A front company and a fake identity: How the U.S. came to use spyware it was trying to kill | The Japan Times |
The secret contract was finalized Nov. 8, 2021, a deal between a company that has acted as a front for the United States government and the American affiliate of a notorious Israeli hacking firm.
Under the arrangement, the Israeli firm, NSO Group, gave the U.S. government access to one of its most powerful weapons -- a geolocation tool that can covertly track mobile phones around the world without the phone users' knowledge or consent.
If the veiled nature of the deal was unusual -- it was signed for the front company by a businessperson using a fake name -- the timing was extraordinary.
Only five days earlier, the Biden administration had announced it was taking action against NSO, whose hacking tools for years had been abused by governments around the world to spy on political dissidents, human rights activists and journalists. The White House placed NSO on a Commerce Department blacklist, declaring the company a national security threat and sending the message that American companies should stop doing business with it.
The secret contract -- which The New York Times is disclosing for the first time -- violates the Biden administration's public policy, and still appears to be active. The contract, reviewed by the Times, stated that the "United States government" would be the ultimate user of the tool, although it is unclear which government agency authorized the deal and might be using the spyware. It specifically allowed the government to test, evaluate and even deploy the spyware against targets of its choice in Mexico.
Really limited to Mexico? The Dutch intelligence groups have been using spyware in support of the U.S. government in decryption of communication drugs cartels. What spyware would the Dutch be using? The Dutch too hacked the Russian Cozy Bear intelligence groups in December 2014.
Israeli Spyware Developer, NSO Group, On the Ropes; Considers Sale to US Investment Firm | Tikun Olam - Jan. 29, 2022 |
Israel's NSO Group, the world's most successful spyware developer, is on the ropes. An Israeli court appointed a trustee for three of its subsidiaries which specialize in cyber-defense products. These companies argue that their interests are separate from those of NSO Group; and that CEO Shalev Hulio is withholding salary from its employees in order to preserve cash to pay hundreds of millions in looming debt repayments. Over $500-million in outstanding debt comes due in the coming months with no visible means of repaying it. Meanwhile, the US government has blacklisted NSO and crippled its ability to finance its operations.
Haaretz reported in the past few days that NSO is in "advanced" talks with US investment company, Integrity Partners, who would buy it for $300-million. The funds would be invested in the new company and allow it to dump most of its current clients and transform its business model from cyber-offensive to cyber-defensive products. Integrity's co-founders served in the US military and maintain close ties to high-level US officials. These ties would be used to lobby for removal of NSO from a US blacklist, which currently hamstrings the company's financing and client recruitment.
Seeking a lifeboat, NSO Group in talks with US investors over possible sale | TOI - Jan. 26, 2022 |
Spyware maker reportedly in negotiations with Integrity Partners for $300 million cash infusion as it seeks to turn around, remove US sanctions
According to Bloomberg, NSO Group has been looking to be acquired by a company that could reposition it by using the technology behind Pegasus for cybersecurity rather than hacking.
The restructuring deal detailed by Haaretz would see the company focus on clients from the Five Eyes intelligence alliance comprising the US, UK, Australia, Canada and New Zealand. Its 37 current clients would be jettisoned. [Add some more countries to the Nine Eyes which includes The Netherlands, a leader in hacking capabilities]
Integrity Partners, which advertises itself as a mobility and infrastructure investment firm led by former US military officers, would attempt to remove the company from the US blacklist while continuing to develop Pegasus, according to Haaretz.
In the Summer of 2021, the United States of America with Joe Biden laid the groundwork on decisions to push forward their agenda of previous decades, realizing a New World Order.
Facing the retreat from Afghanistan as the Taliban moves into one district after another with little resistance, the refusal of the White House to come to terms with Iran and agree on the Obama designed JCPOA, losing a foothold in Central Asia and the Caspian Basin ... a plan was designed to confront Russia dubbed a "pariah" state by Ivo Daalder and the Atlantic Council in 2008 and the economic powerhouse, China, struggling with the pandemic.
Joe Biden "agreed" to let Germany complete the Nord Stream 2, already delayed for years due to heavy U.S. sanctions. Joe had other evil plans knowing his adversary Angela Merkel would step down in the Fall with German parliamentary elections. NATO plans have been in place to confront Russia after the blunt 2014 coup d'état in Kyiv and the repossession of Crimea by Russia due to the critical naval base at Sevastopol, basically providing control over the Black Sea. No Liz, not the Baltic Sea as you had crucial talks with Lavrov before the outbreak of hostilities in 2022.
The 19th of July: divided or united in cyberspace? From the EU and NATO to Five Eyes and Japan
Introduction
On 19 July 2021 the EU's High Representative for Foreign Affairs and Security Policy (HR), Josep Borrell, published a Declaration on behalf of the EU urging the 'Chinese authorities to take action against malicious cyber activities undertaken from its territory'. The HR's Declaration kicked off a host of other government statements and tweets on that day, encompassing a wide range of different attribution assessments, intelligence assertions, strategic objectives and diplomatic support.
Coordinated to a degree by Washington, the flurry of statements by the EU, NATO, Five Eyes and Japan on Chinese cyber activities was perceived by numerous media outlets as one coherent narrative with a few subtle discrepancies. The goal of this Working Paper is to break that narrative apart by contextualising government motivations and disentangling the political intricacies that were on display that day.
The EU
Since the introduction of the EU's Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities on 19 June 2017 (the so called 'cyber diplomacy toolbox'), the EU's HR has made six Declarations (excluding the Declarations on EU cyber sanctions). They include a Declaration on respect for the rules-based order in cyberspace (12 April 2019), a call for responsible behaviour after the cyber-attacks against Georgia (21 February 2020), on malicious cyber activities exploiting the coronavirus pandemic (30 April 2020), to promote international security and stability in cyberspace (30 July 2020), on expressing solidarity with the US on the impact of SolarWinds (15 April 2021) and the most recent one on malicious cyber activities undertaken from Chinese territory (19 July 2021).
Summary
The coordinated public attribution campaign by the EU, NATO, Five Eyes and Japan on 19 July 2021 has been portrayed as a largely coherent effort of like-minded countries confronting China's malicious cyber activities. As this Working Paper will show, this was the case neither in substance nor in form.
For instance, while the Five Eyes are the most coherent group when it comes to public attribution, confronting Beijing on the MS Exchange campaign, and highlighting Advanced Persistent Threat (APT) 40 activity, they failed to achieve consensus on denouncing Beijing's use of 'criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit'.
Similarly, given the absence of high-volume and high-profile APT40 activity in Europe , it should come as no surprise that the majority of NATO and EU member states were relatively muted on the issue.
Meanwhile, the Japanese government -for the first time ever- put forward its own public attribution assessment on APT40. Based on the public information available as of the time of writing, this Working Paper aims to disentangle and explain what occurred on 19 July.
To the author's knowledge this is the first ever case study to take a deep look into a coordinate attribution campaign. It brings together an in-depth analysis of the various government statements and a database that tracked the social media behaviour of numerous government ministries on 19 July 2021.
APT41, A dual espionage and cyber crime operation | FireEyes |
China's cyber capabilities warfare, espionage, and implications for the United States
China's cyber operations pose a serious threat to U.S. govern- ment, business, and critical infrastructure networks in the new and highly competitive cyber domain. Under General Secretary of the Chinese Communist Party (CCP) Xi Jinping, the country's leaders have consistently expressed their intention to become a "cyber superpower." China has developed formidable offensive cyber capabilities over the past decade and is now a world lead- er in vulnerability exploitation. As a result, China's activities in cyberspace constitute a fundamentally different, more complex, and more urgent challenge to the United States today than they did a decade ago.
How EFF's FOIA Litigation Helped Expose the NSA's Domestic Spying Program | March 21, 2014 |
Nothing here to see ....
U.S. and U.K. spies stole encryption keys from the leading SIM card maker, exposing communications on millions of mobile phones | The Intercept - Feb. 19, 2015 |
American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world's cellular communications, including both voice and data.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
In all, Gemalto produces some 2 billion SIM cards a year. Its motto is "Security to be Free."
History ...
ARM, Gemalto and G&D tie up on mobile security | Reuters |
British chip designer ARM Holdings ARM.L said on Tuesday it was tying up with Amsterdam-based smart card maker Gemalto GTO.PA and German technology firm Giesecke & Devrient to increase security for services running on smartphones and tablets.
The companies said the joint venture would drive adoption of a common security standard in mobile devices.
Gemalto now known as Thales Digital Identity and Security with acquisition completed | Apr. 2, 2019 |
Dutch proposal to search and destroy foreign computers | Bits for Freedom - Oct. 18, 2012 |
The Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. Dutch digital rights movement Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal.
Dutch are champions with 26,435 phone taps in 2009
Wire tap technology is proprietary of the Israeli supplier of the computersystem for intercepts (Verint).
