Placeholder while article actions load

Welcome to The Cybersecurity 202! At 86 years old, Jacques Pépin can still make culinary magic out of carrots and pumpkin seeds. 

Below: Kremlin hackers began preparing for war a year before the Ukraine invasion, Microsoft says, and the controversial facial recognition company Clearview AI has run more than 14,000 face scans in Ukraine. 

Catalan vice president wants an international investigation into commercial spyware

Spain’s autonomous Catalonia region has become a lightning rod in the global debate over commercial hacking tools and the way governments have abused them to track journalists, activists and opposition politicians. 

More than 60 Catalan citizens were tracked with spyware provided by Israeli firms NSO Group and Candiru, research group Citizen Lab found recently — primarily related to a failed bid for Catalan independence in 2017 and its aftermath through 2020. 

Now, Catalan leaders are pressing for a series of international investigations into the hacks, calling it a test case for how democracies should treat their citizens. 

  • “This is obviously a severe case — a massive practice of espionage that has not [previously] been seen in the European Union using these types of cyberweapons,” Jordi Puigneró, Catalan vice president and minister of digital policies and territory, told us in an interview. “We are talking about a European state, so we expect some standards of human rights and democracy that in this situation have been [violated].”

Puigneró spoke with The Cybersecurity 202 by videoconference during a trip to New York. He’s meeting there with a series of human rights and digital rights groups to build pressure for international investigations into the hacking, which targeted current and former presidents of the Catalan government as well as Catalan members of the European Parliament, journalists and lawyers. 

  • It has to be clear that there are rules,” Puigneró told us. “We are in a situation where the rules are not clear, and governments will have the temptation to go further and override civil rights.” 

Allegations of spying on Catalan targets was first reported by the New Yorker. Spain has denied responsibility for the surveillance. Citizen Lab did not directly attribute the spyware attacks to Spain but noted that “strong circumstantial evidence suggests a nexus with Spanish authorities.”

Here are some highlights from our conversation. It’s been condensed for length and clarity. 

What kind of actions are you pushing for here in New York?

“What we are asking for is a formal investigation. Our goal is to pressure the Spanish government through international actions so that something is done.”

What type of investigation?

“We’ve asked the Spanish government to do both an internal investigation and also an international investigation [by a neutral third party]. Because, obviously, we don’t have a guarantee that an internal investigation would show what the real situation is. We fear that it will not be transparent enough.”

Who should run that international investigation?

“We believe that the European Parliament will start an investigation because the rights of [Catalan members of the E.U. Parliament] have been affected.”

“We could find maybe other [opportunities where] an investigation could be started in other countries [because their citizens were targeted or spying happened on their territory]. We are [investigating] whether some of the [non-politician victims] have dual nationality. We are also trying to check whether some of these [victims], when they were spied on, were on U.S. soil. Our desire is that all sorts of investigations can be started.”

Do you have any commitment from the E.U. Parliament?

“The European Parliament has not yet started an investigation. They have offered to all [members of Parliament] a forensic [investigation] of their mobile phones to check out whether other European employees have been infected [with spyware].”

The Spanish government has launched two investigations — one conducted by the CNI intelligence service and another by the nation’s ombudsman. Is that insufficient?

“That’s like [appointing] the fox to check up on the chickens. I think the way of doing things is a proper, formal external investigation.”

Catalan President Pere Aragonès has called this “an extremely serious attack on fundamental rights and democracy.”

“This is a real attempt at undermining freedom of press, freedom of expression, privacy laws. The state of Spanish democracy is not as [strong] as we maybe thought it was.”

Does this raise special concerns because of the Spanish history of authoritarianism and internal spying during the Franco era [from 1939 to 1975]?

“The Spanish regime has to think about where it wants to go in the future. Does it want to go back to some of the practices nearer to a dictatorship? Spain is not a dictatorship, but it is clear that today it is not a full democracy. It’s in their hands to correct that and to perform a deep investigation. It is not acceptable in a full democracy to spy on opposition politicians. That is a similar case to Watergate.”

Did you have any indication this spying was occurring before the Citizen Lab report?

“For some years, we were suspicious that this was happening. But we didn’t have proof. Obviously, it’s much better that [the evidence] has come from an international, independent organization that has put light on this situation.”

Have you made reforms since the report?

“We started taking serious data protection measures in 2020 [when the Catalan government’s cybersecurity agency was created]. Since then, we don’t have evidence of any cyberespionage being performed. [All incidents in the Citizen Lab report were from between 2017 and 2020]. We can never say that we are 100 percent sure that we are not [still] being spied on because of the sophistication of these types of cyberweapons. But we think we are more protected, obviously, than we were before 2020.”

Ukraine has run more than 14,000 facial recognition searches, Clearview AI’s CEO says

“Like many other companies and many other people there’s been an international response to the crisis in Ukraine and everyone’s been trying to help. We were just thinking along the same lines, how do we help the company? How do we provide something that could be useful? And the response has just been way more than we could ever imagine in terms of the success and the ability we’ve had to help them. We’re a very mission driven company. We support law enforcement here in United States and we’ve had our fair share of criticism but ever since we’ve had it, what kept us going as a company…is hearing everyday these success stories from our customers…I think it’s just the natural cycle that happens with any new technology where at first it can be misunderstood.” -Hoan Ton-That (Video: Washington Post Live)

The controversial facial recognition firm’s technology has been used at least 14,800 times by six Ukrainian agencies and their 410 users, Clearview AI co-founder Hoan Ton-That told my colleague Drew Harwell at a Washington Post Live event. The scanning is largely used to identify dead Russians and alert their families in an effort degrade Russian support for the war. 

