Posts Tagged ‘cyber security’

What to do about global spyware abuse?

January 6, 2021

Mohamed EL Bashir, a Public Policy & Internet Governance Strategist, wrote a lengthy but informative piece about the persistent problem of commercial spyware Abuse: “Reshaping Cyberspace: Beyond the Emerging Online Mercenaries and the Aftermath of SolarWinds“, in CircleID 5 January 2021.

The piece starts of with some concrete cases such as Ahmed Mansoor [see https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/] and Rafael Cabrera, [see: https://www.nytimes.com/2017/06/21/world/americas/mexico-pena-nieto-spying-hacking-surveillance.html]. In 2018, a close confidant of Jamal Khashoggi was targeted in Canada by a fake package notification, resulting in the infection of his iPhone.

..Citizen Lab has tracked and documented more than two dozen cases using similar intrusion and spyware techniques. We don’t know the number of victims or their stories, as not all vectors are publicly known. Once spyware is implanted, it provides a command and control (C&C) server with regular, scheduled updates designed to avoid extensive bandwidth consumption. Those tools are created to be stealthy and evade forensic analysis, avoid detection by antivirus software, and can be deactivated and removed by operators.

Once successfully implanted on a victim’s phone using an exploit chain like the Trident, spyware can actively record or passively gather a variety of different data about the device. By providing full access to the phone’s files, messages, microphone, and video camera, the operator can turn the device into a silent digital spy in the target’s pocket.

These attacks and many others that are unreported show that spyware tools and the intrusion business have a significant abuse potential and that bad actors or governments can’t resist the temptation to use such tools against political opponents, journalists, and human rights defenders. Due to the lack of operational due-diligence of spyware companies, these companies don’t consider the impact of the use of their tools on the civilian population nor comply with human rights policies. [see: https://humanrightsdefenders.blog/2020/07/20/the-ups-and-downs-in-sueing-the-nso-group/]

The growing privatization of cybersecurity attacks arises through a new generation of private companies, aka online mercenaries. This phenomenon has reached the point where it has acquired its own acronym, PSOAs, for the private sector offensive actors. This harmful industry is quickly growing to become a multi-billion dollar global technology market. These newly emerging companies provide nation-states and bad actors the option to buy the tools necessary for launching sophisticated cyberattacks. This adds another significant element to the cybersecurity threat landscape.

These companies claim that they have strict controls over how their spyware is sold and used and have robust company oversight mechanisms to prevent abuse. However, the media and security research groups have consistently presented a different and more troubling picture of abuse…

The growing abuse of surveillance technology by authoritarian regimes with poor human rights records is becoming a disturbing new, globally emerging trend. The use of these harmful tools has drawn attention to how the availability and abuse of highly intrusive surveillance technology shrink already limited cyberspace in which vulnerable people can express their views without facing repercussions such as imprisonment, torture, or killing.

Solving this global problem will not be easy nor simple and will require a strong coalition of multi-stakeholders, including governments, civil society, and the private sector, to reign in what is now a “Wild West” of unmitigated abuse in cyberspace. With powerful surveillance and intrusion technology roaming free without restrictions, there is nowhere to hide, and no one will be safe from those who wish to cause harm online or offline. Not acting urgently by banning or restricting the use of these tools will threaten democracy, rule of law, and human rights worldwide.

On December 7, 2020, the US National Security Agency issued a cybersecurity advisory warning that “Russian State-sponsored actors” were exploiting a vulnerability in the digital workspace software developed by VMware (VMware®1Access and VMware Identity Manager2 products) using compromised credentials.

The next day, on December 8, the cybersecurity firm FireEye announced the theft of its “Red Team” tools that it uses to identify vulnerabilities in its customers’ systems. Several prominent media organizations reported an ongoing software supply-chain attack against SolarWinds, the company whose products are used by over 300,000 corporate and government customers — including most of the Fortune 500 companies, Los Alamos National Laboratory (which has nuclear weapons responsibilities), and Boeing.

A malware called SUNBURST infected SolarWind’s customers’ systems when they updated the company’s Orion software.

On December 30, 2020, Reuters reported that the hacking group behind the SolarWinds compromise was able to break into Microsoft Corp and access some of its source code. This new development sent a worrying signal about the cyberattack’s ambition and intentions.

Microsoft president Brad Smith said the cyber assault was effectively an attack on the US, its government, and other critical institutions, and demonstrated how dangerous the cyberspace landscape had become.

Based on telemetry gathered from Microsoft’s Defender antivirus software, Smith said the nature of the attack and the breadth of the supply chain vulnerability was very clear to see. He said Microsoft has now identified at least 40 of its customers that the group targeted and compromised, most of which are understood to be based in the US, but Microsoft’s work has also uncovered victims in Belgium, Canada, Israel, Mexico, Spain, the UAE, and the UK, including government agencies, NGOs, and cybersecurity and technology firms.

