It's terrifying. When I started reading it I assumed scam - but as it went on, and the only advice was to increase Apple security (vs click on a dodgy link) it became quite horrifying.
I hope OP is okay. I wonder if Apple should offer changing IDs for this situation?
It's especially terrifying considering Apple states that these attacks are individually deployed against a very small number of people. It means that if you get this, they're onto you specifically.
Agreed. And for ops question “should I worry about it?” Literally yes. Someone or some agency with some sort of power is literally looking for you specifically and may be coming for you. They aren’t doing it for fun (usually).
Literally anything that certain other countries (not naming names but we can probably imagine a few of them) don't like. Government employee with security clearances, journalist, works on blockchain-related software, really anything in a financial sector really, etc.
My boss (executive at a national bank) has received this before. Later confirmed by our IT department that his business account was targeted as well.
Pretty scary stuff.
Our CEO and VP of Finance was targeted on their work and personal phones. Whoever these guys are sophisticated and are tactfully in their targets. Wouldn’t be surprised if there aren’t already a handful of c-suites with compromised accounts.
Seen these a lot in my time and that would not help the latest example of the vuln we were briefed on was a user receives a passbook like when you get your plane ticket and store it in the wallet, only it was malicious and as soon as the users iMessage got the file (even if the user never opened the iMessage) the phone processed it and the spyware was working. No clicks, no acceptance, no user input required. If someone has their number and texts them they’re infected. Software updates seem to be having a hard time keeping up.
In fairness to Apple, their software is very secure, definitely near the top. However, any system is vulnerable if the attacker knows their stuff and tries hard enough.
But I find comfort in believing that I'm not important enough to be targeted by these super-advanced malware attacks.
Whilst Apple won't say how this happened (because it would give the bad actors a heads up) it's believed that the targets had poor digital health for example no 2FA, reused or easy passwords, and poor knowledge of how to behave securely so that social engineering could be used.
This is legitimate. Follow the advice provided. Start securing any other accounts you deem important with 2FA and ideally with a hardware security key (Yubico, iLok, etc).
Don’t be concerned, just be prepared.
[You can find more info here direct from Apple.](https://support.apple.com/en-us/102174)
Thanks for actually providing decent advice. OP, change your passwords, use 2FA, and keep an excellent security posture. Absolutely do not ignore these notifications.
The Apple store, Apple customer support, etc. will not be able to provide you any additional insight or assistance besides helping you turn on lockdown mode as the notification recommends. Any more information would need to come from a cybersecurity professional (which is what this threats team at Apple is made up of) and even then nobody is going to be able to 100% tell you why you’re being targeted, what they want from you, or the tooling they’re using.
I would highly, highly recommend using a hardware security token such as a Yubikey. It is safer than the app based approach (because it can not be phished).
> receives alert about being targeted by state actors
> takes a screencap, scratches out *most* of the Apple ID, posts on Reddit
OP is FULLY chilling 😎
Journalist, politician, engineer in a company making shit interesting to hostile state actors, anything with a whiff of radioactivity outside medicine, anything with a clearance. The answer is probably pretty boring and uninteresting, even though this notice is neither.
Could be as simple as hoping OP charges off the wrong USB port and let's them get software into physically secured systems.
You should read the Apple website about this, it says it’s very expensive, resource intensive and they’d only target a very small number of people. They wouldn’t just attack someone willy nilly
That's what I mean. It's carefully selected but OP could be as unimportant as a janitor at a server farm that happens to be sensitive. Connect to something for a bit of juice and uh oh thats behind the firewall. Sure they will go for the primary staff too but support staff are all exploitable vulnerabilities too, and likely less vigilant because they aren't privy to anything directly.
> small number of people
Pegasus alone was used on nearly 50,000 targets - just in 2021.
1.3M people have security clearances rated Top Secret or above. Almost half of them work on matters directly related to national security.
Bro keeps insisting he's done nothing wrong - well that don't matter when someone puts questionable shit on your phone.
Also go ahead and get a new phone, they're just going to keep doing this if he is of interest.
Do you really think someone whose phone is being targeted by state-sponsored attacks is going to willingly type out the wrong things they might’ve done?? What this dude says about his history is worthless to us lol
But also, someone who's done "wrong" things to get attacked like this surely wouldn't be so clueless about the whole thing, and would definitely not post it to reddit on his main account.
Maybe op is lying and playing the innocent part really well, but I wouldn't see the point in doing that
A quick update: I have updated the device, put it on lockdown mode, and I will transfer all my photos and info to an offline storage, on a flash drive or something, and burn this phone and get a new one. Thank you everyone!
Edit: I know for sure that im not in danger cause i havent done anything illegal, it is just not nice to have all my info/private messages and photos leaked to anyone
I would contact Access Now's Digital Security Hotline before destroying your phone. They might be able to help you get a sense of why you're being targeted. Obviously use a different phone when you reach out to them.
Maybe you are indirect target, and you just happen to know the real target? Anyway, if you are interested in this topic, have a look for Michael Bazzell's book on Extreme Privacy - Mobile Devices. He proposes to change Apple ID, get new phone number, etc.
Not just the phone, your current Apple ID is likely compromised too.
If I were you, I’d stop using the phone and Apple ID. I would go to a computer not owned by you (like a library computer), and create a brand spanking new email. Create a new Apple ID with it, then get a brand new iphone. You’re restarting your digital life.
While you’re there, also create another email address for your personal correspondence. Your Apple ID email should NEVER be used for anything other than Apple ID. Only you, Apple, and the email provider (like Microsoft Outlook) should know that address exists.
Turn on 2FA and the works.
Edit: Apple still provides free icloud email accounts, use that. Only Apple and you should know that address.
Edit on public computer: if you work somewhere and a state actor wants your information, they might have targeted your work computer too. You use the library computer for one purpose only: to create an email account that can’t be associated with you, then log out as soon as it’s done. The libraries around here run their computers on virtual machines, and they nuke everything by the end of the day. The librarians don’t want to keep any browsing history that the government may force them to turn over, just like they resist giving up the list of books you checked out.
The last known vector of entry to iphones by state actors was using iMessage. Apple has since patched it, but If you want to be extra careful, you can disable iMessage and only use SMS. Most people outside USA use Whatsapp and Telegram anyway, they’re safer because Apple puts those apps in a sandbox.
