It Could Happen Here - ICE Partners with Israeli Phone Hacking Spyware
Episode Date: September 10, 2025Garrison talks with Cooper Quentin from the Electronic Frontier Foundation about Paragon’s spyware Graphite, how it reads text messages, who is most at risk, and misinformation exaggerating the ...spyware's known capabilities. Sources: https://ssd.eff.org/ https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/ https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/ https://www.theguardian.com/us-news/2025/sep/02/trump-immigration-ice-israeli-spyware https://jackpoulson.substack.com/p/exclusive-ice-has-reactivated-its https://www.wired.com/story/ice-paragon-solutions-contract/ https://dfrlab.org/wp-content/uploads/sites/3/2024/09/Mythical-Beasts.pdf https://finder.startupnationcentral.org/company_page/paragon https://red-dot.capital/portfolio https://www.forbes.com/sites/thomasbrewster/2021/07/29/paragon-is-an-nso-competitor-and-an-american-funded-israeli-surveillance-startup-that-hacks-encrypted-apps-like-whatsapp-and-signal/ https://www.presidency.ucsb.edu/documents/executive-order-14093-prohibition-use-the-united-states-government-commercial-spyware-that https://www.eff.org/deeplinks/2025/09/eff-statement-ice-use-paragon-solutions-malwareSee omnystudio.com/listener for privacy information.
Transcript
Discussion (0)
This is an I-Heart podcast.
I just think the process and the journey is so delicious.
That's where all the good stuff is.
You just can't live and die by the end result.
That's comedian Phoebe Robinson.
And yeah, those are the kinds of gems you'll only hear on my podcast, The Bright Side.
I'm your host, Simone Boyce.
I'm talking to the brightest minds in entertainment, health, wellness, and pop culture.
And every week, we're going places in our communities, our careers, and ourselves.
So join me every Monday, and let's find the bright side together.
Listen to The Bright Side on the IHeartRadio app, Apple Podcasts, or wherever you get your podcasts.
In sitcoms, when someone has a problem, they just blurt it out and move on.
Well, I lost my job and my parakeet is missing.
How is your day?
But the real world is different.
Managing life's challenges can be overwhelming.
So what do we do?
We get support.
The Huntsman Mental Health Institute and the Ad Council have mental health.
Health resources available for you at loveyourmindtay.org.
That's loveyourmindtay.org.
See how much further you can go when you take care of your mental health.
Do you want to hear the secrets of psychopaths, murderers, sex offenders?
In this episode, I offer tips from them.
I'm Dr. Leslie, forensic psychologist.
This is a podcast where I cut through the noise with real talk.
When you were described to me as a forensic psychologist, I was like snooze.
We ended up talking for hours and I was like, this girl is my best friend.
Let's talk about safety and strategies to protect yourself and your loved ones.
Listen to intentionally disturbing on the IHeart radio app, Apple Podcasts, or wherever you get your podcasts.
Lauren came in hot.
From viral performances to red carpet looks that had everyone talking.
The podcast, the latest with Lauren the Rosa, is your go-to for everything.
Be amazed.
We'll be right here breaking it all down.
I'm going to be giving you all the headlines, breaking down everything that is going down behind the scenes,
and getting into what the people are saying.
like what is the culture talking about? That's exactly what we'll be getting into here at the latest
with Lauren the Rosa. Everything being amazed. To hear this and more, listen to the latest with Lauren
the Rosa from the Black Effect Podcast Network or the iHeartRadio at Apple Podcast or wherever you get
your podcast.
CallZone Media
Welcome to It Could Happen here, a show about things falling apart. One such thing
frequently falling apart is any.
notion of privacy or digital privacy. Ever encroaching surveillance is one of the biggest global
issues affecting free expression and a free press, both directly through surveillance technology,
but also by chilling speech. I'm Garrison Davis, and this past week, news has swept the
internet that ICE is using software from an Israeli company called Paragon, which allows ICE,
or DHS, to secretly hack into any smartphone, break encryption, access messages, track real-time
location, and turn your iPhone or Android into a walking listening device. All of which sounds very
scary, and some of which is true, though some of these claims are exaggerated or even likely false
based on what we can currently infer from published research. Due to legitimate fears, we
live in a world of surveillance paranoia, which can lead to surveillance myths. This is a core
function of the Panopticon. People should take ICE's new enhanced smartphone surveillance
capacity seriously, but to adequately do so requires an accurate understanding of the threat model,
which we will get into later this episode with some help from the Electronic Frontier Foundation.
But first, let's address the newsworthy aspect of this story, what has actually changed recently.
DHS first contracted with the U.S. branch of Paragon in September of 2024 for $2 million.
But later that October, the contract was put on hold, thanks to a Biden executive order restricting
government use of foreign spyware.
And ever since then, the contract has been frozen pending a compliance review.