Although the ongoing operation appears to be for intelligence gathering, no reported damage has resulted from the attacks until the publishing date of this article. This is not “espionage as usual.” It created a serious technological vulnerability in the supply chain. It has also shaken the trust and reliability of the world’s most advanced critical infrastructure to advance one nation’s intelligence agency.

As expected, the Kremlin has denied any role in recent cyberattacks on the United States. President Vladimir Putin’s spokesman Dmitry Peskov said the American accusations that Russia was behind a major security breach lacked evidence. The Russian denial raised the question of a gap of accountability in attributing cyberspace attacks to a nation-state or specific actor. Determining who is to blame in a cyberattack is a significant challenge, as cyberspace is intrinsically different from the kinetic one. There is no physical activity to observe, and technological advancements have allowed perpetrators to be harder to track and to remain seemingly anonymous when conducting the attack (Brantly, 2016).

To achieve a legitimate attribution, it is not enough to identify the suspects, i.e., the actual persons involved in the cyberattacks but also be able to determine if the cyberattacks had a motive which can be political or economic and whether the actors were supported by a government or a non-state actor, with enough evidence to support diplomatic, military, or legal options.

A recognized attribution can enhance accountability in cyberspace and deter bad actors from launching cyberattacks, especially on civilian infrastructures like transportation systems, hospitals, power grids, schools, and civil society organizations.

According to the United Nation’s responsibility of States for Internationally Wrongful Acts article 2, to constitute an “internationally wrongful act,” a cyber operation generally must be 1) attributable to a state and 2) breach an obligation owed another state. It is also unfortunate that state-sponsored cyberattacks violate international law principles of necessity and proportionality.

Governments need to consider a multi-stakeholder approach to help resolve the accountability gap in cyberspace. Some states continue to believe that ensuring international security and stability in cyberspace or cyberpeace is exclusively the responsibility of states. In practice, cyberspace is designed, deployed, and managed primarily by non-state actors, like tech companies, Internet Service Providers (ISPs), standards organizations, and research institutions. It is important to engage them in efforts to ensure the stability of cyberspace.

I will name two examples of multi-stakeholder initiatives to secure cyberspace: the Global Commission on the Stability of Cyberspace (GCSC), which consisted of 28 commissioners from 16 countries, including government officials, has developed principles and norms that can be adopted by states to ensure stable and secure cyberspace. For example, it requested states and non-state actors to not pursue, support, or allow cyber operations intended to disrupt the technical infrastructure essential to elections, referenda, or plebiscites.

Cyberpeace Institute is a newly established global NGO that was one-year-old in December 2020 but has the important goal of protecting the most vulnerable and achieve peace and justice in cyberspace. The institute started its operations by focusing on the healthcare industry, which was under attack daily during the COVID 19 pandemic. As those cyberattacks were a direct threat to human life, the institute called upon governments to stop cyber operations against medical facilities and protect healthcare.

I believe that there is an opportunity for the states to forge agreements to curb cyberattacks on civilian and private sector infrastructure and to define what those boundaries and redlines should be.

SolarWinds and the recent attacks on healthcare facilities are important milestones as they offer a live example of the paramount risks associated with a completely unchecked and unregulated cyberspace environment. But it will only prove to be a moment of true and more fundamental reckoning if many of us, governments, and different multi-stakeholders played a part, each in their respective roles, in capitalizing and focusing on those recent events by forcing legal, technological, and institutional reform and real change in cyberspace.

The effects of the Solarwinds attack will not only impact US government agencies but businesses and civilians that are currently less secure online. Bad actors are becoming more aggressive, bold, reckless and continue to cross the red lines we considered as norms in cyberspace.

Vulnerable civilians are the targets of the intrusion tools and spyware in a new cyberspace wild west landscape. Clearly, additional legal and regulatory scrutiny is required of private-sector offensive actors or PSOAs. If PSOA companies are unwilling to recognize the role that their products play in undermining human rights or address these urgent concerns, then, in this case, intervention by governments and other stakeholders is needed. 

We no longer have the privilege of ignoring the growing impact of cyberattacks on international law, geopolitics, and civilians. We need a strong and global cybersecurity response. What is required is a multi-stakeholders’ courageous agenda that redefines historical assumptions and biases about the possibility of establishing new laws and norms that can govern cyberspace.

Changes and reforms are achievable if there is will. The Snowden revelations and the outcry that followed resulted not only in massive changes to the domestic regulation of US foreign intelligence, but they also shaped changes at the European Court of Human Rights, the Court of Justice of the European Union, and the UN. The Human Rights Committee also helped spur the creation of a new UN Special Rapporteur on the Right to Privacy based in Geneva.

