Vanguard
Security Insights

The Perfect Cut-Out: When Global Politics, Espionage and Greed Converge with Technology

Fluid, agile and accessible – the malicious use of technology can range from simple, uncoordinated attacks to complex, highly coordinated persistence. Figuring as tool in the commission of a crime or as a delivery system to exploit many vectors, ‘technology for bad’ is not new, but what we have seen recently is – and it’s troubling.

When mixed with global politics, less-than-benevolent corporate tactics and espionage, technology can be a powerful means to create a few degrees of separation, as in a trusted intermediary, method or channel to facilitate interactions and communications. In fact, it can be the perfect cut-out.

Recently, two incidents showed that technology could be used surreptitiously to move political and corporate agendas, but at opposite ends of the spectrum: the assassination of Jamal Khashoggi with the use of the Pegasus tracking spyware, and the alleged spying by Huawei via its own technology.

Each has an element of politics at the highest level, where controlling social and economic influences benefit the agenda of a nation and its allies – but one ends in murder and the outcry for human rights, and the other, we’re not sure yet. It could have been the crime of the century.

Khashoggi: One Man Against the Saudi Regime

A little background on Khashoggi. More than a journalist, Khashoggi had been a thorn in the side of Saudi crown prince, Mohammad bin Salman – MBS for short. Quite nearly an existential threat to the Saudi regime, Khashoggi, who was also a Saudi dissident, had faced years of persecution for his work.

Khashoggi’s rise, or evolution, from Saudi establishment asset to a moderate-cum-left-leaning Islamic militant is complex. Suffice it to say, his dichotomic career and personal and ideological views formulated two tempests in the Saudi camp: the Islamic rhetoric was challenged and intellectually scrutinized by one of their own, and a stronghold of ideologically and politically-vested MBS supporters were girding their loins. Tactically, not a great position to occupy.

An enemy of the state, Khashoggi rejected the idea of creating an Islamic state and turned against the Saudi religious establishment while peppering them with criticisms. With indications that Khashoggi was planning use his contacts to tactically undermine MBS’ agenda – strongly supported by the Trump administration – social media “trolling” had ramped up, and Saudi authorities had banned him from media engagements after his criticism of Trump’s ascension to the U.S. presidency. The allegiance between MBS and Trump was clear, and Khashoggi dared to tread on it.

In October 2018, following Khashoggi’s murder inside the Saudi Arabian consulate in Istanbul, Trump denounced the act (sort of) and then appeared to waffle and go soft on Saudi Arabia, calling them a “great ally” and underscoring the U.S.’ commitment to remaining a steadfast partner. Maybe saying what Trump could not, Donald Trump Jr. took to Twitter calling Khashoggi “a democrat reformer journalist holding a RPG with jihadists.”

On the other side, Khashoggi was soberly eulogized by The Washington Post – where Khashoggi was a columnist – as “once sympathetic to Islamist movements,” and CNN described him as a journalist “who evolved from an Islamist in his twenties to a more liberal position by the time he was in his forties.” As the headlines spun, it became very clear: this was more than retaliation for bruised egos or ideological turn-coating. This was deeply political;

Khashoggi was the nexus of knowledge on MBS’ ground game and inside intelligence on the Saudi regime.

Technology as a Subversive Tool

With the backdrop of a political manoeuvre, technology played a small but devastating role in Khashoggi’s murder. The unsophisticated “trolling” on social media was relatively benign; nothing more than shots across the bow, it to deter and split Khashoggi’s support base. But the infiltration of Khashoggi’s phone texts and messages and tracking his whereabouts using Pegasus spyware turned this into a predatory game of monitoring, luring and ensnaring.

Relying on unpatched zero-day vulnerabilities, Pegasus enables the one-click jailbreak of a cell phone, allowing access to its microphone, camera, keyboard, messaging and data to permit keylogging, screenshot and live audio capture, remote control of the malware via SMS, and messaging data exfiltration from WhatsApp, Skype, Facebook, Twitter, etc. If attempts to disable are detected, it self-destructs.

In fact, Pegasus is so powerful and damaging that the Israeli company who developed it, the NSO Group, has been publicly criticized by Edward Snowden. Snowden has charged that Pegasus has only one purpose: a malicious “burglary tool used to violate the human rights of dissidents, opposition figures and activists.”

Mobile devices are renowned for vulnerabilities, and now there are two teams seeking them out: one is to ‘find and fix’ and the other is to ‘find and exploit until fixed’ (if ever). Continuous reverse-engineering of iOS and Android operating systems to look for vulnerabilities to exploit is the backbone of Pegasus’ success. Citizen Lab researchers have tracked the use of Pegasus to 45 countries where operators “may be conducting surveillance operations” and at least 10 operators who “appear to be actively engaged in cross-border surveillance.”

At some point, Khashoggi seemed to suspect that his messages to Montreal-based activist Omar Abdulaziz had been intercepted. They had been discussing plans to fight Riyadh’s communications crackdown, create secure social-media accounts for ordinary Saudis, and likely much more. One message after this simply read, “God help us.” Khashoggi knew those spying on his phone would know who he was communicating with and what they were discussing – even their GPS coordinates. Considering Khashoggi’s well-publicized opinion of the Saudi regime, this bodes badly.

In a political climate that encourages cross-plays as tactics – seen in the Iran-Contra affair (interestingly, Adnan Khashoggi is Jamal Khashoggi’s uncle) – Russia’s presence in Syria and the U.S.’ re-imposed sanctions on Iran, the NSO Group’s involvement looks, well, bad. While Israel and Saudi Arabia do not have any official diplomatic relations, they have definitely supported each other’s political and intelligence agendas.

Huawei’s Year of the Jackal

So far, Huawei is having a rough year. From the arrest of chief financial officer Meng Wanzhou for alleged violation of Iran sanctions, creating a U.S.-Canada-China diplomatic dispute, to the mounting number of countries banning Huawei’s technologies and devices from broadband and mobile provider infrastructures, things have gone from bad to worse.

Right now, the U.S. is moving ahead with extradition against Wanzhou, and Trump is considering an executive order to bar the use of Huawei’s, and its compatriot ZTE’s, equipment. The Czech Republic and Australia have already moved on a formal ban. More will certainly follow.

The Huawei play is high stakes for China, and its global expansion was not by accident or luck. For over a decade, the Chinese government heavily funded Huawei with billions, and even included them in trade agreements. Their strategic spread was clearly a much-needed success for China. A blessing and a curse, Huawei’s inextricable ties to the Chinese government have been lucrative, but it has now become an enormous security risk for other nations who have been at the pointy end of China’s espionage.

China’s aggressiveness in export and trade is well-known, as it was part of its rise to economic power. Now, the stakes are far above cheaper home electronics, and the government knows that technology and military advancements are key to their success. Clearly, no Chinese company is fully independent of the Chinese government, but Huawei’s optic is not a good one. And to what extent Chinese companies can be compelled to assist in intelligence gathering for their government is hard to quantify but deeply feared.

Huawei’s founder, Ren Zhengfei, is a former technologist for the People’s Liberation Army, and already there have been numerous accusations of theft of intellectual property by Huawei. It’s taken years, but the international intelligence community has finally begun to circle the wagons, and Five-Eyes intelligence chiefs (U.S., Canada, UK, Australia and New Zealand) have expressed deep concern over purchasing or using Huawei and ZTE’s telecommunications products, as well as other Chinese companies.

So Much to Lose

Huawei’s involvement in 5G systems – which will fuel even more connectivity in the Internet of Things, such as smart cars, smart homes and smart cities – holds substantial concern. With billions of devices being connected and communicating with each other, the breadth of spying risk increases exponentially and includes more valuable and sensitive targets. Presumably, 5G is going to be subjected to increasing security and controls. This alone may exclude Huawei, based on the limited prospects due to its links to the Chinese government.

Huawei has repeatedly defended itself by claiming it is a dedicated global leader in telecommunications equipment, already embedded in many Western nation infrastructures, and has complied with all applicable export controls, laws and other regulations. The concerns over security, according to Huawei, are simply the high-handedness of the U.S. and UK in response to China’s growth and trade success.

Not many are buying it, including Republican Senator Ted Cruz. Cruz has called Huawei “a Communist Party spy agency thinly veiled as a telecom company.” Let’s suppose for a moment that Cruz is right. If a government were planning to overthrow other superpowers, would they stand up several technology companies that supply essential services (communications) and strategically position them to dominate world markets? Absolutely.

Would they implement that infrastructure in key sectors of rival countries and develop devices to run on it, providing even wider control of those markets? Naturally. Would they create dependencies and leverage by controlling or shielding vulnerabilities meant to be exploited, further compromising users of their technologies? Very likely.  Maybe they would quietly partner with other companies, like NSO Group, to maximize surveillance technologies? Or maybe they’d just copy their intellectual property for themselves.

Possibly this critical infrastructure with high dependency for national security and economic stability becomes a bargaining chip, like a missile waiting in a silo. Certainly, the above scenarios spell a disastrous outcome for rival nations – and human rights and democracy, if you’re into that kind of thing. Right now, they are just scenarios, as little is known of the intent and motives behind some of Huawei’s actions.

The malicious use of technology, as seen in the Khashoggi murder, may be quiet and covertly applied to criminal intentions, to move the needle and allow for a tactical advantage, confounding the rules of fair play. The devastating effect of the Pegasus spyware on national security, human rights, free speech, democracy and just processes can only be imagined. We can only this to become more common and while wringing our hands over what can do about it – if anything.

The malicious use of technology can also be so obvious and in plain sight, lumbering along for years, that no one would suspect it may be the mother of all Trojan horses. Suffice it to say, at the least, free-markets and politics are funny bedfellows, and at the worst, they can lay the foundation for the most spectacular rise of one nation over the downfall of others, if they are not watching closely.

Related posts

Artificial Intelligence: Public Safety, Privacy and Ethics

Valarie Findlay
June 8, 2018

Risky Business: Wading through security and risk-reduction standards

Valarie Findlay
July 13, 2018

Canada’s cyber security deficit

Valarie Findlay
May 16, 2016
Exit mobile version