Social Movements Facing a Growing Cyber-Security Threat

There seems to be a growing threat to social movements and civil liberties from expanding corporate-state security apparatus. These include the old spooks like the CIA and NSA in the US, but increasingly also third-party actors using various web vulnerabilities like spearphishing and spoofing to track, monitor, disrupt and publish activists.

This is on top of the growing problem of official state-sanctioned censorship. A few recent examples are illustrative of this trend.

  1. Google censored searches in China
  2. NSA officers using FISA to snoop on US citizens
  3. Amnesty International and other human rights advocates being targeted by Israeli defense technologies
  4. Growing disinformation campaigns by hostile governments, such as Russia
  5. UK House of Commons releases new report on Fake News and Dis-Information

“Evil Google” Secretly Helping China Crush Dissent

The secret is out–Google has been secretly developing a new Android-based search platform for China that will not only encourage the official state censorship by the Chinese government, it will actually make it easier! Seriously Google, what happened to “don’t be evil”?! Cause helping an authoritarian regime further suppress public dissent and open access is pretty much the definition of corporate evil.

As the Interceptor reported this week:

GOOGLE IS PLANNING to launch a censored version of its search engine in China that will blacklist websites and search terms about human rights, democracy, religion, and peaceful protest, The Intercept can reveal.

The project – code-named Dragonfly – has been underway since spring of last year, and accelerated following a December 2017 meeting between Google’s CEO Sundar Pichai and a top Chinese government official, according to internal Google documents and people familiar with the plans.

Teams of programmers and engineers at Google have created a custom Android app, different versions of which have been named “Maotai” and “Longfei.” The app has already been demonstrated to the Chinese government; the finalized version could be launched in the next six to nine months, pending approval from Chinese officials.

You can read the full Interceptor report here, which is both deeply saddening and extremely worrying.

This is part of a much larger trend in China to literally spy on everything its citizens do, even when they are not in China! Buzzfeed reported Megha Rajagopalan has already provided some excellent coverage on this here. As she wrote about her experiences and research in western China:

“Driving or taking a bus to a neighboring town, you’d hit checkpoints where armed police officers might search your phone for banned apps like Facebook or Twitter, and scroll through your text messages to see if you had used any religious language.

You would be particularly worried about making phone calls to friends and family abroad. Hours later, you might find police officers knocking at your door and asking questions that make you suspect they were listening in the whole time.

For millions of people in China’s remote far west, this dystopian future is already here. China, which has already deployed the world’s most sophisticated internet censorship system, is building a surveillance state in Xinjiang, a four-hour flight from Beijing, that uses both the newest technology and human policing to keep tabs on every aspect of citizens’ daily lives. The region is home to a Muslim ethnic minority called the Uighurs, who China has blamed for forming separatist groups and fueling terrorism. Since this spring, thousands of Uighurs and other ethnic minorities have disappeared into so-called political education centers, apparently for offenses from using Western social media apps to studying abroad in Muslim countries, according to relatives of those detained.”

NSA Abuses FISA to Snoop on Citizens

As the IISS noted in their latest Cyber Security Roundup:

“The National Security Agency’s oversight body, the Office of the Inspector General (OIG), submitted a report to Congress on the agency’s activities over the six months leading up to March 2018. This report is the first to be unclassified, and while it does not find evidence of any ‘serious or flagrant problems or abuses’, it does describe several deficiencies in the NSA. For example, the OIG found that improper searches for US persons’ identifiers were made under the authority of the NSA’s Foreign Intelligence Surveillance Act. And work conducted by the NSA’s Emerging Open Source Activities Branch has ‘an increased risk of jeopardising civil liberties and privacy’ of US citizens.”

You can read the report online here (pdf).

Rights Groups Facing Cyber Attacks

In other news, Amnesty International recently reported that they have been the target of a spear-phishing campaign to compromise their networks, and the software implicated in the attacks is–not surprisingly–something develop by the Israel defense industry to help them disrupt and attack anyone that they consider an enemy of the state.

As the ‘Naked Security’ blog at Sophos reported this week:

“Amnesty International has been spearphished by a WhatsApp message bearing links to what the organization believes to be malicious, powerful spyware: specifically, Pegasus, which has been called History’s Most Sophisticated Tracker Program.

On Wednesday, the human rights-focused NGO said in a post that a staffer received the link to the malware in June. It was baited with a message written in Arabic that implored the group to cover a protest for “your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington.”

My brother is detained in Ramadan and I am on a scholarship here so please do not link me to this [link]

Cover the protest now it will start in less than an hour
We need your support please 

Pegasus is a tool sold by NSO Group, an Israeli company that sells off-the-shelf spyware. It enables governments to send a personalized text message with an infected link to a blank page. Click on it, whether it be on an iOS or Android phone, and the software gains full control over the targeted device, monitoring all messaging, contacts and calendars, and possibly even turning on microphones and cameras for surveillance purposes.”

You can read more about that story here at Naked Security

Fake News and Dis-Information

Finally, the UK House of Commons recently release their latest report on Fake News and Dis-Information. Among their various recommendations are some of the following:

“The term ‘ fake news’ is bandied around with no clear idea of what it means, or agreed definition. The term has taken on a variety of meanings, including a description of any statement that is not liked or agreed with by the reader. We recommend that the Government rejects the term ‘ fake news’, and instead puts forward an agreed definition of the words ‘misinformation’ and ‘disinformation’. With such a shared definition, and clear guidelines for companies, organisations, and the Government to follow, there will be a shared consistency of meaning across the platforms, which can be used as the basis of regulation and enforcement.”

Facebook, not surprisingly, also came in for explicit attack in the report.

“The globalised nature of social media creates challenges for regulators. In evidence Facebook did not accept their responsibilities to identify or prevent illegal election campaign activity from overseas jurisdictions. In the context of outside interference in elections, this position is unsustainable and Facebook, and other platforms, must begin to take responsibility for the way in which their platforms are used

Tech companies are not passive platforms on which users input content; they reward what is most engaging, because engagement is part of their business model and their growth strategy. They have profited greatly by using this model. This manipulation of the sites by tech companies must be made more transparent. Facebook has all of the information. Those outside of the company have none of it, unless Facebook chooses to release it. Facebook was reluctant to share information with the Committee, which does not bode well for future transparency. We ask, once more, for Mr Zuckerberg to come to the Committee to answer the many outstanding questions to which Facebook has not responded adequately, to date.” 

You can read the report online here (pdf).