Jonathan Scott is becoming the Alex Jones of cybersecurity
A Twitter contrarian’s journey from shoddy analysis to blatant disinformation and conspiracy theories.
I enjoy conspiracy theories. Since I was little, maybe 11-years-old, I have shown an unhealthy amount of interest in everything that had to do with “them” hiding the real truth from “us.” Whether it was the Pyramids, Moon landings or aliens I’ve always wanted to know more. It was the constant pursuit of uncovering something new, exciting, a mystery.
As I grew older I’ve started looking for patterns, understanding how conspiracy theories are constructed and how they are simultaneously very wrong and difficult to debunk. I’m also fascinated with the way the human brain works and how its perception of the world allows for conspiracy theories to gain a foothold. I attribute my career in malware analysis in part to this dopamine-releasing curiosity, a curiosity which made me look at things and dismantle them into easily understandable (and, if needed, debunkable) pieces.
When Jonathan Scott (jonathandata1 on Twitter) started coming up with different conspiracy theories related to commercial spyware these two distant parts of my mind, one being interested in malware analysis and the other being curious about conspiracy theories, suddenly merged and drew me in like Harry Potter and the Deathly Hallows on the night of its release in bookshops.
Conspiracy: Pegasus comes from China
My first personal encounter with Jonathan Scott was a very bizarre one, which in retrospect I should’ve interpreted as foreshadowing. Jonathan has submitted a report stating that Pegasus is Chinese malware and NSO is simply a reseller of said malware. An analyst had then changed the status of the submission to “accepted” which to Jonathan meant that his report was validated as truth.
Gynvael tried to explain to Jonathan what the “accepted” status meant by sending the tweet below, which I liked on Twitter.
After I liked that tweet Jonathan Scott reached out to me asking if I really meant to like it or if it was a mistake. It all happened on the same day, February 9, 2022.
Despite my fascination with conspiracy theories I have never talked to a person who honestly believed in them, let alone someone who creates the chaos of misinformation. The resulting exchange was an interesting, if pointless, chat in which Jonathan completely ignored my arguments and instead said that his findings are based on a different sample than the one I referenced.
His statement turned out to be a lie, of course. However, my mind still couldn’t agree with this disconnect. On one hand we have a technical analysis of a sample, which clearly shows it’s not Pegasus and it’s an app used to cheat in games freely available on two different app stores, on the other hand we have the arguments which are pure technobabble and yet, people have actually reported on the technobabble (for example this article in Polish is still up despite my attempts to ask Telepolis to take it down).
Jonathan Scott’s conspiracy theory even made it to the Polish Senate floor and a question about it was asked to a Citizen Lab expert during a committee hearing. This happened despite NSO admitting to writing Pegasus in the very cringy post in which they explain that the company’s flagship spyware is named Pegasus because their software developers wanted to be unicorns (I think they need to brush up on mythology). How is such reach of a clear lie even possible?
The creation of myth
While believing in conspiracy theories can be somewhat explained — whether it’s the feeling of being smarter than others, longing for a more purposeful and complex explanation of a huge event, alignment with personal beliefs, or other similar reasons — the reason for creating a conspiracy theory seems to be harder to grasp. What is the end game of a conspiracy theorist? How do they decide on the specifics of their theory? Why do they want to spread their theory?
The reason may be a combination of a rush of making outrageous claims (not dissimilar to the rush online trolls experience), news outlets increasingly focused on getting clicks and personal gain. In the case of Jonathan Scott I believe that the source of the conspiracy theory is the need to be a contrarian, because being mainstream didn’t get him the attention he wanted.
In 2021, Jonathan Scott was actually publicly supportive of organisations working to uncover the abuses of spyware. In fact, he was seeking their attention and approval for his projects. However, it seems like he was largely ignored and as such decided to do a 180. Going against the mainstream and making bold claims stemming out of misguided analysis is the basis of almost all conspiracy theories — whether it’s Covid-related ones, flat Earth, Moon landings — all of them are based on misrepresented analysis of facts and stand in opposition to the mainstream view.
The question I was never able to answer, not when I was 11 years old and not now, is whether conspiracy theories are created in a planned, well thought out manner or whether they are created ad hoc, en masse and the ones that stick are then promoted more than the others that don’t land properly. Most likely it’s a combination of both approaches. Creating conspiracy theories ad hoc has the advantage of spewing lots of statements which then need to be debunked in a disproportionately thoughtful and researched manner. This creates a power imbalance in favour of the conspiracy theorist.
