The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Lawmakers want the Biden administration to do more about spyware

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! After today, we’ll see you next on Tuesday.

Below: Researchers find the CIA’s secret websites it used to communicate with spies, and a U.S. candidate wins an election for the top post at the International Telecommunication Union. First:

Exclusive: Members of House Intelligence panel urge State, Commerce to step up spyware fight

The State and Commerce departments should take more aggressive action against foreign commercial spyware, including forging a ban on its use among democratic countries and ensuring companies aren’t evading existing U.S. prohibitions, according to a letter from House Intelligence Committee members today.

The letter, first obtained by The Cybersecurity 202, follows July legislation that the committee passed out of the House aimed at countering the proliferation of such technology, and a rare open hearing on the subject the same month.

All of this comes on the heels of an ever-growing body of evidence that nations are using spyware around the globe, not only repressive governments like Saudi Arabia, but also U.S. allies like Mexico and Spain as well as U.S. foreign aid beneficiaries like Rwanda.

Researchers and investigators have found spyware in the hacked phones of dissidents, journalists and even U.S. diplomats. Earlier this year, U.S. company L3Harris nearly purchased industry leader NSO Group before the Biden administration objected, and the deal to buy the Israeli firm was scuttled.

“The impetus behind the letter … is that it's one thing to argue with the Chinese or the Iranians or the Russians — our traditional antagonists, if you will — about the use of technology like this,” Rep. Jim Himes (D-Conn.), who spearheaded today’s letter, told me. But it’s another thing, he said, “to have our purported allies, or those who are substantial recipients of U.S. aid, to use this technology in an inappropriate way.”

What the lawmakers want

The letter has several major calls for action from Secretary of State Antony Blinken and Commerce Secretary Gina Raimondo:

  • Continually update the companies on the Commerce Department’s “entity list,” which bans them from receiving U.S. technologies. In November, the Biden administration added NSO Group and another company, Candiru, to the list.
  • More closely monitor potential abuses of those companies to make certain they aren’t getting around the ban. The lawmakers cited an open letter from advocacy groups detailing reported abuses of NSO Group spyware over the past year.
  • Apply pressure to foreign governments, especially those that receive U.S. aid, to curtail abuse of spyware. “The American people’s tax dollars should not be going to foreign governments that target our own people,” the letter states.
  • Publicly detail use of foreign commercial spyware against U.S. diplomats, and what the State Department is doing in response. The Post reported last year that Apple notified embassy personnel concentrated in Uganda that their phones were hacked by Pegasus spyware, the NSO Group tech.
  • Unite democratic countries on a ban of foreign commercial spyware. “Such a strong message would dissuade investors from backing spyware companies and complement efforts by U.S. technology companies to protect the privacy of billions of people,” the letter reads. The U.N. Human Rights Council began general debate on spyware and other topics Thursday, and two weeks ago the U.N. Human Rights Office warned of the rising threat that spyware poses. Meanwhile, the FBI this year acknowledged testing Pegasus.

“Clear and determined action needs to be taken to send the unequivocal message to foreign governments who have acquired commercial spyware that the targeting of Americans and exploitation of this technology will not be tolerated,” the lawmakers wrote.

The Biden administration has touted its effort to crack down on foreign commercial spyware as “unprecedented.” 

The NSO Group has consistently maintained that it suspends accounts that abuse its technology, which it says it licenses to vetted government customers and has helped avert terrorist attacks and other crimes.

It denied most elements of the Pegasus project, an international journalism investigation last year, and has denied its tech played any role in the murder of Post journalist Jamal Khashoggi, for which the company is expected to become the subject of a lawsuit by his wife. It also already has faced trouble with investors.

Some nations accused of using spyware deny it, while others decline to comment.

The other letter signatories include every Democrat on the panel: Jackie Speier (Calif.); Val Demings (Fla.); Jason Crow (Colo.); Mike Quigley (Ill.); Chairman Adam B. Schiff (Calif.); Joaquin Castro (Tex.); Peter Welch (Vt.); Eric Swalwell (Calif.); Sean Patrick Maloney (N.Y.); Jim Cooper (Tenn.); Raja Krishnamoorthi (Ill.); and André Carson (Ind.).

