The Mercenary Threat of U.S. Hackers-for-Hire
Trained in the American intelligence community, cyber-contractors are now making their expertise available to governments around the world. The Mercenary Threat of U.S. Hackers-for-Hire
In the summer of 2012, an Iranian computer virus named Shamoon wiped data from tens of thousands of computers at two of the Middle East’s most important energy companies, Saudi Aramco and Qatar’s Ras Gas.
Shamoon was no Stuxnet: Unlike the Israeli digital weapon that destroyed nuclear centrifuges in the Islamic Republic, the virus that attacked the energy companies did little damage to their operations.
But the demonstration of their vulnerability panicked policy makers in the Gulf Arab states. Saudi Arabia, Qatar, the United Arab Emirates, Kuwait and Oman all turned to the U.S. for expertise to protect their vital national resources against cyberattacks.
With the blessings of the Obama administration, American defense contractors specializing in cybersecurity were happy to help.
To meet the surging demand for their services, these firms recruited cyber-operatives and analysts from U.S. intelligence agencies, offering what one former Federal Bureau of Investigations agent described to me as “buy-yourself-a-Ferrari” salaries.
For some, their job description evolved from playing defense against hackers to going on the offense, heading attackers off at the pass. Others were assigned to counterterrorism operations, doing for their new clients what they had previously done for their country, and often using the same tools.
Nobody in Washington heard the sound of a can of worms being opened.
But it wasn’t very long before there were inklings of where the worms had wriggled off to.
Within a couple of years, word was filtering back to the U.S. intelligence community that some of their former colleagues were being deployed as cyber-spies, to hack into the phones and computers of political dissidents, rights activists and journalists.
These targets included American citizens.
The first clear sight of what the worms were up to came from a 2019 investigation by Reuters into the role of former U.S. intelligence operatives in a UAE operation that, among other things, allegedly snooped on government critics.
Earlier this summer, the UAE was among several governments accused of using spyware created by the Israeli company NSO Group to hack the smartphones of journalists, activists and business executives worldwide.
In January, the Central Intelligence Agency’s counterintelligence chief, Sheetal T. Patel, took the unprecedented step of warning retired officers against working for any foreign government.
Although she didn’t specifically cite cyber-espionage as an area of concern, the intelligence community could hardly be in any doubt about the nature of her concerns.
Now, three men have admitted they shared critical American defense technology and secrets with Emirati government agencies and at least one unnamed private company.
In an agreement with the U.S. Justice Department, Marc Baier, Ryan Adams and Daniel Gericke have agreed to pay nearly $1.7 million to resolve criminal charges of computer fraud, access device fraud and violating export controls.
But we may not yet know all the consequences of opening that can of worms. The U.S. routinely sells sophisticated military hardware and software to allies, and it is plainly in the American interest to help friendly countries ward off cyber-threats.
There are rules to prevent these cyber-tools and expertise from being used against U.S. citizens. Companies providing services to foreign governments must get clearances from the State Department, the Department of Defense and, often, from the National Security Agency.
The companies know there are red lines. For instance, the International Traffic in Arms Regulations require cybersecurity firms to forswear targeting Americans.
But policing this space is fiendishly difficult. It is especially hard to account for individuals acting badly.
The three men allegedly helped to create “zero-click” hacking systems, capable of compromising devices without any action by the targets. These systems may have given their employers access tens of millions of devices.
Will the Justice Department’s action against Baier, Adams and Gericke deter others from following in their footsteps?
Mark Lesko, the acting assistant attorney general of the department’s National Security Division has warned that “hackers-for-hire and those who otherwise support such activities… should fully expect to be prosecuted for their criminal conduct.”
At the very least, they now know that the U.S. government is on alert. With luck, whistleblowers will now be encouraged to come forward with revelations about shady activity by other former intelligence operatives.
But companies will worry that the case will spook their employees and make it harder to recruit from the intelligence community, and force foreign governments to look elsewhere for cyber-security services.
Their Russian rivals, to name just one, are not constrained by the same rules and anxieties.
But that’s a whole other can of worms.
A Hospital Hit By Hackers, A Baby In Distress: The Case Of The First Alleged Ransomware Death
Google’s Chrome Browser Is Under Active Attack, Patch Now!!!!