However, the origin of a conspiracy theory — whatever it may be — doesn’t explain the ultimate goal of the theory’s existence and the reason for disseminating it.
Conspiracy theories, money and politics
My 11-year-old self considered conspiracy theories a curiosity. I’m sure I would not use these words back then, but I thought of them as something harmless that is disseminated as a way to spread (often misguided) discoveries and question the world we live in. There was no ulterior motive to them, just misunderstanding of science, which could paradoxically push the science forward to explain the minute details highlighted by the conspiracy theory community. I still believe that thanks in part to the “alien” theories of the creation of the Pyramids we have grown our understanding of how the ancient tombs were actually built.
As I grew older I’ve started seeing a shift either in the conspiracy theories’ purpose or in my understanding of that purpose. I’m still not sure which one has actually happened and I’m also not certain if I will ever know this. When I first learned about Alex Jones it became clear to me that you can become famous and make a business out of conspiracy theories. With QAnon it became clear that you can gain political power out of conspiracy theories. They were no longer a curiosity I wanted to study, they were becoming a tactic of power and money in the connected world we live in today.
It’s not surprising that Jonathan Scott has found people who want to use the conspiracy theories he’s creating for their political games or to further their business. The most obvious of these is the NSO Group — the creators of the Pegasus spyware. Their sales executive has praised Jonathan for his “genuine, independent and bold perspective”.
However, there’s more under the surface. People who want to use Jonathan Scott’s conspiracy theories for political gains have only two options. You either try to walk a very fine line of distancing yourself from the person of Jonathan Scott while promoting the conspiracies he creates or you go all in and join for a wild ride in an unknown direction, which you do not control. It is the exact same pattern seen with people who want to promote QAnon or Alex Jones. They either choose to go all in and risk being dragged into an unknown direction, or say that some of the facts are worth taking a deeper look, without actually referencing the persona of Alex Jones or the existence of a larger QAnon conspiracy and their accompanying baggage.
Jonathan Scott’s extended universe
In the world of Jonathan Scott the former approach is represented by Irina Tsukerman, while the latter is represented by Jose Olivas. Irina Tsukerman’s brand of disinformation is less interesting because I don’t believe anyone will take her seriously. Much like Alex Jones’ affiliates, people who go all in on the conspiracy theory ride are pretty quickly lumped together and the distinction between the different flavours of conspiracies becomes meaningless.
Jose Olivas, however, is much more interesting. He is using Jonathan Scott’s research for political reasons and really tries to balance the fine line of not giving in on everything Jonathan Scott is posting. For example he refused to say that Jonathan Scott’s paper on Catalangate is a scientific paper and admitted that there may be some mistakes in it.
This is similar to claiming that you’re not supporting the whole world of Alex Jones conspiracy theories, or even that you’re not supporting a particular episode of his show, but rather that one or two of his statements may be true. This accomplishes two goals: you won’t be branded as being an affiliate of the conspiracy theory author and you are still able to disseminate the conspiracy theory. By making the audience overlook the entirety of the Jonathan Scott/Alex Jones persona, you are trying to make the audience look at one particular, heavily curated, part of the whole show and disregard the rest of it. This magic trick tries to get around the fact that you should absolutely not trust anything that Alex Jones (or Jonathan Scott) is saying.
Jose Olivas and Jonathan Scott feed each other with even more conspiracy theories and political talking points. Take a look at the two tweets below, sent on the same day. Both of them have slightly different takes on the screenshot but they both have the exact same screenshot. I don’t mean that the contents of the screenshot is the same, the file itself is the same — it has the same SHA1 hash. The file also has forensic artefacts consistent with other screenshots posted by Jonathan Scott, which leads to the conclusion that it was very likely copied by Jose Olivas. The screenshot presents a week old tweet that has been suddenly resurfaced by both of them on the same day.
This shows that they work in at least a loosely coordinated manner, even though Jose Olivas tries to distance himself from Jonathan Scott. This is similar to Alex Jones’ followers who try to use the same arguments but do not attribute them to Alex Jones for the fear of being immediately ignored, as they should be.
