Skip to main content

Home/ International Politics of the Middle East/ Group items matching "cybersecurity" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
Ed Webb

Path to Success for One Palestinian Hacker: Publicly Owning Mark Zuckerberg | Threat Level | Wired.com - 0 views

  • It was August 14, and Shreateh had just reached halfway around the world to pull off a prank that would make him the most famous hacker in the Israeli-occupied West Bank. He’d discovered a Facebook bug that would allow him to post to another user’s wall even if he wasn’t on the user’s friends list. Demonstrating the bug on Zuckerberg was a last resort: He first reported the vulnerability to Facebook’s bug bounty program, which usually pays $500 for discoveries like his. But Facebook dismissed his report out of hand, and to this day refuses to pay the bounty for the security hole, which it has now fixed. Where Facebook failed, though, techies from across the world stepped in to fix, crowdfunding a $13,000 reward for Shreateh. Now that money, and Shreateh’s notoriety, is about to launch the former construction worker into a new life. He’s using the funds to buy a new laptop and launch a cybersecurity service where websites will be able to request “ethical hacking” to identify their vulnerabilities. And he’s started a six-month contract with a nearby university to find bugs as part of their information security unit. He hacks and reports flaws on other universities’ sites in his free time.
  • The West Bank is no easy place to be a hacker, or to do anything in the technology sphere. The occupied region depends on Israel for electricity, water and telecommunications, including the sluggish Internet that crawls into the South Hebron Hills. Shreateh has a well and three water tanks on his roof because Yatta only receives several days of running water every few months. Blackouts are common, and the town often goes without electricity for whole days in the winter. Partly to blame is a complex system established by the Oslo accords that splits the West Bank into three zones under different combinations of Palestinian and Israeli control. “It’s like Swiss cheese,” says George Khadder, a tech entrepreneur who worked in Silicon Valley for 13 years. He sketches how Zones A, B and C weave in, out and around each other, with chunks of Israeli settlement territory in between. “The West Bank is like an archipelago, in terms of contiguity and services. This is absolutely a problem.” This access gap is clear on the drive from Jerusalem to Yatta, which requires passing through a military checkpoint that bars Shreateh from entering Israel. The road to Yatta passes several Israeli settlements, sprawling over hilltops with their separate telecom systems, brightly lit streets and green, well-watered lawns. “The dogs in Israel drink more water than Palestinians,” the taxi driver laughs.
  • Shreateh has his own website and 44,156 followers on Facebook, many of whom spam him with questions about hacking into their boyfriends’ profiles or raising their exam grades online. Shreateh ignores them. “I am an ethical hacker,” he says. “I don’t damage or destroy.” That makes him different from some other Palestinian hackers. The same month as Shreateh’s Facebook prank, hacktivists hijacked Google’s Palestine domain, redirecting it to a page with a Rihanna background song and written message: “uncle google we say hi from palestine to remember you that the country in google map not called israel. its called Palestine” This month, another group called KDMS hacked the websites of security companies AVG and Avira, among other companies, redirecting to a site displaying the Palestinian flag, a graphic of Palestinian land loss, and a similar message: “we want to tell you that there is a land called Palestine on the earth,” it read in part. “this land has been stolen by Zionist.’
  • ...1 more annotation...
  • As for Israeli hackers, he sees them as inferior, babied by the privilege of living without occupation. “Israeli hackers all come from university classes. They have companies and courses to teach them,” Shreateh scoffs. “Palestinian hackers come from Google search and YouTube videos. We all learned on our own.”
Ed Webb

Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE - 0 views

  • Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.
  • in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.
  • former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals
  • ...20 more annotations...
  • surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents
  • Various reports have highlighted the ongoing cyber arms race in the Middle East, as the Emirates and other nations attempt to sweep up hacking weapons and personnel faster than their rivals. The Reuters investigation is the first to reveal the existence of Project Raven, providing a rare inside account of state hacking operations usually shrouded in secrecy and denials.
  • While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email.
  • The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters.
  • Mansoor was convicted in a secret trial in 2017 of damaging the country’s unity and sentenced to 10 years in jail. He is now held in solitary confinement, his health declining, a person familiar with the matter said. Mansoor’s wife, Nadia, has lived in social isolation in Abu Dhabi. Neighbors are avoiding her out of fear security forces are watching. They are correct. By June 2017 Raven had tapped into her mobile device and given her the code name Purple Egret, program documents reviewed by Reuters show. To do so, Raven utilized a powerful new hacking tool called Karma, which allowed operatives to break into the iPhones of users around the world.
  • the UAE has been accused of suppressing free speech, detaining dissidents and other abuses by groups such as Human Rights Watch. The UAE says it is working closely with Washington to fight extremism “beyond the battlefield” and is promoting efforts to counter the “root causes” of radical violence. Raven’s targets eventually would include militants in Yemen, foreign adversaries such as Iran, Qatar and Turkey, and individuals who criticized the monarchy, said Stroud and eight other former Raven operatives. Their accounts were confirmed by hundreds of Raven program documents reviewed by Reuters.
  • “Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter,” she said. “But it’s an intelligence mission, you are an intelligence operative. I never made it personal.”
  • the program took aim not just at terrorists and foreign government agencies, but also dissidents and human rights activists. The Emiratis categorized them as national security targets
  • Emirati security forces viewed human rights advocates as a major threat to “national stability,”
  • Reached by phone in London, Donaghy, now a graduate student pursuing Arab studies, expressed surprise he was considered a top national security target for five years. Donaghy confirmed he was targeted using the techniques described in the documents. “I’m glad my partner is sitting here as I talk on the phone because she wouldn’t believe it,” he said. Told the hackers were American mercenaries working for the UAE, Donaghy, a British citizen, expressed surprise and disgust. “It feels like a betrayal of the alliance we have,” he said.
  • Stroud had already made the switch from government employee to Booz Allen contractor, essentially performing the same NSA job at higher pay. Taking a job with CyberPoint would fulfill a lifelong dream of deploying to the Middle East and doing so at a lucrative salary. Many analysts, like Stroud, were paid more than $200,000 a year, and some managers received salaries and compensation above $400,000.
  • Karma was particularly potent because it did not require a target to click on any link to download malicious software. The operatives understood the hacking tool to rely on an undisclosed vulnerability in Apple’s iMessage text messaging software. In 2016 and 2017, it would be used against hundreds of targets across the Middle East and Europe, including governments of Qatar, Yemen, Iran and Turkey, documents show. Raven used Karma to hack an iPhone used by the Emir of Qatar, Sheikh Tamim bin Hamad al-Thani, as well as the phones of close associates and his brother.
  • Providing sensitive defense technologies or services to a foreign government generally requires special licenses from the U.S. State and Commerce Departments. Both agencies declined to comment on whether they issued such licenses to CyberPoint for its operations in the UAE. They added that human rights considerations figure into any such approvals.
  • But a 2014 State Department agreement with CyberPoint showed Washington understood the contractors were helping launch cyber surveillance operations for the UAE. The approval document explains CyberPoint’s contract is to work alongside NESA in the “protection of UAE sovereignty” through “collection of information from communications systems inside and outside the UAE” and “surveillance analysis.”
  • “It was incredible because there weren’t these limitations like there was at the NSA. There wasn’t that bullshit red tape,”
  • Under DarkMatter, Project Raven continued to operate in Abu Dhabi from the Villa, but pressure escalated for the program to become more aggressive. Before long, senior NESA officers were given more control over daily functions, former Raven operatives said, often leaving American managers out of the loop. By mid-2016, the Emirates had begun making an increasing number of sections of Raven hidden from the Americans still managing day-to-day operations. Soon, an “Emirate-eyes only” designation appeared for some hacking targets.
  • Stroud began searching a targeting request list usually limited to Raven’s Emirati staff, which she was still able to access because of her role as lead analyst. She saw that security forces had sought surveillance against two other Americans. When she questioned the apparent targeting of Americans, she received a rebuke from an Emirati colleague for accessing the targeting list, the emails show. The target requests she viewed were to be processed by “certain people. You are not one of them,” the Emirati officer wrote.
  • Days later, Stroud said she came upon three more American names on the hidden targeting queue.
  • occupations were listed: journalist
  • When Stroud kept raising questions, she said, she was put on leave by superiors, her phones and passport were taken, and she was escorted from the building. Stroud said it all happened so quickly she was unable to recall the names of the three U.S. journalists or other Americans she came across in the files. “I felt like one of those national security targets,” she said. “I’m stuck in the country, I’m being surveilled, I can’t leave.” After two months, Stroud was allowed to return to America. Soon after, she fished out the business card of the FBI agents who had confronted her at the airport. “I don’t think Americans should be doing this to other Americans,” she told Reuters. “I’m a spy, I get that. I’m an intelligence officer, but I’m not a bad one.”
Ed Webb

