News

Cyber warfare

  ”Honestly, I don’t remember exactly what I did that day,” recalls human rights lawyer Joseph Brahm, referring to September 20, 2019. It was a hot day in Paris, with a “yellow vest” movement on the streets and some young people marching over the climate crisis. At 10:27, Bram’s cell phone rang. He received a text message from a stranger. Two minutes later, he received another, again from a stranger. He doesn’t think it’s a big deal, because he receives hundreds of text messages every day, and he doesn’t pay attention to messages that are not related to work. However, it is precisely these two pieces of information that provide surveillance channels for spies. Bram lived under the watchful eye of Pegasus until the end of December.
  Pegasus software is developed by Israel’s NSO company, the company claims that this software is mainly used to deal with criminals and terrorists. Even so, Bram was targeted, with at least 656 megabytes of his iPhone data stolen. Pegasus software can read text messages, videos, emails, photos and encrypted information of communication software in the mobile phone, track the location of the mobile phone, and remotely turn on the microphone to monitor the situation around the mobile phone.
  Bram never noticed anything unusual, and if it weren’t for the media reports, he might have continued to be kept in the dark. Pegasus data is available in many countries, including Morocco, Saudi Arabia, India, Mexico, and more. There are as many as 50,000 people on the “Pegasus” list, and Bram is just one of them. These include journalists, dissidents and senior government officials, including French President Emmanuel Macron and former Prime Minister Edouard Philippe.
  The Pegasus incident demonstrated the critical role of cyber espionage in the intelligence realm. As technology advances by leaps and bounds, a single text message is enough to allow hackers to break into the president’s private property. Nikolai Appajian, author of Cybersecurity, said: “Intelligence agencies have been collecting information since the beginning, but the way has changed. During the Cold War, the way to collect information was to try to get hold of secrets. The briefcase of documents is now trying to hack into the other party’s mobile phone.” This provides intelligence agencies with convenience, after all, two-thirds of the world’s people use mobile phones, and the popularity of smartphones has made mobile phones more similar than ever. Qualitatively, the mobile phone system is either Apple or Android, and its operation depends entirely on code. There are inevitably loopholes in these countless pieces of code. Hackers use these loopholes to invade mobile phones.
  A “zero-day vulnerability” is a vulnerability that programmers ignore, but it takes a lot of work to find such a vulnerability. Research from IBM in 2020 showed that it took hackers an average of 207 days to find one such vulnerability, making zero-day exploits a business. Cybersecurity engineer Philip Londel believes: “It’s businesses and government agencies who find zero-day vulnerabilities today.” In the past, hackers could sit at home and hack other people’s systems, but today, hackers are all included. They sat in rows behind their desks searching for bugs and serving the government. In France alone, the number of digital talent recruited by intelligence agencies rose by 20 percent between 2014 and 2017.
  After the 9/11 incident in the United States, cyber espionage activities have become more frequent, but most of them are carried out without anyone knowing it, and the espionage activities that can be discovered are mostly cases of major disturbances. The first cyberwarfare to come to the fore came in 2007, when Russian hackers crippled Estonian networks. The servers of Estonian public service systems, the networks of banks and other institutions were attacked. Although Russia’s cyber attack method is simple and crude, it is effective.
  Three years later, in a high-tech cyber war, the United States and Israel used the Stuxnet virus to shut down Iran’s uranium enrichment program. The Stuxnet virus used four vulnerabilities in Windows to spread wildly between computers, all the way into Iran’s centrifuges.
  The first cyberattack against France occurred in 2010, when an official was hooked on a phishing email that led to the theft of G20 information. Two years later, the network of the Elysee Palace was also hacked. An adviser to former French President Nicolas Sarkozy was tricked by Facebook friends to click on a link to a fake website and enter a password, which gave U.S. intelligence agencies the “key” to information on the Elysee Palace. Bernard Barbiere, the former director of France’s foreign security agency, said publicly at a conference: “It must have been the United States. I said he was sorry because he always felt that the United States would not spy on allies. But he was surprised that the United States broke the rule.”
