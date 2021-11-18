Now, Sky Global is pushing back, alleging it was used as a pawn in the FBI's search for criminals.
In a court filing shared with The Cybersecurity 202, the company says its app was used by law enforcement to drive criminals to use another allegedly encrypted messaging app called Anom that was secretly run by the FBI. Because the FBI was managing Anom, officials were able to gather the seemingly secret communications and build cases that resulted in more than 500 arrests in the United States, Europe and Australia in June.
The case raises questions about how aggressively law enforcement should go after encrypted platforms, which protect the security and privacy of regular citizens but have also been a boon to criminals.
What happened
The Justice Department indicted Sky Global’s CEO Jean-Francois Eap in March and seized more than 100 Internet domains from the company, which effectively put it out of business.
The next month, the FBI revealed that it was secretly running Anom, which was used by a rogue’s gallery of alleged criminals including contract killers, smugglers of cocaine and heroin and weapons dealers. Demand for Anom “grew exponentially” after Sky Global was shut down, the Justice Department said in a news release. In an affidavit the next month, officials said about 6,000 users joined Anom “as a direct result of the Sky Global charges.”
The thorny problem: Tech companies have increasingly offered end-to-end encrypted messaging services in recent years, including WhatsApp, Signal and several smaller competitors. That means the messages are unreadable by anyone except the sender and recipient — including the messaging service itself and police with a warrant.
- Justice Department officials have repeatedly attacked those systems, which they say have enabled extensive criminal activity, including the sharing of child pornography. During both the Obama and Trump administrations, they urged Congress to restrict the systems, to little avail.
- Cybersecurity advocates and tech companies acknowledge that end-to-end encryption makes criminal activity easier, but they say that’s a worthwhile trade-off because it also makes average users far better protected against hacking and privacy invasions and from surveillance by authoritarian regimes.
- They've come up with minor fixes, such as searching encrypted messages for digital signatures of known child pornography images, which have mitigated some of encryption's ill effects but not eliminated them.
The lawsuit
In the legal filing, Sky Global paints itself as a victim of the department’s overreach. The filing is essentially a request to the judge handling the criminal case against Eap to order the return of the company’s seized web domains.
The company acknowledges that drug dealers and other criminals used its app without the company’s knowledge. But it says it did its best to keep them away — including by blocking third-party sellers from advertising in ways to attract criminals and by stating that it would cooperate with law enforcement to identify criminals in any feasible way it could.
The fact that only about 6,000 of the company's 120,000 users migrated to Anom is a sign that the criminal element was comparatively small, the filing states.
“The fact that technology can be used for an improper purpose does not mean that the technology was designed or intended for that use,” the filing states.
The company also claims it’s being bullied by the government in a way that larger competitors would not be.
“What has happened here is the equivalent of the government seizing Apple.com because drug dealers use iPhone encryption features to communicate with each other,” the filing states. “Such a seizure would never be allowed to happen to Apple or any other high-profile tech company.”
Other apps
The case is further complicated because law enforcement has taken down a series of encrypted chat firms in recent years that were undoubtedly aimed at a criminal clientele.
European police hacked into the app EncroChat where they spent months secretly recording users’ conversations about criminal activities before busting the operation in July 2020.
The CEO of the firm Phantom Secure was caught on tape telling undercover law enforcement officers posing as cocaine smuggling prospective clients that the system was built to aid such operations.
But Sky Global insists it’s not in that category. Prosecutors have not, so far, produced similarly incriminating evidence. They claim that the company learned from the Phantom Secure bust to take an “ask nothing/do nothing” approach with clients.
“Anyone concerned about privacy should be deeply troubled by how the government almost shut down a legitimate, law-abiding company that was attempting to address critical issues around data protection and privacy,” the company’s attorney Ashwin Ram told me in an email. Ram is also defending Eap.
The keys
Iranian government-backed hackers are deploying ransomware, authorities warn
U.S. agencies and their Australian and U.K. counterparts accused the hackers of actively targeting U.S. critical infrastructure, including the health-care and transportation sectors.
The warning comes just one day after researchers at cybersecurity firm CrowdStrike said Iranian ransomware attacks “are not designed to generate revenue so much as for espionage, to sow disinformation, to harass and embarrass foes — Israel, chief among them — and to essentially wear down their targets,” the Associated Press’s Eric Tucker, Alan Suderman and Frank Bajak write.
The attacks are “focused on exploiting known vulnerabilities rather than targeting specific sectors,” the agencies said. They get access to networks using vulnerabilities in software from Microsoft and the cybersecurity firm Fortinet. In addition to locking victims’ computers up with ransomware, the hackers also often steal data, according to the agencies.
The hacks demonstrate the increasing blurry boundary between tactics used by governments and cybercriminals. “Ransomware is typically used by cybercriminals rather than governments,” CNN’s Sean Lyngaas writes. “And it’s a reminder that America’s ransomware problem is not limited to Russia.” The report came a day after Microsoft researchers said they had spotted six Iranian ransomware groups in the past 14 months.
The FBI raided the home of a Colorado official accused of endangering election security
Authorities searched the homes of Mesa County Clerk Tina Peters and three associates, Colorado Politics’s Ernest Luning reports.
“Peters and her deputy have been accused of sneaking someone into the county elections offices to copy the hard drives of Dominion Voting Systems machines,” my colleague Emma Brown wrote in a must-read piece on Peters. “Those copies later surfaced online and in the hands of election deniers.”
The searches come just over three months after Peters attended a self-styled “cyber symposium” in South Dakota convened by MyPillow CEO Mike Lindell. Peters was cheered as a hero when she went onstage on the first night of the event, Emma reported.
Colorado officials are also investigating Peters over potential ethics violations. The state’s Independent Ethics Commission on Tuesday voted to proceed on a complaint that is believed to have been filed against Peters, Colorado Politics’s Marianne Goodland reports. The complaint alleges that Peters accepted improper gifts from Lindell. Peters also faces similar investigations from the office of Colorado Secretary of State Jena Griswold.
Hill happenings
The administration is pushing back on congressional plans for Pentagon cyber operations
The White House stated its opposition to two provisions in a major defense policy bill aimed at expanding the Pentagon’s cyber cooperation with the private sector.
- One provision in the Senate version of the National Defense Authorization Act creates a pilot program for Pentagon cyber pros to work with industry to disrupt hacking on private sector computer networks. That could conflict with work already being done by the Cybersecurity and Infrastructure Security Agency and the FBI, the White House said in a policy statement.
- The other provision, which would expand military cooperation to combat nation-state hacking threats, is duplicative and doesn’t include enough coordination with law enforcement, the White House said.
Here's more on the bill from The Hill's Maggie Miller.
Mentions
- Camille Francois has joined augmented reality firm Niantic as its first global director of trust and safety. Francois previously worked as Graphika’s chief innovation officer.
Global cyberspace
Industry report
