Cyber Week in Review: December 10, 2021
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: December 10, 2021

Pegasus used to spy on American diplomats; Swiss firm accused of selling access to users' phone information; Microsoft seizes Chinese threat actor's domains; Life360 is selling precise user data.
The U.S. Embassy in Kampala, Uganda. Several diplomats based in Uganda are believed to have been targeted by NSO Group spyware.
The U.S. Embassy in Kampala, Uganda. Several diplomats based in Uganda are believed to have been targeted by NSO Group spyware. U.S. State Department

NSO Group tools used to launch cyberattacks against American diplomats in Africa 

The Israeli company NSO Group, which has been embroiled in scandal since revelations that authoritarian regimes use its Pegasus spyware to commit human rights violations, faces new pressure after reports that Pegasus was used to target U.S. diplomats in East Africa. NSO Group has claimed that its toolset will not work against phone numbers beginning with +1, the designation for phone numbers from the United States and Canada, but it appears that the diplomats affected were using local numbers. Africa has been a major market for NSO Group, and customers have deployed its malware across the continent. NSO Group was added to the U.S. government’s Entity List, which prohibits them from doing business with U.S. companies, in early November, and the latest spying revelations will likely only ratchet up scrutiny from U.S. officials. 

Swiss cybersecurity firm Mitto AG accused of selling access to users’ phone numbers and location data 

The Swiss firm Mitto AG, which established itself by providing automated text messages services for companies in a variety of industries, was accused of selling access to its large database of phone numbers and other networks to facilitate surveillance. The surveillance campaign has been operating since at least 2019 and was apparently facilitated by a cofounder of Mitto AG, Ilja Gorelik. Gorelik allegedly allowed multiple security companies to gain valuable data on certain phone numbers within the Mitto AG database. There has been speculation that cell phone information sold by Gorelik may have made its way to the Israeli company NSO Group, which has lately been the source of major controversy over the misuse of its spyware by authoritarian regimes. 

Microsoft seizes forty two domains used by Chinese threat actor 

More on:

Cybersecurity

East Africa

China

Privacy

A federal court in Virginia allowed Microsoft to seize forty two websites used by the Chinese threat actor Nickel to launch attacks and exfiltrate data. The most recent attacks by Nickel were directed against government agencies, think tanks, and other civil society groups. Microsoft isn’t the only company taking action against cybercriminals. Google recently announced that it had filed lawsuits against the operators of a major botnet, known as Glupteba, and is working to bring down the command-and-control servers the group uses to operate the botnet. U.S. officials have been trying to get the private sector more involved in countering cybercrime, and it appears that effort is paying off. 

Popular safety app, Life360, is selling precise location data on its users 

Life360, which bills itself as a family safety app, is reportedly selling precise location data on all its users to data brokerages with little anonymization of data aside from removing names and phone numbers. Two former employees of Life360 said that while the company claims to respect privacy and obfuscate user data it has in fact routinely passed on easily identifiable data to business partners. Life360 has at least a dozen data brokerages it works with, and these brokerages then sell the acquired data on to other parties. Data brokers have recently come under heightened scrutiny on Capitol Hill, and Congress convened hearings on privacy concerns related to the data these brokers offer this week.   

Revealed that Apple secretly signed five-year investment agreement with Beijing in 2016 

On December 7, The Information reported that in 2016, Apple CEO Tim Cook covertly signed a five-year, $275 billion investment deal with China’s National Development and Reform Commission. In the agreement, Apple vowed to increase use of Chinese-manufactured parts, bolster collaboration with Chinese firms and R&D institutions, and help develop Chinese high-tech talent. Cook’s visit to Beijing occurred at a time where Apple faced slumping sales and regulatory pressure in China. To Apple, the clandestine agreement has been successful, as the company has “achieved the rare feat of convincing Beijing to back down on, or make exemptions to, regulations,” while maintaining a foothold in Chinese consumer markets. Apple is currently the top-selling smartphone brand in China and has survived a regulatory blitz that has soured rival U.S. tech companies’ relations with Beijing. 

More on:

Cybersecurity

East Africa

China

Privacy