This website uses cookies

Read our Privacy policy and Terms of use for more information.

AI-assisted content

Three things failed this week, and in each case the failure happened at a layer below where the defence was built. A court order did not stop a spyware operation. A sovereign platform did not survive a single compromised account. A reference list did not survive a plausible-sounding fabrication. The technical and legal architecture held. The human layer did not, and the scientific layer is worse than most practitioners have accounted for.

Intercept

Meta filed for contempt after NSO Group resumed Pegasus spear-phishing operations on WhatsApp in defiance of a permanent court injunction issued in 2025.

Signal

France's sovereign government messaging platform, mandated for all civil servants after the WhatsApp and Signal ban, was entered through one socially-engineered account. The architecture worked. The human layer did not.

Shadow

The Topaz et al. Lancet audit documented a 12-fold rise in fabricated citations across 2.5 million biomedical papers. The detectable failure is the smaller problem. The resolves the commitment from Issue #004.

• • •
Section 01 of 03 · Intercept
01

NSO Group resumed Pegasus operations after a permanent injunction. Meta is back in court.

On June 8, Meta filed a contempt motion against NSO Group in a US federal court, alleging that the Israeli spyware firm had violated a permanent injunction issued in 2025 almost immediately after it was handed down. Meta's threat intelligence team documented at least 23 WhatsApp accounts and 34 groups linked to NSO created between January and early June 2026, the majority used for testing and some for active targeting. The campaign used deceptive links designed to push users off WhatsApp to external sites, a one-click phishing technique consistent with previously documented NSO tradecraft. Targets were identified in Jordan and Lebanon. Meta disrupted the operation after investigating user reports, then moved to court.

Permanent injunction: 2025. Resumed operations: January 2026. Contempt motion filed: June 8. Infrastructure: 23 accounts, 34 groups, active targeting confirmed.

The practitioner read here is not primarily about NSO. It is about what a court injunction does and does not constrain. The 2025 ruling barred NSO from targeting WhatsApp users and extracted $168 million in damages across a six-year civil case. NSO is appealing the ruling. In the interval between the injunction and the appeal outcome, the infrastructure kept running. The legal order did not pause the operational posture. For any investigator modelling the threat environment around a high-risk source or subject, the NSO contempt motion is a data point about how persistent spyware actors treat legal constraints: as a variable in the risk calculation, not as a ceiling on operations.

What to do this week

A court injunction against a spyware vendor is not a threat model update. The operational posture of persistent actors does not track the legal calendar. If your threat model relied on the 2025 ruling as a constraint, revise it.

The contempt motion itself is worth reading for the detection methodology Meta describes: user reports triggered the investigation, which then found the test accounts and groups through platform telemetry. The operational chain ran from human reporting to infrastructure discovery. That sequence matters for newsrooms and civil society organisations managing high-risk contacts: if a target's device is compromised and they report suspicious behaviour, the evidentiary trail from that report to the infrastructure is now documented in a court filing. The detection model is user-initiated, not automated. The implication is that targets who do not recognise or report the approach are not in the dataset.

• • •
Section 02 of 03 · Signal
02

Tchap's architecture held. One socially-engineered account was enough.

On June 7, ANSSI detected a breach of Tchap, the French government's sovereign messaging platform. Tchap was built on the open-source Matrix protocol by DINUM, France's interministerial digital directorate, specifically to keep government communications on state-managed infrastructure rather than foreign platforms. In August 2025, Prime Minister Bayrou mandated its use for all civil servant work communications and banned WhatsApp and Signal for official use. By the time of the breach, Tchap had over 800,000 registered civil servants across all major ministries. The attacker gained access through a socially-engineered account on Tchap's education environment. DINUM identified and blocked the compromised account and launched an investigation.

Platform: sovereign, state-built, Matrix protocol. Entry point: one socially-engineered account. Private rooms: end-to-end encrypted, inaccessible. Public rooms: unencrypted, accessible to any user.

An unverified attacker using the handle Misère claimed access to around 73,000 accounts, 643,000 messages, 13.5GB of files, and approximately 90 items carrying a Diffusion Restreinte classification marking -- none of which DINUM or ANSSI confirmed. What is confirmed: one account, one social engineering approach, access to public unencrypted rooms. The architecture performed as designed; the failure was not in the platform.

The call

Platform sovereignty and operational security are separate problems. France solved the first one. The Tchap breach is a case study in why solving the first one does not automatically address the second, and why any platform migration programme that does not include human-layer security training has an unaccounted-for residual risk.

The structural question the Tchap breach puts to any organisation running a mandated platform migration is specific: what changed in the human-layer security posture when the platform changed? A ban on WhatsApp and Signal removes the foreign infrastructure dependency. It does not transfer the operational security practices that experienced users of those platforms had developed over years. A civil servant who understood not to share sensitive material in a WhatsApp group chat may not have the same instinct about a public Tchap room, particularly in the first year of a mandated transition. The investigation is ongoing. Until DINUM and ANSSI publish findings on how the account was compromised and what the attacker could access, treat the unverified claims as indicators rather than confirmed facts, and the confirmed access as the floor rather than the ceiling.

• • •
Section 03 of 03 · Shadow
03

The CITADEL audit found 4,046 fabricated citations. That number is a floor, not a count.

