Best Infosec-Related Long Reads of the Week, 11/26/22 and 12/3/22
First U.S. citizen files a lawsuit against NSO Group, Huawei beats a retreat from Europe, Notorious spyware maker peddles its malware globally, Alpha Bay founder's bust ends in tragedy, more
Metacurity is pleased to offer our free and paid subscribers this weekly digest of long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. Tell us what you think, and feel free to share your favorite long-reads via Twitter @Metacurity. We’ll gladly credit you with a hat tip. Happy reading!
A Hacked Newsroom Brings a Spyware Maker to U.S. Court
Ronan Farrow has this in-depth and news-breaking look at how American journalist Roman Gressier along with colleagues at Salvadoran news outlet El Faro brought the first U.S.-based lawsuit against notorious Israeli spyware purveyor NSO Group for implanting NSO’s Pegasus spyware on their phones by forces likely aligned with El Salvador’s populist President, Nayib Bukele.
Gressier is one of at least thirty-five journalists and civil-society members hacked with Pegasus in El Salvador between July, 2020, and November, 2021, according to the analysis by Citizen Lab, which was verified by Amnesty International. The hacking campaign comprised at least two hundred and sixty Pegasus attacks. Because it is more difficult to confirm Pegasus infections on Android phones, which predominate in El Salvador, experts said that the true number was likely far higher. “Their hacking was not only extensive but also intensive,” Paolo Nigro Herrero, of Access Now, a nonprofit group focussed on digital rights, told me. “Normally, people get hacked once or twice or three times in rare situations. But, in this case, we saw a really intensive use.”
Many of the targeted individuals—including Gressier, who now lives elsewhere in Central America—have been forced to flee El Salvador. In interviews conducted in the United States and Central America, more than a dozen members of the El Faro newsroom told me that the Pegasus hackings had impaired their ability to work as journalists and maintain sources’ trust. “It’s a shitty feeling,” Óscar Martínez, El Faro’s executive editor, whose phone was infected with Pegasus forty-two times between July, 2020, and October, 2021, told me. “Sources, they were very upset with me. And they have the right to be. They just trusted me. And I failed them.”
How Washington chased Huawei out of Europe
Laurens Cerulus and Sarah Wheaton offer this examination of how Chinese telecom tech giant Huawei is pivoting back toward the Chinese market after being shunned by all but a handful of European countries after years of hostility by the U.S. government, which views Huawei as a digital and national security threat.
Huawei’’s strategic retreat is remarkable for a company that until recently poured millions of euros into lobbyists and PR campaigns in an effort to expand and maintain its European foothold.
Throughout most of the 2010s, Huawei was considered by many in Europe to be a friendly face among the tech firms cuddling up to power. Peculiar in its approaches, yes, but cordial and — to many — beneficial to the Continent’s interests because it increased competition and cut the price tag on the next generation of telecoms networks.
The company became known for its generous gift bags, often including a Huawei phone, and lavish parties in glamorous venues featuring fancy buffets and dance performances — like its reception celebrating the Chinese new year at the Concert Noble in Brussels.
Glitzy bashes later became part of a supercharged response to political headwinds from Washington over concerns that the Chinese-built telecoms infrastructure poses a serious security and spying risk.
Those headwinds started blowing under U.S. President Barack Obama’s administration but reached hurricane force following Donald Trump’s election. By 2019, the company was under American sanctions, with Ren’s daughter Meng in Canada awaiting the result of a U.S. extradition request.
Flight of the Predator: Jet Linked to Israeli Spyware Tycoon Brings Surveillance Tech From EU to Notorious Sudanese Militia
Crofton Black, Tasos Telloglou, Eliza Triantafillou, Omer Benjakob of Haaretz Lighthouse Reports and Inside Story produced a remarkable investigation that followed a trail of breadcrumbs starting with a flight to Khartoum in Sudan to uncover the worldwide sale to repressive regimes of spyware made in the European Union by surveillance software peddler, Intellexa.
The Khartoum flight opened a rare window on a secretive and lucrative business, linking the blood-soaked Sudanese militia to a cabal of powerbrokers in Greece, a corporate network spanning Cyprus, the British Virgin Islands and Ireland, and above all to a crisis spreading across the EU – the widespread availability of sophisticated software that can track and hack mobile phones worldwide, threatening democratic institutions and human rights defenders.
Lighthouse Reports and its partners Haaretz in Israel and Greece’s Inside Story have been investigating the activities of Intellexa, a spyware firm whose activities spread from Europe across much of the global south. Months of digging into company records and interviews with confidential sources in multiple countries uncovered a network of companies connected to Tal Dilian, a former Israeli intelligence operative, who has bought up an array of sophisticated surveillance technology and established an EU foothold in Greece and Cyprus.
The Hunt for the Dark Web’s Biggest Kingpin, Part 5: Takedown
Wired’s Andy Greenberg offers this fifth excerpt from his book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency that details how the move by investigators to arrest Alexandre Cazes, the mastermind behind black web market Alpha Bay, ended in tragedy.
Flipping the kingpin of the world's biggest dark-web market to “Team USA,” as Jen Sanchez put it, would be an incredible coup. There was no telling, the prosecutors imagined, what sort of gold mine of information Cazes might be able to share with them about his AlphaBay coconspirators or others in the online underground where he'd been such a key player. What sorts of traps could they set with his help?
Among the DEA agents, Sanchez was given the job of speaking with Cazes and persuading him to agree to extradition. After his arrest, Sanchez had experienced a complication in her feelings toward the dark-web crime lord, whose opioid sales and misogynistic alter ego had once triggered her revulsion. In her prior postings in Mexico and Texas, she'd taken pride in her ability to convert suspects into informants, a skill that required persuasion and personability. To do the same with Cazes, she tried taking an almost maternal approach—one that wasn't entirely feigned. Despite her hard-charging comments to Miller about sending Alpha02 to supermax prison earlier that year, she felt some warmth and even empathy mixed in with her contempt for Cazes, now that she saw him captive before her.
Sanchez didn't have the authority to offer much to Cazes in exchange for his cooperation or to make promises about his future. But she says she tried to show him kindness, to help him keep his spirits up. He asked her about his wife and his unborn child. She reassured him that they were safe; his wife had been arrested, too, but quickly released.
“I'm gonna take care of you,” she repeatedly told Cazes. He seemed unconvinced.
The Hunt for the Dark Web’s Biggest Kingpin, Part 6: Endgame
Andy Greenberg offers this sixth and final excerpt from his book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency about how the Dutch National Police laid a trap for the defunct AlphaBay's biggest dark web marketplace rival, Hansa, and its vendors and buyers.
Almost immediately, faithful or not, AlphaBay's vendors and buyers went looking for a new market where they could continue business as usual. The natural choice was AlphaBay's biggest rival, Hansa, which was well run and already growing fast. “wow alphabay exit scam. crazyness!” one user wrote on Twitter. “moving to hansa.”
Back in the Netherlands, the Dutch police were waiting for them. For two weeks, they had been overseeing Hansa's vast marketplace, surveilling its users and collecting their messages, delivery addresses, and passwords. Their Driebergen conference room, where the small team of undercover investigators had continued to work in shifts around the clock, had taken on the atmosphere of a college dorm. Chips, cookies, chocolates, and energy drinks covered the table, a warm, stale funk pervading the air.
At one point the head of investigations for the Dutch National Police paid them a visit to see their landmark operation in action. He was visibly offended by the smell and left after 10 minutes. Someone brought in an air freshener. (“It didn't really work,” a team member says.)