The new cyberspace laws, rules, and norms require a multi-stakeholder dialogue process that involves participants from tech companies, academia, civil society, and international law in global discussions that can be facilitated by governments or supported by a specialized international intergovernmental organization.

Sources and References:

http://www.circleid.com/posts/20210105-reshaping-cyberspace-beyond-the-emerging-online-mercenaries/

Bernd Lange sees breakthrough for human rights in EU dual-use export

December 12, 2020



On 11 December 2020 Bernd Lange, Vice-chair of the Group of the Progressive Alliance of Socialists and Democrats in the European Parliament, wrote in New Europe the following piece about how after 6 years there has come an European agreement on stricter rules for the export of dual-use goods, which can be used for both civilian and military ends.


All good things are worth waiting for. After long six years negotiators from the European Parliament, the Commission and member states finally agreed on stricter rules for the export of dual-use goods, which can be used for both civilian and military ends. Parliament’s perseverance and assertiveness against a blockade by some of the European Union member states has paid off in the sense that as of now respect for human rights will become an export standard.

Up until now, export restrictions applied to aerospace items, navigation instruments or trucks. From now on, these rules will also apply to EU produced cyber-surveillance technologies, which demonstrably have been abused by authoritarian regimes to spy on opposition movements; for instance, during the Arab Spring in 2011.

This is a breakthrough for human rights in trade by overcoming years of various EU governments blocking the inclusion of cyber-surveillance technology in the export control rules for dual-use goods. Without a doubt: Technological advances, new security challenges and their demonstrated risks to the protection of human rights required more decisive action and harmonised rules for EU export controls.

Thanks to the stamina of the Parliament, it will now be much more difficult for authoritarian regimes to abuse EU produced cybersecurity tools such as biometric software or Big Data searches to spy on human rights defenders and opposition activists. Our message is clear: economic interests must not take precedence over human rights. Exporters have to shoulder greater responsibility and apply due diligence to ensure their products are not employed to violate human rights. We have also managed to increase transparency by insisting on listing exports in greater detail in the annual export control reports, which will make it much harder to hide suspicious items.

In a nutshell, we are setting up an EU-wide regime to control cyber-surveillance items that are not listed as dual-use items in international regimes, in the interest of protecting human rights and political freedoms. We strengthened member states’ public reporting obligations on export controls, so far patchy, to make the cyber-surveillance sector, in particular, more transparent. We increased the importance of human rights as licensing criterion and we agreed on rules to swiftly include emerging technologies in the regulation.

This agreement on dual-use items, together with the rules on conflict minerals and the soon to be adopted rules on corporate due diligence, is establishing a new gold standard for human rights in EU trade policy.

I want the European Union to lead globally on rules and values-based trade. These policies show that we can manage globalisation to protect people and the planet. This must be the blueprint for future rule-based trade policy.

Frontline’s Guide to Secure Group Chat and Conferencing Tools

July 21, 2020

With teams increasingly working remotely during COVID-19, we are all facing questions regarding the security of our communication with one another: Which communication platform or tool is best to use? Which is the most secure for holding sensitive internal meetings? Which will have adequate features for online training sessions or remote courses without compromising the privacy and security of participants?

Front Line Defenders presents this simple overview which may help you choose the right tool for your specific needs.

FLD Secure Group Chat Flowchart

Download PDF of the flow chart

Note:

  • With end-to-end encryption (e2ee), your message gets encrypted before it leaves your device and only gets decrypted when it reaches the intended recipient’s device. Using e2ee is important if you plan to transmit sensitive communication, such as during internal team or partners meetings.
  • With encryption to-server, your message gets encrypted before it leaves your device, but is being decrypted on the server, processed, and encrypted again before being sent to recipient(s). Having encryption to-server is OK if you fully trust the server.

Why Zoom or other platforms/tools are not listed here: There are many platforms which can be used for group communication. In this guide we focused on those we think will deliver good user experiences and offer the best privacy and security features. Of course none of the platforms can offer 100% privacy or security as in all communications, there is a margin of risk. We have not included tools such as Zoom, Skype, Telegram etc. in this guide, as we believe that the margin of risk incurred whilst using them is too wide, and therefore Front Line Defenders does not feel comfortable recommending them.

Surveillance and behaviour: Some companies like Facebook, Google, Apple and others regularly collect, analyse and monetize information about users and their online activities. Most, if not all, of us are already profiled by these companies to some extent. If the communication is encrypted to-server owners of the platform may store this communication. Even with end-to-end encryption, communication practices such as location, time, whom you connect with, how often, etc. may still be stored. If you are uncomfortable with this data being collected, stored and shared, we recommended refraining from using services by those companies.

