January 30, 2019

When 'Former' Spies Run Wild, Bad Things Happen

A number of related stories describe nefarious activities by 'former' NSA, 'former' CIA, 'former' military officers who joined private businesses which harm other people. They demonstrate that there is a structural problem when those trained to be weapons are allowed to run in the wild.

Reuters just published a two part story about 'former' NSA staff, more than twenty in total, who since 2013 built a snooping center for the United Arab Emirates.

Inside the UAE’s secret hacking team of American mercenaries

Ex-NSA operatives reveal how they helped spy on targets for the Arab monarchy — dissidents, rival leaders and journalists.

The 'former' NSA staff did not mind to spy on local dissidents or 16 year old kids on Twitter for the dictatorial Gulf State. Only some of them jumped ship when they found out that their shop was also used to spy on Americans. The 'private' company they worked for is named Dark Matter. It claims to do only cyber-security work, but is a known snooping shop directly connected to the UAE's digital intelligence service NESU. It even resides in the same building.

In October 2016 Jenna McLaughlin reported on Dark Matter for the Intercept:

How the UAE is recruiting hackers to create the perfect surveillance state.

In December 2017 she followed up with an piece in Foreign Policy:

Deep Pockets, Deep Cover

The UAE Is paying Ex-CIA officers to build a spy empire in the Gulf

McLaughlin reports that Dark Matter is under FBI investigation.

The UAE hires not only 'former' NSA and 'former' CIA spies but also 'former' U.S. special operations soldiers:

A Middle East Monarchy Hired American Ex-Soldiers To Kill Its Political Enemies. This Could Be The Future Of War.

The second Reuters story published today describes the technical side of the UAE's cyber-spy shop:

UAE used cyber super-weapon to spy on iPhones of foes

The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system.

Reuters does not say so, but from the description of the spy tools it seem clear that the Karma tool was bought from the notorious Israeli spy shop NSO Group. The tool's original marketing name is Pegasus. The quoted 'former' NSA spy in the Reuters piece makes some curious claims like 'the tool could not record phone calls'. But that claim makes no sense. Once a decent spy software is on the phone everything is accessible. The claim is obviously made to divert from NSO/Pegasus. Sales of the NSO Group tools to the UAE were confirmed in earlier reports. From August 2018:

Lawsuits claim Israeli spyware firm helped UAE regime hack opponents’ phones

The government of the United Arab Emirates used Israeli phone-hacking technology to spy on political and regional rivals as well as members of the media, with the Israeli company itself participating in the cyber attacks, The New York Times reported Friday. The Herzliya-based NSO Group uses its controversial Pegasus spyware program to turn smartphones into listening devices.

...

In 2016, Israel’s Yedioth Ahronoth daily first reported that the Defense Ministry had given the NSO Group permission to sell the software to an Arab company, which went on to target a prominent UAE rights activist.

The NYT original:

Hacking a Prince, an Emir and a Journalist to Impress a Client

The U.A.E.’s use of the NSO Group’s spyware was first reported in 2016. Ahmed Mansoor, an Emirati human rights advocate, noticed suspicious text messages and exposed an attempt to hack his Apple iPhone. The U.A.E. arrested him on apparently unrelated charges the next year and he remains in jail. After Mr. Mansoor’s disclosures, Apple said it had released an update that patched the vulnerabilities exploited by the NSO Group. The NSO Group pledged to investigate and said in a statement that “the company has no knowledge of and cannot confirm the specific cases.” But other leaked documents filed with the lawsuits indicate that the U.A.E. continued to license and use the Pegasus software well after Apple announced its fix and the NSO Group pledged to investigate.

NSO Group was founded by two 'former' Israeli army spies:

Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text

But founder Omri Lavie keeps a remarkably tight ship. ... Co-founder Shalev Hulio had not responded to messages. Both are believed to be alumni of Israel's famous Unit 8200 signals intelligence arm, as are many of the country's security entrepreneurs.

The NSO Group tools were also used by the government of Mexico under the former president Nieto to spy on journalists and its opposition.

It was the Toronto University Citizen Lab that in 2016 uncovered the UAE attacks on human rights activists and found NSO to be behind it. It has since published a number of pieces about the NSO Group. Last year Citizen Lab alleged that the NSO tools were used by Saudi Arabia to spy on Jamal Khashoggi, a 'former' Saudi intelligence asset, Muslim Brotherhood activist and Washington Post columnist, who the Saudis slaughtered inside their consulate in Istanbul.