  Snowden, a former CIA employee, exposed the huge US Surveillance networks, the French president and the German chancellor are also being monitored. This is history, though, as Snowden wrote in his autobiography, The Permanent Record: “everything has changed since then.” After he “blew the whistle,” people became wary, and now, to correspondence Data encryption is already common. The book also writes: “In 2016, the amount of encrypted data exceeded the amount of unencrypted data for the first time. Today’s network is obviously much more secure than in the past.” As a result, traditional monitoring methods are gradually being phased out and replaced by new attack methods and attack purpose. “There are two main types of cyber-attacks, the ones that don’t have a specific target and are aimed at making money, and the other that are specific attacks to gain access to sensitive information,” explained Michel Berger, owner of Cyber ​​Campus. Action.” Because of this, there are now two markets, a black market composed of hackers and companies with a market value of about $6 trillion, and a legal “grey” market that sells zero-day vulnerabilities at high prices. Buyers are generally intelligence agencies.
  Some companies’ job is to find undiscovered vulnerabilities before selling them. This is the case with the American company Zeramon, founded by Frenchman Sauqui Becquera. He said the company was spending $15 million in research funding to find a permanent loophole. Once found, they can hack into the phone with the help of WhatsApp or iMessage apps even if the user doesn’t do anything. Cryptography expert Eric Filio analyzed: “These companies are producing information weapons, which are no different from arsenals making tanks. We are in a cyber arms war. Who can take the lead in technology, Whoever owns the battlefield of tomorrow.” Zeramont’s main customers are government agencies in North America and Europe. The “Hacker Team” also belongs to such companies. Judging from the content of their leaked emails, the most profitable orders come from Egypt, Morocco, Sudan, Saudi Arabia and other countries. The Wassenaar Agreement, passed in 1996, which sought to regulate the trade in dual-use technology, could not control these countries because they were not signatories. Guillaume Tissier, co-organizer of the International Forum on Cyberspace Security, further pointed out: “These technologies are inherently difficult to define, they can be used for defense as well as for offense. The problem today is that people use these technologies to make Cyber ​​weapons. Of course, Israel is not a signatory to the Wassenaar Agreement.” In this context, it is not surprising that Israel’s NSO company can develop “Pegasus”. Every time NSO sells software, it has to obtain prior approval from the Israeli Ministry of Defense. It was a lucrative deal, with countries paying different rates, with Saudi Arabia paying $55 million and Mexico $80 million to use Pegasus.
  Vulnerabilities aren’t limited to smartphones, either. Any software, even the most inconspicuous software, can be exploited. The United States pays expensive tuition fees for this. In 2020, a group of hackers used a backdoor to break into the software of network management software vendor SolarWinds, resulting in the surveillance of 18,000 agencies and companies, including the U.S. Departments of Defense, Interior, Treasury, Commerce, and Health. “Nothing is more important than technological sovereignty and sensitive data! We live in a digital age where everyone is monitoring each other, and friends and allies are unreliable,” Berger said.
  David Kaye, who served as the UN commissioner for freedom of expression, said: “The online surveillance industry is about to spiral out of control, and it’s time for governments and businesses to take responsibility.” Berger added: “Since 2013, people have raised concerns about The initiative to fix bugs together is not enough. It’s like driving a car, for safety, not only have the passengers wear seat belts, but also make the factory produce more reliable cars.” A staff member of the French intelligence agency said. : “If we stop cyber espionage, other countries will continue to do it… And, don’t forget, our actions are good for the people!” In 2020, French and Dutch police helped each other break into EncroChat encryption mobile phones, and the users of these mobile phones are drug dealers. Thanks to technical means, French police were able to grasp the trading network of European drug gangs and catch them in one fell swoop.

error: Content is protected !!