Donncha Ó Cearbhaill
@donncha.is
Head of Security Lab - Amnesty International
Hunting spyware and unlawful surveillance targeting activists and civil society.
For help with digital forensics or suspect spyware threats contact: https://securitylab.amnesty.org/get-help/
Hunting spyware and unlawful surveillance targeting activists and civil society.
For help with digital forensics or suspect spyware threats contact: https://securitylab.amnesty.org/get-help/
Reposted by Donncha Ó Cearbhaill
If the Palestine Action hunger strikers die - which they could do at any moment, as they are now very close to the end - it will be the government that killed them. Today’s column explains why. Please share, and write urgently to your MP.
www.theguardian.com/commentisfre...
www.theguardian.com/commentisfre...
Let’s be clear: if the Palestine Action hunger strikers die, the government will bear moral responsibility | George Monbiot
The three remaining hunger strikers have been convicted of nothing. Yet with astonishing cruelty, ministers refuse to listen to their reasonable demands, says Guardian columnist George Monbiot
www.theguardian.com
January 7, 2026 at 8:07 AM
If the Palestine Action hunger strikers die - which they could do at any moment, as they are now very close to the end - it will be the government that killed them. Today’s column explains why. Please share, and write urgently to your MP.
www.theguardian.com/commentisfre...
www.theguardian.com/commentisfre...
Reposted by Donncha Ó Cearbhaill
NEW: Meet the folks at AccessNow's Digital Security Helpline, who have been investigating government spyware for more than a decade, helping journalists and dissidents all over the world.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
Meet the team that hunts government spyware
For years, Access Now’s Digital Security Helpline has been aiding journalists and dissidents who have been targeted with government spyware. This is how they operate.
techcrunch.com
December 27, 2025 at 6:52 PM
NEW: Meet the folks at AccessNow's Digital Security Helpline, who have been investigating government spyware for more than a decade, helping journalists and dissidents all over the world.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
Reposted by Donncha Ó Cearbhaill
NEW: Staffers at notorious spyware maker Intellexa had live remote access to their customers' surveillance systems.
This allowed them to see the personal data of targets hacked with Intellexa's spyware Predator, according to research based on a leaked training video.
Needless to say, this is bad.
This allowed them to see the personal data of targets hacked with Intellexa's spyware Predator, according to research based on a leaked training video.
Needless to say, this is bad.
Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch
Based on a leaked video, security researchers alleged that Intellexa staffers have remote live access to their customers' surveillance systems, allowing them to see hacking targets’ personal data.
techcrunch.com
December 4, 2025 at 6:17 PM
NEW: Staffers at notorious spyware maker Intellexa had live remote access to their customers' surveillance systems.
This allowed them to see the personal data of targets hacked with Intellexa's spyware Predator, according to research based on a leaked training video.
Needless to say, this is bad.
This allowed them to see the personal data of targets hacked with Intellexa's spyware Predator, according to research based on a leaked training video.
Needless to say, this is bad.
Reposted by Donncha Ó Cearbhaill
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Intellexa’s Global Corporate Web
www.recordedfuture.com
December 4, 2025 at 4:18 AM
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Reposted by Donncha Ó Cearbhaill
Our full report can be found here: securitylab.amnesty.org/latest/2025/...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...
securitylab.amnesty.org
December 4, 2025 at 11:37 AM
Our full report can be found here: securitylab.amnesty.org/latest/2025/...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
🚨 - New report by Haaretz, Inside Story, Inside-IT and Amnesty International release the Intellexa Leaks. Which exposes Intellexa support staff had access through Teamviewer to customer deployments and confirms found IOC's in the past by civil society. 🧵👇
December 4, 2025 at 2:38 PM
Check out the create reporting today from our wonderful colleagues and partners!
bsky.app/profile/etri...
bsky.app/profile/etri...
🔥 The #IntellexaLeaks
⚠ Νέα διεθνής έρευνα του @insidestory.gr σε συνεργασία με την @haaretzcom.bsky.social, WAV Research Collective και την τεχνική συνδρομή του Εργαστηρίου Ασφαλείας της @amnesty.org προχωρά σήμερα σε σημαντικές αποκαλύψεις: insidestory.gr/article/inte...