How Hackers Use Our Brains Against Us And How We Can Fight Back
AT&T 5G Upgrade Risks Silencing Home Alarms Reliant On Old Tech
Coinbase Users Angry With Customer Support After Funds Disappear From Accounts
Apple Cyber Flaw Allows Silent iPhone Hack Through iMessage
Biden Urges CEOs To Improve U.S. Cybersecurity After Attacks
How Hackers Hammered Australia After China Ties Turned Sour
Electric Vehicle Infrastructure Push Brings Cyber Concerns
Hacker Claims To Steal Data Of 100 Million T-Mobile Customers
Accenture Confirms Hack After LockBit Ransomware Data Leak Threats
CIA Weighs Creating Special China Unit In Bid To Out-Spy Beijing
Israel’s Mossad Intelligence Agency Is Seeking To Hire A Crypto Expert
US Taps Amazon, Google, Microsoft, Others To Help Fight Ransomware, Cyber Threats
US Drops Visa Fraud Cases Against Five Chinese Researchers
Want To Invest In Cybersecurity? Here Are Some ETFs To Consider
How To Protect Your Online Privacy While Working From Home
What Hackers Can Learn About You From Your Social-Media Profile
Biden Administration Blames Hackers Tied To China For Microsoft CyberAttack Spree
US Fights Ransomware With Crypto Tracing, $10 Million Bounties
Faces Are The Next Target For Fraudsters
Russia ‘Cozy Bear’ Breached GOP As Ransomware Attack Hit
Advertising Company Will Use Its Billboards To Track Passing Cellphones
REvil Ransomware Hits 200 Companies In MSP Supply-Chain Attack
What It Will Take To Protect Cities Against Cyber Threats
Home Security Company ADT Betting On Google Partnership To Build Revenue
Carnegie Cyber Kids Academy. World’s Most Prestigious Cyber Defense Training Facility
How To Opt Out Of Amazon’s Bandwidth-Sharing Sidewalk Network
Carnival Discloses Breach of Personal Data On Guests And Crew
UK Cyber Chief Cameron Says Ransomware Key Online Threat
The FBI Secretly Ran The Anom Messaging Platform, Yielding Hundreds Of Arrests In Global Sting
Federal Reserve Hacked More Than 50 Times In 4 Years
All of JBS’s US Beef Plants Were Forced Shut By Cyberattack
It Wasn’t Until Anonymous Payment Systems That Ransomware Became A Problem
How To Use Ian Coleman’s BIP39 Tool For Finding Bitcoin Addresses And Private Keys From A Seed Phrase
A New Ransomware Enters The Fray: Epsilon Red
This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware
Biden Proposes Billions For Cybersecurity After Wave of Attacks
Mobile Crypto ‘Mining’ App Possibly Connected To Personal Data Leak
Ireland Confirms Second Cyber Attack On Health System
US Unveils Plan To Protect Power Grid From Foreign Hackers
Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals
A Hacker Was Selling A Cybersecurity Exploit As An NFT. Then OpenSea Stepped In
Clubhouse And Its Privacy & Security Risk
Using Google’s ‘Incognito’ Mode Fails To Prevent Tracking
Kia Motors America Victim of Ransomware Attack Demanding $20M In Bitcoin, Report Claims
The Long Hack: How China Exploited A U.S. Tech Supplier
Clubhouse Users’ Raw Audio May Be Exposed To Chinese Partner
Hacker Changed Chemical Level In Florida City’s Water System
UK Merger Watchdog Suffers 150 Data Breaches In Two Years
KeepChange Foils Bitcoin Theft But Loses User Data In Sunday Breach
Hacker Refuses To Hand Police Password For Seized Wallet With $6.5M In Bitcoin
SonicWall Says It Was Victim of ‘Sophisticated’ Hack
Tor Project’s Crypto Donations Increased 23% In 2020
Read This Now If Your Digital Wallet Which Holds Your Crypto-currencies Can Be Accessed Through Cellular, Wifi, Or Bluetooth
Armed Robbers Steal $450K From Hong Kong Crypto Trader
Is Your iPhone Passcode Off Limits To The Law? Supreme Court Ruling Sought
Researchers Warn 3 Apps Have Been Stealing Crypto Undetected For A Year
Ways To Prevent Phishing Scams In 2020
The Pandemic Turbocharged Online Privacy Concerns
US Treasury Breached By Foreign-Backed Hackers
FireEye Hack Portends A Scary Era Of Cyber-Insecurity
How FinCEN Became A Honeypot For Sensitive Personal Data
Apple And Google To Stop X-Mode From Collecting Location Data From Users’ Phones
Surge In Physical Threats During Pandemic Complicates Employee Security Efforts
Imagine A Nutrition Label—for Cybersecurity
Cybercriminals Attack GoDaddy-based Cryptocurrency Platforms
Biden Team Lacks Full U.S. Cybersecurity Support In Transition Fracas
Nasdaq To Buy Anti-Financial Crime Firm Verafin For $2.75 Billion
Mysterious Software Bugs Were Used To Hack iPhones and Android Phones and No One Will Talk About It
Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin
Hackers Steal $2.3 Million From Trump Wisconsin Campaign Account
Crypto Scammers Deface Trump Campaign Website One Week From Elections
Telecoms Protocol From 1975 Exploited To Target 20 Crypto Executives
With Traders Far From Offices, Banks Bring Surveillance To Homes
Financial Systems Set Up To Monitor Unemployment Insurance Fraud Are Being Overloaded (#GotBlockchain?)
A Millionaire Hacker’s Lessons For Corporate America
Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack
Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History
Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom
Russian Troll Farms Posing As African-American Support For Donald Trump
US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists
These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier
Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off
Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign
Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time
Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)
Facebook Offers Money To Reel In TikTok Creators
How A Facebook Employee Helped Trump Win—But Switched Sides For 2020
Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption
Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending
Facebook Labels Trump Posts On Grounds That He’s Inciting Violence
Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)
Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble
OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)
Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)
FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)
How Facebook Coin’s Big Corporate Backers Will Profit From Crypto
Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)
A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)
Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)
Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)
Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)
Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)
Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)
Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)
New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)
Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)
Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)
DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)
Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)
Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)
SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)
Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)
FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)
Our Facebook Page
Your Questions And Comments Are Greatly Appreciated.
Monty H. & Carolyn A.