Cyber Security

Biden administration goes after two more spyware firms

Welcome to The Cybersecurity 202! Ah, “It’s Always Sunny in Philadelphia” Season 16, it’s bittersweet for your finale to already be upon us tonight. I mourned you even as you lived.

Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.

Below: The United States will soon seek feedback on harmonizing cyber regulations, and a bill that aims to stop warrantless police retrieval of phone data has momentum. First:

Intellexa and Cytrox are latest spyware firms to face U.S. wrath

The Biden administration struck its latest blow against foreign spyware makers on Tuesday, placing two Europe-based companies on its list that restricts U.S. companies’ business dealings with them.

As our own David DiMolfetta reported Tuesday with Aaron Gregg, the step is “the most significant since President Biden issued an executive order in March that sets limits on U.S. agencies’ use of spyware and bars the technology’s use when there’s a risk it could be exploited by foreign governments to target Americans or violate human rights.”

Greece-based Intellexa and the Hungarian company Cytrox are now on the Commerce Department’s “Entity List,” alongside related entities in Ireland and Macedonia, respectively. The organizations join Israeli spyware makers NSO Group — the company behind the Pegasus spyware — and Candiru on the list.

Spyware critics say it’s a move that puts the United States ahead of other nations in combating surveillance technology that’s been used to spy on journalists, politicians and activists.

“This rule reaffirms the protection of human rights worldwide as a fundamental U.S. foreign policy interest,” Deputy Secretary of Commerce Don Graves said in a statement. “The Entity List remains a powerful tool in our arsenal to prevent bad actors around the world from using American technology to reach their nefarious goals.” 

Cytrox is reportedly a part of Intellexa, but the relationship between the two companies is “murky at best,” according to the University of Toronto’s Citizen Lab. 

Researchers have found the Cytrox- and Intellexa-linked Predator spyware on the phones of an Egyptian politician and journalist, as well as a Greek journalist.

  • Intellexa has reportedly worked with governments in Europe and Southeast Asia.
  • Likely Cytrox customers include Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia, according to Citizen Lab.

“The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of U.S. government personnel and their families,” the State Department’s office of the spokesperson said Tuesday. “The misuse of these tools globally has also facilitated repression and enabled human rights abuses, including to intimidate political opponents and curb dissent, limit freedom of expression, and monitor and target activists and journalists.”

On Twitter, Citizen Lab’s John Scott-Railton praised the entity list additions. The additions follow not only the Biden administration’s executive order, but also a March joint statement with other nations to counter the proliferation of spyware.

“Very heartening to see US’ first regulatory action since Spyware Executive order,” he wrote. “Clear opportunity for diplomatic engagement on heels of WH Joint Statement on #spyware.”

A European lawmaker who has been pushing governments there to take action against spyware said on Twitter that the U.S. crackdown put some countries on her continent to shame.

The rapporteur for the European Union’s Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware, Sophie in ‘t Veld, tweeted that “While the Greek and EU authorities are still very busy doing nothing about #spyware the US have blacklisted #Intellexa. The inertia of Europe is deeply embarrassing.”

The final report of the so-called PEGA Committee criticized Greece, Hungary and other nations for their handling of spyware.

Intellexa and Cytrox haven’t commented yet on being added to the list. Spyware companies have often touted their technology’s uses for countering terrorism and crime.

Tal Dilian, a former Israeli intelligence officer who now heads Intellexa, told Reuters in 2020 that the company was a force for good, one that could be used to aid in the fight against problems like covid-19.

  • “I really believe this industry is doing more good than bad,” Dillan said. “Now is a good time to show that to the world.”
  • The story also noted: “Intellexa’s Dilian fled Cyprus last year after an arrest warrant was issued for him, on accusations that he used a surveillance van to illegally intercept communications in the country. Dilian denies the allegations, returned to Cyprus last month and said he is cooperating with authorities.” 

U.S. government will request feedback on harmonizing cyber regulatory goals

The Office of the National Cyber Director (ONCD) will issue a request for information (RFI) as soon as this week that would seek public feedback on cybersecurity regulatory harmonization and reciprocity, said Kemba Walden, the acting national cyber director.

Walden, speaking at a Chamber of Commerce event, said the RFI aims to help clarify “what that cybersecurity environment baseline should look like” across every critical infrastructure sector.

  • The announcement comes alongside a recently unveiled implementation plan for the Biden administration’s national cyber strategy.
  • The RFI aligns with the very first strategic objective in the plan that also directs ONCD to engage with private-sector representatives “to understand existing challenges with regulatory overlap and explore a framework for reciprocity for baseline requirements.”
  • ONCD representatives have previously said a harmonized approach initiative could take years to complete

An advisory panel in February encouraged the creation of an office that would seek to untangle conflicting cyber responsibility rules. An ONCD official at the time said those recommendations “align very well with the strategic goals of the [cyber] strategy.”

Michigan charges 16 Trump electors with forgery felonies

Michigan Attorney General Dana Nessel (D) on Tuesday filed felony charges against 16 Republicans alleging they used falsified certifications to act as electors for former president Donald Trump’s 2020 presidential run, our colleague Patrick Marley reports. 

