[broupannoiffuto]

There is a lot of dodgy stuff in the field of threat intelligence. Many big companies client to some of those providers have access to information which clearly cannot be obtained through OSINT alone, or just surfing the dark web.

I am talking which IP talked to which other IP, or even stuff seen from running botnets of infected machines in certain "interesting" parts of the world.

[ajross]

Explain the dodgy bit here? These are all public/open forums. Open source intelligence work[1] is... routine and normal? What's the remedy you want to see? The government isn't allowed to read reddit or join discord forums? The government isn't allowed to hire people to read reddit or join discord forums?

The headline is doing a lot of lifting with "spies" and "infiltrate", but as I read the article... quite frankly everything described is not only routine, and legal, it's literally protected by the first amendment.

[1] It's a term of art. Obviously not the same thing as open source software.

[broupannoiffuto]

Accessing netflow data "leaked" by ISPs as to who communicates with who ?

Running botnets of infected machines in order to see what certain bad actors from APTs may be doing, where they could be trying to get hired, etc ?

[ajross]

None of that is alleged in the linked article...

[poopiokaka]

Is that supposed to be a counter point to something? It’s relevant and related capability by orgs in the industry that the article mentions.

[surveilled]

I downloaded an iOS app targeting adults (Feeld).

The names of the “people” it suggests to me are frequently names of people who I know. Somehow, whatever is generating fake profiles is inferring my identity and showing me names of people I know.

Amazingly, it seems to have access to iOS communication because sometimes I’ll imessage with someone I haven’t communicated with in a long time (by any means), and soon enough their name pops up on the other app.

Do you have any insight on how it might work? I’ve wondered if there’s a very common app that many of my contacts would have installed that is able to peek at iMessage.

[walterbell]

Is your iOS device hardened, e.g. Lockdown Mode, locally supervised by Apple Configurator 2 with restrictive policies, whitelisted WiFi without auto-join, disabled AirDrop, etc? You can also look for forensic artifacts in iOS device backups.

https://docs.mvt.re/en/latest/ios/methodology/

https://www.amnesty.org/en/latest/research/2021/07/forensic-...

https://github.com/citizenlab/malware-indicators

https://github.com/sroberts/awesome-iocs

[akomtu]

One app gets your IP address and sells it to data brokers in real time. Another app buys this data and correlates it with IP addresses it knows. In practice, there are hundreds of data points as smartphones are all about data collection.

[surveilled]

Yes part of it works as you’ve suggested, the ID part.

However, there’s more at play. Somehow there is access to data about whom I contact (again only via iMessage) and the contents of messages (only via iMessage). It’s not an imagined correlation, some of the data shown on the app could only come from recent iMessages.

[ajolly]

How do you know the profiles are fake?

[4ad]

So it's not just me going insane. I have experienced the same behavior with Feeld.