with Aaron Schaffer
But reams of unclassified but sensitive material will probably remain in the country, both in digital forms and on paper.
In many cases, that’s because it was shared with the Afghan government, non-governmental organizations and other partners in the country. At least some information was also probably overlooked on old laptops, phones and removable media during the faster-than expected exit.
“There are protocols for doing this. … But whenever you have to rush things, you’re going to forget stuff,” Mark Rasch, an attorney who developed cyber forensics capabilities for the Justice Department and prosecuted cybercriminals, told me.
The potential loss of sensitive data is an additional pain point for the withdrawal, which was replete with many of them – most notably the ongoing struggle to evacuate diplomats, U.S. citizens and Afghan allies after the Taliban took over most of Kabul.
Some of the comparatively innocuous data left in Afghanistan can probably be woven together with other such data to reveal information that’s truly damaging to U.S. security – a process intelligence officials refer to as the mosaic effect.
And it will surely be sought by U.S. adversaries outside Afghanistan, such as Russia and China, that are willing to pay for whatever data the Taliban can provide.
“Part of any deliberation on what to provide to other countries we do security cooperation with is the potential threat of what would happen if this information leaked or got into the wrong hands,” Jason Campbell, a Rand policy researcher, told me. “That’s always part of the equation, but you rarely see it happening at such a scale as we are in Afghanistan.”
The Pentagon declined to comment about emergency procedures. The State Department did not respond to a request for comment.
President Biden outlined the remaining objectives in Afghanistan during remarks on Aug. 16.
A key challenge is the sheer breadth of the U.S. footprint after nearly two decades in Afghanistan.
The 2014 Marine Corps pullout from Camp Leatherneck in Afghanistan’s Helmand province offers a glimpse of the scope. In that case, more than 7,500 computers were destroyed or removed, The Washington Post reported at the time.
The memo directing embassy staff to destroy sensitive material came Friday, CNN reported, though the process may have begun earlier. It applied to sensitive information about U.S. programs and items that ”could be misused in propaganda efforts.”
Embassies have elaborate procedures in place for evacuating personnel and destroying sensitive documents and digital files that they regularly update based on the risk and complexity of such operations, a person with extensive experience in diplomatic security told me.
But such procedures can’t account for every piece of digital hardware left in Afghanistan after such a lengthy presence or for information shared with allies and local partners.
Indeed, the Taliban appears to have already seized large amounts of military hardware used by Afghan forces.
“Whenever you have a presence somewhere for that long, access to sensitive information is always a concern,” said the person who requested anonymity to describe security issues.
The keys
An Apple foe wants to scrutinize the company’s controversial new system for spotting child pornography.
Corellium will offer $5,000 grants to support “independent public research into the security and privacy of mobile applications,” including Apple’s new system, Reed Albergotti reports.
Apple’s system is designed to look for digital footprints known as hashes that identify identifying known child pornography. The scanning process takes place on phones and tablets before photos are uploaded to Apple’s iCloud service.
Corellium’s announcement comes days after Apple executive Craig Federighi defended the child sexual abuse material initiative and said independent security researchers could inspect iPhones to make sure the software was being implemented as promised. Apple spokesman Todd Wilder did not respond to a request for comment.
Technology and privacy experts have blasted Apple’s system. They say it’s too invasive and could present foreign governments with opportunities to abuse it. Federighi said the database of images will be made up of intersecting information from child-safety groups in different jurisdictions.
T-Mobile is investigating whether hackers stole data from 100 million customers.
The telecom giant confirmed that hackers accessed some data but said it’s still investigating the full scope, CyberScoop’s Tonya Riley reports. The company closed the security hole that the hacker used and is looking into what data was taken, the company said.
The hacker appeared to have stolen data including Social Security numbers, according to Motherboard. It’s the company's fifth breach in the past four years, Tonya writes.
A cyberattack on Iran’s railroad system was probably caused by Iranian opposition hackers, researchers said.
The attack shows the damage that independent opposition hacking groups can inflict on governments, the New York Times’ Ronen Bergman reports. Indra, the group apparently behind the attack, has a history of targeting Iran-related entities and causing cyber mischief, according to cybersecurity firm Check Point.
“It is very possible that Indra is a group of hackers, made up of opponents of the Iranian regime, acting from either inside or outside the country, that has managed to develop its own unique hacking tools and is using them very effectively,” Check Point senior researcher Itay Cohen told Bergman.
Industry report
Ransomware hackers who hit Colonial Pipeline stole personal information from nearly 6,000 people, including employees and their families.
The hackers stole information including Social Security numbers during the attack that hit the company’s networks in May, CNN’s Brian Fung reports.
Government scan
Securing the ballot
Cyber insecurity
Chat room
The cybersecurity world had a brief star turn when John Oliver highlighted ransomware on “Last Week Tonight.” Recorded Future's Allan Liska:
How it started. How it went. How it ended. pic.twitter.com/kbo00yJzMr
— Allan “Ransomware Sommelier🍷” Liska (@uuallan) August 16, 2021
TechCrunch's Zack Whittaker:
Did the usual thing of proudly texting my family back in the U.K. to tell them my work got mentioned by @iamjohnoliver on Last Week Tonight's episode on ransomware.
— Zack Whittaker (@zackwhittaker) August 16, 2021
My British family: pic.twitter.com/GmWBrVdfjW
NBC News's Kevin Collier:
I literally am already a reporter for a TV news outlet, but still get giddy when one of my stories is highlighted on @LastWeekTonight. (h/t @zackwhittaker for the screengrab) pic.twitter.com/IFelUdjcBL
— Kevin Collier (@kevincollier) August 16, 2021
We're not above crowing about our own brief appearance.
Nice Cyber 202 citation by John Oliver, @Joseph_Marks_ https://t.co/rzNw8Mf1K9 pic.twitter.com/OxWs718heD
— Tonya Riley (@TonyaJoRiley) August 16, 2021
Daybook
- National Cyber Director Chris Inglis speaks at the CyberScape National Security event on Thursday at 11 a.m.
Secure log off
Today’s first @washingtonpost quarantine TikTok features Twitter this weekend https://t.co/OMiG13cKPw pic.twitter.com/9TeFm0XU4o
— Washington Post TikTok Guy 🥉 (@davejorgenson) August 16, 2021