Republican Reps. Brian Fitzpatrick (Pa.) and Chris Stewart (Utah) also signed.

Himes believes the Biden administration will be receptive to the letter’s requests.

“I don't think there's any reason to believe that they won't be cooperative and on the same team here, but we'll wait to hear what they have to say,” he said.

Updated 10/3/2022: NSO Group provided a rebuttal to testimony at the July House Intelligence Committee hearing.

The keys

Researchers find hundreds of fake websites the CIA used to secretly talk to spies

A covert CIA system for communicating with Iranian informants and other spies may have exposed dozens of them before it stopped operating in 2013, Reuters’s Joel Schectman and Bozorgmehr Sharafedin report. The CIA hid a secret messaging system on sites they built like, which was used to communicate with an Iranian engineer who was later arrested.

“Far from being customized, high-end spycraft, was one of hundreds of websites mass-produced by the CIA to give to its sources,” independent analysts from Citizen Lab and Victory Medium told Reuters. “These rudimentary sites were devoted to topics such as beauty, fitness and entertainment, among them a Star Wars fan page and another for the late American talk show host Johnny Carson.” In all, the researchers found more than 350 websites with the CIA messaging system. All of the sites were offline for the past decade. Yahoo News previously reported that the system was compromised.

Researchers said the secret communications systems were easy to find. “The CIA really failed with this,” Citizen Lab senior research fellow Bill Marczak told Reuters. The secret messaging systems “stuck out like a sore thumb,” he told the outlet.

The CIA declined to comment on specifics of the report. “A spokeswoman said the CIA does its utmost to safeguard people who work with the agency,” Reuters writes. Iran's Foreign Ministry and U.N. mission didn't respond to the outlet's requests for comment.

U.S. candidate wins election to lead U.N. telecommunications agency

Doreen Bogdan-Martin received more than 80 percent of votes for the International Telecommunication Union’s secretary general position. She’ll be the first woman to lead the ITU, which works on worldwide telecommunications standards. U.S. officials said the election was critical for setting emerging technical standards, which will have sweeping implications on economic development and internet access around the world.

Bogdan-Martin ran against Rashid Ismailov, a former Russian deputy minister of telecommunications and mass communications who worked at Chinese telecom giant Huawei. U.S. officials have worried that China and Russia have sought to broaden the scope of the ITU’s work.

A European official was elected to another top position at the ITU. Tomas Lamanauskas, a Lithuanian diplomat, was elected deputy secretary general of the ITU. Lamanauskas, who was endorsed by all 27 members of the European Union, defeated candidates from South Korea and Samoa.

FBI arrests former NSA employee on espionage charges

Jareh Sebastian Dalke, who was an information systems security designer for three weeks at the National Security Agency, is accused of trying to sell sensitive documents to a foreign government, CyberScoop’s Suzanne Smalley reports. Dalke told an FBI agent that “he had access to … [information] relating to foreign targeting of U.S. systems and information on cyber operations, among other topics,” an FBI counterintelligence agent wrote in a court filing.

The court filing didn’t say which foreign government Dalke allegedly tried to sell the documents to, but Dalke told the agent that he tried reaching out to a dark-web site hosted by Russia’s foreign intelligence agency.

Dalke apparently wanted to be paid in cryptocurrency for selling the documents, saying that “[t]here is an opportunity to help balance scales of the world while also tending to my own needs.” He asked to be paid in a specific cryptocurrency because “as in these things privacy is extremely important,” according to the filing. CyberScoop couldn’t immediately locate Dalke’s lawyer.

Securing the ballot

Kent County election worker charged after allegedly inserting USB drive into poll book (Detroit Free Press)

Privacy patch

People search websites create privacy nightmares for abortion rights advocates (CyberScoop)

National security watch

Army doctor accused of leaking medical records in bid to help Russia (Dan Morse and Alex Horton)


  • The Congressional Internet Caucus Academy hosts an event on digital identity at 1 p.m. Monday.
  • Recorded Future holds its Predict intelligence conference Tuesday and Wednesday.
  • The Center for Strategic and International Studies hosts an event on information warfare and Ukraine at noon Wednesday.

Secure log off

Thanks for reading. See you next week.