Analysis of Intellexa’s Predator Spyware

Amnesty International has published a comprehensive analysis of the Predator government spyware products.

These technologies used to be the exclusive purview of organizations like the NSA. Now they’re available to every country on the planet—democratic, nondemocratic, authoritarian, whatever—for a price. This is the legacy of not securing the Internet when we could have.

Posted on October 18, 2023 at 7:06 AM15 Comments


Joel Halpern October 18, 2023 9:35 AM

While I agree that the systemic security of the Internet is wholly inadequate, I am not at all sure there ever was a time when we, for any meaningful value of “we”, could have secured the Internet. (To be clear, I presume we could have done better than we did. I just doubt we would have achieved anything recognizable as actually securing the Internet.) As Bruce has noted in other contexts, a lot of this is about the incentives, and I don’t think those ever lined up right.

TimH October 18, 2023 9:57 AM

No government will allow the internet to be secure, in the sense that every user has individual control (and privacy).

Governments want control (for example, stopping factually true but politically undesirable ‘misinformation’ from propagating), and aren’t too bothered about sharing that control with other biggies.

Clive Robinson October 18, 2023 10:21 AM

@ Bruce,

“This is the legacy of not securing the Internet when we could have.”

Not sure “legacy” is the word I’d use.

It does not matter what the technology is, it ends up being used for what society regards as “bad”.

As part of this politically the “bad” is almost always addressed badly by those who consider themselves in authority.

So from my point of view the Internet was always going to become subject to surveillance one way or another by the various types of criminals there are[1] that abound these days as technology becomes ever more pervasive and less costly to abuse society with.

But are we to blaim for not securing when we could have?

It’s an interesting question.

In Europe we looked at a national or greater digital network as an enhancment to the existing telephony system. So Europe via ISO drew up the OSI and ISDN specifications which included the “X Standards” that were designed from the get go for a global or larger sized system. Even though there were not the resources at the time to implement it.

In the US however the thinking arose out of military communications, thought up by someone who worked in Bletchly Park during WWII and post war went to work for major US organisations that advised both the DoD and their research organisations through APRA.

What was done through the US DoD was “pragmatic” and thus within the constraints of 1960’s and earlier technology. Such were the limitations that it could barely be got going as a very minimal system. Information security was thus not possible, when even basic functionality was “pushing the envelope”.

The mistake that was actually made was the (in)famous,

“If it works don’t fix it.”

That gives rise to the excuse of “Support least functionality for backwards compatability” and thus the issue of lowest common denominator functionality and the resulting “fall-back attack” vulnerabilities.

Arguably if we had held out for the ISO OSI sevel layer model and all that went with it, rather than go for DARPA’s DoD four layer TCP/UDP on IP model than the Internet would not have happened. Or been very much more constrained as it would have been under the “Telecommunications Industry Business Model” which last century was extreamly abusive to customers and extraordinairily slow to inovate as well as eye wateringly expensive.

The result was a lot of good things in the OSI model have still not made it to the DoD model and some such as security by standards body (IPsec and the like) have been so badly implemented people swear it must be a conspiracy theory…

[1] And yes having been subject to surveillance several times in my life, in that long list of crooks and ne’er-do-wellIs I include all Governments, their agents, their guard labour, semi-officel prod noses, and self apointed sniffers around tent doors. From my point of view it’s not secrecy, but privacy that forms the foundations of society, and kicking that away in any way harms society, and engenders the hypocritical “for the common good” nonsense that is a smoke screen for the thugish “might is right” nonsense from the self entitled mental aberrants.

Legacy Result October 18, 2023 12:31 PM

“This is the legacy of not securing the Internet when we could have.”

“This is the result of a legacy of not securing the Internet…” is how I read @Bruce’s statement.

JonKnowsNothing October 18, 2023 12:36 PM

An interesting article on MSM today about a Colorado State Supreme Court ruling allowing a “keyword search warrant” of Google Search History Database aka “reverse-keyword warrant”.

When the Denver Police Department ran out of leads after months investigating a 2020 suspected arson, the cops testified in court that they chased down a hunch. According to Hood, “They inferred that the perpetrators would have researched the property before burning it down or, at the very least, looked up directions to get there.” So they turned to Google, serving a keyword warrant that quickly surfaced information on eight Google users who searched for the address of the fire within a specific timeframe—information that ultimately led to three arrests…

A judge dissenting only the topic of trolling through Google’s Search History wrote:

“I strongly disagree with the majority’s conclusion that the examination of a billion Google users’ search histories was not unreasonably intrusive because the government didn’t ultimately seize all of those search histories.”

Judge Maria Berkenkotter


HAIL Warning

ht tps://arstechnica. c o m /tech-policy/2023/10/cops-may-expand-use-of-dragnet-warrants-of-google-search-data-experts-warn/

Erdem Memisyazici October 18, 2023 4:30 PM


From my point of view it’s not secrecy, but privacy that forms the foundations of society, and kicking that away in any way harms society, and engenders the hypocritical “for the common good” nonsense that is a smoke screen for the thugish “might is right” nonsense from the self entitled mental aberrants

I second that last part.

lurker October 18, 2023 7:13 PM

@Legacy Result

OED, legacy:

1 an amount of money or property left to someone in a will:

2 the long-lasting impact of particular events, actions, etc. that took place in the past, or of a person’s life:

3 US an applicant to a particular college or university who is regarded preferentially because a parent or other relative attended the same institution:

ResearcherZero October 19, 2023 3:49 AM

@Clive Robinson

“Security might reduce competition,” yet “only librarians and nerds use computers”.