The future
As I’ve mentioned Alex Jones is mostly ignored by the media today, except for some fringe outlets. However, the road to today was very bumpy and difficult. He managed to amass wealth, fame and followers. He managed, much like Jonathan Scott does today, to attack people who disagreed with him or who just didn’t match his narrative, like the parents of the Sandy Hook victims. The Alex Jones damage is done and hopefully mostly contained. Jonathan Scott’s damage is, unfortunately, still happening.
Jonathan Scott has been let go from his online-only PhD programme (which starts every Monday) for code of conduct violations. The university also cut itself off from his research on Pegasus. The BBC has edited a recording of an interview with him. A talk he was set to give at a conference was cancelled. He was banned from bug bounty platforms. Overall, we are halfway through Jonathan Scott’s Alex Jones trajectory. However, I’m still getting messages from journalists either asking me about Jonathan Scott or thanking me for speaking up. He is still being read by people who don’t know that they are promoting conspiracy theories, mostly due to the delicately balanced amplification of his message by Jose Olivas and others.
How do we make sure that we speed up the process of universally recognising Jonathan Scott as the Alex Jones wannabe of infosec? How do we make sure that Jonathan Scott/Alex Jones doesn’t happen again, particularly in a highly technical field like infosec? I don’t have the answer to that question, but we should all be asking ourselves that.
I, like you, deeply care about the state of cybersecurity research. I know that there are amazing researchers out there who deserve much more credit than they are getting. On the other end there are people who get a lot of credit for the disinformation they are spreading. My contribution to this problem is writing about Jonathan Scott until there’s a calendar month in which I’m not asked to explain why he is not trustworthy. I hope that month comes soon.
Everything is bleak, but we can still laugh
If you’ve managed to reach the end of this long blog post you definitely deserve a treat. Conspiracy theories often go in odd and amusing directions. Much like Alex Jones’ famous quote “chemicals in the water are turning the frogs gay”, both Jonathan Scott and Jose Olivas also have their own fair share of ludicrous claims. Here are some of them.
The first one would be a great scenario for a terrible hacking episode of a Hollywood TV series. I think it would go like this:
An office full of monitors, with not enough light. All monitors have the font colour set to neon green which is projected on a transparent glass. A notorious hacker collective is using a Twitter account to spread chaos around the world. The CSI: Cyber Special Tracking Division (known as Cyber STD) creates an undercover Twitter account in order to engage with the hacking collective. They start exchanging tweets in the foreground of the scene. You can hear someone in the background shouting: keep them tweeting, we are getting closer to tracking them! The monitor scrolls through different IP addresses and with every tweet another number gets locked into place. Finally, when they have just one number left to uncover, their account gets taken over by the hacking collective and they lose everything. Cyber STD has failed, cut to the commercial break.
The second example is even better for a feature length movie. The first tweet in that thread is a funny joke about the word “port” standing for both network and physical ports in a computer. However, Jonathan Scott, in order to continue his contrarian statements and in an attempt to embarrass the infosec expert, tries to present a different hot take on the joke and obviously fails spectacularly.
USB over IP has nothing to do with the USB port being “open.” However, I can still see a movie in which the antagonist — a malicious hacker — forgets to glue the USB cable from the bomb to the workstation controlling the explosive device. The protagonist then is able to use that fact to hack it remotely using USB over IP (the IP address will, most likely, have 5 octets). Since the USB is not hot glued, the protagonist exclaims the USB port is open and proceeds to disconnect the USB cable from the machine thus preventing the explosion. Drinks all around.
Finally, the last one comes from Jose Olivas. He tries to build a narrative of some special shady “lobby” where different organisations take part in a massive conspiracy. However, the Threat Intel Coalition is part of the Forum of Incident Response and Security Teams (FIRST). FIRST is an organisation founded in 1990 which provides a forum for information exchange and coordination. It consists of 652 teams in 101 different countries. The equivalent would be trying to paint a picture of a UN committee as a shady world government structure, in a vein very similar to Alex Jones’ claims.
This brings me back to my 11-year-old self fascinated with Illuminati, Freemasons and Knights Templar. It also reminds me of my disappointment when I discovered that Freemasons are a very boring organisation. I think that Jose Olivas would be similarly disappointed if he did any research into FIRST.
One more thing…
I hope that counteracted the bleakness of the first part of this post. I also hope that we can, together, find a way to stop conspiracy theory creators before they start doing real-world damage. If I told my 11-year-old self that conspiracy theories he’s so diligently studying will create disruption, be presented as news and sway elections, he probably wouldn’t understand. I don’t think I should have to understand it today either.