The Topaz et al. correspondence published in The Lancet on May 9 presents CITADEL, the first systematic audit of reference integrity across the biomedical literature at scale. The team scanned 2,471,758 papers and 125,615,773 structured references in the PMC Open Access subset from January 2023 to February 2026. Of those references, 77% carried a PubMed identifier and were verifiable. The remaining 23%, covering websites, books, and grey literature, were excluded. Among the verified references, the pipeline identified 4,046 fabricated citations across 2,810 papers. The fabrication rate rose from approximately four per 10,000 papers in 2023 to 56.9 per 10,000 in early 2026, a 12-fold increase. Review articles had a fabrication rate 57% higher than other paper types. Of the 2,810 affected papers, 98.4% had received no publisher action at the time of the audit.

2.5 million papers audited. 77% of references verifiable. 4,046 fabrications confirmed. 98.4% of affected papers: no publisher action. Pipeline precision: 91%. Recall: unmeasured.

The 4,046 number is the figure that will travel, and it is the wrong number to anchor on. The authors are explicit about this: the pipeline estimates precision, not recall. Fabricated references that evaded all filters are not counted. The 23% of references excluded for lacking a PMID represent a population where fabrication may be more or less common, and the audit has no estimate for either direction. PMC Open Access is not the full biomedical literature. The early 2026 data covers seven weeks. The confirmed fabrications are what the pipeline caught within its scope. The scope excluded most of the literature.

What this means for practitioners using biomedical literature as a source layer

The fabricated citations in this dataset were not obviously defective. Topically specific, correctly formatted, attributed to real researchers, bearing plausible publication dates. The pipeline caught them because it could cross-check identifiers against four independent databases. A working journalist or investigator reading the citing paper has none of that infrastructure in their workflow. The audit also identified paper mill patterns: the same two authors appearing across 11 papers in a single surgical journal in 2025, with 15 fabricated references covering CRISPR diagnostics, AI-guided nanovaccines, and gut microbiome biomarkers, all sharing a core co-authorship pair. That is a coordinated contamination of the literature, not a noise problem. For investigators using biomedical literature to support claims about health, pharmaceutical, or environmental topics, the workflow implication is immediate: a published, peer-reviewed citation is no longer independently sufficient evidence that the cited study exists and says what the citing paper claims. Verify the primary source directly. That step is not optional.

Where this lands

The 4,046 confirmed fabrications are what the pipeline caught within its scope. The scope excluded most of the literature, and 98.4% of affected papers remain in the published record uncorrected. The detectable failure is the smaller problem. Check the primary source.

• • •
Also this week
THE RECORD
UK weakens proposed telecoms defenses against Chinese hackers after industry pushback

Britain rolled back post-Salt Typhoon cybersecurity protections for its telecoms networks after BT, VMO2, VodafoneThree, Sky, Ericsson, and AWS lobbied against cost and practicality requirements. The NCSC has acknowledged Chinese hackers targeted UK critical sectors. The structural tension the Record documents is the one that runs underneath Tchap and NSO alike this week: organisations that want protection from state-backed actors but resist the obligations that effective defence demands.

BELLINGCAT
Heading Off: New Technique Helps Track Grain Smuggling Expansion to Libya

Bellingcat used AIS heading data as a new tracking technique to follow the bulk carrier Grumant from the occupied port of Feodosia in Crimea to Benghazi, Libya, where it arrived on April 18. The methodological note is the story: heading data as a complement to position tracking when vessels are going dark or manipulating their AIS signal. Five ships Bellingcat previously identified in this series have since been sanctioned by the EU; a sixth by US Treasury. The technique has direct applications to any maritime investigation where position data has gaps.

INDICATOR
Get your machine set up for OSINT

Craig Silverman surveyed working investigators on first-install tooling and built the results into a structured setup guide covering apps, browser extensions, and OPSEC defaults. Worth reading as a calibration check against your own stack. The framing from Justin Seitz is the right note to carry into any tool guide: none of it is irreplaceable. Paywalled; the link above provides gift access. Disclosure: Derek Bowler contributed to this piece.

EU COMMISSION
EU Icons for labelling AI-generated content

The European Commission published the final Code of Practice on marking and labelling of AI-generated content on June 10, ahead of Article 50 of the AI Act becoming enforceable on August 2. The code is voluntary. The obligations it codifies are not. From August, deployers must label deepfakes and AI-generated or manipulated text published on matters of public interest -- two categories that sit directly in investigative workflow. The EU icons are free, available in SVG and PNG, require no attribution. The deadline is the thing to calendar.

• • •
■  From Signal & Shadow

TEL-002: Trace a mobile number to a named subscriber identity

Both the NSO contempt motion and the Tchap breach reduce to the same operational question: how do you get from a platform, a number, or an account to a named person? The NSO campaign was detected when users reported suspicious links. The Tchap attacker entered through a single account. In both cases, the investigative move that matters is attribution: working from the contact point back to the actor.

TEL-002, published this week, is the Signal & Shadow reference card for tracing a mobile number to a named subscriber identity. It walks the MSISDN parse, HLR status confirmation, pivot to social media and breach records, and the construction of a graded attribution dossier. The card covers what each data source establishes, what it cannot establish, and where the confidence grade shifts.

Available to Signal and Shadow tier subscribers.

Read TEL-002
Next Thursday

Director name reconciliation across three jurisdictions: a structured AI prompt that normalises registry extracts onto one schema and surfaces the fields doing the discriminating work. Issue #006.

The work continues.

Derek

• • •

The Signal is the weekly intelligence briefing from Signal & Shadow, an independent forensic investigation and methodology practice.

Signal & Shadow  ·  signalandshadow.io  ·  Issue #005  ·  19 June 2026

Reply

Avatar

or to participate

Keep Reading

© 2026 Signal & Shadow. All rights reserved..
beehiivPowered by beehiiv