Last month two leading members of Citizen Lab were approached by a shady figure who purported to offer investment money. The Citizen Lab folks became suspicious. They recorded their talks with the man, photographed him and invited some journalists. AP reported on January 26:

APNewsBreak: Undercover agents target cybersecurity watchdog

The researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi’s inner circle before his gruesome death are being targeted in turn by international undercover operatives, The Associated Press has found.

Two days later the NYT found that the spy shop which sent the man was the Israeli company Black Cube.

The Case of the Bumbling Spy: A Watchdog Group Gets Him on Camera

Black Cube denied that it had played any role in approaching Citizen Lab employees, but the same undercover agent turned up in an earlier case in Canada with a Black Cube connection.

...

The New York Times, in collaboration with Uvda, an investigative television show on Israel’s Channel 12, has confirmed that the mysterious visitor was Aharon Almog-Assoulin, a retired Israeli security official who until recently served on the town council in a suburb of Tel Aviv.

Black Cube also spied on some people who supported Obama's Iran deal.

Trita Parsi: I Was Targeted by Black Cube in Dirty Ops Effort Attacking Supporters of Iran Deal

Black Cube is run by a number of 'former' military officers and 'former' Mossad agents.

Black Cube: Inside the shadowy Israeli firm accused of trying to undermine the Iran deal

Internal Black Cube documents obtained by NBC News and interviews of sources with direct knowledge of Black Cube’s operations reveal a business intelligence company with governmental contracts and a special department for politically motivated work.

...

The firm was founded by former Israeli military officers in 2011. It retains close ties to the Israeli intelligence community, and many of its recruits are former Mossad agents.



The UAE hires 'ex-CIA', 'former NSA' and 'ex-soldiers' to spy on dissidents, friends and enemies. It uses tools produced by the NGO Group which is run by 'alumni of Israel's famous Unit 8200 signals intelligence arm'. When Canadian researchers dig too deep into NGO Group's business they get visits by 'retired Israeli security official' from a company founded by 'former Israeli military officers' who recruit many 'former Mossad agents'.

There is also the 'former MI6 agent' Christopher Steele who created the Dirty Dossier about Donald Trump for the Clinton campaign. Parts of the dossier were likely written by the 'former MI6/GRU double agent' Sergei Skripal who the Brits novichoked and vanished in Salisbury. The international media reaction to that incident was of special interest to the secret military intelligence shop Integrity Initiative which is run by Nigel Donnelly, a 'former British military intelligence official'. The Initiative is financed by the British government.

When I read pieces like those linked above I always presume that the 'former' CIA/NSA/FBI/MI6/8200/Mossad/military folks are not 'former' at all, but active agents on a mission for their original service. Some stories only make sense when one reads them under that premise.

But many of the 'former' people above may really have quit their service. They then get hired for a lot of money by shady states or businesses. This is dangerous not only for human rights advocate in the Emirates or some Jamal Khashoggi. These people could be directed to attack anyone.

There was a time when people entered public jobs when they were young and stayed with their service until they were old and retired. For the services it made sense to keep the expensively trained people within the house and their knowledge away from potentially hostile competition. The public services offered good perks and paid sufficient pensions to make the long stay attractive. They were competitive employers.

That is no longer the case. One of the 'former' NSA spies in the Reuters story above is Lori Straud:

She spent a decade at the NSA, first as a military service member from 2003 to 2009 and later as a contractor in the agency for the giant technology consultant Booz Allen Hamilton from 2009 to 2014. ... Marc Baier, a former colleague at NSA Hawaii, offered her the chance to work for a contractor in Abu Dhabi called CyberPoint. ... Many analysts, like Stroud, were paid more than $200,000 a year, and some managers received salaries and compensation above $400,000.

It is crazy that the NSA trains people who then leave and get hired by a contractor for more money only to do the very same work at the NSA while costing the taxpayer much more than they originally received. That's a racket and not a sensible policy.

(Years ago I managed the IT division of an international company. I made it policy to never ever hire a contractor who was earlier employed in my shop. Thereafter the termination rates decreased significantly.)

'Former' NSA, CIA, military etc have special knowledge and abilities that can be very dangerous. They should be handled like controlled substances. To allow these people to get hired by foreign spy shops is ridiculous.

The above reports of 'former' agents in the wild only scratch the surface of what has become a big business, but is unhealthy for our societies. It is bad enough that state actors spy on us. It will get worse when private businesses do the same.

There will come a day when a crew of former NSA analysts will help some foreign power to defend against NSA analysts who spy on it or will even counterspy on the NSA. There will come a day when former U.S. special operation forces hired by someone will get into a fight with U.S. special operation forces. The outcry will be great. Decent public service pay and sensible regulation could probably prevent the situation.

Posted by b on January 30, 2019 at 21:33 UTC | Permalink

Comments