The level of protection of your call depends not only on which platform you choose, but also on the physical security of the space you and others on the call are in and the digital protection of the devices you and others use for the call.

See also:

Caution: Use of encryption is illegal in some countries. You should understand and consider the law in your country before deciding on using any of the tools mentioned in this guide.

Criteria for selecting the tools or platforms

Before selecting any communication platform, app or program it is always strongly recommended that you research it first. Below we list some important questions to consider:

  • Is the platform mature enough? How long has it been running for? Is it still being actively developed? Does it have a large community of active developers? How many active users does it have?
  • Does the platform provide encryption? Is it end-to-end encrypted or just to-server encrypted?
  • In which jurisdiction is the owner of the platform and where are servers located? Does this pose a potential challenge for your or your partners?
  • Does the platform allow for self-hosting?
  • Is the platform open source? Does it provide source code to anyone to inspect?
  • Was the platform independently audited? When was the last audit? What do experts say about the platform?
  • What is the history of the development and ownership of the platform? Have there been any security challenges? How have the owners and developers reacted to those challenges?
  • How do you connect with others? Do you need to provide phone number, email or nickname? Do you need to install a dedicated app/program? What will this app/program have access to on your device? Is it your address book, location, mic, camera, etc.?
  • What is stored on the server? What does the platform’s owner have access to?
  • Does the platform have features needed for the specific task/s you require?
  • Is the platform affordable? This needs to include potential subscription fees, learning and implementing, and possible IT support needed, hosting costs, etc.

The document then proceeds to give more detailed information related to each tool/service listed in this guide

Signal – https://signal.org/

Delta Chat – https://delta.chat/

Wire – https://wire.com/

Jitsi Meet – https://jitsi.org/jitsi-meet/

BigBlueButton – https://bigbluebutton.org/

Whereby – https://whereby.com

Blue Jeans – https://www.bluejeans.com/

GoToMeeting – https://www.gotomeeting.com/

Facetime / iMessage –https://www.apple.com/ios/facetime

Google Meet – https://meet.google.com/

Duo – https://duo.google.com/

WhatsApp – https://www.whatsapp.com/

Video calls, webinar or online training recommendations

Video calls recommendations: In the current situation you will undoubtedly find yourself organizing or participating in many more video calls than before. It may not be obvious to everyone how to do it securely and without exposing yourself and your data to too much risk:

  • Assume that when you connect to talk your camera and microphone may be turned on by default. Consider covering your camera with a sticker (making sure it doesn’t leave any sticky residue on the camera lens) and only remove it when you use the camera.
  • You may not want to give away too much information on your house, family pictures, notes on the walls or boards, etc. Be mindful of the background, who and what is also in the frame aside from yourself? Test before the call by, for example, opening meet.jit.si and click on GO button to get to a random empty room with your camera switched on to see what is in the picture. Consider clearing your background of clutter.
  • Also be mindful who can be heard in the background. Maybe close the door and windows, or alert those sharing your space about your meeting.
  • Video call services may collect information on your location and activity, consider using a VPN (see Physical, emotional and digital protection while using home as office in times of COVID-19 guide).
  • It is best to position your face so your eyes are more or less at the upper third of the picture without cutting off your head. Unless you do not want to reveal your face, do not sit with your back to a light or a window. Daylight or a lamp from the front is the best. Stay within the camera frame. You may want to look into the lens from time to time to make “eye contact” with others. If you are using your cellphone, rest it against a steady object (e.g. a pile of books) so that the video picture remains stable.
  • You may want to mute your microphone to prevent others hearing you typing notes or any background noise as it can be very distracting to others on the call.
  • If the internet connection is slow you may want to switch off your camera, pause other programs, mute the microphone and ask others to do same. You may also want to try sitting closer to the router, or connecting your computer directly to the router with an ethernet cable. If you share internet connection with others, you may ask them to reduce extensive use of internet for the duration of your call.
  • It it very tempting to multitask especially during group calls. But you may very soon realise that you are lost in the meeting and others may realize this.
  • If this is a new situation for you or you are using a new calling tool, you may want to give yourself a few extra minutes to learn and test it prior to the scheduled meeting to get familiar with options like turning on/off the camera and the microphone, etc.
  • If possible, prepare and test a backup communication plan in case you will have trouble connecting with others. For example, adding them to a Signal group so you can still text chat or troubleshoot problems on the call. Sometimes it helps to have an alternate browser installed on your computer or app on the phone to try connecting with those.