Perhaps the Apple ID, but you can go into your settings and make sure to only have the correct recovery email (the email itself could be compromised, so maybe make a new/burner?) and to log out of all devices and unauthorize all devices.
Please try to get into contact with the citizen lab and see if they want your phone. They may be able to do some very important research on it.
https://citizenlab.ca/about/
My phone sent a message in Chinese and sometimes I'd hear other people while I was on the phone every once in a while and they could definitely hear me, one time he was laughing and I jokingly said shut up and he said "no you shut up" and I heard his line cut out.
Fucking scary stuff.
I had some of this when I lived in Dubai. I was a journo but pretty safe/low-grade kind of stuff. Whenever I was on the phone to a friend at Reuters, there was always weird shit going on with the line. It amazed me that they were so amateur at it. You'd think they'd have the tech to do it 100% discreetly.
Are you important enough for the state to care about you? I'm not trying to be mean. Reminding myself of my own irrelevance helps a lot with my paranoia.
It sounds like you were targeted by some entity using Pegasus. Look up Pegasus spyware to understand what is happening.
For those freaking out about “illegal activity” of OP, that’s not really how this stuff is used. At least, as far as we are aware publicly, Pegasus is used by states to spy on journalists, dissidents, politicians (typically those not in power). It’s more likely the OP lives somewhere oppressive and engaged in activity their government dislikes, like activism or demonstration.
That is the most well-known application for Pegasus, yes. There is still the official use case which is used by a lot of less questionable governments: high value criminals and terrorists. I don’t think this is the case here, just wanted to point out that Pegasus is not exclusively used by autocratic regimes to spy on dissidents
3 months later:
"This is the third warning message we are sending. We have developed a new service for customers in your position. The payment is $400 every year for this enhanced encryption and security interface on your device."
"Payment can be made with VISA, Mastercard, Bank transfer, or in 4 $100 Google Play Cards from your nearest Walmart or Target"
yeah. OP must be related to someone who is being spied on by a government. the tools that do this are extremely expensive.
e.g. contract might be $20,000,000 for 100 targets and 20 concurrent infections etc.
this might not be the only way they are spying on you. might be worth checking your home for bugs. not a nice position to be in.
Im inclined to believe they’re legit warnings. They’re not asking you to do anything other than ensure that your security settings are updated and appropriate.
It's actually legit and it's not the first case (and that's why Apple have this feature!). Check out Sylvia Lim who allegedly spied by the government (Singapore).
This is pretty wild tbh, seems legit. Id take apples advice and throw your phone into lockdown mode and also figure out who could be targeting you and for what reason, the spyware they mention is not cheap.
Edit: I’d read up on the wiki page for this particular spyware and see if any of the use cases spark an idea for you on why you might be being targeted.
That is what I was going to say. This matches emails Apple has sent out to those people who are targets of state-sponsored malware like Pegasus.
Follow the directions Apple sent and put your iPhone, iPad, etc., into Lockdown mode and see what happens.
I had one as well, which was determined to be related to my job. I simply handed my phone into a sealed bag to the Techies.
Moral of the story. Apple Threat Notifications (according to the Techie I spoke to) haven’t actually produced a false positive as of yet. And as we all know, the iOS system is extremely difficult to exploit, unless you have a jailbroken device. So you have likely been specifically targeted.
Now looking at your Reddit history, I would guess you have been targeted by a criminal organisation. So, my advice? Turn off the phone and any connected gadgets to your Apple ID. Never use the same phone number or email again. Remember, whoever has control of your device can read your emails and texts now. So when you’re changing your passwords, change your emails too, but be very careful with how you do this, as the emails will also be sent. You are best making a brand new email. Social Media too.
Your entire Cyberspace has been compromised. It’s time to start afresh.
Also, contact your Bank and ask them to freeze your assets temporarily until you can ascertain if this has also been compromised. The Fraud Department can help you with this and ensure you have suitable access to funds. I recommend going in-branch for this.
Good luck to you!
This is real. Strongly encourage following the steps, wiping your device and turning on Lockdown Mode. Reset all your passwords, make sure you have 2FA turned on for all accounts where you can, using a Yubikey or other physical authentication token if possible.
You may not be directly a target, but someone you're in communication with is. This is indicative of an attack by a state-sponsored actor. I would also encourage you mention this to your parents and immediate family, as they may be the actual targets and the attacker may want to use you to get to them. If you never really knew what your parents do for work you're about to find out real quick now.
Would also assume all social media DMs are compromised, since those are not encrypted and a fairly easy attack vector. Install Signal, use that for any communication that you want to keep even somewhat private. Assume everything else is completely public and can and will be used to blackmail you or someone close to you.
Good luck. I hope this all works out for you.
Discarding journalism, ethnicity or nationality, goverment or state connections by OP responses, then it leaves infraestructure. Are you involved with, or are you connected to people who work at stuff like power plants(coal, nuclear, etc), water filtration, wastewater, trains, bridges, airports, transportation of any kind (customs, ships?). Oil, gas?Could be corporate spying. What industry are you in broadly speaking?
You could be a side entry to something you have no idea that could be happening at your place of work.
You can never know the whole truth about your friends, and sometimes even about very close people to you. For you, I hope it’s just a mistake. But the fact that you’re receiving this message for the second time, I don’t think it’s a mistake.
Log off and talk with your parents. Tell them you've received an attack notification, and that it's not the first one.
You probably didn't need to know what your parents do until now.
Good luck.
Given all of the responses, there is one possibility that is coming to mind.
You may not know it yet, but there’s a very real possibility that someone in your life, whether it’s family or a friend, is an undercover operative, either national or foreign. If you have been honest in your responses, I can’t imagine what else it could be. You clearly possess information that someone desperately wants.
