Sign in
A newsletter briefing on cybersecurity news and policy.
with research by Aaron Schaffer
A newsletter briefing on cybersecurity news and policy.
Welcome to the Cybersecurity 202! I ended up in Baltimore on Saturday for the Notre Dame-Navy football game, which turned into a thriller after initially looking like a blowout. One early highlight: This, um, I don’t know what to call it — hugging catch?
Below: The FBI explored using NSO Group spyware, and cryptocurrency exchange FTX is investigating a potential hack. First:
U.S. intelligence officials have concluded the United Arab Emirates meddled in the American political system, including by hacking into computers in the United States, my colleague John Hudson revealed over the weekend.
Three people who read a classified report and spoke on the condition of anonymity to discuss classified information “said the activities attributed to the UAE in the report go well beyond mere influence peddling,” John writes.
“One of the more brazen exploits involved the hiring of three former U.S. intelligence and military officials to help the UAE surveil dissidents, politicians, journalists and U.S. companies. In public legal filings, U.S. prosecutors said the men helped the UAE break into computers in the United States and other countries,” he writes.
The report amounted to a “unique” intelligence examination of a “friendly power,” said Bruce Riedel, a senior fellow at the Brookings Institution who once served on the National Intelligence Council, which compiled the report and typically writes such reports about adversaries.
But it also serves as a reminder that the UAE has sought to become a force in cyberspace and has made questionable use of cyberweapons, including by siphoning ex-U.S. officials into surveillance work against the United States itself.
Here’s a reaction on Twitter from Ruth Ben-Ghiat, a history professor at New York University:
Maybe an authoritarian regime (UAE is considered a monarchic dictatorship) is not a reliable partner of a democracy after all! https://t.co/kQPkghqwI8
Three former officials accused of providing hacking help to the UAE — Marc Baier, Ryan Adams and Daniel Gericke — have admitted to the charges. They were part of a clandestine UAE program dubbed Project Raven, which Reuters’s Chris Bing and Joel Schectman first reported on in 2019.
Under Project Raven, former U.S. government hackers aided foreign intelligence services in the surveillance of journalists, human rights activists, rival governments and dissidents. That included the targeting of Americans.
And the pipeline continues. Just last month, my colleagues Craig Whitlock and Nate Jones reported that over the past seven years, nearly 300 military retirees have sought federal authorization to work for the UAE.
The UAE has repeatedly been connected with the use of spyware known as Pegasus, a product of the NSO Group.
There’s evidence that the UAE was involved in the targeting of Hanan Elatr, the wife of murdered Washington Post journalist Jamal Khashoggi, my colleague Dana Priest reported last year.
While she was under interrogation in Dubai, someone got into her confiscated phone and connected it to a website configured by NSO for a UAE customer, according to a forensic analysis.
“NSO Group conducted a review which determined that Pegasus was not used to listen to, monitor, track, or collect information about Ms. Elatr,” NSO attorney Thomas Claire said. “The Post’s continued efforts to falsely connect NSO Group to the heinous murder of Mr. Khashoggi are baffling.”
A “Pegasus operator” linked to the UAE also was associated with the infection of the British prime minister’s office, according to a report in April from the University of Toronto’s Citizen Lab.
The UAE had denied some allegations about its cyber activities in the past, and other times declined to comment.
The UAE has cultivated cybersecurity research and development and hosted security conferences as part of its aspirations to become a hub for such technologies, Agnes Helou reported for Breaking Defense last week.
“We have to look at the UAE’s approach to cybertechnology as exceptional in the Arab world as the UAE early on understood the importance of resilience in the cyber domain, not just from a defensive point of view but potentially also an offensive point of view,” said Andreas Krieg, senior lecturer at King’s College London and CEO of MENA Analytica, a Middle East-focused strategic risk consultancy.
The UAE’s reported bid to influence the U.S. system puts it in the company of not just American adversaries like Russia but friendlier nations such as Israel or Taiwan, as Hudson mentioned in his story.
FBI officials worked on plans to brief FBI leadership on NSO Group tools and drew up guidelines for how federal prosecutors should disclose spyware use in criminal proceedings, the New York Times’s Mark Mazzetti and Ronen Bergman report.
According to a court filing, the FBI decided to “cease all efforts regarding the potential use of the NSO product” on July 22, 2021. Days earlier, on July 18, The Post and 16 media partners began publishing stories on how NSO clients used Pegasus spyware to target human rights activists, journalists and executives. The U.S. government blacklisted NSO last November.
The FBI has come under pressure from Sen. Ron Wyden (D-Ore.), who told the New York Times that “it is totally unacceptable for the FBI director to provide misleading testimony about the bureau’s acquisition of powerful hacking tools and then wait months to give the full story to Congress and the American people.” Wyden said the FBI also “owes Americans a clear explanation as to whether the future operational use of NSO tools is still on the table.”
The FBI denied that Director Christopher A. Wray provided inaccurate information, with a spokeswoman telling the New York Times that “the director’s testimony was accurate when given and remains true today — there has been no operational use of the NSO product to support any FBI investigation.”
About $477 million appeared to disappear from the bankrupt cryptocurrency exchange in apparently “unauthorized transactions” after it filed for bankruptcy, Lauren Kaori Gurley, Steven Zeitchik and Joseph Menn report. The chief security officer at cryptocurrency exchange Kraken said that a verified account on its platform was used in the hack, leading to speculation by outside security experts that an insider was behind the hack or a victim had their credentials stolen.
FTX didn’t respond to The Post’s request for comment, but FTX general counsel Ryne Miller tweeted a statement on behalf of the company’s new chief executive, John J. Ray III, that executives “continue to make every effort to secure all assets, wherever located,” and that the company has been “in contact with, and are coordinating with law enforcement and relevant regulators.”
Voters in six battleground states where Donald Trump tried to reverse his 2020 election defeat rejected election-denying candidates who sought control over their states’ election systems, Amy Gardner, Reis Thebault and Robert Klemko report. The defeats represent a “resounding signal that Americans have grown weary of the former president’s unfounded claims of widespread fraud,” my colleagues write.
“Election administrators and voting rights advocates said the rebuke of election deniers seeking state-level office was a refreshing course correction by U.S. voters, whose choice of more seasoned and less extreme candidates reflected a desire for stability and a belief that the nation’s elections are in fact largely secure,” they write.
If the candidates had won, they could’ve refused to sign off on election results they didn’t like, The Cybersecurity 202 previously reported. And they could have also decided not to remove local officials who have been deemed insider cybersecurity threats.
Australia to consider banning paying of ransoms to cyber criminals (Reuters)
White House cyber official advocates nimbler NATO to confront digital threats (CyberScoop)
Ukraine says Russian hacktivists use ‘Somnia’ ransomware (Bleeping Computer)
The hunt for the FTX thieves has begun (WIRED)
Russian software disguised as American finds its way into U.S. Army, CDC apps (Reuters)
Crypto.com sent $400 million to the wrong recipient but got it back this time (The Verge)
Reaction like this 🤩🤩😇😇😍😍🥰🥰puppie with cat ❣️❣️❣️❣️❣️ pic.twitter.com/8xcMAApIWM
Thanks for reading. See you tomorrow.
