wenty new US-based investors were observed investing in the spyware industry in
2024. This indicates a significant increase of US-based investments in spyware
in 2024, catapulting the United States to being the largest investor in this
sample of the spyware market. This is significant in scale, as US-based
investment from 2023 to 2024 largely outpaced that of other major investing
countries observed in the first dataset, including Italy, Israel, and the United
Kingdom. It is also significant in the disparity it points to the visible
enforcement gap between the flow of US dollars and US policy initiatives.
Despite numerous US policy actions, such as the addition of spyware vendors on
the Entity List, and the broader global leadership role that the United States
has played through imposing sanctions and diplomatic engagement, US investments
continue to fund the very entities that US policymakers are making an effort to
combat.

Second, the authors elaborated on the central role that resellers and brokers
play in the spyware market, while being a notably under-researched set of
actors. These entities act as intermediaries, obscuring the connections between
vendors, suppliers, and buyers. Oftentimes, intermediaries connect vendors to
new regional markets. Their presence in the dataset is almost assuredly
underrepresented given the opaque nature of brokers and resellers, making
corporate structures and jurisdictional arbitrage more complex and challenging
to disentangle. While their uptick in the second edition of the Mythical Beasts
project may be the result of a wider, more extensive data-collection effort,
there is less reporting on resellers and brokers, and these entities are not
systematically understood. As observed in the first report, the activities of
these suppliers and brokers represent a critical information gap for advocates
of a more effective policy rooted in national security and human rights. These
discoveries help b
ring into sharper focus the state of the spyware market and the wider
cyber-proliferation space, and reaffirm the need to research and surface these
actors that otherwise undermine the transparency and accountability efforts by
state and non-state actors as they relate to the spyware market.

Really good work. Read the whole thing.

** *** ***** ******* *********** *************

Details About Chinese Surveillance and Propaganda Companies

[2025.09.22] Details from leaked documents:

While people often look at China's Great Firewall as a single, all-powerful
government system unique to China, the actual process of developing and
maintaining it works the same way as surveillance technology in the West. Geedge
collaborates with academic institutions on research and development, adapts its
business strategy to fit different clients' needs, and even repurposes leftover
infrastructure from its competitors.

[...]

The parallels with the West are hard to miss. A number of American surveillance
and propaganda firms also started as academic projects before they were spun out
into startups and grew by chasing government contracts. The difference is that
in China, these companies operate with far less transparency. Their work comes
to light only when a trove of documents slips onto the internet.

[...]

It is tempting to think of the Great Firewall or Chinese propaganda as the
outcome of a top-down master plan that only the Chinese Communist Party could
pull off. But these leaks suggest a more complicated reality. Censorship and
propaganda efforts must be marketed, financed, and maintained. They are shaped
by the logic of corporate quarterly financial targets and competitive bids as
much as by ideology -- except the customers are governments, and the products
can control or shape entire societies.

More information about one of the two leaks.

** *** ***** ******* *********** *************

Apple's New Memory Integrity Enforcement

[2025.09.23] Apple has introduced a new hardware/software security feature in
the iPhone 17: "Memory Integrity Enforcement," targeting the memory safety
vulnerabilities that spyware products like Pegasus tend to use to get
unauthorized system access. From Wired:

In recent years, a movement has been steadily growing across the global tech
industry to address a ubiquitous and insidious type of bugs known as
memory-safety vulnerabilities. A computer's memory is a shared resource among
all programs, and memory safety issues crop up when software can pull data that
should be off limits from a computer's memory or manipulate data in memory that
shouldn't be accessible to the program. When developers -- even experienced and
security-conscious developers -- write software in ubiquitous, historic
programming languages, like C and C++, it's easy to make mistakes that lead to
memory safety vulnerabilities. That's why proactive tools like special
programming languages have been proliferating with the goal of making it
structurally impossible for software to contain these vulnerabilities, rather
than attempting to avoid introducing them or catch all of them.

[...]

With memory-unsafe programming languages underlying so much of the world's
collective code base, Apple's Security Engineering and Architecture team felt
that putting memory safety mechanisms at the heart of Apple's chips could be a
deus ex machina for a seemingly intractable problem. The group built on a
specification known as Memory Tagging Extension (MTE) released in 2019 by the
chipmaker Arm. The idea was to essentially password protect every memory
allocation in hardware so that future requests to access that region of memory
are only granted by the system if the request includes the right secret.

Arm developed MTE as a tool to help developers find and fix memory corruption
bugs. If the system receives a memory access request without passing the secret
check, the app will crash and the system will log the sequence of events for
developers to review. Apple's engineers wondered whether MTE could run all the
time rather than just being used as a debugging tool, and the group worked with
Arm to release a version of the specification for this purpose in 2022 called
Enhanced Memory Tagging Extension.

To make all of this a constant, real-time defense against exploitation of memory
safety vulnerabilities, Apple spent years architecting the protection deeply
within its chips so the feature could be on all the time for users without
sacrificing overall processor and memory performance. In other words, you can
see how generating and attaching secrets to every memory allocation and then
demanding that programs manage and produce these secrets for every memory
request could dent performance. But Apple says that it has been able to thread
the needle.

** *** ***** ******* *********** *************

US Disrupts Massive Cell Phone Array in New York

[2025.09.24] This is a weird story:

The US Secret Service disrupted a network of telecommunications devices that
could have shut down cellular systems as leaders gather for the United Nations
General Assembly in New York City.

The agency said on Tuesday that last month it found more than 300 SIM servers

--- BBBS/LiR v4.10 Toy-7
 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1)