If you would like to organise a webinar or online training, you can use tools outlined above in the group communication. Some of best practices include:

  • Make sure that you know who is connected. If this is needed check the identities of all people participating by asking them to speak. Do not assume you know who is connected only by reading assigned names.
  • Agree on ground-rules, like keeping cameras on/off, keeping microphone on/off when one is not speaking, flagging when participants would like to speak, who will be chairing the meeting, who will take notes – where and how will those notes be written and then distributed, is it ok to take screenshots of a video call, is it ok to record the call, etc.
  • Agree on clear agendas and time schedules. If your webinar is longer than one hour, it is probably best to divide it into clear one-hour sessions separated by some time agreed with participants, so they have time to have a short break. Plan for the possibility that not all participants will return after a break. Have alternative methods to reach out to them to remind them to return, like Signal/Wire/DeltaChat contacts for them.
  • It is easiest to use a meeting service that participants connect to using a browser without a need to register or install a special program, one that also gives the webinar organiser the ability to mute microphones and close cameras of participants.
  • Prior to the call, check with all participants whether they have particular needs, such as if they are deaf or hard of hearing, if they are visually impaired or blind, or any other conditions which would affect their participation in the call. With this in mind, ensure that the selected platform will accommodate these needs and to be sure, test the platform beforehand. Simple measures can also improve inclusion and participation in your calls, such as turning on cameras when possible, as it can allow for lip-reading.
  • Encourage all participants to speak slowly and to avoid jargon where possible, as the working language of the call is most likely not everyone’s mother tongue language. Naturally, there will be moments of silences and pauses, embrace them. They can help to support understanding and can be helpful for participants who are hard of hearing, interpreters and will also aid assistive technology to pick up words correctly.

https://www.frontlinedefenders.org/en/resource-publication/guide-secure-group-chat-and-conferencing-tools

The Ups and downs in sueing the NSO Group

July 20, 2020

Written By Shubham Bose

facebook

While AI stranded in its effort in Israel [https://humanrightsdefenders.blog/2020/07/15/amnesty-internationals-bid-to-block-spyware-company-nso-fails-in-israeli-court/ ] a federal US court has passed an order allowing WhatsApp to move forward with its case against the Israeli company for allegedly targeting 1,400 users with malware in 2019. According to reports, it is believed that spyware produced by the Israeli firm NSO Group was used to target various groups of people around the world, such as journalists, human rights defenders, and even politicians. [see: https://humanrightsdefenders.blog/2019/10/30/nso-accused-of-largest-attack-on-civil-society-through-its-spyware/

Judge Phyllis Hamilton, in her ruling on the cases, stated that she was not convinced by NSO Group’s claims and arguments that it had no hand in targeting WhatsApp users. Moving forward in the trial, the NSO Group might be forced to reveal its clients and make the list public.

The judge also added that even if NSO was operating at the direction of its customer, it still appeared to have a hand in targeting WhatsApp users. As per reports, a WhatsApp spokesperson said the Facebook-owned venture was pleasd with the court’s decision and will now be able to uncover the practices of NSO Group.

Even in the face of criticism from privacy advocates, the company has claimed that law enforcement agencies are facing difficulties due to the proliferation of encrypted messaging apps like WhatsApp.

The law firm King & Spalding has reportedly been hired by the NSO group to represent them. Among the company’s legal team is Rod Rosenstein, Trump administration’s former attorney general. The NSO Group has reportedly had multiple government clients like Saudi Arabia, Mexico, and the United Arab Emirates who have used spyware to target political opponents and human rights, campaigners.

https://www.republicworld.com/world-news/us-news/whatsapp-lawsuit-against-israeli-firm-nso-group-given-green-light-by-u.html

Anti-Censorship initiative with free VPN accounts for human rights defenders

July 15, 2020

On 14 July Business-Wire reported that the VPN company TunnelBear has partnered with NGOs to give away 20,000 accounts (these NGOs inlcude Access Now, Frontline Defenders, Internews, and one other undisclosed participant).

This program aims to empower individuals and organizations with the tools they need to browse a safe and open internet environment, regardless of where they live. The VPN provider is encouraging other NGOs or media organizations across the world to reach out if they too are in need of support. “At TunnelBear, we strongly believe in an open and uncensored internet. Whenever we can use our technology to help people towards that end, we will,” said TunnelBear Cofounder Ryan Dochuk.

TunnelBear’s VPN encrypts its user’s internet traffic to enable a private and censor-free browsing experience.

By undergoing and releasing independent audits of their systems, adopting open source tools, and collaborating with the open source community, TunnelBear has proven itself to be an industry leader in the VPN space and a valuable private sector partner within the internet freedom movement. Internews is happy to support TunnelBear in extending its VPN service to the media organizations, journalists, activists, and human rights defenders around the globe who can benefit from it,” said Jon Camfield, Director of Global Technology Strategy at Internews.