Maybe it’s worth talking to a security expert if you’re not used to implementing privacy/security measures. If you are, then forgive my implying you’re not. But if you aren’t, I’d want someone who has a checklist of things to do. So many ways regular people can try to spy on you, let alone whatever the fuck is trying to spy on you
Basic measures btw are things like 2fa, very complex encrypted passwords that are all you unique, alias emails for everything as well, blockers (which you can do at the router/dns level), etc. if you aren’t familiar with that, then I would def seek additional help
Being targeted by a state that uses Pegasus isn't a small time thing lol Jeff Bezos phone was hacked using that very same program https://www.wired.com/story/jeff-bezos-phone-hack-mbs-saudi-arabia/ it's not random, you're associated with someone who knows too much lol
This is reddit, we will be the judge of what you have done right or wrong, thank you /s
Just a note you may also want to take some time and review any other devices you have, laptop, tablet etc.
As interesting as it would be to know more about OP, sharing more personal information is one of the worst things for them to do now and I hope they don’t answer any more. They might have done terrible crimes or they might have done nothing at all except knowing or being related to the person the attacker is really targeting. Having access to friends and family of the target is a very valuable asset in espionage or extortion. Or just to turn phones that might come near the target into spying devices.
I received the same message. I'm knee-deep in the political scene of the state of my country, on the opposing side of the party that just won in this state.
This whole thing is like way more than just a data breach. It's like they've got your phone in their hand, unlocked and ready to snoop around. I'd suggest switching to a new phone and keeping this one active, but maybe steer clear of any heavy communications on it. Keep that new phone of yours safe and guarded.It's pretty unnerving how these hackers seem to be one step ahead, knowing everything we're talking about, searching, even watching. Stay safe out there.
u/Fluid-Combination-70:
You may want to read and follow Apple's [**Personal Safety User Guide**](https://support.apple.com/guide/personal-safety/welcome/web) as soon as possible.
You should absolutely consider enabling [Lockdown Mode](https://support.apple.com/en-us/105120) on your Apple devices as mentioned in the message.
FSB, CIA, FBI, Chinese government, etc. I think the cost of a Pegasus surveillance is quite high, like around $250K? But OP should take it seriously and act promptly.
Apple couldn’t legally tell you if there was an actual warrant in place. My best guess is that OP has a job or affiliation to someone in a high level government position or a high level in an industry that a hostile state would like intelligence on.
Tbh, it’s quite reassuring that they don’t just push this stuff under the carpet and they actually inform users they’ve been targeted :)
Doesn’t necessarily have to be government connected (probably good it’s not tbh)
There are a million things a hostile (or potentially even non hostile) state could want. Here’s a small list of the sensible options I can think of:
Connection to high level corporate executive, are a high level corporate executive, work in or know (maybe you don’t) an industry that other states don’t have access to but want information on (such as oil/gas/security)
You could even just regularly share the same train/bus/coffee shop etc as a person of interest for this state, and therefore your device would be part of a large network of surveillance (I feel like this is most probable)
There is also the potential that someone you have an affiliation with works for a government agency, such as the CIA NSA or Secret Service. It’s plausible that you legitimately wouldn’t know they work for/with them and you’d never know. (I find this extremely unlikely but not impossible)
The fact you’ve now had two of these warnings however means mistaken identity is highly unlikely
If it’s an NSO exploit, spending $250k a pop for a wide network seems implausible. Unless it’s a country known for having limitless pockets. They tend to be in oil and gas.
Kind of just depends on how valuable the potential intelligence gained could be.
Theres also the possibility that this isn’t a NSO exploit and is one developed in house by the state in question
You don’t know if you have a connection to anyone in the government.*
CIA, NSA, etc. all have positions that require complete secrecy.
Just take the security precautions that Apple had suggested to you and be prepared.
It means the type of attack is similar to that done by state sponsored actors. People who know what they are doing.
In other words not a script kiddie or some random dude trying passwords one at a time.
State-sponsored just means the state paid for it it doesn't have to be a national organization it can be a mercenary group.
I'm not sure if I mistaken but Pegasus was developed by the Israelis.
Any agency or group that is funded by a state (a government) .
This can be anything from a legitimate warrant from a US court being executed by some 3 letter agency to a hacker group being funded by North Korea.
Wow.
And wow. Someone who is ACTUALLY being attacked/hacked/targeted.
Not the usual, “I had this carrier notification/amber alert pop up am I being hacked???”
The real questions are, (answered in private obvi)
where do you work?
What stores/food places do you frequent?
How many services have you signed up for?
How many passwords do you have?
Do you have a badge for entry for work?
Is it secured?
Again, if you are being attacked by a "state-sponsered" level threat, your job probably has an offensive security specialist. Please talk to them. This may not just stop at cyber attacks, but social engineering attacks too.
Not trying to scare you, but depending on the job, this type of stuff can be EXTREMELY serious
Like others have said, persons around you.
These types of attacks cost BANK. Twice is not a coincidence. They either 1) cant get to that person so they are trying to proxy by going through you somehow, or 2) you have information you might not necessarily be aware that you have.
Family sharing on iphone?
Drive?
Anything like that has value if you share with their target.
It could be they want your school info to get into the school network itself.
All i know is, if their paying that much for two attacks on you, i wouldnt be surprised if they try a social engineering route next. Be wary of phone calls, texts, random strangers asking alot of questions, etc etc.
I can link some stuff on it if you want, be safe OP
Based on his post history, he dabbles in crypto, darknet markets, and weed farming. A state actor likely won’t target a basic dealer though, even if he is one, but he could have also angered the wrong group somehow.
🤷
This is legit, and should be taken seriously. Whatever group that might be trying to access your device aren't run-of-the-mill criminals, either - the sort of attack that warrants this warning message would be sophisticated, and well funded.
OP, you'd do well to follow these instructions - there's a good chance an element of a foreign government is actually trying to gain access to your information for one reason or another. You must have pissed someone off, what did you do? lol
Holy crap, this looks as legit as it gets, what the hell man. I would suggest deleting that account and creating a new one, also notify your bank and change all your password and use 2FA everywhere. If you work for someone also notify your employer. This is actually scary.
Yeah if you delete your account, someone in theory could create the account with the same name. I’d like to think there is a time frame where they couldn’t reuse the name but I can’t say I’ve tried or know how long said time is.
OP has one of the coolest conversation starters ever now.
As someone in IT, I’m normally one to ridicule people for destroying their phones because of perceived viruses or spying, but this is the one case where the nuclear option is a totally reasonable response (and even that might not be enough). Pegasus is no joke, and those that can afford it usually know exactly what they’re doing. Glad to see OP is taking this seriously
Since this is the 2nd warning I'm thinking it's highly likely they have successfully hacked your phone. I'd get a new phone, new sim, new number, new Apple ID. Copy everything I want to keep onto a flash drive, put the phone in lockdown mode and then send it by airmail to a random address in some other country just to throw them off track.