bellingcat - Lord Of The Flies: An Open-Source Investigation Into Saud Al-Qahtani - bellingcat - 0 views

  • Before tuning in via Skype to oversee the murder and dismemberment of Saudi Arabian journalist Jamal Khashoggi, Saud al-Qahtani, a high-level adviser to the crown prince of Saudi Arabia, Mohammed bin Salman (MBS), was best known for running social media operations for the royal court and serving as MBS’s chief propagandist and enforcer. His portfolio also included hacking and monitoring critics of the Kingdom and MBS.
  • Al-Qahtani registered at least 22 domains since 2009, some of which have been used as command and control servers for malware
  • al-Qahtani’s posts on Hack Forums detail the hacking tools and services he purchased and used and the social media platforms and mobile apps he targeted. By June 2011, less than two years after joining the forum, he estimated that he had 90% of paid and free RATs on the market. Al-Qahtani also paid Hack Forum members to have social media accounts deleted and sought to manufacture engagement activity on major social media platforms, including YouTube and Facebook.
  • ...8 more annotations...
  • He also posted at least three times while drunk, by his own admission, and opined on topics unrelated to hacking such as the role of religion in politics and policy toward Iran.
  • MBS’s repression machine is alive and well thanks in no small part to the Trump administration’s refusal to hold the Saudi strongman and his regime to account. 
  • Since Khashoggi was murdered last October, the CIA has observed its “duty to warn” on three separate occasions, sharing intelligence to alert dissidents based in the U.S., Canada and Norway to threats originating from Saudi Arabia. 
  • multiple media outlets have cited sources saying that he is still in MBS’s good graces and continuing to work in a similar capacity as before he was officially ousted from the royal court.
  • The best open-source indication to date that al-Qahtani is continuing his hacking work comes from the Guardian, which reported in June 2019, that it was targeted by a Saudi hacking team at the order of al-Qahtani. The newspaper was initially warned of the order by a source in Riyadh earlier this year, and the threat was subsequently corroborated by a confidential internal order signed by al-Qahtani, which the Guardian reviewed. The document, dated March 7, 2019, was written in Arabic and instructed “heads of technological and technical departments” run from the cybersecurity directorate within the private office of the MBS to “carry out the penetration of the servers of the Guardian newspaper and those who worked on the report that was published, and deal with the issue with complete secrecy, then send us all the data as soon as possible.”
  • On June 19, 2019, Agnes Callamard, the United Nations (UN) Special Rapporteur on extrajudicial, summary or arbitrary killings, published a report on Khashoggi’s death, calling it a “premeditated extrajudicial execution” at the hands of the Saudi state. “His killing was the result of elaborate planning involving extensive coordination and significant human and financial resources. It was overseen, planned and endorsed by high-level officials. It was premeditated.”
  • The report specifically names al-Qahtani and MBS as two high-level officials who have not been criminally charged but for whom there is “credible evidence meriting further investigation.” 
  • In addition to the 22 domains analyzed above, this investigation identified several other domains that are likely linked to al-Qahtani but require further research and analysis
Ed Webb

Cyber attack targeted Israel's water supply, internal report claims - 0 views

  • Cyber attack targeted Israel's water supply, internal report claims
  • A suspected cyber attack took place against several Water Authority facilities over the weekend, according to an internal departmental report.
  • A memo sent by Water Authority officials ordered all personnel to immediately change the passwords to the facility's systems, "with emphasis on the operational system and the chlorine control in particular."
Ed Webb