Contact: Shames Abdelwahab press@tunnelbear.com

See also: https://humanrightsdefenders.blog/2020/06/23/trump-now-starts-dismanteling-the-open-technology-fund/

https://www.businesswire.com/news/home/20200714005302/en/TunnelBear-Kicks-Anti-Censorship-Initiative-Free-Accounts-Activists

Amnesty International’s bid to block spyware company NSO fails in Israeli court

July 15, 2020

Amnesty International’s bid to block spyware company NSO Group’s international export licence has been shut down in a Tel Aviv court, apparently due to a lack of evidence, reported several media, here in the New Statesman of 14 July 2020. [see: https://humanrightsdefenders.blog/2019/09/17/has-nso-really-changed-its-attitude-with-regard-to-spyware/ ]

The case argued that the Israeli defence ministry should revoke the group’s export licence in light of numerous allegations that its phone-hacking Pegasus spyware has been used by governments (including Mexico, Saudi Arabia, Morocco and the UAE) to spy on civilians including an Amnesty International employee, human rights activists, lawyers and journalists..

The district court judge Rachel Barkai wrote in a statement that there was not enough evidence to “substantiate the claim that an attempt was made to monitor a human rights activist”. She wrote that in reviewing materials provided by the Ministry of Defence and Ministry of Foreign Affairs, she was persuaded that export licences were granted as part of a “sensitive and rigorous process”, and closely monitored and revoked if conditions were violated, “in particular in cases of human rights violations.”

Amnesty International decried the court’s decision. Danna Ingleton, acting co-director of Amnesty Tech, said in a statement: “Today’s disgraceful ruling is a cruel blow to people put at risk around the world by NSO Group selling its products to notorious human rights abusers. […] The ruling of the court flies in the face of the mountains of evidence of NSO Group’s spyware being used to target human rights defenders from Saudi Arabia to Mexico, including the basis of this case – the targeting of one of our own Amnesty employees.

NSO said: “Our detractors, who have made baseless accusations to fit their own agendas, have no answer to the security challenges of the 21st century. Now that the court’s decision has shown that our industry is sufficiently regulated, the focus should turn to what answer those who seek to criticise NSO have to the abuse of encryption by nefarious groups.”

The NSO Group is currently embroiled in another lawsuit brought by WhatsApp, which alleges that Pegasus spyware was used to hack more than a thousand of the messaging platform’s users. [see: https://humanrightsdefenders.blog/2019/10/30/nso-accused-of-largest-attack-on-civil-society-through-its-spyware/]

https://tech.newstatesman.com/security/amnesty-international-nso-group-export-licence

Trump now starts dismanteling the Open Technology Fund

June 23, 2020

Raphael Mimoun wrote in Newsweek of 22 June 2020 an opinion piece “Dictators are Besieging Internet Freedom—and Trump Just Opened the Gates”. It is a detailed piece but worth reading:

raph-m

Last week, the Trump administration started dismantling one of the US government’s most impactful agencies, the Open Technology Fund, which supports projects to counteract repressive censorship and surveillance around the world.

The Open Technology Fund, or OTF, is relatively new, founded in 2012 as a program of the government-backed Radio Free Asia. In 2019, it became an independent non-profit reporting to the US Agency for Global Media (USAGM). Since its founding, the organization has funded dozens of projects now part of the toolkit of millions of rights advocates and journalists around the world. But OTF is now under attack: the new leadership of USAGM, appointed just weeks ago, fired the leadership of all USAGM entities, including OTF, dismissed OTF’s independent and bipartisan board of directors, and is threatening to hollow out OTF altogether….

Many of those tools help those who most need it, where surveillance, censorship, and repression is most acute. Just last month, Delta Chat declined a request for user data from Russia’s communication regulator—because the security architecture developed with OTF support meant it did not have any data to handover. FreeWechat, which publishes posts censored by the Chinese government on the app WeChat, has been visited over 7 million times by Chinese-speakers. Dozens more OTF-funded tools enable millions to evade surveillance by autocratic governments and access the open internet, from Cuba to Hong Kong and Iran.

OTF’s work is critical to human rights defenders and journalists, but it brings privacy and security far beyond those groups. OTF only supports open-source projects, meaning that the code used must be available for anyone to view and reuse……….

But OTF’s work on internet freedom isn’t limited to funding technology development. The organization takes a holistic approach to internet freedom, providing life-saving training and capacity-building to groups directly targeted by cyberattacks, harassment, and violence: LGBTQI advocates in Indonesia, journalists in Mexico, civic activists in Belarus, or exiled Tibetan organizations. OTF also funds events bringing together researchers, technologists, policy-makers, and advocates. Those gatherings—whether global like the Internet Freedom Festival or focused on specific countries or regions like the Iran Cyber Dialogue, the Vietnam Cyber Dialogue, or the Forum on Internet Freedom in Africa–have been transformative. They have helped build a tight community in a space where trust is hard to achieve. Without such events, many of the projects, tools, and collaborations to circumvent censorship and counter surveillance would not exist.