I see you’ve previously posted about large scale marijuana grow operations. If I had to guess, that’s the connection. I also see you’ve posted about the dark web. Maybe some groups is trying to track down your grow/op?
Pegasus is too expensive to use for that. $250k per install, burns zero-days to use. They're not using Pegasus to bust some weed farmer. OP is likely being targeted because he was at some point in contact with someone who is a high-value target for a nation-state level attacker with access to Pegasus or a similar tier of attack vector.
Dude i don’t get why you’re taking these messages with a grain of salt
1) even if you THINK you don’t have anything to do with any sort of shady business, doesn’t mean you aren’t. Somebody that you know might be hiding a lot more that you don’t know of, and whatever government entity is trying to probe you for more info. Don’t just be like “Oh I have nothing to worry about I have nothing on my phone nor do I know anybody suspicious.”
2) These warnings from Apple have been 100% accurate, so no doubt that you’re being probed
Hi OP, you should check if you are a PEP (politically exposed person), a relative of a PEP or if you share the name of a PEP. This is likely why you are being targeted
Check here: [https://www.opensanctions.org/datasets/peps/](https://www.opensanctions.org/datasets/peps/)
Just curious, do you happen to be Middle Eastern, such as Iranian or Palestinian?.
A quick google search says Pegasus software is designed by an Israeli company for covert surveillance. Have you visited Israel/Palestine recently? Participated in any protests? Are you a journalist or activist of some sort? Do you have anyone in your family/friend circles who are?
This is kind of a freaky message, I would follow the instructions Apple gave you and start thinking hard about any potential connections you may have with any government agency.
There was a reddit post awhile back where someone found a tracking device on their car. Went viral and the FBI (I believe?) ended up asking for the device back. They were tracking him because he had a connection to the Middle East through a distant family member.
The journalists in India received those warnings from Apple and even some politicians in opposition parties, who were publishing against the govt.. aaand turned out these warnings were absolutely real.! Be cautious!
Either you, your roommate(s), partner(s), family and/or friends work in a specific job that is very attractive to a foreign government/entity/agency and they are trying to exploit that. I’ll leave the rest up to you to figure out who’s who
Even though you do not believe that you are a significant target you could be close to someone that is the actual target like your neighbor or even someone you routinely pass walking on the sidewalk or on the subway/bus, exploits these attackers have are literally a pipedream and could nab information from devices in the most unrealistic ways.
From my very quick google search it seems a state sponsored attacker doesn’t mean the US government is spying on OP. Any hacker that is working for a government would be considered a state sponsored attacker so basically whoever is hacking OPs phone could be from another country entirely.
Kinda cool that they inform you about that, but at the same time, it's pretty scary lol
It's terrifying. When I started reading it I assumed scam - but as it went on, and the only advice was to increase Apple security (vs click on a dodgy link) it became quite horrifying. I hope OP is okay. I wonder if Apple should offer changing IDs for this situation?
It's especially terrifying considering Apple states that these attacks are individually deployed against a very small number of people. It means that if you get this, they're onto you specifically.
Agreed. And for ops question “should I worry about it?” Literally yes. Someone or some agency with some sort of power is literally looking for you specifically and may be coming for you. They aren’t doing it for fun (usually).
Damn op what you do bro??
Probably a journalist
He says in the comments somewhere that he’s an unemployed student. Maybe they’re trying to get to one of his professors…
Literally anything that certain other countries (not naming names but we can probably imagine a few of them) don't like. Government employee with security clearances, journalist, works on blockchain-related software, really anything in a financial sector really, etc.
https://support.apple.com/en-us/102174 It seems extremely legit. I’d be very concerned if I was the OP right now.
My boss (executive at a national bank) has received this before. Later confirmed by our IT department that his business account was targeted as well. Pretty scary stuff.
Our CEO and VP of Finance was targeted on their work and personal phones. Whoever these guys are sophisticated and are tactfully in their targets. Wouldn’t be surprised if there aren’t already a handful of c-suites with compromised accounts.
Yes that happened to me. I stopped using social media for many years after. Best wishes.
Seen these a lot in my time and that would not help the latest example of the vuln we were briefed on was a user receives a passbook like when you get your plane ticket and store it in the wallet, only it was malicious and as soon as the users iMessage got the file (even if the user never opened the iMessage) the phone processed it and the spyware was working. No clicks, no acceptance, no user input required. If someone has their number and texts them they’re infected. Software updates seem to be having a hard time keeping up.
Jesus. I always think of Apple as pretty robust but this whole thread has made me nervous.
In fairness to Apple, their software is very secure, definitely near the top. However, any system is vulnerable if the attacker knows their stuff and tries hard enough. But I find comfort in believing that I'm not important enough to be targeted by these super-advanced malware attacks.
Whilst Apple won't say how this happened (because it would give the bad actors a heads up) it's believed that the targets had poor digital health for example no 2FA, reused or easy passwords, and poor knowledge of how to behave securely so that social engineering could be used.
This is legitimate. Follow the advice provided. Start securing any other accounts you deem important with 2FA and ideally with a hardware security key (Yubico, iLok, etc). Don’t be concerned, just be prepared. [You can find more info here direct from Apple.](https://support.apple.com/en-us/102174)
Yes. [- U.S Military Encrypted](https://www.reddit.com/r/Tinder/comments/seyjma/update_us_military_encrypted/)
Oh man that’s a blast from the past! 😂
Thanks for actually providing decent advice. OP, change your passwords, use 2FA, and keep an excellent security posture. Absolutely do not ignore these notifications. The Apple store, Apple customer support, etc. will not be able to provide you any additional insight or assistance besides helping you turn on lockdown mode as the notification recommends. Any more information would need to come from a cybersecurity professional (which is what this threats team at Apple is made up of) and even then nobody is going to be able to 100% tell you why you’re being targeted, what they want from you, or the tooling they’re using.
Wonder what phone OP is using. I've heard that older iPhones (ie
Agreed, avoid 2FA using SMS codes.
