[throw8932894]

Someone who has access to Pegasus is not going after finances. I had modest amount of ethereum on my PC, was hacked, but I still had control over my wallet.

If you have $1M+ it should not be tied to your sim card, GMail account etc... If you use the same device to access your bank accounts, and to browse internet or receive messages, you are like an idiot who does not do backups!

[markdown]

> If you use the same device to access your bank accounts, and to browse internet or receive messages, you are like an idiot who does not do backups!

Using ones phone for banking, internet, and sms is completely normal. Saying that 99.9999999999999999% of the world population that owns smartphones is an idiot isn't helpful.

The idiots are the governments of the world that haven't sanctioned Israel for allowing the continued trade of these cyberweapons by their citizens.

[arghwhat]

"99.9999999999999999%" of the world are not high-value targets with > $1M USD in assets.

> The idiots are the governments of the world that haven't sanctioned Israel

Sanctions against Israel are not going to make vulnerabilities and risks go away. It will just make life harder for a single provider.

[supernova87a]

So you mean for example, you keep your Authenticator app on a device completely separate from your phone / disconnected from the internet?

[solarkraft]

2FA is a good option for securing your centralized accounts. But unfortunately, if you're logged in on your phone and your phone is hacked, well, it's still game over.

For crypto currencies it may help to store them on a hardware wallet, since accessing your money will require explicit interaction. But, as far as I understand (please correct me, not up to date with the security mechanisms of hardware wallets), if your computer is compromised while doing it, you can still lose it.

[ajkdhcb2]

> if your computer is compromised while doing it, you can still lose it.

The hardware wallet itself has a screen, and requires you to confirm your transactions, so generally not true

[Semaphor]

Just for people who don’t know, it’s shows relevant data regarding the transaction: Sum, currency, target address.

Now, if you verify that data, you are safe… if the original address was correct. But as we are talking about a sophisticated targeted attack, where did you get the original address from? Because if it was your phone or your computer, we are back to step one, as that might already be manipulated.

[closewith]

In that case, the majority of the people in the world with more than $1MM are idiots.

[solarkraft]

The advantage of centralized services tied to your clear identity is that they do some diligence to ensure the person accessing your account is actually you. You (often) even have a reasonable recourse to undo things that have been done fraudulently.

[rosndo]

Haha.

It’s regular government employees who get access to Pegasus. I’d be shocked if it had never been used in an unauthorized manner for straight up financial crimes.