See also: https://www.theverge.com/2020/6/23/21300424/open-technology-fund-usagm-circumvention-tools-china-censorship-michael-pack

https://www.newsweek.com/open-technology-fund-trump-dismantling-1512614

After NSO, now Indian based hacking group targets NGOs

June 10, 2020

A multi-year investigation by Citizen Lab has unearthed a hack-for-hire group from India that targeted journalists, advocacy groups, government officials, hedge funds, and human rights defenders.

A lot has been written about the NSO group and human rights defenders [see: https://humanrightsdefenders.blog/tag/nso-group/], now another case of cyber insecurity has come up:

Jay Jay – a freelance technology writer – posted an article in Teiss on 9 June 2020 stating that Citizen Lab revealed in a blog post published Tuesday that the hack-for-hire group’s identity was established after the security firm investigated a custom URL shortener that the group used to shorten the URLs of phishing websites prior to targeting specific individuals and organisations. Citizen Lab has named the group as “Dark Basin“.

“Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy,” the firm said.

It added that the hack-for-hire group targeted thousands of individuals and organisations in six continents, including senior politicians, government prosecutors, CEOs, journalists, and human rights defenders, and is linked to BellTroX InfoTech Services, an India-based technology company.

….The range of targets, that included two clusters of advocacy organisations in the United States working on climate change and net neutrality, made it clear to Citizen Lab that Dark Basin was not state-sponsored but was a hack-for-hire operation.

…As further proof of Dark Basin’s links with BellTroX, researchers found that several BellTroX employees boasted capabilities like email penetration, exploitation, conducting cyber intelligence operations, pinging phones, and corporate espionage on LinkedIn. BellTroX’s LinkedIn pages also received endorsements from individuals working in various fields of corporate intelligence and private investigation, including private investigators with prior roles in the FBI, police, military, and other branches of government.

The list of organisations targeted by Dark Basin over the past few years includes Rockefeller Family Fund, Greenpeace, Conservation Law Foundation, Union of Concerned Scientists, Oil Change International, Center for International Environmental Law, Climate Investigations Center, Public Citizen, and 350.org. The hack-for-hire group also targeted several environmentalists and individuals involved in the #ExxonKnew campaign that wanted Exxon to face trial for hiding facts about climate change for decades.

A separate investigation into Dark Basin by NortonLifeLock Labs, which they named “Mercenary.Amanda”, revealed that the hack-for-hire group executed persistent credential spearphishing against a variety of targets in several industries around the globe going back to at least 2013…

https://www.teiss.co.uk/indian-hack-for-hire-group-phishing/

https://thewire.in/tech/spyware-rights-activists-lawyers-citizen-lab

https://scroll.in/latest/964803/nine-activists-most-of-them-working-to-release-bhima-koregaon-accused-targets-of-spyware-amnesty

Also: Hack-for-hire firms spoofing WHO accounts to target organisations worldwide

NSO versus Whatsapp continues in court

May 5, 2020

WhatsApp logo is seen displayed on a smart phone screen on 11 December 2019 [Ali Balıkçı/Anadolu Agency]

WhatsApp logo is seen displayed on a smart phone screen on 11 December 2019 [Ali Balıkçı/Anadolu Agency]

The NSO Group has always maintained its innocence insisting that its spyware is purchased by government clients for the purpose of tracking terrorists and criminals and that it had no independent knowledge of how those clients use its spyware. This claim is contradicted by court documents in WhatsApp’s lawsuit filed last year against the Israeli firm. While bringing the lawsuit, WhatsApp said in a statement that 100 civil society members had been targeted and called it “an unmistakable pattern of abuse”. New documents seen last week indicate that servers controlled by NSO Group and not its government clients, as alleged by the Israeli firm, were an integral part of how the hacks were executed. “NSO used a network of computers to monitor and update Pegasus after it was implanted on users’ devices,” said WhatsApp, “these NSO-controlled computers served as the nerve centre through which NSO controlled its customers’ operation and use of Pegasus [software used to hack computers and phones].”NSO Group is also accused by WhatsApp of gaining “unauthorised access” to its servers by evading the company’s security features.