But then, on September 1st, 2025, just last week,
investigative journalist Jack Paulson reported that the stopwork order affecting the Paragon contract
had quietly been lifted, allowing ICE to follow through on the contract and start using Paragon's
spyware technology, most likely, including their flagship product, graphite.
What is graphite? Great question. One that I felt underqualified to fully answer myself,
So I spoke with an expert, Cooper Quentin of the Digital Rights Group, the Electronic Frontier Foundation.
You'll hear from him throughout the episode.
My name is Cooper Quentin.
I am a senior staff technologist at the Electronic Frontier Foundation.
There, I do a lot of different things, most specifically for the purposes of this talk.
I do malware research on malware that targets activists, journalists, and civil society.
So graphite is a type of spyware that is a...
able to read your messages from your phone, the same way that you or, you know, maybe a cop
could if they had physical access to your unlocked phone, right? That is the main capability
that it has, according to the reporting published by Citizen Lab. Its main job is to hook into
WhatsApp and into other encrypted chat apps and just read the messages in those apps, like
in the messages you've already sent and any future messages that you send. That's really it. That's
the meat of graphite. Something that sets Paragon apart from their fellow Israeli competitors
is that Paragon has marketed itself as the ethical choice for spyware. One of their early
investors in Israeli firm called Red Dot wrote, quote, Paragon builds best in-class cyber
intelligence software to empower democratic countries providing cutting-edge capabilities that make
the world safer, unquote. On their U.S. website, Paragon says that they are quote-unquote
empowering ethical cyber defense.
And that they provide customers with, quote,
ethically based tools, teams, and insights
to disrupt intractable threats, unquote.
Though they use the term cyber defense
on their U.S. site, Paragon's startup page reads,
quote, Paragon is an offense-focused cyber company
using digital intelligence for smartphone
and internet surveillance solutions.
The company applies strict moral restrictions on itself.
limiting its extraction of information from targeted devices to conversations on chat apps.
Paragon works solely with police forces and intelligence agencies that meet the standards of an enlightened
democracy, which includes only 39 countries.
One of Paragon's senior executives told Forbes in 2021 that they would only sell their technology
to governments that, quote, unquote, abide by international norms and respect fundamental rights
and freedoms, and that, quote, authoritarian or non-democratic regimes would never be customers.
Unfortunately, Paragon was not pressed on what their definition of authoritarian regimes includes.
In recent reporting, there's been a lot of misconceptions about the capabilities of Paragon's
main product, graphite. The Guardian wrote, quote, by essentially taking control of the mobile
phone, ICE can not only track an individuals whereabouts, read their messages, look at their
photographs, but also open and read information held on encrypted applications like
WhatsApp or signal.
Spyware like Graphite can also be used as a listening device through manipulation of the
phone's recorder, unquote.
But research into Graphite by the surveillance watchdog group Citizen Lab has not indicated
that Graphite has all these capabilities or tries to, quote unquote, take control of the entire
device.
But other tech journalists have since parroted the Guardian's unfounded claims.
that graphite fully takes over a phone and can record audio through the microphone.
This is actually less full featured than other spyware we've seen in the past,
like NSO Group's Pegasus spyware, other types of spyware that I've seen,
tend to have a lot more capabilities, right?
They have the capability of like turning on GPS location tracking,
the capability to turn on a hot mic to do all these other things.
And this seems, as far as Citizen Lab has reported, to not be present within the graphite malware.
And I think this is because Paragon has presented themselves as kind of being the quote-unquote responsible malware manufacturer rate.
And they're like trying to minimize the amount of data they collect.
It doesn't mean they couldn't add this stuff in the future, but that's the gist of it.
It's actually, you know, kind of a very stripped-down malware.
I don't want to minimize how impactful it would be for this malware to get all of your messages, right?
That could have a huge impact for people, but we don't need to make up capabilities that our adversary has, especially under fascism, right?
Like, we can just work with the capabilities that we know they have.
A lot of reporting and discussion of graphite and Paragon frame it as an equivalent to NSO's spyware, Pegasus, which has been banned in the United States for four years.
years. Pegasus seeks to completely hijack the target device more broadly, similar to Guardian's
claims about graphite. But by forcing this comparison, people might be inadvertently boosting
Paragon's brand with free marketing by making their product out to be something that I'm sure
Paragon would like to have people think it is, but doesn't actually equate their realistic
threat model. Similar to how predictions of an evil, super intelligent AI actually currently
serve to boost the stock price
of AI companies. I think
a lot of people are doing the work for
these companies that
are aligning themselves with fascism, right?
And I
don't think it's a great trend actually, right?
Like people are
assuming that, you know, Palantir
is sort of watching
everything, right? And it really
Palantir is just like
fancy visual graphing software
essentially, right? Like
the danger of Palantir is
combining these two government databases, right?
This malware, the graphite malware, right?
Like, yeah, it's not good, but, you know, it's not magical, right?
It's not omniscient.