⚠ Νέα διεθνής έρευνα του @insidestory.gr σε συνεργασία με την @haaretzcom.bsky.social, WAV Research Collective και την τεχνική συνδρομή του Εργαστηρίου Ασφαλείας της @amnesty.org προχωρά σήμερα σε σημαντικές αποκαλύψεις: insidestory.gr/article/inte...
December 4, 2025 at 2:38 PM
Check out the create reporting today from our wonderful colleagues and partners!
bsky.app/profile/etri...
bsky.app/profile/etri...
Significantly Google has also announced threat notifications today, first time ever alerts sent for Predator, to "several hundred accounts across various countries, including Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan". 🔥🔥🔥
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.
cloud.google.com
December 4, 2025 at 2:38 PM
Significantly Google has also announced threat notifications today, first time ever alerts sent for Predator, to "several hundred accounts across various countries, including Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan". 🔥🔥🔥
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Toadya our research partners at Google TAG and Recorded Future (@julianferdinand.bsky.social)
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Intellexa’s Global Corporate Web
www.recordedfuture.com
December 4, 2025 at 2:38 PM
Toadya our research partners at Google TAG and Recorded Future (@julianferdinand.bsky.social)
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
The leaked materials also forensically confirm Predator’s use in previously documented attacks in Greece and Egypt - validating years of investigations by Amnesty, Citizen Lab & others.
December 4, 2025 at 2:38 PM
The leaked materials also forensically confirm Predator’s use in previously documented attacks in Greece and Egypt - validating years of investigations by Amnesty, Citizen Lab & others.
The level of remote access is more extensive and lax than previously thought. Intellexa staff simply logged in with TeamViewer (!) to a remote Predator customer system.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
December 4, 2025 at 2:38 PM
The level of remote access is more extensive and lax than previously thought. Intellexa staff simply logged in with TeamViewer (!) to a remote Predator customer system.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
A leaked training video show a client list (by codename): Dragon, Eagle, Falcon, Flamingo, Fox & more. Our investigation confirms Eagle is Kazakhstan; Phoenix, the 2023 Predator Files investigation found, was Libya.
www.haaretz.com/israel-news/...
www.haaretz.com/israel-news/...
December 4, 2025 at 2:38 PM
A leaked training video show a client list (by codename): Dragon, Eagle, Falcon, Flamingo, Fox & more. Our investigation confirms Eagle is Kazakhstan; Phoenix, the 2023 Predator Files investigation found, was Libya.
www.haaretz.com/israel-news/...
www.haaretz.com/israel-news/...
Shockingly, the leaks shows that Intellexa kept REMOTE ACCESS to Predator systems deployed on government clients’ premises — meaning the company had the potential to see data about surveillance victims in real time..
December 4, 2025 at 2:38 PM
Shockingly, the leaks shows that Intellexa kept REMOTE ACCESS to Predator systems deployed on government clients’ premises — meaning the company had the potential to see data about surveillance victims in real time..
We've found first evidence of active Predator spyware in Pakistan 🇵🇰 - where a human rights lawyer in Balochistan was targeted amid intensified repression against civil society in the country.
securitylab.amnesty.org/latest/2025/...
securitylab.amnesty.org/latest/2025/...
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...
securitylab.amnesty.org
December 4, 2025 at 2:38 PM
We've found first evidence of active Predator spyware in Pakistan 🇵🇰 - where a human rights lawyer in Balochistan was targeted amid intensified repression against civil society in the country.
securitylab.amnesty.org/latest/2025/...
securitylab.amnesty.org/latest/2025/...
🚨 A huge leak exposes the new targets and internal operations of Intellexa, the secretive and murky company behind the notorious Predator spyware.
Introducing #IntellexaLeaks, a joint investigation with partners @insidestory.gr, @haaretzcom.bsky.social & WAV Research Collective 🧵👇
Introducing #IntellexaLeaks, a joint investigation with partners @insidestory.gr, @haaretzcom.bsky.social & WAV Research Collective 🧵👇
December 4, 2025 at 2:38 PM
🚨 A huge leak exposes the new targets and internal operations of Intellexa, the secretive and murky company behind the notorious Predator spyware.