n the ongoing legal battle between Facebook and software surveillance company NSO Group, the social media giant is trying to get NSO Group’s legal counsel dismissed because of an alleged conflict of interest. In a court filing made public this week, Facebook asked a federal judge to disqualify law firm King & Spalding from representing NSO Group because the firm previously represented Facebook-owned WhatsApp in a different, sealed case that is “substantially related” to the NSO Group one. King & Spalding, an Atlanta-based firm with a range of big corporate clients, has denied there is a conflict of interest, according to the filing.“Any attorney defending this suit would love to have insight into how WhatsApp’s platform and systems work,” the court filing states. “And King & Spalding has that insight—because it was once WhatsApp’s counsel.”The dispute with Facebook is one of multiple legal battles currently facing NSO Group. Amnesty International is trying to get an Israeli court to revoke NSO Group’s export license in Israel, citing Pegasus’s alleged role in humans rights abuses. [see: https://humanrightsdefenders.blog/2019/09/17/has-nso-really-changed-its-attitude-with-regard-to-spyware/]https://www.amnesty.org/en/latest/news/2020/06/nso-spyware-used-against-moroccan-journalist/

https://www.cyberscoop.com/nso-group-lawsuit-whatsapp-conflict-of-interest-king-spalding/

Israel’s NSO Group accused of ‘unmistakable pattern of abuse’ in hacking case

Amnesty accuses Facebook of complicity in Vietnamese censorship

April 22, 2020

On 21 April, Reuters reported that Facebook has begun to significantly step up its censorship of “anti-state” posts in the country. This follows pressure from the authorities, including what the company suspects were deliberate restrictions placed on its local servers by state-owned telecommunications companies that caused Facebook to become unusable for periods of time. The next day Amnesty International demanded that Facebook reverses immediately its decision.  “The revelation that Facebook is caving to Viet Nam’s far-reaching demands for censorship is a devastating turning point for freedom of expression in Viet Nam and beyond,” said William Nee, Business and Human Rights Advisor at Amnesty International. “The Vietnamese authorities’ ruthless suppression of freedom of expression is nothing new, but Facebook’s shift in policy makes them complicit.

Facebook must base its content regulation on international human rights standards for freedom of expression, not on the arbitrary whims of a rights-abusing government. Facebook has a responsibility to respect freedom of expression by refusing to cooperate with these indefensible takedown requests.” The Vietnamese authorities have a long track record of characterizing legitimate criticism as “anti-state” and prosecuting human rights defenders for “conducting propaganda against the state.” The authorities have been actively suppressing online speech amid the COVID-19 pandemic and escalating repressive tactics in recent weeks.  “It is shocking that the Vietnamese authorities are further restricting its peoples’ access to information in the midst of a pandemic. The Vietnamese authorities are notorious for harassing peaceful critics and whistleblowers. This move will keep the world even more in the dark about what is really happening in Viet Nam,” said William Nee.

Facebook’s decision follows years of efforts by Vietnamese authorities to profoundly undermine freedom of expression online, during which they prosecuted an increasing number of peaceful government critics for their online activity and introduced a repressive cybersecurity law that requires technology companies to hand over potentially vast amounts of data, including personal information, and to censor users’ posts. “Facebook’s compliance with these demands sets a dangerous precedent. Governments around the world will see this as an open invitation to enlist Facebook in the service of state censorship. It does all tech firms a terrible disservice by making them vulnerable to the same type of pressure and harassment from repressive governments,” said William Nee…

In a report published last year, Amnesty International found that around 10% of Viet Nam’s prisoners of conscience – individuals jailed solely for peacefully exercising their human rights – were jailed in relation to their Facebook activity. In January 2020, the Vietnamese authorities launched an unprecedented crackdown on social media, including Facebook and YouTube, in an attempt to silence public discussion of a high-profile land dispute in the village of Dong Tam, which has attracted persistent allegations of corruption and led to deadly clashes between security forces and villagers.  The crackdown has only intensified since the onset of COVID-19. Between January and mid-March, a total of 654 people were summoned to police stations across Viet Nam to attend “working sessions” with police related to their Facebook posts connected to the virus, among whom 146 were subjected to financial fines and the rest were forced to delete their posts. On 15 April, authorities introduced a sweeping new decree, 15/2020, which imposes new penalties on alleged social media content which falls foul of vague and arbitrary restrictions. The decree further empowers the government to force tech companies to comply with arbitrary censorship and surveillance measures.

See also: https://humanrightsdefenders.blog/2020/02/10/28-ngos-ask-eu-parliament-to-reject-cooperation-deal-with-vietnam-on-11-february/

Re Facebook and content moderation see also the Economist piece of 1 February 2020: https://www.economist.com/business/2020/01/30/facebook-unveils-details-of-its-content-oversight-board

https://www.amnesty.org/en/latest/news/2020/04/viet-nam-facebook-cease-complicity-government-censorship/