How sloppy OPSEC gave researchers an inside look at the exploit industry

“Those government developers were testing out the WhatsApp malware on their own devices, and it was storing their discussions on the program’s servers.

The nation-state essentially had hacked itself and accidentally dumped highly sensitive information on the open internet—including details of its interactions with the secretive vendors who sell spyware to governments.”


@aral It should not come as a surprise to any penetration tester and security tester that one should always test on a separate, dedicated machine, and never ever on one's own machine.

@aral Now THIS is the right way to share something you saw on Twitter. Thanks!

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!