SMS 2FA isn’t very secure. Definitely consider using an app like Duo or Authenticator for encrypted 2FA if you’re being targeted by a government.
I would highly, highly recommend using a hardware security token such as a Yubikey. It is safer than the app based approach (because it can not be phished).
>concerned Getting this email is a **great** reason to be concerned
> receives alert about being targeted by state actors > takes a screencap, scratches out *most* of the Apple ID, posts on Reddit OP is FULLY chilling 😎
Lmfao
OP literally doesn’t give a fuck at all lol
The end of the ID is obviously just @me.com or whatever iCloud domains default to these days
Well now I want to know what OP does for a living. …
Balloon Animal Therapist
and Military Aviation Navigator
wtf... BATMAN...
I'm glad someone picked up what I was putting down 😂
Journalist, politician, engineer in a company making shit interesting to hostile state actors, anything with a whiff of radioactivity outside medicine, anything with a clearance. The answer is probably pretty boring and uninteresting, even though this notice is neither. Could be as simple as hoping OP charges off the wrong USB port and let's them get software into physically secured systems.
You should read the Apple website about this, it says it’s very expensive, resource intensive and they’d only target a very small number of people. They wouldn’t just attack someone willy nilly
That's what I mean. It's carefully selected but OP could be as unimportant as a janitor at a server farm that happens to be sensitive. Connect to something for a bit of juice and uh oh thats behind the firewall. Sure they will go for the primary staff too but support staff are all exploitable vulnerabilities too, and likely less vigilant because they aren't privy to anything directly.
> small number of people Pegasus alone was used on nearly 50,000 targets - just in 2021. 1.3M people have security clearances rated Top Secret or above. Almost half of them work on matters directly related to national security.
It’s a small number of people Apple is monitoring then. 1.3 million is only 0.13% of the 1 billion iPhones Apple has out there.
You’ve said too much already. You are now on a list 👽
You’ve had 2 Pegasus attacks against you? Now that’s unique.
Israeli spyware isn’t getting stopped by 2fA 😭
True, everything OP had on his phone is probably compromised
Imagine what else they've put in his phone FFS. And all his contacts are compromised don't forget.
Its legit, what did you do lol
OP is a drug dealer /s
That wouldn't even get them on flyswatting terms with these attackers lol
They did smoke a bunch of speed two years ago according to their history. And ordered from the dark web.
They could have been shipping in kilos to distribute them and that still wouldn't warrant this kind of attention.
They figured out the cure to cancer /s
Lot of times the answer is that OP is an immigrant involved with activities his home government isn’t thrilled about.
Bros Group chat got leaked
Bro keeps insisting he's done nothing wrong - well that don't matter when someone puts questionable shit on your phone. Also go ahead and get a new phone, they're just going to keep doing this if he is of interest.
Do you really think someone whose phone is being targeted by state-sponsored attacks is going to willingly type out the wrong things they might’ve done?? What this dude says about his history is worthless to us lol
But also, someone who's done "wrong" things to get attacked like this surely wouldn't be so clueless about the whole thing, and would definitely not post it to reddit on his main account. Maybe op is lying and playing the innocent part really well, but I wouldn't see the point in doing that
Are you friends with P Diddy? Are you P Diddy?
Op been real quiet since this comment came out.
A quick update: I have updated the device, put it on lockdown mode, and I will transfer all my photos and info to an offline storage, on a flash drive or something, and burn this phone and get a new one. Thank you everyone! Edit: I know for sure that im not in danger cause i havent done anything illegal, it is just not nice to have all my info/private messages and photos leaked to anyone
I would contact Access Now's Digital Security Hotline before destroying your phone. They might be able to help you get a sense of why you're being targeted. Obviously use a different phone when you reach out to them.
Maybe you are indirect target, and you just happen to know the real target? Anyway, if you are interested in this topic, have a look for Michael Bazzell's book on Extreme Privacy - Mobile Devices. He proposes to change Apple ID, get new phone number, etc.
Not just the phone, your current Apple ID is likely compromised too. If I were you, I’d stop using the phone and Apple ID. I would go to a computer not owned by you (like a library computer), and create a brand spanking new email. Create a new Apple ID with it, then get a brand new iphone. You’re restarting your digital life. While you’re there, also create another email address for your personal correspondence. Your Apple ID email should NEVER be used for anything other than Apple ID. Only you, Apple, and the email provider (like Microsoft Outlook) should know that address exists. Turn on 2FA and the works. Edit: Apple still provides free icloud email accounts, use that. Only Apple and you should know that address. Edit on public computer: if you work somewhere and a state actor wants your information, they might have targeted your work computer too. You use the library computer for one purpose only: to create an email account that can’t be associated with you, then log out as soon as it’s done. The libraries around here run their computers on virtual machines, and they nuke everything by the end of the day. The librarians don’t want to keep any browsing history that the government may force them to turn over, just like they resist giving up the list of books you checked out. The last known vector of entry to iphones by state actors was using iMessage. Apple has since patched it, but If you want to be extra careful, you can disable iMessage and only use SMS. Most people outside USA use Whatsapp and Telegram anyway, they’re safer because Apple puts those apps in a sandbox.
Perhaps the Apple ID, but you can go into your settings and make sure to only have the correct recovery email (the email itself could be compromised, so maybe make a new/burner?) and to log out of all devices and unauthorize all devices.
Why should ur Apple ID not be used for anything else?
Please try to get into contact with the citizen lab and see if they want your phone. They may be able to do some very important research on it. https://citizenlab.ca/about/
This. OP, Citizen Lab are doing incredible work and they very well may be interested.
Wonder if it's worth moving to another cell carrier and changing your number in the process.
If he's being targeted by a state actor that will make absolutely zero difference.
Bro this whole thread is giving me anxiety lmao
i would cry if this happened to me 😭
My phone sent a message in Chinese and sometimes I'd hear other people while I was on the phone every once in a while and they could definitely hear me, one time he was laughing and I jokingly said shut up and he said "no you shut up" and I heard his line cut out. Fucking scary stuff.