Clearview AI has long faced scrutiny over the vast breadth of its database of publicly available images, which it took from social media companies without getting permission from the platforms or their users. The war zone use of the technology is controversial, with some experts worrying that it could set a gruesome precedent for future conflicts or backfire and spur Russian support for the war.

Ton-That defended the efforts. “Each one of these searches is a potential checkpoint identification of [a] war criminal,” he said, arguing that the technology has been “very effective in practice.”

Ton-That pushed back on the suggestion that Clearview’s support for Ukraine was a public relations stunt aimed at generating positive headlines about the company. The company didn’t think its technology “would be as important as it turned out to be” in Ukraine, he said.

Russia-backed hackers began preparing for war a year before Ukraine invasion, Microsoft says

Moscow-linked hackers began “pre-positioning for conflict as early as March 2021,” escalating attacks against organizations located in Ukraine or allied with the country” to get wider access to Ukrainian computer systems, Microsoft said. In a report, the company tallied “nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine” since the invasion. 

The company has also found at least eight different categories of malicious software that have tried to destroy Ukrainian digital systems, it said.

Meanwhile, Ukraine is touting Russian hackers’ apparent failure to scale their operations even further. Russian hackers “continue to be a serious threat to Ukraine and to the rest of [the] world,” Victor Zhora, a Ukrainian government cybersecurity official, told reporters Wednesday. “They continue to threaten democracies, threaten Ukrainian cyberspace, but nevertheless, I don’t think they can scale their cyberwarriors or they can use some completely new technologies that can attack Ukrainian infrastructure.”

Her are more details from CNN‘s Sean Lyngaas.

The White House is giving its global Internet coalition another go

The Biden administration on Thursday announced the launch of the “Declaration for the Future of the Internet,” a nonbinding commitment to reduce government restrictions on the Internet and to advocate for it to promote human rights and democracy. More than 50 countries have signed on to the pledge, which: 

  • Commits to continued cooperation against cybercrime
  • Reaffirms support for the “framework of responsible state behavior in cyberspace”
  • Pledges support for online privacy
  • Vows to not interfere with elections or commit “covert information manipulation campaigns”
  • Says that signatories will promote “trustworthy network infrastructure and services suppliers,” an apparent reference to Chinese telecom giant Huawei, which the U.S. government has deemed a national security threat

Some notable names are missing from the declaration’s list of signatories, including China and Russia, which have long favored a more restrictive approach to the Internet. 

On a call with reporters, a senior administration official directed fire at Russia and its online crackdown in the wake of the war in Ukraine. The official called Russia “one of the leaders in a dangerous new model of Internet policy.” When a reporter asked about outreach to China or Russia, a senior administration official declined to comment on “specific diplomatic discussions.”

Elon Musk, who’s in the midst of a $44 billion takeover of Twitter, is pushing for a big cybersecurity reform at the company — making direct messages end-to-end encrypted. 

Musk’s tweet with commentary by The Wall Street Journal’s Dustin Volz: 

If successful, the move would make it harder for criminal hackers and repressive governments to gain access to Twitter DMS and likely win plaudits from the security and privacy community. It could also raise hackles among western law enforcement, which has warned that end-to-end encryption in other messaging services including WhatsApp makes it harder to track and prosecute sharing child pornography and other crimes. 

Global cyberspace

French police to investigate vandalism behind Internet outage (Reuters)

Research points to a Chinese hacking effort targeting a Russian border unit (CyberScoop)

Long-running North Korean operation hacked into engineering firm, Symantec says (The Record)

Russian govt impersonators target telcos in phishing attacks (Bleeping Computer)

Government scan

Federal agencies issue warning on exploited cyber vulnerabilities (The Hill)

The Air Force is trusting the internet to name its ridiculous new cybersecurity mascot (Task and Purpose)

National security watch

U.S. sharing more intelligence with Ukraine for fight in Donbas (Bloomberg)

Industry report

NSA re-awards secret $10 billion contract to Amazon (NextGov)

On the move

  • Nina Jankowicz is leading the Department of Homeland Security’s new Disinformation Governance Board as its executive director. Jankowicz was previously a disinformation fellow at the Wilson Center.
  • Cybersecurity officials speak at the AFCEA Technet Cyber 2022 conference today.
  • CISA Executive Assistant Director for Cybersecurity Eric Goldstein speaks at the State-of-the-Field Conference on Cyber Risk to Financial Stability today at 9 a.m.
  • The Committee on House Administration holds a hearing on the effects of disinformation on communities of color today at 10 a.m.
  • CISA Director Jen Easterly testifies before a House Appropriations Committee panel today at 1:30 p.m.
  • Easterly, Rep. Jim Langevin (D-R.I.) and cybersecurity officials speak at the Hack the Capitol conference Wednesday.

Secure log off

Thanks for reading. See you tomorrow.