scripts, Wiki, more (make a repository)
π§ π PASTEBIN (.onion): options- password protect, zk-256bit, "Burn After Reading" + more (use Tor Browser for .onion's)
----------------------------------------------------------------------
π π€ SUPPORT OPTIONS π (If you like to)
π EXTRAS: (bonus offers / support). Support here offers something in return.
π€ π΅ CASHAPP: $HumanRightsTech
βπ π Politictech Membership (monthly supporter option + extra access)
π³ Politictech Main Page: (info + current links/addresses)
----------------------------------------------------------------------
FOLLOW:
βπMASTODON
π¦ TWITTER
πΊ π PEERTUBE
πΊ π BITCHUTE
πΊ π ODYSEE
πΊ π YOUTUBE
---------------------------------------------------------------------
β CONTACT
-------------------------------------------------------------------------
THANK YOU for Sharing this, Liking, and Subscribing.
-------------------------------------------------------------------------
If you aren't registered for Odysee I'd love to see you over there.
Use my invite link: https://odysee.com/$invite/@RTP
--------------------------------------------------------------------------