The Cybersecurity 202: A report on Jamal Khashoggi’s death renews concerns over spyware

“The administration should do more to protect Americans from the surveillance that preceded and enabled the murder of Mr. Khashoggi,” House Foreign Affairs Committee Vice Chair Tom Malinowski (D-N.J.) said in a statement. “I urge the administration to develop a comprehensive strategy for confronting the emerging transnational threat to democracy and human rights presented by companies that market such powerful tools of repression.”

Malinowski is referring to conclusions from human rights investigators alleging the Saudi monarchy used malicious software from the Israeli cybersecurity company NSO Group to spy on Saudi dissident Omar Abdulaziz’s communications with Khashoggi. The allegations were echoed in a lawsuit by Abdulaziz against the company. The report released Friday does not directly mention surveillance technology used to spy on Khashoggi or his associates. 

NSO Group markets the technology as a way for governments to investigate crime and terrorist activity. But human rights groups have condemned the use of its technology by authoritarian regimes in countries such as Iran and the United Arab Emirates to spy on activists, dissidents and journalists. 

The White House is cracking down on some surveillance.

In response to the report, the United States is imposing sanctions against 76 Saudi individuals thought “to have been engaged in threatening dissidents overseas, including but not limited to the Khashoggi killing,” Karen DeYoung reports.

Saudi Arabia has rejected the report and said it contains “inaccurate information and conclusions.”

The State Department also announced “the Khashoggi ban,” which permits the State Department to impose visa restrictions on agents acting on behalf of foreign governments to “suppress, harass, surveil, threaten, or harm journalists, activists, or other persons perceived to be dissidents for their work.”

The ban takes aim at the growing threat of extensive spying on dissidents, even if it doesn’t explicitly mention the emerging technology empowering it.

“Congress should … consider what reforms are necessary to ensure that American courts can hold accountable the companies that supply persecutors with surveillance technology,” Jameel Jaffer, director of the Knight First Amendment Institute at Columbia University and Joel Simon, director of the Committee to  Protect Journalists, wrote in an op-ed.

A major tech executive has also urged Biden to make tackling spyware a priority in his global cybersecurity policy.

In December, Microsoft President Brad Smith called on the Biden administration to weigh in on behalf of Facebook’s WhatsApp in 2019 lawsuit against the NSO group for allegedly helping governments hack at least 100 journalists, political activists and human rights defenders across 20 countries using a technical flaw in its WhatsApp messaging service.

Companies including Microsoft, Google, Cisco, VMWare and the Internet Association, which represents companies including Amazon, Twitter and PayPal, signed an amicus brief in December standing in support of WhatsApp. They condemned the NSO Group’s argument that it is immune from U.S. law because it’s acting on behalf of a foreign government. 

“NSO’s legal approach, while disconcerting, does the world a service by highlighting the path needed to thwart this new cyberattack ecosystem,” Smith wrote in a blog. “It’s to ensure that domestic laws clearly and strongly prohibit companies from helping governments engage in unlawful and offensive cyberattacks and investors from knowingly financing them.”

The group is making the data from the social media platform, which is popular with far-right users, available to researchers, journalists and social scientists, Andy Greenberg at Wired reports. 

“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” Emma Best, co-founder of Distributed Denial of Secrets, the group behind the hack, wrote to Wired. “It’s another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon and everything surrounding January 6.”

Passwords for former president Donald Trump and Republican congresswoman and QAnon-conspiracy theorist Marjorie Taylor Greene appeared to be in the set. It’s not clear if the passwords work.

The company’s chief executive Andrew Torba confirmed in a statement Sunday that the accounts had been compromised and the company is working to investigate and fix the problem

Top members of Congress have indicated they would support mandatory breach notification legislation, the Hill’s Maggie Miller reports. Passing such legislation has been a years-long effort by Rep. Jim Langevin (D-R.I.), the chairman of the House Armed Services Committee’s cybersecurity panel, but 2015 and 2017 versions of the bill did not gain momentum or bipartisan co-sponsors.

This year, however, things may be different, with increased congressional attention on data breaches and voluntary disclosures by companies such as FireEye, which disclosed the SolarWinds breach. The House Foreign Affairs Committee’s top Republican, Michael McCaul (R-Tex.), said he is working on upcoming legislation with Langevin, who intends to base a new proposal off his previous one. 