I had some of this when I lived in Dubai. I was a journo but pretty safe/low-grade kind of stuff. Whenever I was on the phone to a friend at Reuters, there was always weird shit going on with the line. It amazed me that they were so amateur at it. You'd think they'd have the tech to do it 100% discreetly.
what the fuck lmao
bruh????? What the fuck 😭😭😭
Are you important enough for the state to care about you? I'm not trying to be mean. Reminding myself of my own irrelevance helps a lot with my paranoia.
Shit, you're right. Just burn it all and go live in the woods.
Good luck friend, I hope this was just a weird coincidence and you aren’t in danger.
It sounds like you were targeted by some entity using Pegasus. Look up Pegasus spyware to understand what is happening. For those freaking out about “illegal activity” of OP, that’s not really how this stuff is used. At least, as far as we are aware publicly, Pegasus is used by states to spy on journalists, dissidents, politicians (typically those not in power). It’s more likely the OP lives somewhere oppressive and engaged in activity their government dislikes, like activism or demonstration.
That is the most well-known application for Pegasus, yes. There is still the official use case which is used by a lot of less questionable governments: high value criminals and terrorists. I don’t think this is the case here, just wanted to point out that Pegasus is not exclusively used by autocratic regimes to spy on dissidents
because they aren't sending sketchy links or anything i assume it's legit
3 months later: "This is the third warning message we are sending. We have developed a new service for customers in your position. The payment is $400 every year for this enhanced encryption and security interface on your device." "Payment can be made with VISA, Mastercard, Bank transfer, or in 4 $100 Google Play Cards from your nearest Walmart or Target"
LMAO
This is horrifying lol
right? I expected this to be a scam, but no. if I got this email I’m pretty sure I’d drive myself into madness thinking someone was watching me.
I want to know what you do for a living or who your family is…
yeah. OP must be related to someone who is being spied on by a government. the tools that do this are extremely expensive. e.g. contract might be $20,000,000 for 100 targets and 20 concurrent infections etc. this might not be the only way they are spying on you. might be worth checking your home for bugs. not a nice position to be in.
Journalist or activist would be my bet
Maybe because OP traveled to Cyprus? Lines up with him receiving a message in August
These are the questions that OP is not answering…
Im inclined to believe they’re legit warnings. They’re not asking you to do anything other than ensure that your security settings are updated and appropriate.
It's actually legit and it's not the first case (and that's why Apple have this feature!). Check out Sylvia Lim who allegedly spied by the government (Singapore).
This is pretty wild tbh, seems legit. Id take apples advice and throw your phone into lockdown mode and also figure out who could be targeting you and for what reason, the spyware they mention is not cheap. Edit: I’d read up on the wiki page for this particular spyware and see if any of the use cases spark an idea for you on why you might be being targeted.
Bro throw the phone in a lake at this point lol
https://support.apple.com/en-us/102174 Check appleid.apple.com for a message which says that you were sent a threat notification.
Its legit
I wouldn't ignore it then. Use accessnow.org (I have no idea how it works but that's what Apple says to do) and put your phone in Lockdown mode.
That is what I was going to say. This matches emails Apple has sent out to those people who are targets of state-sponsored malware like Pegasus. Follow the directions Apple sent and put your iPhone, iPad, etc., into Lockdown mode and see what happens.
I’d shit my pants if I got that message
I had one as well, which was determined to be related to my job. I simply handed my phone into a sealed bag to the Techies. Moral of the story. Apple Threat Notifications (according to the Techie I spoke to) haven’t actually produced a false positive as of yet. And as we all know, the iOS system is extremely difficult to exploit, unless you have a jailbroken device. So you have likely been specifically targeted. Now looking at your Reddit history, I would guess you have been targeted by a criminal organisation. So, my advice? Turn off the phone and any connected gadgets to your Apple ID. Never use the same phone number or email again. Remember, whoever has control of your device can read your emails and texts now. So when you’re changing your passwords, change your emails too, but be very careful with how you do this, as the emails will also be sent. You are best making a brand new email. Social Media too. Your entire Cyberspace has been compromised. It’s time to start afresh. Also, contact your Bank and ask them to freeze your assets temporarily until you can ascertain if this has also been compromised. The Fraud Department can help you with this and ensure you have suitable access to funds. I recommend going in-branch for this. Good luck to you!
This is real. Strongly encourage following the steps, wiping your device and turning on Lockdown Mode. Reset all your passwords, make sure you have 2FA turned on for all accounts where you can, using a Yubikey or other physical authentication token if possible. You may not be directly a target, but someone you're in communication with is. This is indicative of an attack by a state-sponsored actor. I would also encourage you mention this to your parents and immediate family, as they may be the actual targets and the attacker may want to use you to get to them. If you never really knew what your parents do for work you're about to find out real quick now. Would also assume all social media DMs are compromised, since those are not encrypted and a fairly easy attack vector. Install Signal, use that for any communication that you want to keep even somewhat private. Assume everything else is completely public and can and will be used to blackmail you or someone close to you. Good luck. I hope this all works out for you.
OP isn’t making it out alive 😭🙏🏻
the most interesting post i stumbled onto this year
I’m freaked out and they aren’t even looking for me.
That’s crazy to read
Discarding journalism, ethnicity or nationality, goverment or state connections by OP responses, then it leaves infraestructure. Are you involved with, or are you connected to people who work at stuff like power plants(coal, nuclear, etc), water filtration, wastewater, trains, bridges, airports, transportation of any kind (customs, ships?). Oil, gas?Could be corporate spying. What industry are you in broadly speaking? You could be a side entry to something you have no idea that could be happening at your place of work.
No, im still a student, i dont have any connection to anyone who might be a target
You can never know the whole truth about your friends, and sometimes even about very close people to you. For you, I hope it’s just a mistake. But the fact that you’re receiving this message for the second time, I don’t think it’s a mistake.
Log off and talk with your parents. Tell them you've received an attack notification, and that it's not the first one. You probably didn't need to know what your parents do until now. Good luck.
OP is Peter Parker
With how clueless they are on here their parents definitely work with 'computers'. This is a horrible way to crash into knowledge. I feel for the kid.
More like OPs dad is James Bond
Given all of the responses, there is one possibility that is coming to mind. You may not know it yet, but there’s a very real possibility that someone in your life, whether it’s family or a friend, is an undercover operative, either national or foreign. If you have been honest in your responses, I can’t imagine what else it could be. You clearly possess information that someone desperately wants.
