[filmgirlcw]

Many journalists who are frequently engaging in conversations that would be deemed highly sensitive are keeping up with the latest thread model material and following best security practice, moreover, the circumstances we know in this case make me question if any individual outside of the most security paranoid, could have prevented being hacked in this way.

This was an iOS 0-day that appears to have targeted iMessage [1] and worked via zero-click, meaning user interaction wasn’t necessary. CitizenLabs says that in one case, the initial vector appears to be Apple’s own servers.

So you’ve got people with modern (if not the latest) phones running the latest software on what is considered to be the most secure mobile operating system and you have highly-targeted attacks that appear to be state-sponsored, with high precision, going after these individuals.

What could education do to help in this case? Literally every single person I know, and this includes some extremely sophisticated security experts, would have been victims here too.

In the abstract, I agree with more training — though I’ll offer that these resources are widely available already in many newsrooms — but in this case, it would have done nothing.

[1]: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hac...