Patrick writes: “In an online video announcing the charges, Nessel noted the 16 Republicans had submitted paperwork to the Senate, National Archives and elsewhere claiming to be the state’s official electors. ‘That was a lie,’ she said.”

  • The charged group includes the head of the Republican National Committee’s Michigan chapter, Kathy Berden, alongside former Michigan Republican Party co-chair Meshawn Maddock and Shelby Township Clerk Stan Grot.
  • “In Michigan, each Trump elector was charged with eight criminal counts, including forgery, conspiracy to commit forgery and election law forgery. Some of the counts carry sentences of up to 14 years in prison,” Patrick’s report adds.
  • False electoral certifications in several 2020 battleground states including Michigan have been a recent subject for investigators as Trump seeks the White House for 2024.

“Nessel investigated the Republican electors after the 2020 election and last year referred their activities to federal prosecutors,” the report says. “After being sworn in for a second term in January, she announced she was reopening her own probe of the GOP electors because she didn’t know what federal prosecutors planned to do with the case.”

  • In recent news, Arizona’s head prosecutor is expanding a criminal investigation into alleged attempts by Republicans to overturn the results of the 2020 election in the state when they signed and transmitted false paperwork declaring Trump the winner.

Bill to stop warrantless police retrieval of phone data sees momentum in Congress

A bill that would bar police and intelligence agencies from collecting sensitive information on U.S. citizens without a warrant is seeing growing momentum in Congress with bipartisan support from lawmakers, WIRED’s Dell Cameron reports.

  • A bill known as the Fourth Amendment Is Not For Sale Act is getting a markup hearing today in the House Judiciary Committee.
  • “If passed into law, the legislation’s restrictions would apply to federal agencies as well as state and local police departments,” Cameron writes, adding the bill “is cosponsored by four Republicans and four Democrats, including the committee’s ranking member, Jerry Nadler, a Democrat, who first introduced it alongside California Democrat Zoe Lofgren in 2021.”

A declassified report found that the U.S. intelligence community has leaned heavily on purchasing information that includes data protected by the Fourth Amendment, Cameron notes.

The bill’s sponsors say the bill “would effectively prohibit the government from doing business with companies such as Clearview AI, which has admitted to scraping billions of photos from social media to fuel a facial recognition tool that’s been widely tested by local police departments,” the WIRED report adds.

  • Clearview AI is seeking to expand beyond law enforcement, based on an investor presentation obtained by The Washington Post last year.

The debate comes as Congress considers whether to renew an authorization set to expire at the end of this year that allows national security authorities to gather electronic data without a traditional warrant based on probable cause when the target is a foreigner overseas and it’s for foreign intelligence purposes.

On inventorying operational technology, Amtrak may not be on track (FedScoop)

Get serious about data, US intelligence leaders tell agencies (Nextgov/FCW)

Renewable technologies add risk to the US electric grid, experts warn (CyberScoop)

Senators propose new bipartisan AI legislation focused on national health security (FedScoop)

Trump says he received a target letter in federal Jan. 6 investigation (Perry Stein, Josh Dawsey and Jacqueline Alemany)

Google restricting internet access to some employees to reduce cyberattack risk (CNBC)

The tail of the MOVEit hack may be longer than we realize (SC Magazine)

Adobe, Microsoft and Citrix vulnerabilities draw warnings from CISA (The Record)

Paying ransoms to hackers is a mistake, Australia’s new cybersecurity coordinator says (ABC News Australia)

Ukraine police bust another bot farm accused of pro-Russia propaganda, internet fraud (The Record)

Odessa City Council announces criminal investigation into online data breach (The Texan)

Britain’s MI6 chief says his spies are using AI to disrupt flow of weapons to Russia (Associated Press)

LeakedSource owner quit Ashley Madison a month before 2015 Hack (Krebs on Security)

Called a bogus airline customer support number? Google is hustling to fix that (The Record)

Cloudflare reports ‘alarming surge’ in DDoS sophistication, escalation in recent months (CyberScoop)

Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware (Bleeping Computer)

TikTok introduces passkey support for iOS devices (TechCrunch)

Patients seeking abortion, gender-affirming care at risk of increased surveillance: report  (The Hill)

  • The Defense Strategies Institute kicks off a two-day forum on zero-trust frameworks beginning at 8:45 a.m.
  • The Senate Homeland Security Committee considers a pair of IT modernization bills at 9:30 a.m.
  • Georgetown University convenes a discussion on broadband infrastructure and national security at noon.
  • CISA National Risk Management Center Assistant Director Mona Harrington speaks at an Inside Cybersecurity and USTelecom discussion on supply chain security at 1 p.m.
  • The Treasury Department’s Undersecretary for Terrorism and Financial Intelligence Brian Nelson speaks with the Center for a New American Security at 2 p.m.
  • NSA Cybersecurity Director Rob Joyce, DHS Secretary Alejandro Mayorkas and CIA Director William J. Burns speak at the Aspen Security Forum in Colorado beginning tomorrow around 11 a.m.

Thanks for reading. See you tomorrow.

Related Articles

Back to top button