IntelBrief: Hackers for Hire
Bottom Line Up Front
- The investigation into the hacking of Amazon founder Jeff Bezos’ phone demonstrates how private firms have developed sophisticated electronic espionage capabilities.
- From social engineering to cyberespionage, private firms and individuals are increasingly hired by governments to blackmail critics and rivals.
- This trend will likely intensify—barriers to entry are low, while smart devices and the ‘internet of things’ present ubiquitous targets for hackers.
- Governments are struggling to address growing privacy and security concerns in an era of global connectivity and cyber mercenaries for hire.
Gone are the days when only nation-states possessed the technical acumen to penetrate secure data and communication networks and the devices connected to them. But the scope of the threat posed by private firms with cyber capabilities that rival the world’s most skilled spy agencies—albeit with none of the legal or political restrictions—is still not widely understood. The reality is that even the most hardened target can be penetrated, and then pressured and blackmailed, creating significant problems in terms of compromised politicians, business leaders, or human rights activists. Much as private military contractors like Blackwater altered battlefield dynamics, so too have cyber mercenaries inserted themselves as critical players in geopolitics, with the ability to directly impact elections, leak highly secretive information of global elites, and wage surreptitious campaigns to destabilize states.
Money and know how are the only barriers to penetrate and exploit any system or device of a rival, and the companies and governments hiring these private firms have access to both. Persistent surveillance used to be prohibitively expensive and difficult but no longer, since most targets are carrying or driving a listening and tracking device at all times. Firms like NSO Group, Dark Matter, and Black Cube are staffed with former cyber intelligence operatives from Israel’s Mossad, the U.S.’ National Security Agency, and elsewhere. They have immense technical capabilities that are for sale to anyone who can afford them, to include hacking the endpoint of communications as a workaround to encryption. Companies, as well as some countries, to include Saudi Arabia and the United Arab Emirates, are using these firms to track critics and stifle dissenters and political opponents. In the case of Saudi Arabia’s tracking of Jamal Khashoggi, it ended in murder.
The ongoing investigation into the reported ‘hack’ of the cell phone text messages of the world’s richest person, Amazon founder Jeff Bezos, shows how effective these firms are at obtaining private information that can be used to pressure or extort the target of these hacks. On March 31, the security chief for Bezos, Gavin de Becker, announced that he had concluded his investigation into the publication of private messages by the National Enquirer as part of a blackmail campaign aimed at Bezos, the owner of the Washington Post. Jamal Khashoggi worked at the Washington Post, and the paper has been persistent in uncovering the plot to murder him and the involvement of Saudi Crown prince Mohammad bin Salman in that plot. In his announcement published in the Daily Beast, de Becker stated that ‘our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information.’ Saudi Arabia denies any involvement in the attempted blackmailing of Bezos as a means to stifle the Washington Post’s reporting on Khashoggi.
The consequences of having business leaders and politicians persistently compromised by the theft of private data are enormous for democratic societies, although as evidenced by the Panama Papers scandal, autocrats and dictators are vulnerable as well. Governments and multinational corporations can silence their critics by hiring private firms with few constraints and willing to act in extralegal ways. But these same governments and companies can themselves also be the target of cyber mercenaries. The rise of individuals and shadowy companies staffed by former intelligence operatives and cybersecurity experts is a hint at the future geopolitical landscape. In many ways, gaining access to and the ability to secure data can now be just as valuable, if not more so, than a well-trained and equipped conventional military.
For tailored research and analysis, please contact: firstname.lastname@example.org