Recently, former U.S. Attorney General Eric Holder praised Edward Snowden for performing a “public service” by bringing forward the debate over the government’s role in domestic surveillance. The comments, in an appearance on CNN’s “The Axe” has once again sparked debate about government’s reach into the online lives of its citizens. Although Holder believes that Snowden “harmed American interests,” the argument of how far government can, or should, peek into the very personal details of its citizens continues to agitate civil rights advocates around the globe.
The New York Times recently highlighted the story of Ahmed Mansoor, a human rights advocate living in the United Arab Emirates (UAE) who claims that country’s domestic espionage program led to his imprisonment and beating as well as a great financial loss. According to Bill Marczak,
According to Bill Marczak, senior fellow at Citizen Lab at the University of Toronto, Mr. Mansoor had been targeted by spyware provided by Germany’s Finfisher and Italy’s Hacking Team. Both companies are in the business of selling rootkits and spyware to foreign governments for the purpose of intelligence and reconnaissance.
Mr. Mansoor was targeted as far back as 2011 when he was arrested on charges of insulting Emirate rulers during the so-called Arab Spring. Though no specific proof has been offered by Mr. Mansoor as to whether the government of the UAE is behind the attacks against him, his personal research into spyware found on his personal computer led him to the Royal Group, a company run by one of six ruling families of the UAE. Analysis of data leaked in 2015 as a result of hackers penetrating Hacking Team’s databases revealed the UAE was that company’s second largest customer spending some US$635,500 on spyware.
Targeting of dissidents and journalists by what is believed to be state-sponsored cyber-espionage has been steadily increasing. In 2015, it was reported by Citizen Lab opposition leaders in Ecuador and Venezuela was targeted by Packrat malware.
Perhaps the most intriguing target of Packrat was Argentina’s Alberto Nisman, that country’s special prosecutor who – unsuccessfully – attempted to press criminal charges against Christina Kirchner, Argentina’s president. Mr. Nisman was later found dead of a gunshot wound to the head. His death remains a mystery and no arrests have been made.
Eric Holder and Edward Snowden may seem to be strange bedfellows in the debate over domestic espionage but Snowden’s whistleblowing has brought about an awareness and a global debate about the ease at which governments are able to spy.
The tools provided by Hacking Team are relatively inexpensive and yet very effective. The availability of these tools is becoming increasingly widespread. Recent analysis of underground hacking sites reveals that a zero-day malware package able to compromise Microsoft’s most current operating system can be had for around US$100K – not out of reach for a well-funded government or clandestine espionage group.
There is very little doubt in the mind of many that Snowden has caused irreparable damage to the U.S. espionage program; a program that the U.S., and other nations, greatly rely upon to protect its citizens. Unfortunately, those same tools that protect its citizens have been and most likely often used against them. So was Snowden right in his actions? Maybe, maybe not; however, to Snowden’s credit, we can now openly debate the use of these tools and how best to use them for good, or at least warn those who want to bring meaningful change to their country’s that what they say can and sometimes used against them – even by their own government.
Written by: Rick Gamache
Rick Gamache is a freelance writer with 25 years’ experience in the cyber security field. His past work includes the Managing Director of Wapack Labs, CIO of the Red Sky Alliance, and lead FISMA auditor for the US Navy’s destroyer program. Rick has written several high-level cyber and general risk reports with an emphasis on the Nordic countries, India, Russia, and Ukraine and has traveled extensively, speaking on strategic cyber threat intelligence matters as they relate global supply chains.
Twitter – https://twitter.com/thecissp
(Security Affairs – Snowden, surveillence)