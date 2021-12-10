Below: WikiLeaks founder Julian Assange can be extradited to the United States, a United Kingdom court ruled, and a cyberattack contributed to the national cream cheese shortage.
Spyware isn't just being used against the bad guys
A U.S. lawsuit from a leading Saudi women’s rights activist is exposing the dramatic human costs of the global spyware industry.
Activist Loujain al-Hathloul was allegedly targeted with communication and location-tracking spyware developed by the United Arab Emirates-based firm DarkMatter, which infected her iPhone in 2017, according to a lawsuit filed in U.S. federal court.
- After her phone was compromised, al-Hathloul was arrested while driving on a highway in Abu Dhabi, forcibly returned to Saudi Arabia and imprisoned there, where she was assaulted with electric shocks and flogging and threatened with rape and death, the lawsuit states.
- Throughout her detention and prosecution, al-Hathloul was presented with private communications that appeared to have been lifted from her phone, the lawsuit states.
Spyware gone wrong
The chilling allegations highlight the immense personal damage that can result when commercial surveillance tools are used by autocratic regimes.
Such tools are marketed as ways to track terrorists and criminals. But, in practice, governments frequently use them to track journalists, human rights activists and opposition politicians, critics say.
“Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said David Greene, civil liberties director for the Electronic Frontier Foundation digital rights group, which is representing al-Hathloul. “The harm to Loujain al-Hathloul can never be undone. But this lawsuit is a step toward accountability.”
The who's who
The allegations are particularly disturbing because DarkMatter for years employed former U.S. government hackers who helped develop some of its most daring hacking exploits.
- Three of those hackers are also defendants in al-Hathloul’s lawsuit — Marc Baier, Ryan Adams and Daniel Gericke.
- They entered into an agreement to avoid U.S. government prosecution for their UAE work in September. It required them to give up $1.7 million in earnings from those jobs and lose their U.S. government security clearances.
- Attorneys for Baier, Adams, Gericke and DarkMatter did not respond to emails seeking comment.
Getting serious
The Biden administration has recently taken a hard line against spyware after years of the U.S. government largely ignoring the problem.
Last month, the administration added one of the most notorious spyware companies, the Israeli firm NSO Group, to a blacklist of companies that are barred from receiving U.S. exports. The move came after an investigation by The Washington Post and 16 media partners found NSO’s Pegasus spyware was used to target human rights advocates, journalists and business executives around the world.
The administration is expected to tighten export rules on surveillance tools that might be misused by autocratic regimes during its virtual “Summit for Democracy” today.
The blacklisting included three other spyware firms: Israel’s Candiru, Russia’s Positive Technologies and Singapore’s Computer Security Initiative Consultancy. It did not include DarkMatter.
Al-Halthoul was a leader in the movement to allow Saudi women to drive cars and gain other rights. After her 2018 arrest, she was held in prisons for more than 1,000 days.
Upon her release in February, President Biden called her a “powerful advocate for women’s rights,” and said “releasing her was the right thing to do.”
WikiLeaks founder Julian Assange can be extradited to the United States, top U.K. court rules
The Australian Wikileaks founder still has one final appeal before he will definitively be extradited to the United States for prosecution, which could take weeks or months, William Booth and Rachel Weiner report. He could also seek a stay of extradition from the European Court of Human Rights. Assange faces espionage and hacking charges in the United States.
The move reverses a January ruling from a U.K. court that Assange should not be transferred to the United States because he is at a high risk of suicide and may not be protected from harming himself in a U.S. prison. U.S. prosecutors have pledged they will not hold Assange in total isolation or at a “supermax” prison in Colorado. If convicted, he could also seek to serve his term in Australia.
Assange has been charged with 18 criminal counts in the United States, including violating the Espionage Act and conspiring to violate a U.S. anti-hacking law by agreeing to help former Army intelligence analyst Chelsea Manning crack a password on a classified government system. Assange was expelled from Ecuador’s London embassy in 2019 after spending seven years inside, just outside the reach of U.S. and U.K. authorities.
A cyberattack was partly responsible for the nationwide cream cheese shortage
Hackers targeted Wisconsin cheese giant Schreiber Foods during the height of consumer demand in October, Bloomberg’s Elizabeth Elkin and Deena Shanker report. The company closed for days after “hackers compromised its plants and distribution centers,” Elkin and Shanker write. “While that may not sound like a long time, the company is big enough that the lost production shook U.S. markets.”
Bakeries and bagel shops have struggled to get enough cream cheese in the wake of the cyberattack, a shortage that’s been exacerbated by supply chain issues and high demand.
It’s not clear if Schreiber Foods was hit by ransomware. But ransomware groups have targeted food companies like meat-processing giant JBS and an Iowa farming co-op this year. The agriculture sector is critical for U.S. society, according to the federal government.
Four Kazakh activists were hacked by NSO Group spyware, researchers say
Apple told three of the four victims that their iPhones may have been compromised in late November, Amnesty said. The fourth target did not get such a message, “indicating that there may be additional victims in Kazakhstan,” Benjakob writes. Apple is suing NSO for hacking its software to track its customers.
NSO didn’t address the allegations in a statement. “We cannot refer to an alleged report we have not seen, published by an organization that has been known for publishing false accusations against NSO,” the company told Haaretz.
Amnesty announced the hacks in the wake of revelations that State Department employees in Uganda were targeted by Pegasus.