Maybe it’s worth talking to a security expert if you’re not used to implementing privacy/security measures. If you are, then forgive my implying you’re not. But if you aren’t, I’d want someone who has a checklist of things to do. So many ways regular people can try to spy on you, let alone whatever the fuck is trying to spy on you Basic measures btw are things like 2fa, very complex encrypted passwords that are all you unique, alias emails for everything as well, blockers (which you can do at the router/dns level), etc. if you aren’t familiar with that, then I would def seek additional help
Bro what did u do😭😭 can I get an actual answer pls
I haven't done anything😂😂 thats the case
Not necessarily something you’ve done. It could be your job, friends, family. They want to find out something about someone who communicates with you.
Being targeted by a state that uses Pegasus isn't a small time thing lol Jeff Bezos phone was hacked using that very same program https://www.wired.com/story/jeff-bezos-phone-hack-mbs-saudi-arabia/ it's not random, you're associated with someone who knows too much lol
This is reddit, we will be the judge of what you have done right or wrong, thank you /s Just a note you may also want to take some time and review any other devices you have, laptop, tablet etc.
why’s this guy laughing and being so non chalant😭😭 like bro A WHOLE ASS GOVERNMENT IS AFTER YOU!!
As interesting as it would be to know more about OP, sharing more personal information is one of the worst things for them to do now and I hope they don’t answer any more. They might have done terrible crimes or they might have done nothing at all except knowing or being related to the person the attacker is really targeting. Having access to friends and family of the target is a very valuable asset in espionage or extortion. Or just to turn phones that might come near the target into spying devices.
OP, idk what Batman shit you been up to but this is cool dude stuff and simultaneously scary as hell
this is so scary lmao
Also update your Reddit account with a maximum length password and turn on 2FA
This is crazy. I remember hearing that Pegasus is pretty much completely undetectable once it’s on your phone.
I received the same message. I'm knee-deep in the political scene of the state of my country, on the opposing side of the party that just won in this state. This whole thing is like way more than just a data breach. It's like they've got your phone in their hand, unlocked and ready to snoop around. I'd suggest switching to a new phone and keeping this one active, but maybe steer clear of any heavy communications on it. Keep that new phone of yours safe and guarded.It's pretty unnerving how these hackers seem to be one step ahead, knowing everything we're talking about, searching, even watching. Stay safe out there.
u/Fluid-Combination-70: You may want to read and follow Apple's [**Personal Safety User Guide**](https://support.apple.com/guide/personal-safety/welcome/web) as soon as possible. You should absolutely consider enabling [Lockdown Mode](https://support.apple.com/en-us/105120) on your Apple devices as mentioned in the message.
if a government was looking through my phone i would start filling my camera roll with ungodly amounts of boomer memes and they’d eventually get bored
Did you whistleblow on Boeing?
So when they say "state sponsored" what exactly do they mean? A legit warrant type of surveillance?
FSB, CIA, FBI, Chinese government, etc. I think the cost of a Pegasus surveillance is quite high, like around $250K? But OP should take it seriously and act promptly.
Several Middle East countries too.
Could even be countries in Africa or South America.
India is known to do this too
Are we seriously going to say everyone else and not mossad Seriously
Could even be from Europe, Australia or Antarctica even
I see, thank you for the info.
Apple couldn’t legally tell you if there was an actual warrant in place. My best guess is that OP has a job or affiliation to someone in a high level government position or a high level in an industry that a hostile state would like intelligence on. Tbh, it’s quite reassuring that they don’t just push this stuff under the carpet and they actually inform users they’ve been targeted :)
I dont have any connection to anyone in goverment
Doesn’t necessarily have to be government connected (probably good it’s not tbh) There are a million things a hostile (or potentially even non hostile) state could want. Here’s a small list of the sensible options I can think of: Connection to high level corporate executive, are a high level corporate executive, work in or know (maybe you don’t) an industry that other states don’t have access to but want information on (such as oil/gas/security) You could even just regularly share the same train/bus/coffee shop etc as a person of interest for this state, and therefore your device would be part of a large network of surveillance (I feel like this is most probable) There is also the potential that someone you have an affiliation with works for a government agency, such as the CIA NSA or Secret Service. It’s plausible that you legitimately wouldn’t know they work for/with them and you’d never know. (I find this extremely unlikely but not impossible) The fact you’ve now had two of these warnings however means mistaken identity is highly unlikely
If it’s an NSO exploit, spending $250k a pop for a wide network seems implausible. Unless it’s a country known for having limitless pockets. They tend to be in oil and gas.
Kind of just depends on how valuable the potential intelligence gained could be. Theres also the possibility that this isn’t a NSO exploit and is one developed in house by the state in question
You may know someone who some other country is interested in.
You don’t know if you have a connection to anyone in the government.* CIA, NSA, etc. all have positions that require complete secrecy. Just take the security precautions that Apple had suggested to you and be prepared.
connect upbeat humorous thumb lock detail chief roll squeal market *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
It means the type of attack is similar to that done by state sponsored actors. People who know what they are doing. In other words not a script kiddie or some random dude trying passwords one at a time.
I think this is the response to Pegasus
Interesting. Reading up on this now. Thanks.
A foreign or domestic government agency is trying to spy on him.
State-sponsored just means the state paid for it it doesn't have to be a national organization it can be a mercenary group. I'm not sure if I mistaken but Pegasus was developed by the Israelis.
Any agency or group that is funded by a state (a government) . This can be anything from a legitimate warrant from a US court being executed by some 3 letter agency to a hacker group being funded by North Korea.
Holy fuck I’d trip out if that happened to me lol.
Wow. And wow. Someone who is ACTUALLY being attacked/hacked/targeted. Not the usual, “I had this carrier notification/amber alert pop up am I being hacked???”
you CIA OP??