Minister Plasterk: I Had No Snooping Idea We Did It | by Oui on Feb 5th, 2014 |
Dutch government, not NSA involved in snooping De Volkskrant | Feb. 5, 2014 Minister of the Interior hasn't got a notion which intelligence agency is collecting 1.8 million metadata of Dutch citizens' phone calls each month.
In October on TV news broadcast [video], he got a wire from NSA directly, confirming they had collected this data. Today, Plasterk had to backtrack and made a statement, the Dutch military intelligence MIVD and AIVD were responsible through their unit called National Sigint Organisation (NSO). Defense Minister Hennis seems to concur, stating it was not against Dutch law for this data gathering and sharing it with the US super intelligence agency NSA. Dutch telephone subscribers are not part of this exchange. Similar to role of GCHQ and NSA.
🤥 🤥 🤥
Dutch government to introduce full access data surveillance
Dutch intel bill proposes non-specific (`bulk') interception powers for "any form of telecom or data transfer", incl. domestic, plus required cooperation from "providers of communication services" | July 2, 2015 |
Dutch and Cybercrime: Meetings CIA, FBI, Mossad and Russian FSB
On Saturday, May 27, the Dutch newspaper De Volkskrant came with a surprising story about the cooperation between the Team High Tech Crime (THTC) of the Dutch police and officials from the Russian federal security service FSB, which is the main successor to the notorious KGB.
Since 2009, regular meetings are held in the Netherlands, in which also officials from the FBI participate. The aim is to cooperate in tracking down and eventually arresting cyber criminals. The Americans were caught hacking the lap tops of participants.
[...]
A bag was placed over his head and he was frogmarched from the room in handcuffs.
Sergei Mikhailov - apparently a high level cyber asset - was originally recruited by the Americans during a vacation in a Mediterranean country, according to TV channel REN, citing security service sources.
The implications of large-scale data mining by intelligence agencies in the Netherlands | Jan. 13, 2023 |
In June 2022, the Dutch newspaper de Volkskrant published an article in which four anonymous sources confirmed that the Dutch intelligence services used the Israeli software Pegasus. The intelligence agency does not want to confirm or deny the use of the software.
Still, rumours are at least remarkable since the Dutch government earlier forbade the use of hacking software that was also sold to authoritarian regimes elsewhere in the world (Modderkolk, 2022).
Later in 2022, the Dutch Minister of Justice and Security again tried to implement a bill providing more powers to intelligence services, but the Council of State rejected the bill because it was too unclear (Geurts, 2022).
In September 2022, this proposed bill led to the resignation of a member of the oversight committee [Bert Hubert] who said the bill was not sincere and meaningless unnecessary.
Departure Bert Hubert as member TIB | Sep 09 2022 |
Today was my last day as a member of the Assessment Committee for the Use of Powers of the Intelligence and Security Services (TIB), the committee that tests in advance bindingly whether the intended use of the most stringent powers of the AIVD, civilian, and MIVD, military intelligence, is lawful.
Participation Bert Hubert in Round Table discussion | April 5, 2023 |
But this new proposal does not do that at all. The proposal does not tackle cyber scum, in particular the proposal makes it easier to eavesdrop and hack innocent Dutch people, and to share the proceeds with other countries. [Read 5-Eyes plus Mossad]
The second thing I have a problem with is that this bill was not honestly presented to you, and I'm happy to explain that.
To begin with, it is good to know that the current law is already very broad. For example, the services may, if necessary, listen to every cable and store its content for years.
The intercepted data may also be sent in full to a foreign service. That is quite something. The existing law therefore sets strict requirements, and the ministers at the time made concrete promises about the protected position of traffic between Dutch citizens.
In 2021, the services have made a request to actually share the content of a large internet cable with a foreign service. As TIB, we did not think this was lawful, because the services could not (or did not want to) explain why this was necessary.
Possibly due to this rejection, the current bill includes a new eavesdropping article that cannot be stopped by any regulator. On the sole ground that people want to know whether there are state hackers on a cableBNR Big Five interview with Erik Akerboom, Article 6 of the new law allows one to listen in on every connection for a year.
The the highest Dutch court, Council of State, thought this was going too far, and advised that this data should then not be exported. Advice Council of State. "It does, however, consider it crucial that the proposal guarantees that data obtained by exploring the cable may not be exchanged with foreign services."
The ministries responded to this by explicitly stating that this will happen in the Explanatory Memorandum.
"In the context of this technical investigation, it is sometimes necessary to receive support from a foreign colleague service. The information required for that technical investigation is provided to the relevant colleague service."
Where the current law still contains an important restriction on the bulk tapping of traffic between Dutch citizens, every restriction in the new law is really being undone.