Introducing #IntellexaLeaks, a joint investigation with partners @insidestory.gr, @haaretzcom.bsky.social & WAV Research Collective 🧵👇
Introducing #IntellexaLeaks, a joint investigation with partners @insidestory.gr, @haaretzcom.bsky.social & WAV Research Collective 🧵👇
Reposted by Donncha Ó Cearbhaill
This is amazing research by Nadia Heninger and her co-authors Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin and Aaron Schulman. TL;DR a huge number of satellite links over our heads are totally unencrypted. satcom.sysnet.ucsd.edu
🛰️ SATCOM Security
Research project homepage for SATCOM Security: papers, source code, and recent satellite communications vulnerabilities.
satcom.sysnet.ucsd.edu
October 14, 2025 at 1:16 AM
This is amazing research by Nadia Heninger and her co-authors Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin and Aaron Schulman. TL;DR a huge number of satellite links over our heads are totally unencrypted. satcom.sysnet.ucsd.edu
Reposted by Donncha Ó Cearbhaill
SCOOP: Spyware maker NSO Group confirmed to us that the company has been acquired by a U.S. investment group.
NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.
NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.
Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
NSO Group confirmed to TechCrunch that an unnamed group of American investors has taken “controlling ownership” of the surveillance tech maker.
techcrunch.com
October 10, 2025 at 3:54 PM
SCOOP: Spyware maker NSO Group confirmed to us that the company has been acquired by a U.S. investment group.
NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.
NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.
Reposted by Donncha Ó Cearbhaill
If you're based in Berlin, there's an event this Tuesday on spyware, hosted by @amnestyuk.bsky.social and @papertrailmedia.de. It includes workshops by @donncha.is, @jurrevanbergen.nl, and others, drop-in sessions, and a panel. Tickets are still available: www.hebbel-am-ufer.de/programm/pde...
Amnesty International
Digital Surveillance: How States Are Spying on the Resistance
www.hebbel-am-ufer.de
September 28, 2025 at 12:11 PM
If you're based in Berlin, there's an event this Tuesday on spyware, hosted by @amnestyuk.bsky.social and @papertrailmedia.de. It includes workshops by @donncha.is, @jurrevanbergen.nl, and others, drop-in sessions, and a panel. Tickets are still available: www.hebbel-am-ufer.de/programm/pde...
Reposted by Donncha Ó Cearbhaill
Reposted by Donncha Ó Cearbhaill
Join us?
💥Workshops w/ @papertrailmedia.de @amnesty.de @interseclab.bsky.social
💥Dig. Security Clinic w/ @accessnow.org, @pressefreiheit.bsky.social&Tact. Tech
💥Panel w/ @donncha.is @sophieintveld.bsky.social @davidyambio.bsky.social @anjaosterhaus.bsky.social
&Art by @forensicarchi.bsky.social
💥Workshops w/ @papertrailmedia.de @amnesty.de @interseclab.bsky.social
💥Dig. Security Clinic w/ @accessnow.org, @pressefreiheit.bsky.social&Tact. Tech
💥Panel w/ @donncha.is @sophieintveld.bsky.social @davidyambio.bsky.social @anjaosterhaus.bsky.social
&Art by @forensicarchi.bsky.social
September 26, 2025 at 9:46 AM
Join us?
💥Workshops w/ @papertrailmedia.de @amnesty.de @interseclab.bsky.social
💥Dig. Security Clinic w/ @accessnow.org, @pressefreiheit.bsky.social&Tact. Tech
💥Panel w/ @donncha.is @sophieintveld.bsky.social @davidyambio.bsky.social @anjaosterhaus.bsky.social
&Art by @forensicarchi.bsky.social
💥Workshops w/ @papertrailmedia.de @amnesty.de @interseclab.bsky.social
💥Dig. Security Clinic w/ @accessnow.org, @pressefreiheit.bsky.social&Tact. Tech
💥Panel w/ @donncha.is @sophieintveld.bsky.social @davidyambio.bsky.social @anjaosterhaus.bsky.social
&Art by @forensicarchi.bsky.social
Reposted by Donncha Ó Cearbhaill
For more than a year I’ve spoken with Scattered Spider “caller” Noah Urban from a Florida jail. I wanted to know how they chose victims, their methods and how Noah became entangled in a virtually and physically violent world.