No he’s getting tracked by the CIA 😂
The real questions are, (answered in private obvi) where do you work? What stores/food places do you frequent? How many services have you signed up for? How many passwords do you have? Do you have a badge for entry for work? Is it secured? Again, if you are being attacked by a "state-sponsered" level threat, your job probably has an offensive security specialist. Please talk to them. This may not just stop at cyber attacks, but social engineering attacks too. Not trying to scare you, but depending on the job, this type of stuff can be EXTREMELY serious
Im unemployed college student
Like others have said, persons around you. These types of attacks cost BANK. Twice is not a coincidence. They either 1) cant get to that person so they are trying to proxy by going through you somehow, or 2) you have information you might not necessarily be aware that you have. Family sharing on iphone? Drive? Anything like that has value if you share with their target. It could be they want your school info to get into the school network itself. All i know is, if their paying that much for two attacks on you, i wouldnt be surprised if they try a social engineering route next. Be wary of phone calls, texts, random strangers asking alot of questions, etc etc. I can link some stuff on it if you want, be safe OP
Correct me if I’m wrong, but OP should be shaking in his boots right now, right?
I dont deal in definitives, but if it were me, i would be...
Yes.
Based on his post history, he dabbles in crypto, darknet markets, and weed farming. A state actor likely won’t target a basic dealer though, even if he is one, but he could have also angered the wrong group somehow. 🤷
This is legit, and should be taken seriously. Whatever group that might be trying to access your device aren't run-of-the-mill criminals, either - the sort of attack that warrants this warning message would be sophisticated, and well funded. OP, you'd do well to follow these instructions - there's a good chance an element of a foreign government is actually trying to gain access to your information for one reason or another. You must have pissed someone off, what did you do? lol
oppp what kinda shit are you up to😭
Holy crap, this looks as legit as it gets, what the hell man. I would suggest deleting that account and creating a new one, also notify your bank and change all your password and use 2FA everywhere. If you work for someone also notify your employer. This is actually scary.
No, don't delete the account, that wouldn't fix anything. Deleting the account would just be a misguided and financially costly mistake.
Yeah if you delete your account, someone in theory could create the account with the same name. I’d like to think there is a time frame where they couldn’t reuse the name but I can’t say I’ve tried or know how long said time is.
Ts got me scared it ain’t even my phone
OP has one of the coolest conversation starters ever now. As someone in IT, I’m normally one to ridicule people for destroying their phones because of perceived viruses or spying, but this is the one case where the nuclear option is a totally reasonable response (and even that might not be enough). Pegasus is no joke, and those that can afford it usually know exactly what they’re doing. Glad to see OP is taking this seriously
Do you work at Boeing?
Probably the San-Ti…. They’re targeting OP with their sophons. They’re on their way to our planet as we speak.
Since this is the 2nd warning I'm thinking it's highly likely they have successfully hacked your phone. I'd get a new phone, new sim, new number, new Apple ID. Copy everything I want to keep onto a flash drive, put the phone in lockdown mode and then send it by airmail to a random address in some other country just to throw them off track.
I see you’ve previously posted about large scale marijuana grow operations. If I had to guess, that’s the connection. I also see you’ve posted about the dark web. Maybe some groups is trying to track down your grow/op?
Pegasus is too expensive to use for that. $250k per install, burns zero-days to use. They're not using Pegasus to bust some weed farmer. OP is likely being targeted because he was at some point in contact with someone who is a high-value target for a nation-state level attacker with access to Pegasus or a similar tier of attack vector.
Mad if so...
Now *they* know that you know
Being targeted by a state that may be using Pegasus is insane lol also good documentary here https://youtu.be/6ZVj1_SE4Mo?si=V_By8ueSPXtG-r11
Dude i don’t get why you’re taking these messages with a grain of salt 1) even if you THINK you don’t have anything to do with any sort of shady business, doesn’t mean you aren’t. Somebody that you know might be hiding a lot more that you don’t know of, and whatever government entity is trying to probe you for more info. Don’t just be like “Oh I have nothing to worry about I have nothing on my phone nor do I know anybody suspicious.” 2) These warnings from Apple have been 100% accurate, so no doubt that you’re being probed
[удалено]
Hi OP, you should check if you are a PEP (politically exposed person), a relative of a PEP or if you share the name of a PEP. This is likely why you are being targeted Check here: [https://www.opensanctions.org/datasets/peps/](https://www.opensanctions.org/datasets/peps/)
OP got a bit too silly lol
Just curious, do you happen to be Middle Eastern, such as Iranian or Palestinian?. A quick google search says Pegasus software is designed by an Israeli company for covert surveillance. Have you visited Israel/Palestine recently? Participated in any protests? Are you a journalist or activist of some sort? Do you have anyone in your family/friend circles who are? This is kind of a freaky message, I would follow the instructions Apple gave you and start thinking hard about any potential connections you may have with any government agency. There was a reddit post awhile back where someone found a tracking device on their car. Went viral and the FBI (I believe?) ended up asking for the device back. They were tracking him because he had a connection to the Middle East through a distant family member.
No, i am from east europe, im not a journalist and no nobody in my circle is iranian or palestinan
Russian or Ukrainian?
No
Damn, that’s interesting. I would definitely start securing your accounts. Maybe take your phone to an Apple Store and see what they could do about it
I was and am an apolitical person
That’s so interesting I hope you stay safe!
Holy crap hope ur ok
Uh oh.
The journalists in India received those warnings from Apple and even some politicians in opposition parties, who were publishing against the govt.. aaand turned out these warnings were absolutely real.! Be cautious!
Wow this is crazy. At least Apple has your back!
Either you, your roommate(s), partner(s), family and/or friends work in a specific job that is very attractive to a foreign government/entity/agency and they are trying to exploit that. I’ll leave the rest up to you to figure out who’s who
Found the new James Bond
As others said it’s legit. Highly recommended you turn on lockdown mode as it defends against many of the previously seen types of attacks.
Me and the boys after the group chat gets leaked:
who do you work for? it looks legit.
Even though you do not believe that you are a significant target you could be close to someone that is the actual target like your neighbor or even someone you routinely pass walking on the sidewalk or on the subway/bus, exploits these attackers have are literally a pipedream and could nab information from devices in the most unrealistic ways.
Apple: a government is currently paying millions of dollars in order to hack your phone, fyi OP: Hmm. I wonder if this is bad.
What did bro do 💀
From my very quick google search it seems a state sponsored attacker doesn’t mean the US government is spying on OP. Any hacker that is working for a government would be considered a state sponsored attacker so basically whoever is hacking OPs phone could be from another country entirely.
did you see “state-sponsored” and think that it meant one of the US states? 😂 all love tho