Russian Hackers Aren’t the Only Ones to Worry About


Russian Hackers Aren’t the Only Ones to Worry About

Other states are learning that “hacking and leaking” is an effective strategy against foreign citizens.

By Eli Lake September 17, 2018, 11:00 PM PDT

On the surface, John Podesta and Elliott Broidy are not at all alike. Podesta chaired Hillary Clinton’s presidential campaign, whereas Broidy was a major fundraiser for Donald Trump. Broidy is a businessman who has long been on the outskirts of national politics. Podesta, a former White House chief of staff, is the consummate Washington insider.

And yet Broidy, like Podesta, looks to be the victim of a new kind of political warfare: state-sponsored hacking and leaking. Governments have been spying on foreigners since the dawn of war. Until recently, however, they kept most of the details to themselves. That changed in 2014, when the Russian government intercepted a phone call between two senior U.S. diplomats discussing the Ukrainian government after a popular uprising and posted a recording of it on the internet. Podesta’s privacy was violated when his emails were pilfered by Russian operatives and distributed in 2016 through fake websites and WikiLeaks.

In Broidy’s case, his lawyers say, the hacker and leaker is Qatar. Like Podesta, his emails were hacked through a technique known as phishing. Emails sent to Broidy and his assistant were made to look like they came from legitimate sources such as Google or the BBC, but directed them to fake sites that captured their passwords and log-in credentials. And, just as the Podesta hack was only one facet of a more complex scheme, Broidy’s lawyers now say they have uncovered a much wider operation than previously known.

Broidy gained some notoriety last spring after The Associated Press reported about his efforts to influence U.S. foreign policy away from Qatar. Those stories were based on Broidy’s emails, and Broidy later sued Qatar in federal court, charging that it had hired a consulting firm that specializes in cybersecurity, Global Risk Advisors, to coordinate the hacking campaign.

Last month, the judge threw the case out, ruling that the court lacked jurisdiction. And representatives of both the government of Qatar and Global Risk Advisors have denied their involvement in the hack of Broidy’s email account, with a lawyer for the consulting firm telling me that his lawsuit was “baseless” and its allegations “totally false.”

Nevertheless, last month’s decision does not address the substance of Broidy’s charges, and his lawyers have uncovered some compelling details in their investigation. They began by issuing subpoenas to TinyURL, a company that shortens lengthy web addresses into more manageable texts, which was used in the phishing attack to obscure the fake website’s real address. Broidy’s lawyers uncovered first the fake website that collected Broidy’s password and log-in information. Then they issued subpoenas for every website created by the TinyURL user who made the phishing websites that snookered Broidy.

It turned out to be a gold mine. Eventually a team of specialists was able to uncover both a pattern of phishing and a list of other email accounts — more than 1,000 — that they say were compromised by the same kind of phishing attack. Broidy’s lawyers claim that these hackers had been conducting phishing attacks since at least 2014. The alleged victims range from Syrian human rights activists to Egyptian soccer players (Qatar will host the World Cup in 2022). They include celebrity Rabbi Shmuley Boteach and his wife, Debbie; the Egyptian billionaire Naguib Sawiris; and Mouaz Moustafa, a U.S. citizen who is the executive director of the Syria Emergency Task Force.

For the most part, the hackers used virtual private networks to mask their IP addresses. In a couple instances, however, they did not — and the addresses linked back to the internet service provider, Ooredoo, which is majority-owned by Qatari government agencies.

Usually phishing operations are interested in bank accounts or identity theft. In this case, the project looks like it was designed to yield political intelligence of interest to the Qatari government. Broidy himself has had close ties to Qatar’s Gulf rivals, the United Arab Emirates and Saudi Arabia.

The scale of the operation, as well as the targets, suggest this was a state operation. “The extent and volume of information that they were able to obtain in these subpoenas goes beyond the capabilities of an individual,” said Sam Rubin, a vice president of Crypsis Group, a cybersecurity firm, who has seen the research conducted by Broidy’s lawyers. “It’s set up in a systematic manner, to be shared by what appears to be a team.”

Broidy’s theory of the case is that this team was working for the government of Qatar. His litigation has produced damning evidence in this regard. But the significance of this lawsuit bears on more than the reputation of a once-obscure Republican fundraiser. It shows how nations are copying Russia by merging traditional espionage with information warfare. That’s not a problem for just Elliott Broidy. It’s a problem for all of us.

Eli Lake is a Bloomberg Opinion columnist covering national security and foreign policy. He was the senior national security correspondent for the Daily Beast and covered national security and intelligence for the Washington Times, the New York Sun and UPI.

https://www.bloomberg.com/news/articles/2018-09-18/russian-hackers-aren-t-the-only-ones-to-worry-about

Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more