It’s all due to a simple logic fallacy that politicians are imbued with, not on the list of priorities, and a p**s poor understanding of basic security concepts. Only when one’s own privacy is threatened does the immediacy of the problem become apparent.

Troll em with briefcase bags… and attach any one of these logos (high res).


briefcase bag


(print out as a sticker)


Automatic Wi-Fi connections, Wi-Fi calling and Roaming…

Like Wi-Fi auto connect, the IKEv2 authentication is also based on identities like the IMSI number, which are exchanged over EAP-AKA. (can be disabled by users of course)

“some carriers can control the Wifi calling and VoLTE settings, overriding the ability for some users to change this setting”


Don’t try explaining this to a politician…

Looking at the OSI model a packet will enter the firewall on a wire (or well radio wave). It would then travel up to the proper device driver in the kernel. Then the packet starts to go through a series of steps in the kernel, before it is either sent to the correct application (locally), or forwarded to another host – or whatever happens to it. The netfilter has hooks – well-defined points in a packet’s traversal of the protocol stack – at which the software “hooks in”


Netfilter introduces a concept of network packet stages: each network packet coming to the device or being sent out from the device has to pass through several phases.

There are five netfilter hooks that programs can register with. As packets progress through the stack, they will trigger the kernel modules that have registered with these hooks. The hooks that a packet will trigger depends on whether the packet is incoming or outgoing, the packet’s destination, and whether the packet was dropped or rejected at a previous point.

The so-called hooks are essentially enumerated objects in the code (integers with values incrementing from 0). Each hook corresponds to a specific trigger point location in the kernel network stack. In-depth description:

A little old some of these HOWTOs, but so are the protocols…

communicating with libiptc 🐉



ResearcherZero October 19, 2023 4:55 AM

Bank security only improved to protect the bottom line after repeated physical robbery.

The response from government and national carriers was rather underwhelming in regards to basic security requirements. Meanwhile foreign agents were breaking into telco exchanges and conducting operations targeting carrier state offices, yet their was basically no cooperation to address these problems, or improve physical security.

This left the defense and intelligence space with an option to improve their own collection capabilities, with very few regulatory obstacles in the way. Politicians showed little interest in protecting data, even their own data, or anyone else’s privacy, as “only nerds and librarians use the internet”…

“Short-term, ‘tactical’ events monopolise media headlines. Meanwhile, longer-term, strategic threats that fall outside the normal news (or electoral) cycle get neither the thinking they require, nor the resources needed to understand and counter them properly.”


Chinese intelligence services were actively attempting to recruit business and political leaders in Canada to influence political activities as far back as the ’90s.


“Their spymaster gave them money and a shopping list of intelligence requirements and sent them to Australia. The academic even set his Australian PhD students research assignments in line with his intelligence requirements.”


“Will they weaponize this data they’ve accumulated over the years?”

ResearcherZero October 19, 2023 6:20 AM

It was technology that enabled a business model to prioritize advertising velocity over factual veracity. If you leave a space to be exploited – it will be penetrated.

There are a plethora of reasons as to why privacy is important to us.


“consider any system with an internet connection as vulnerable to the most capable attackers”

“If you’re separated from your device for any length of time while travelling (for example, at an airport) you should consider it compromised.”


Protect any research against “potential theft, misuse or exploitation” from foreign collaborations.


ResearcherZero October 20, 2023 1:03 AM

Sorry, Java devs and Pythonistas: “but we’re focused on C and C++. Other folks would need to build out support for that. …It might be a decade, but it’ll happen.”


Clive Robinson October 20, 2023 7:02 AM

@ ResearcherZero,

Re : Reversing the thread.

With regards The Register article on DARPA and it’s runtime code maintainance issues.

“According to the US university, the GT team has, with $10 million in Pentagon funding, developed a prototype pipeline that can “distill” binary executables into human-intelligible code so that it can be updated and deployed in “weeks, days, or hours, in some cases.”

One of my past jobs was to write code such that this sort of thing was not realistically possible within reason.

To that end I wrote code in assembler that “evolved” in both time and use. Such that having an image of the “Start ROM code” that got loaded into RAM was not sufficient to get the equivalent of the executable that changed more or less continuously in one way or another in a random way.

It would be interesting to see how this “reversing the thread” of execution system might deal with it.

WhiskersInMenlo October 23, 2023 10:07 AM

There is always a worry about parallel reconstruction (abuse) with excessive data gathering. Fruit of the poison tree objections are limited by clearcutting the information landscape which is bad.
If the keyword search failed to see law enforcement’s searches one worries what else was missed.

Such methods can only see internet literate criminals. Again a hidden data bias. Exclusion criteria stacks the deck.

WhiskersInMenlo October 23, 2023 10:20 AM

The quite large market and escape from “responsible hands” makes historic agency hoarding and use of exploits foolish. Unlike nuclear secret knowledge (reporting to vendors) digital systems exploit knowledge can remove threats.
Legacy system support and dependance on legacy systems is problematic.

Review executive orders abd compliance on this topic.
Hoarding secrets is a liability.
(Old topic).

Anon E. Moose November 15, 2023 4:29 PM

@Clive I wholeheartedly agree with your statement, “From my point of view it’s not secrecy, but privacy that forms the foundations of society, and kicking that away in any way harms society, and engenders the hypocritical “for the common good” nonsense that is a smoke screen for the thugish “might is right” nonsense from the self entitled mental aberrants.”

Here is a virtual high five.

The challenge with security is when it sacrifices privacy in it’s attempt to secure the environment. As you know perfect security can never exist in a free society because security will be used against those who attempt to remain free.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.