We’re publishing his story today: www.bloomberg.com/news/feature...
We’re publishing his story today: www.bloomberg.com/news/feature...
‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker
Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems.
www.bloomberg.com
September 19, 2025 at 11:46 AM
For more than a year I’ve spoken with Scattered Spider “caller” Noah Urban from a Florida jail. I wanted to know how they chose victims, their methods and how Noah became entangled in a virtually and physically violent world.
We’re publishing his story today: www.bloomberg.com/news/feature...
We’re publishing his story today: www.bloomberg.com/news/feature...
Reposted by Donncha Ó Cearbhaill
Staatliche digitale Überwachung der Zivilgesellschaft: Am 30.9. bringen Amnesty und das HAU in Berlin Journalist*innen, Aktivist*innen, Technolog*innen, politische Entscheidungsträger*innen und die von Spionageprogrammen Betroffenen zusammen. Infos & Anmeldung 👇
www.hebbel-am-ufer.de/programm/pde...
www.hebbel-am-ufer.de/programm/pde...
Amnesty International
Digital Surveillance: How States Are Spying on the Resistance
www.hebbel-am-ufer.de
September 17, 2025 at 8:55 AM
Staatliche digitale Überwachung der Zivilgesellschaft: Am 30.9. bringen Amnesty und das HAU in Berlin Journalist*innen, Aktivist*innen, Technolog*innen, politische Entscheidungsträger*innen und die von Spionageprogrammen Betroffenen zusammen. Infos & Anmeldung 👇
www.hebbel-am-ufer.de/programm/pde...
www.hebbel-am-ufer.de/programm/pde...
Reposted by Donncha Ó Cearbhaill
There is no more time for excuses: as the evidence of Israel’s genocide continues to mount the international community cannot claim they didn’t know.
September 16, 2025 at 1:37 PM
There is no more time for excuses: as the evidence of Israel’s genocide continues to mount the international community cannot claim they didn’t know.
Reposted by Donncha Ó Cearbhaill
We are announcing Bugbane, an open-source Android app that makes consensual mobile forensics more accessible. It's compatible with MVT and AndroidQF.
Now in an open-beta, we are calling for community feedbacks before a general public release by EOY!
osservatorionessuno.org/blog/2025/09...
Now in an open-beta, we are calling for community feedbacks before a general public release by EOY!
osservatorionessuno.org/blog/2025/09...
Bugbane: Simplifying consensual Android forensics
Bugbane: Simplifying consensual Android forensics
osservatorionessuno.org
September 6, 2025 at 2:42 PM
We are announcing Bugbane, an open-source Android app that makes consensual mobile forensics more accessible. It's compatible with MVT and AndroidQF.
Now in an open-beta, we are calling for community feedbacks before a general public release by EOY!
osservatorionessuno.org/blog/2025/09...
Now in an open-beta, we are calling for community feedbacks before a general public release by EOY!
osservatorionessuno.org/blog/2025/09...
Reposted by Donncha Ó Cearbhaill
🚨Out today: In Pakistan können jederzeit über 4 Mill. Menschen gleichzeitig willkürlich überwacht werden.
Die Technik („LIMS“) stammt vom deutschen Unternehmen Utimaco und ist eigentlich im Export kontrolliert. Unsere neue, einjährige Recherche von @amnesty.de @amnesty.org & Partner*innen zeigt:
Die Technik („LIMS“) stammt vom deutschen Unternehmen Utimaco und ist eigentlich im Export kontrolliert. Unsere neue, einjährige Recherche von @amnesty.de @amnesty.org & Partner*innen zeigt:
September 9, 2025 at 8:31 AM
🚨Out today: In Pakistan können jederzeit über 4 Mill. Menschen gleichzeitig willkürlich überwacht werden.
Die Technik („LIMS“) stammt vom deutschen Unternehmen Utimaco und ist eigentlich im Export kontrolliert. Unsere neue, einjährige Recherche von @amnesty.de @amnesty.org & Partner*innen zeigt:
Die Technik („LIMS“) stammt vom deutschen Unternehmen Utimaco und ist eigentlich im Export kontrolliert. Unsere neue, einjährige Recherche von @amnesty.de @amnesty.org & Partner*innen zeigt: