A day of bad news for spyware makers

Below: New details emerge about the ransomware attack that hit Dish, and an AI-generated image of a Pentagon explosion could have been much worse. First:

A trio of stories sheds light on a trio of spyware companies

Monday was not what you would call a good day for spyware manufacturers.

Three different makers of the invasive tech endured unflattering news:

• German authorities brought charges against four executives for the defunct Munich-based FinFisher GmbH, alleging that they illegally sold their spyware to Turkish secret services without necessary approval.
• Code for the spyware of Israeli firm QuaDream leaked online one month after it shut down, providing hints of its capabilities.
• NSO Group, the company behind the Pegasus malware, reportedly opened an investigation into attacks on human rights defenders in Mexico.

Here’s the situation for each of them.

1. FinFisher

Munich prosecutors didn’t name the FinFisher executives, instead only identifying each of them by a single initial. Prosecutors say the executives violated licensing requirements by selling their spyware to countries outside the European Union.

FinFisher sought to conceal a $5.4 million transaction in 2015 by routing it through a company in Bulgaria, prosecutors contend, per reporting from Ryan Gallagher of Bloomberg News. In Turkey, FinFisher’s FinSpy spyware targeted activists and political opponents of the ruling party, according to Access Now. The company’s representatives didn’t respond to Bloomberg News’s request for comment.

Organizations that joined to file a criminal complaint against FinFisher welcomed the charges.

The indictment is overdue but the European Union and member states have to act more decisively against misuse of surveillance technology, Miriam Saage-Maass, legal director of the European Center of Constitutional and Human Rights, said in a statement. (That group was one of several that sent prosecutors a complaint about FinFisher, leading to the investigation.)

The indictment comes as a set of recommendations from a special committee investigating spyware abuses in the E.U. awaits action from the European Parliament.

The rapporteur for that committee, Sophie in’ t Veld, welcomed the news on Twitter:

So did Gönül Tol, director of the Middle East Institute’s Center for Turkish Studies:

The charges in Germany aren’t the only legal troubles that the use of FinFisher has brought. The company shut down and filed for insolvency last year.

2. QuaDream

The QuaDream story by Omer Benjakob and Jurre van Bergen, which Israeli news outlet Haaretz published, has a lot of moving pieces.

One key part is the leaked code. It reveals that QuaDream’s Reign spyware gave users “unfettered access” to messages from services like WhatsApp, Telegram and Signal — all services intended to keep communications safe from outsiders. It also reveals that the spyware was active earlier than previously thought, in 2019.

Here’s TechCrunch reporter Lorenzo Franceschi-Bicchierai being unimpressed by QuaDream over the leak:

A second key part of the story is that QuaDream opted to shut itself down after it was unable to gain authorization from Israeli regulators to sell its spyware to new clients, such as Morocco. The company had used a Cyprus firm to evade Israeli defense export regulators, according to Haaretz. QuaDream is now reportedly looking at selling off assets to other local spyware companies.

The closure came as QuaDream was developing “terrifying” new spyware, the outlet said, citing two sources with knowledge of the firm. QuaDream declined to comment to Haaretz.

Here’s in ‘t Veld again:

3. NSO Group

NSO Group is the most infamous spyware maker. That’s thanks to its Pegasus spyware, which is the subject of a story about its use in Mexico in the New York Times.

Pegasus spyware targeted Alejandro Encinas, Mexico’s undersecretary for human rights, as he was investigating alleged military abuses involving the disappearance of 43 students, Natalie Kitroeff and Ronen Bergman reported.

The duo reported that while it’s not certain that the military spied on Encanis, it’s the only part of the Mexican government that has Pegasus contracts.

“The Israeli manufacturer of Pegasus, NSO Group, opened an investigation into cyberattacks on human rights defenders in Mexico after recent reports by the New York Times about the military’s use of the spyware, according to a person familiar with the NSO compliance investigations,” the Times wrote. “The company also began looking into the attacks on Mr. Encinas and his two colleagues after The Times asked about those hacks, the person said.”

NSO Group told the paper that it investigates credible claims of misuse of its technology and has ended contracts when it finds improper use.

At least one information security expert, Runa Sandvik, offered some skepticism about NSO Group’s timing of opening an investigation:

The news comes one week after the attorney general in Mexico announced the prosecution of the head of a former criminal investigative agency and three others for allegedly unlawfully purchasing Pegasus in 2014.

The keys

Ransomware group pilfered nearly 300,000 Dish employee records

Satellite TV giant Dish Network confirmed that nearly 300,000 employee records containing sensitive personal data were stolen by a ransomware group, Carly Page reports for TechCrunch.

• “In a data breach notification filed with Maine’s attorney general last week, Dish said that while customer databases were unaffected by the incident, hackers accessed hundreds of thousands of employee-related records during the cyberattack,” Page writes.

The breach notice comes months after the company confirmed hackers’ presence in their systems. The company at the time did not disclose if customers or employees were affected. The hack was first discovered in February.

The company last month was hit with several lawsuits over the ransomware incident, Ax Sharma reports for Bleeping Computer.

• “Dish, which currently employs around 16,000 people, said that former employees, employees’ family members and a ‘limited number of other individuals’ were affected by the breach,” the TechCrunch report adds.

Dish spokesperson Edward Wietecha declined to comment or confirm to TechCrunch what data types were obtained in the hack, but the breach notification ascertains that driver’s license numbers and ID numbers were accessed.

Spain advocated for banning end-to-end encryption in E.U. in bid to back contested child sexual abuse law, document shows

Spanish representatives advocated for banning end-to-end encryption in the European Union in a bid to support a contested law that would allow for the scanning of private messages to weed out child sexual abuse material and related illegal content, Lily Hay Newman, Morgan Meaker and Matt Burgess report for WIRED, citing a document the outlet obtained.

“Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” representatives for Spain asserted in the document.

“The document, a European Council survey of member countries’ views on encryption regulation, offered officials’ behind-the-scenes opinions on how to craft a highly controversial law to stop the spread of child sexual abuse material (CSAM) in Europe,” the WIRED report says.

Spain’s position on the law emerges “as the most extreme” of the 20 European countries whose views are laid out in the document, the WIRED report said.

• The E.U. law would direct tech companies to scan their platforms — and private messages exchanged on their platforms — to detect illegal CSAM material.
• The proposal is drawing pushback from cryptographers, privacy advocates and other critics, who say it could diminish the use of end-to-end encryption.

A similar scenario is playing out in the United States, where cybersecurity advocates fear that legislation aimed at curbing CSAM could prompt tech companies to stop offering end-to-end encryption for users.

Fake AI image of Pentagon explosion got the attention of the stock market, but it could have been much worse

An AI-generated image of an explosion at the Pentagon sent the Dow Jones Industrial Average down 85 points within four minutes before rebounding on Monday. But the consequences could have been much worse, our colleagues Will Oremus, Drew Harwell and Teo Armus report.

The mechanisms involved in feeding the image’s virality, including retweets from Russian propaganda accounts, “suggest the potential for more such mischief if AI tools continue to make inroads in fields such as social media moderation, news writing and stock trading,” Will, Drew and Teo write.

• “And Twitter is looking like an increasingly likely vector, as new owner Elon Musk has gutted its human workforce, laid off a team that used to fact-check viral trends, and changed account verification from a manual authentication process to one that’s largely automated and pay-for-play,” they add.
• Finance-related accounts that aggregate and post stock market news also drove the image’s spread. Those included a 386,000-follower account named “Breaking Market News” and another account called “Bloomberg Feed” unrelated to the real Bloomberg, according to the report.

Although social media users and news reporters largely know how and when to view content with skepticism, the rapid circulation of such news makes it difficult to control, especially with Twitter’s new blue check mark policy.

“These circulate rapidly, and the ability to do that fact-check or debunk or verification at an institutional level moves slower and doesn’t reach the same people,” said Sam Gregory, executive director of the human rights organization Witness.

Government scan

Biden nominates former NTIA official Gomez to pivotal open FCC commission seat (Inside Cybersecurity)

CISA sets June ‘SBOM-a-Rama’ event to provide updates, gather input on next steps for community-led initiatives (Inside Cybersecurity)

Hill happenings

Senators issued satellite phones, offered demonstrations on upgraded security devices (CBS News)

Lawmakers want DHS to assess national security risks of doxing (Nextgov)

Carper says he won’t run for fifth Senate term (Federal Computer Week)

Securing the ballot

Meta keeps cutting jobs. Some warn misinformation could surge. (Naomi Nix)

Industry report

Security chiefs trim the fat as budgets bite (Wall Street Journal)

Report estimates trillions in indirect losses would follow quantum computer hack (Nextgov)

National security watch

U.S. expresses ‘serious concerns’ about China move against Micron (Bloomberg News)

Gen. Nakasone releases US Cyber Command's strategic priorities (DefenseScoop)

Global cyberspace

The cyber gulag: How Russia tracks, censors and controls its citizens (Associated Press)

What the record-breaking $1.3 billion Meta fine means for the U.S.-E.U. clash over spying programs (CyberScoop)

Cochin Shipyard website targeted in suspected cyber attack (The Cyber Express)

Cyber insecurity

FBI warns about fake job ads from cyber traffickers (The Record)

Privacy patch

How to avoid falling for misinformation, fake AI images on social media (Heather Kelly)

Daybook

• The Atlantic Council holds an event on cybersecurity and the Abraham Accords today at 9 a.m.
• CISA’s Bob Costello speaks at the UiPath TOGETHER event beginning at 9 a.m.
• The House Veterans' Affairs Committee holds a hearing on IT contracting tomorrow at 8 a.m.
• The House Administration Committee holds a hearing on American confidence in elections tomorrow at 2:30 p.m.
• The Institute of World Politics holds a critical infrastructure seminar tomorrow at 6 p.m.

Secure log off

Thanks for reading. See you tomorrow.