It's not able to, you know, I don't know, go eat the fridge out of your food and, you know,
beat up your dad or something.
Like, you know, I don't.
Well, now we're talking.
Now, now that's a good app.
If only tech bros could solve such social problems.
No, no, they would never.
No.
But, yeah, you know, it's not, it's not a magical, right?
And we don't need to do their work for them, right?
We don't need to do their myth-making for them, right?
A bigger threat to the majority of people in the U.S.
is getting your phone seized by the cops, right?
Totally.
There's nothing this Maurer can do, according to public reports, at least,
the cops can't do if they get a hold of your unlocked phone, right?
Having phased ID or a four-digit passcode is much more dangerous to your digital security.
Yes.
as an average person, even as an average person going to a protest?
Yes, yes, absolutely, absolutely.
You know, celebrate, which is the machine that police plug your phone into you
to make a copy of all the data on it, is much more dangerous to the average American than how
the Paragon is.
You're much more likely to encounter that.
This is more of a niche gripe, but one that's still important.
There's been claims that, quote, ICE can now hack any phone and break encryption.
But graphite doesn't actually, quote-unquote, break encryption.
It's not going after the encryption on Signal or WhatsApp.
Instead, Paragon tries to circumvent end-to-end encryption
by trying to gain access to content on a targeted device
once it's been unencrypted by an application like WhatsApp
for the user to read.
Similar to how if you have push notifications on for an application like Signal,
if the police sees your phone
and push notifications display messages from signal,
that doesn't mean the police have quote unquote broken signals encryption.
Now, in order for graphite to extract messages from your phone,
it needs to get onto your phone in the first place.
Graphite is just the implanted code that can read and extract your messages.
First, it needs to get onto your phone via what's called an exploit,
which is usually a message sent to a phone number or a WhatsApp account
that attacks a vulnerability in your phone's code
to gain permissions to load the graphite onto the messaging apps.
Graphite and the exploit are two separate programs that work together.
But exploits need to be frequently changed
to keep up with software security updates,
and that's expensive.
You need different exploits for Android and iOS.
Paragon has been using zero-click exploits,
meaning the owner of the phone
doesn't have to manually click a link
or intentionally download a file
for the exploit to try to gain permissions
on the device.
You don't have to click or do anything.
You just have to receive the message
and then the spyware gets to work.
Which is very scary,
but this technology cannot be deployed
on mass because of how expensive
and specific it needs to be
in order to work.
The other thing that I think is missing
a lot from the conversation
about graphite in particular
is that the malware is just
the program that runs
when it gets on your phone.
And first, before they can install graphite,
they have to get onto your phone through some sort of exploit.
If your phone is up to date and fully patched,
this will have to be a zero-date exploit,
which means it's an exploit that has had zero days for Apple or Google or whoever
to fix it because it is unknown to them.
And these exploits cost millions of dollars, right?
Now, Paragon is not going to pay that millions of dollars
for each person they're exploiting,
but there is a large per person cost to ice for each person they're going to exploit.
Because Paragon doesn't want to blow their zero day,
which costs them millions of dollars to either buy or develop themselves.
I'm Dr. Scott Barry Kaufman, host of the Psychology Podcast.
Here's a clip from an upcoming conversation about exploring human potential.
I was going to schools to try to teach kids.
these skills and I get eye rolling from teachers or I get students who would be like, it's easier
to punch someone in the face. When you think about emotion regulation, like, you're not going
to choose an adaptive strategy which is more effortful to use unless you think there's a good
outcome as a result of it if it's going to be beneficial to you. Because it's easy to say like,
like go you go blank yourself, right? It's easy. It's easy to just drink the extra beer. It's easy
to ignore to suppress seeing a colleague who's bothering you and just like walk the other way.
Avoidance is easier. Ignoring is easier. Denials is easier. Drinking is easier. Yelling, screaming is easy.
Complex problem solving, meditating, you know, takes effort.
Listen to the psychology podcast on the IHeartRadio app, Apple Podcasts, or wherever you get your podcasts.
If a baby is giggling in the back seat, they're probably happy. If a baby is crying in the back seat, they're probably hungry.
But if a baby is sleeping in the back seat,
Will you remember they're even there?
When you're distracted, stressed, or not usually the one who drives them,
the chances of forgetting them in the back seat are much higher.
It can happen to anyone.
Parked cars get hot fast and can be deadly.
So get in the habit of checking the back seat when you leave.
A message from NHTSA and the ad council.
Did you hear that excuse?
You don't know if you don't lie about that, right?
Lauren came in.
From viral performances to red carpet looks that had everyone talking,
the podcast, the latest with Lauren the Road,
is your go-to for everything VMAs.
We will be right here breaking it all down.
I'm going to be giving you all the headlines,
breaking down everything that is going down behind the scenes,
and getting into what the people are saying.
Like, what is the culture talking about?
That's exactly what we'll be getting into here
at the latest with Lauren the Rosa.
Everything VMAs.
I'm a homegirl that knows a little bit about everything and everybody.
To hear this and more,
listen to the latest with Lauren the Rosa
from the Black Effect Podcast Network
on the iHeartRadio at
Apple Podcasts or wherever you get your podcast.
Think back to the early 2000s.
You're flipping through TV channels
and then you hear this.
I was rooting for you.
We were all rooting for you.
How dare you?
Learn something from this.
But looking back 20 years later,
that iconic show so many of us love,
it's horrified.
Robin, first of all, is too old to be starting the model.
She's huge.
I talked to cast, crew, and producers who were there for some of the show's most shocking moments.
If you were so rooting for her, what did you help her?
With never-before-heard interviews, the curse of America's Next Top Model examines why this show was so popular and where it all went wrong.
We basically sold our souls and they got rich.
Listen to the curse of America's Next Top Model.
Starting on September 16th, on the IHeartRadio app, Apple Podcasts, or wherever you get your podcast.
Welcome back. I'd like to get into a little bit of Paragon's backstory and how they've grown as a company.
Paragon was founded in 2019 by former Israeli Prime Minister, Ahud Barak, and Ahud Shnorson, a former commander of the IDF's cyber warfare unit.
basically Israel's equivalent of the NSA, called Unit 8200.
Three other Paragon co-founders are also ex-Israeli intelligence.
The startup got early financing from a Tel Aviv investment fund called Red. Capital,
though Paragon also received backing from American Venture Capital.
In 2021, Forbes reported that the Boston-based battery ventures had invested between 5 to 10 million in Paragon.
Bloomberg Capital has also supported the company.
In 2022, Paragon launched a U.S. subsidiary and started recruiting former U.S. feds to help break
into the American market. The New York Times reported that the DEA has used graphite as far back as
2022. Former CIA assistant director John Finbar Fleming became the executive chairman of
Paragon U.S. in January of 2024, according to his LinkedIn. In December of 2024, Paragon was
acquired by AE Industrial Partners for $900 million. A.E. Industrial Partners is a Florida-based
private equity fund with a specialized security portfolio. Once they bought Paragon, it merged with
another AE asset, the cybersecurity company Red Latus. Back in 2021, Paragon had about
50 employees. Now it has over 500. In June of 2025, they were hiring 150 more.
Just a week ago, Executive Chairman John Finbar Fleming shared a recruitment post that
Red Ladis was hiring, quote, emerging and offensive cyber engineers, unquote.
Next, let's discuss the biggest case study of graphite being deployed that we know of.
On January 31, 2025, Meta's encrypted messaging app WhatsApp sent a notification to 90 accounts
that their smartphones were suspected of being targeted by spyware,
which has since been traced to the Paragon product graphite.
People targeted were journalists, human rights activists, and members of civil society
across Europe and the Mediterranean, but primarily based out of Italy.
This was a zero-day and zero-click exploit, meaning both attacked a previously unknown vulnerability
and required zero user interaction to infect the device.
At first, the Italian government denied knowledge, but Paragon,
canceled two contracts with customers in Italy
and a parliamentary oversight committee
later confirmed the Italian government
was using Paragon technology
for spyware attacks against sea migration activists.
One thing that's interesting to me
is that we talk about this technology as being very expensive,
very like individual. They have to individually target you.
But then you see, you know, 90 people on WhatsApp.
And you're like, that's a lot of people.
So can talk about how this attack was like structured
and what we've learned from it?
For sure.
90 people is a lot of people for such a targeted attack, although it's, you know,
in terms of most Mao, like most commercial malware, 90 people would be a very, very small
attack, right?
Like, it wouldn't be worth your time.
So, you know, it depends on the scale of things.
I don't know what the scale of Italian civil society is, right?
But 90 people is likely, I think, a small fraction of the whole of Italian civil society, right?
But, yeah, those, so those people that were targeted by Paragon, the ones that we know about, you know, one was a Italian anti-fascist journalist, right? I think another, there were a couple of other journalists that were covering migration issues. And, you know, just sort of a large swath across Italian civil society. So the way they were targeted was on WhatsApp, they were added to a group. And then they were sent a malicious PDF.
which they didn't even have to open,
and they didn't have to approve being added to the group.
But as soon as that malicious PDF was received by their WhatsApp app,
the WhatsApp client, the WhatsApp client processed the PDF,
and it contained code, which exploited WhatsApp,
and allowed Graphite to start running.
So Graphite doesn't actually install anything to get a little bit technical.
Graphite only runs in memory of the phone, right?
It only runs in the, like, temporary RAM, so to speak.
Okay.
So rebooting the phone would have cleared out of the graphite infection and they would have had to re-infect the person.
Interesting.
Right.
In this case.
Yeah.
It's possible that in the future, Paragon will find a way to make graphite persistent, but it does make it more stealthy.
It makes it harder to forensically analyze for people like Citizen Lab and like EFF if it just runs in memory.
Sure.
Right.
So it kind of makes sense that they would want to keep running it in memory, even though.
rebooting it would clear out the infection, because you can just re-infect the person.
Even like developers, like WhatsApp or like Apple might have a harder time, like,
realizing that they've been attacked if it can get cleared out so quickly, I guess.
Yeah, absolutely, absolutely.
And in this case, WhatsApp did realize they had been attacked.
They quickly figured out the pattern and, you know, to their credit, warned everybody immediately.
Often the only way I think people will find out they've been infected by this spimer is if,
WhatsApp or, you know, somebody else maybe Apple warned you. That's not great. But it is, but it is
better than the alternative where they just don't warn you at all, right? After the targets were
notified of the spyware attack, some, including journalists and migrant refugee activists in Italy,
agreed to participate in a forensic analysis of graphite by Citizen Lab. They found that Paragon
spyware had spread from WhatsApp to at least two other apps on the device. In April of 2025,
we got forensic confirmation of graphite spyware on iPhone, with a zero-click exploit attacking
iMessage. Citizen Lab was able to analyze the devices of a prominent European journalist who
requested to remain anonymous, and an Italian journalist linked to the previous cluster of attacks
in Italy. iPhone is slightly harder to target than your average Android, but certainly not impervious
to this sort of attack, as we've seen from these examples in Europe. To date, Citizen Lab has also
identified suspected Paragon deployments in Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
Though the encrypted messaging app signal is not mentioned in the citizen lab reporting,
their analysis did find that Graphite had the capability of going after several different messaging
apps, and it's probably safe to assume that Signal would be one of the apps that Paragon would
want to extract messages from. We don't have much information about this spyware targeting signal,
possibly because signal does not have as large of an international user base compared to other apps like WhatsApp, IMessage, or Telegram, despite signal being much more secure.
So what can you do? Though graphite might not be the total phone hijacking super spyware that the Guardian and others claim it to be, it still poses a significant security threat.
Some basic digital security precautions apply here.
Get into a habit of regular digital cleaning.
Remove unnecessary content from your device.
Save space.
Old photos can be uploaded to an external encrypted hard drive
and question if you really need years of messages stored on your phone.
Use an encrypted chat app like Signal, which has disappearing messages,
so that there isn't a large backlog of communications that could be subtle.
accessed by a hostile actor.
Be very wary of cloud backups.
They are often one of the least secure aspects of your digital life,
especially if they are unencrypted.
And though it won't deter zero-click exploits,
it's still best practice to avoid clicking
mysterious links or downloading files and photos sent to your phone.
Another tip is to regularly reboot your phone,
contrary to claims that once your phone has been targeted by graphite's now compromised forever,
something called malware persistence,
To our current knowledge, rebooting can wipe Paragon's exploits.
It does not appear that Paragon SpyWare is, at the moment, reboot persistent.
And it seems that rebooting would actually remove it from the phone.
My reading is that rebooting it would remove the malware from your phone until you were re-exploited,
which so, you know, if you just reboot and you don't update or, you know, the Zero Day isn't out yet, right?
They're just going to run the exploit again, right?
I think it's a fair bet that they're just going to run the exploit again.
but it would be enough to get it off for that time, right?
And I mean, I think as far as a mitigation,
my friend recommends that people, like,
reboot their phone every morning when they're brushing their teeth, right?
And I don't think it's a bad bit of security hygiene.
If these guys are going to, in fact,
you might as well make it, you know, more of a headache for them, right?
You might as well make it more costly to them
because there is going to be a charge to them for each time they have to reinfect you, right?
But yeah, it's certainly, I think, overblown to say that,
You know, once it's on your phone, it's on your phone forever.
There's, you know, you just got to, you know, throw your $1,000 phone in the trash and go buy another one.
Like, no, you can, you know, if you don't feel safe just rebooting it, right?
Like a factory reset, that would be the next step, right?
I think that would, that would most likely get rid of any persistence mechanisms that were installed.
I'm not familiar with any iOS malware, certainly, that would survive a factory reset.
But probably the most important thing besides using signal is to keep your phone software updated.
it. That's the simplest and best way to make it harder for spyware like graphite to make it
onto your phone in the first place. Out-of-date software has many more known vulnerabilities to
attack. For extra protection, enable lockdown mode on iPhone or advanced protection on Android.
So the reason it's important to keep your phone up to date and always install the latest
security updates, even if it's a pain in the ass, and I know it's a pain in the ass, is because this
makes an attacker have to use
zero-day exploits. So if you
have an old version of the software
on your phone, there are known exploits.
Known exploits
are, you know,
more or less free, right?
They are already out there. They are already
burned. They do not matter, right?
Like the company already knows about them.
An exploit loses basically
all of its value as soon
as, you know, the company knows about it
and it's patched, right? So
if you have out-of-date software out of your
phone. If you have out of data software and a computer, it changes the entire economics of
attacking. It's basically free for me to exploit your phone at this point. And I, you know,
I will exploit it as many times as I want. And I don't care if that exploit is burned. I don't
care if you find it. Because again, it's free, right? Zero day exploits for, especially for Apple,
for like, you know, Android pixel phones, for for graphene, the alternative Android OS, not
graphite. This has been giving me real problems lately.
Zero-day exploits, meaning explet that the manufacturer does not know about and has not had a chance to patch,
cost millions of dollars for these platforms.
And a zero-click exploit where the victim doesn't have to interact with it at all, right?
I don't have to click a link.
I don't have to do something.
You just send me, you know, a PDF, an infected PDF or a magic file, right, or something.
And my phone is infected.
Those are the most expensive of all, right?
Those are sort of the, those are the golden ticket for malware companies, right?
And these cost millions of dollars.
And if you burn it, right, if it gets caught, like, like, you know, what happened with WhatsApp and Citizen Lab in Italy, right?
That's millions of dollars down the drain for Paragon.
You know, they're going to pass that on to the Italian government, to ICE, to whoever their contractors are, right?
So keeping your phone up to date totally changes the economics.
of running a malware attack against you, right?
Like, anybody can run out of their office, old, you know, end day, right, more than zero
a day malware attacks against enemy, right?
Like, those are cheap.
But if your stuff is patched, no, it's good.
It totally changes the entire game.
And you've got to be doing really good work for ICE to want to burn that much money on you.
All these tips can make it considerably harder and, more importantly, extremely expensive
for this spyware to get onto your device.
these exploits could only be deployed against individual targets, and that gets quite expensive.
Just because ICE could theoretically hack your phone, that doesn't mean that your phone is necessarily
at a high risk of being hacked by ICE. Who are the possible targets for graphite spyware?
Who is at higher risk? Journalists who report on ICE and immigration, people who work for immigration
advocacy organizations, immigration lawyers, as well as high-profile activists. It goes without saying,
that anything you do on your phone or on the internet carries a level of inherent risk.
I'm Dr. Scott Barry Kaufman, host of the psychology podcast. Here's a clip from an upcoming
conversation about exploring human potential. I was going to schools to try to teach kids these
skills and I get eye rolling from teachers or I get students who would be like, it's easier to
punch someone in the face. When you think about it.
emotion regulation like you're not going to choose an adapted strategy which is more
effortful to use unless you think there's a good outcome as a result of it if it's going to be
beneficial to you because it's easy to say like like go you go blank yourself right it's easy
it's easy to just drink the extra beer it's easy to ignore to suppress seeing a colleague
who's bothering you and just like walk the other way avoidance is easier ignoring is easier
denial is easier drinking is easier yelling screaming is easy
complex problem solving, meditating, you know, takes effort.
Listen to the psychology podcast on the IHeart Radio app, Apple Podcasts, or wherever you get your podcasts.
I always had to be so good, no one could ignore me.
Carve my path with data and drive.
But some people only see who I am on paper.
The paper ceiling.
The limitations from degree screens to stereotypes that are holding back over 70 million stars.
workers skilled through alternative routes
rather than a bachelor's degree
it's time for skills to speak for themselves
find resources for breaking through barriers
at tailorpaper sealing.org
brought to you by Opportunity at Work and the Ad Council
Did you hear that excuse?
You don't know if you don't lie about that, right?
Lauren came in.
From viral performances to red carpet looks
that had everyone talking.
The podcast, the latest with Lauren the Rosa
is your go-to for everything be amazed.
We will be right here breaking it all down.
I'm going to be giving you all the headlines
breaking down everything that is going down behind the scenes
and getting into what the people are saying
like what is the culture talking about
that's exactly what we'll be getting into here
at the latest with Lauren the Rosa
everything VMAs
I'm a homegirl that knows a little bit
about everything and everybody
to hear this and more
listen to the latest with Lauren the Rosa
from the Black Effect Podcast Network
on the IHeart Radio app
Apple Podcasts or wherever you
you get your podcast.
Think back to the early 2000s.
You're flipping through TV channels,
and then you hear this.
I was rooting for you.
We were all rooting for you.
How dare you!
Learn something from this!
But looking back 20 years later,
that iconic show so many of us love,
is horrified.
Robin, first of all, is too old to be starting a model.
She's huge.
I talked to Kat.
crew and producers who were there for some of the show's most shocking moments.
If you were so rooting for her, what did you help her?
With never before heard interviews, the curse of America's Next Top Model
examines why this show was so popular and where it all went wrong.
We basically sold our souls and they got rich.
Listen to the curse of America's Next Top Model, starting on September 16th,
on the IHeart Radio app, Apple Podcast, or wherever you get your podcast.
We'll close this episode with a longer segment from my interview with Cooper discussing who's at the most risk of ICE using Paragon software and more of Cooper's recommended surveillance mitigation practices.
This is not something that can be deployed at a protest and sweep up thousands of people.
This does go after individuals because of its cost and the way that it needs to be deployed.
who would be the people that you would say
are most at risk of
this. Like, is this your local
like, you know, food not bombs
organizer or like an immigration lawyer?
Like, right. Who should be
concerned, I guess? And take
this threat more seriously.
Definitely. I think
people who
should be concerned
are, I mean, you hit the nail on the head, right?
The people that should be concerned about
this are people who have
you know, been a special pain in the ass for ice in particular, right? You know, people who might be
under HSI investigation, right? People who, you know, have been threatened by the president or by
Pam Bondi, you know, specifically, right, like had their name called out specifically, right? People
who are, you know, very loud, very active, right? Like the sort of leaders, what's the term tall poppies,
Like, the people that are really have their head sticking out, right, in a way that's, like, very public and very well-known.
If you have risen to the level where, like, Tom Homan knows your name personally, right, that makes it a pretty good chance that, that, you know, you might become a target of this, right?
Like, that's, but that's who we're talking about.
Well, and, like, as we've seen Italy, like, that can, that can include, like, anti-fascist journalists.
Yeah, definitely.
People who work for, like, migrant human rights organizations.
Yes.
high-profile activists.
And I think, like, there's a real concern with, you know, trying to compromise the phone
of journalists because of how journalists, like, talk to sources, how journalists might
have information about, like, other people besides the journalist on their phone.
Yeah.
They may be targeting through the journalists, but trying to get after other people who they're
talking to.
Same thing with, like, immigration lawyers.
And, like, there is real concern about harm spreading from those factors.
And I think that's why if you are in those sorts of, like, roles at, like, a human rights
organization, a journalist or a lawyer, you need to.
to be, like, extra careful about keeping your, like, phone updated, regularly engaging in,
like, digital hygiene, having disappearing messages, maybe putting on lockdown mode onto your iPhone,
be very wary of being added to mysterious group chats. These are just general practices
that are, I think, worthwhile to, like, engage in whether or not you're actually going to get
targeted by this. Absolutely. And I want to especially single out lockdown mode there.
Like, we are not aware of any infections of any malware, right?
Pegasus, graphite, right, any others that have managed to successfully infect an iPhone on lockdown mode.
So if you are worried about this, lockdown mode is the single most effective thing you can do to protect yourself against this malware, right?
Is go turn on lockdown mode.
If you're on Android, I think Google calls it advanced protection mode, yeah.
Yeah, advanced protection mode.
So advanced protection mode used to be
not very comprehensive
and I think with the new Android update
with Android 16 that came out
I think like last week or something
it's now much more
comparable to lockdown mode
so I highly recommend turning that on if you're on Android
all my homies love lockdown mode
yes yes
that is the number one protection
right the other thing
I strongly recommend
always, and I be this drum
every day, is turn on
disappearing messages. If you're on
Signal or WhatsApp, go turn on disappearing
messages, right? Because this is
good against, you know, a lot of different things, right?
Like, this is good against Celebrate as well
as Pegasas as well as
grabbing me, right? Like, if
the messages are gone by the time you get
infected, there's no way to recover
those, right? You're minimizing your footprint,
right? Go delete old chats, right?
Like, if you get a second, right?
Like, we've all, Google has
trained us to all be digital hoarders, right, and keep, depending how will you are 20 years of
email, 10 years of email, whatever, right? Never, never delete anything, right? And that's,
don't ignore them, ignore Google. Google doesn't want you to delete things because they want to
use all that data for selling you ads, right? Delete everything. I want more underwater data
send me. Yes, yes, exactly. Delete everything, delete your files, you know, like get rid of those
old group chats, right? Get rid of those old chats that you don't need anymore. You need to be like
that lawyer in Death Note.
Yeah.
Delete.
Yes.
Delete.
Oh, the Death Note reference.
Damn.
Do you want to plug Citizen Lab slash EFF and tell people where to find both your work
and then also other people who are doing research into graphite and like, you know,
if you've been suspected of being targeted by, you know, maybe a notification.
Yeah.
How you can participate in forensic analysis to help everyone be more secure against this in the future.
Yeah, for sure.
So one of the best ways to find out you've been targeted by state-sponsored malware is to get a notification from Apple or Google or WhatsApp or some of the large company that you have been targeted by state-sponsored malware.
Typically, these notifications don't contain much more information than we believe you've been targeted by a nation-state or by state-sponsored malware.
But if you do get one of those notifications, take it very seriously.
You know, reach out to Access Now or to EFF or to Citizen Lab and let us know, right?
And we will help figure out what's going on, right?
Like, this is the number one indicator, right?
Because, like, this malware is usually fairly stealthy, right?
Like, it's not actually, like, you know, I don't know, flashing.
You're infected on your screen, right?
But, yeah, Citizen Lab is always doing amazing work.
I'm a fellow there, so I get to work with them sometimes, which is very exciting.
they are based out of the
Monk School of Global Affairs
at the University of Toronto
and her website is
citizenlap.org where you can find a lot of really
excellent research on the types
of threats that target civil society.
I have citizenlap.ca.
Oh.
But I'm Canadian.
You are probably correct.
I can never remember the correct.
As a Canadian, I was very put off
by you erasing our nation's history
of our coveted.ca.
We love our dot-CA.
I am not trying to start a war with Canada.
Well, many people are, so...
Listen, I'm firmly on the side of Canada
and the war against Canada, okay?
Please take me in, please.
Yeah.
Your solidarity is noted.
So citizenlap.org actually redirects to citizenlap.ca.
So we were both right.
There you go.
Or you were maybe more, right?
So yeah, citizenlub.
And yeah, they're really fantastic.
A lot of really good research going on there.
At EFF.org, the Electronic Frontier Foundation,
we're a U.S.-based nonprofit,
been around for 35 years defending civil liberties
as they intersect with technology.
So a lot of free speech work,
a lot of privacy and Fourth Amendment work.
And we also have a really excellent set of guides
called the Surveillance Self-Defense Guides,
which are at sSD.eaf.f.org,
which I highly recommend people go and
check out. It's the most sort of evergreen guide for defending yourself online. A lot of the
problem with the online security guides get out of date right quickly. And we have a
totally whole full-time person dedicated to making sure that our guides stay up to date.
I'll put a link in the description. Yeah. And we're a nonprofit, a member supported nonprofit.
So, you know, if you like to work, throw us a few bucks. We work for tips. And yeah, those are
the two places that I'm at that I want to plug. Only other thing to plug. I guess you can follow
me on social media. I'm at Cooper Q.com.
Blue Sky and
CooperCue at
masto.hackers.combe on
mastodon.
Hell yeah.
Yeah.
All right. Well, thank you so much.
Thank you for the work you do at
EFF and Citizen Lab.
Thank you.
Yeah, I guess we should always throw away our phones
since there's no way to use our phone
safely anymore.
I mean, throwing away our phones
isn't a terrible idea.
That's how I'm at it.
You know what? I could be on to something.
I think for our own sanity,
just in general.
No, I think they're making us more connected
And I think they're making us
More stable
They are making us more connected
That's for sure
In that I get 5 billion notifications per day
If that's what connected means, yeah
All right
It could happen here is a production of Cool Zone Media
For more podcasts from Cool Zone Media
Visit our website, Coolzonemedia.com
Or check us out on the IHeart Radio app,
Apple Podcasts, or wherever you listen to podcasts.
You can now find sources for it could happen here listed directly in episode descriptions.
Thanks for listening.
I just think the process and the journey is so delicious.
That's where all the good stuff is.
You just can't live and die by the end result.
That's comedian Phoebe Robinson.
And yeah, those are the kinds of gems you'll only hear on my podcast, The Bright Side.
I'm your host, Simone Boyce.
I'm talking to the brightest minds in entertainment, health, wellness, and pop culture.
And every week, we're going places.
in our communities, our careers, and ourselves.
So join me every Monday, and let's find the Bright Side together.
Listen to the Bright Side on the IHeart Radio app, Apple Podcasts, or wherever you get your podcasts.
If a baby is giggling in the back seat, they're probably happy.
If a baby is crying in the back seat, they're probably hungry.
But if a baby is sleeping in the back seat, will you remember they're even there?
When you're distracted, stressed, or not usually the one who drives them,
The chances of forgetting them in the back seat are much higher.
It can happen to anyone.
Parked cars get hot fast and can be deadly.
So get in the habit of checking the back seat when you leave.
A message from NHTSA and the ad council.
Do you want to hear the secrets of psychopaths, murderers, sex offenders?
In this episode, I offer tips from them.
I'm Dr. Leslie, forensic psychologist.
This is a podcast where I cut through the noise with real talk.
When you were described to me as a forensic psychologist, I was like snooze.
We ended up talking for hours, and I was like,
this girl is my best friend.
Let's talk about safety and strategies to protect yourself and your loved ones.
Listen to intentionally disturbing on the IHeart Radio app, Apple Podcasts,
or wherever you get your podcasts.
Lauren came in hot.
From viral performances to red carpet looks that had everyone talking.
The podcast, the latest with Lauren the Rosa,
is your go-to for everything being made.
We'll be right here breaking it all down.
I'm going to be giving you all the headlines,
breaking down everything that is going down behind the scenes.
and getting into what the people are saying.
Like, what is the culture talking about?
That's exactly what we'll be getting into here
at the latest with Lauren the Rosa.
Everything being amazed.
To hear this and more, listen to the latest with Lauren the Rosa
from the Black Effect Podcast Network
on the IHeart Radio at Apple Podcasts
or wherever you get your podcast.
This is an IHeart podcast.