Exclusive: Secret Trump order gives CIA more powers to launch cyberattacks - 0 views

  • The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities
  • The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations
  • Unlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such as preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and crafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.  
  • ...19 more annotations...
  • countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well
  • offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program
  • freed the agency to conduct disruptive operations against organizations that were largely off limits previously, such as banks and other financial institutions
  • it lessened the evidentiary requirements that limited the CIA’s ability to conduct covert cyber operations against entities like media organizations, charities, religious institutions or businesses believed to be working on behalf of adversaries’ foreign intelligence services, as well as individuals affiliated with these organizations
  • “as long as you can show that it vaguely looks like the charity is working on behalf of that government, then you’re good.”
  • Since the finding was signed two years ago, the agency has carried out at least a dozen operations that were on its wish list, according to this former official. “This has been a combination of destructive things — stuff is on fire and exploding — and also public dissemination of data: leaking or things that look like leaking.” 
  • “We’re playing semantics — destabilization is functionally the same thing as regime change. It’s a deniability issue,”
  • “Our government is basically turning into f****ing WikiLeaks, [using] secure communications on the dark web with dissidents, hacking and dumping,”
  • critics, including some former U.S. officials, see a potentially dangerous attenuation of intelligence oversight, which could have unintended consequences and even put people’s lives at risk
  • “Trump came in and way overcorrected,” said a former official. Covert cyber operations that in the past would have been rigorously vetted through the NSC, with sometimes years-long gaps between formulation and execution, now go “from idea to approval in weeks,” said the former official. 
  • an unknown group in March 2019 posted on the internet chat platform Telegram the names, addresses, phone numbers and photos of Iranian intelligence officers allegedly involved in hacking operations, as well as hacking tools used by Iranian intelligence operatives. That November, the details of 15 million debit cards for customers of three Iranian banks linked to Iran’s Islamic Revolutionary Guard Corps were also dumped on Telegram.Although sources wouldn’t say if the CIA was behind those Iran breaches, the finding’s expansion of CIA authorities to target financial institutions, such as an operation to leak bank card data, represents a significant escalation in U.S. cyber operations
  • These were operations the “CIA always knew were an option, but were always a bridge too far," said a former official. “They had been bandied about at senior levels for a long time, but cooler heads had always prevailed." 
  • “It was obvious that destabilization was the plan on Iran,”
  • Neither these two Iran-related findings, nor the new cyber finding, mention regime change as a stated goal, according to former officials. Over time, however, the CIA and other national security officials have interpreted the first two Iran findings increasingly broadly, with covert activities evolving from their narrow focus on stopping Tehran’s nuclear program, they said. The Iran findings have been subject to “classic mission creep,” said one former official.
  • senior Trump officials weren’t interested in retaliating against Russia for the election interference
  • The CIA’s “deconfliction is poor, they’re not keeping people in the loop on what their cyber operations are,”
  • This more permissive environment may also intensify concerns about the CIA’s ability to secure its hacking arsenal. In 2017, WikiLeaks published a large cache of CIA hacking tools known as “Vault 7.” The leak, which a partially declassified CIA assessment called “the largest data loss in CIA history,” was made possible by “woefully lax” security practices at the CIA’s top hacker unit, the assessment said.
  • Removing NSC oversight of covert operations is a significant departure from recent history, according to Eatinger. “I would look at the intel community as the same as the military in that there should be civilian control of big decisions — who to go to war against, who to launch an attack against, who to fight a particular battle,” he said. “It makes sense that you would have that kind of civilian or non-intelligence civilian leadership for activities as sensitive as covert action.”
  • “People thought, ‘Hey, George W. Bush will sign this,’ but he didn’t,” said a former official. CIA officials then believed, “‘Obama will sign it.’ Then he didn’t.”“Then Trump came in, and CIA thought he wouldn’t sign,” recalled this official. “But he did.”
1 - 5 of 5
Showing 20 items per page