The hacker stole the personal information of 22 of 75 living Medal of Honor recipients to get fraudulent lines of credit at the U.S. government’s Army and Air Force Exchange Service, the Daily Beast’s Justin Rohrlich reports. U.S.-based reshippers were hired to send the products — $54,000 worth of Apple products and luxury watches — to Russia.

The U.S. Secret Service detailed the fraud in a 2014 email address search warrant application. The email address the Secret Service targeted was also used to register three Russian Internet forums where users buy and sell stolen credit card and personal information.

In her first interview as the United States’ top intelligence official, Director of National Intelligence Avril Haines called out the Trump administration, although she did not condemn her predecessors by name. 

“There was a lot of turnover during the last administration and I think, more generally, that intelligence analysis wasn’t necessarily being appreciated in the same way that it normally had been in the past,” Haines told NPR. “It looked to me from the outside as if there were political pressures being put on the intelligence community.”

Trump repeatedly clashed with the intelligence community as early as 2016, when it concluded that Russia interfered in the 2016 election. Haines suggested Biden will take the intelligence community’s feedback more seriously. “You have now a president who very much wants to hear what you have to say, regardless of whether or not it’s consistent with his particular policy views or any of those things,” said Haines, who will oversee Biden’s daily intelligence briefings.

Preliminary conversations about forming alliances with other countries have begun, the Wall Street Journal’s Bob Davis reports. The push is an attempt to stay ahead of Beijing, whose tech sector has advanced in key areas such as artificial intelligence and surveillance. Semiconductor manufacturing, which President Biden signed an executive order to address, is among the priorities.

The effort is expected to take months, a senior government official told the Wall Street Journal. It could fold in different countries for specific issues, although the Group of Seven and some others are expected to take part.

They want answers about Immigration and Customs Enforcement’s (ICE) use of a Thomson Reuters database of more than 400 million names, addresses and service records from 80 utility companies, Drew Harwell writes. The database, whose data comes from Equifax, raises questions about government agencies’ data collection from private companies.

“We are concerned that Thomson Reuters’ commercialization of personal and use data of utility customers and sale of broad access to ICE is an abuse of privacy, and that ICE’s use of this database is an abuse of power,” wrote Rep. Jimmy Gomez (D-Calif.), the vice chair of the House Oversight and Reform Committee, and Rep. Raja Krishnamoorthi (D-Ill.), the chairman of a subcommittee on economic and consumer policy.

Emails obtained through a public records request indicate that the data was used to discover that someone suspected of overstaying a visa had “recently departed” from an address. A Thomson Reuters specialist wrote in a letter to a Texas sheriff’s office that the data gives investigators a powerful tool to find “people who are not easily traceable via traditional sources.”

The New York Times’s David E. Sanger and Emily Schmall write that a new report by Recorded Future’s Insikt Group lends weight to the idea a Chinese hacking group’s cyberattack against Indian critical infrastructure was “timed to send a message that if India pressed its claims too hard, the lights could go out across the country.” Hoover Fellow Jacquelyn Schneider:

Dragos CEO Robert M. Lee:

MITRE ATT&CK lead Adam Pennington:

Corellium, which is battling Apple in court, has brought on cybersecurity researchers Matt Tait, who used to work for the U.K.’s GCHQ, and Maria Markstedter, who runs Azeria Labs, as its chief operating officer and chief product officer.

• Former Cybersecurity and Infrastructure Security Agency director Chris Krebs speaks at an Atlantic Council event on 2020 election misinformation on March 3 at 3 p.m.
• The Atlantic Council hosts a cybersecurity event with industry leaders on March 4 at 1 p.m.
• House Armed Services Committee Chairman Adam Smith (D-Wash.) speaks at an event hosted by the Brookings Institution on March 5 at 11 a.m.
• Duke University’s engineering school hosts a seminar on cybersecurity threats amid remote work on March 5 at noon.
• U.S. Cyber Command executive director Dave Frederick speaks at an event hosted by the Intelligence and National Security Alliance on March 10 at 4:30 p.m.

FireEye CEO Kevin Mandia went on Axios: