Covert Comms (Issue № 3)

Our weekly(ish) brief on current events, espionage, digital security, and privacy from around the world.

Welcome to our periodical brief Covert Comms, where you receive current events, espionage, digital security, and privacy-related insights from us directly to your inbox.

Behind the cloak & dagger: covert communications have long been used for two parties, normally handler and spy, to communicate secretly (and oftentimes remotely) without the knowledge of the Opposition aka bad guys. Covert communications are a classic tool of spycraft and have been used since literally the beginning of time (espionage is the world’s second-oldest profession so we’ve got some history behind us), the ancient form being steganography, or concealing a message within another message or object.

Leave your secrets (aka your email) with us and you’ll receive the latest insights, commentary, and news directly to your inbox. We strive for timeliness, relevance, conciseness, and of course — a dash of intrigue and occasional wit.

---

Wife of drug kingpin El Chapo arrested on US drug charges

The wife of Mexican drug kingpin Joaquin “El Chapo” Guzman was arrested in the United States and accused of helping her husband run his multibillion-dollar cartel and plot his audacious escape from a Mexican prison in 2015. Emma Coronel Aispuro, a 31-year-old former beauty queen, was arrested at Dulles International Airport in Virginia on Monday and is expected to appear in federal court in Washington on Tuesday afternoon. She is a dual citizen of the United States and Mexico. Her arrest is the latest twist in the bloody, multinational saga involving Guzman, the longtime head of the Sinaloa drug cartel. Guzman, whose two dramatic prison escapes in Mexico fed into a legend that he and his family were all but untouchable, was extradited to the United States in 2017 and is serving life in prison. And now his wife, with whom he has two young daughters, has been charged with helping him run his criminal empire. In a single-count criminal complaint, Coronel was charged with conspiracy to distribute cocaine, methamphetamine, heroin and marijuana in the U.S. The Justice Department also accused her of helping her husband escape from a Mexican prison in 2015 and participating in the planning of a second prison escape before Guzman was extradited to the U.S.¹

Analyst Comment:

Why Ms. Coronel took the risk of traveling through or to the U.S. in light of her connection to her husband El Chapo is beyond us (especially as a U.S. citizen), but no complaints from our department. If anything, Coronel’s travel to the U.S. speaks either to her arrogance in presuming she was untouchable as the wife of the longtime head of the Sinaloa drug cartel, or her ignorance in thinking she would not eventually be charged for her involvement in running her husband’s criminal empire. If we were at the Department of Justice, we’d be doing everything in our power to try and “flip” Ms. Coronel to provide information on her husband’s cartel, using Coronel’s children as leverage — perfectly legal and acceptable manipulation towards the desired end state of causing a dent in the powerful cartel’s operations. In this game, you don’t get to traffick and distribute illicit narcotics while also being a wife and mother — either the drug business or family wins out. Our bet is that Coronel will choose her family. And given the ascendancy of the cartels in the past decade, enforcement agencies need every bit of leverage they can obtain.

60 Years After Eisenhower's Warning, Distinct Signs of a 'Digital-Intelligence Complex'

The synergy between Washington and Silicon Valley can be seen as the latest manifestation of the Beltway’s revolving door. But the size and scope of Big Tech – and the increasing dependence of government on its products and talent – suggest something more: the rise of a Digital-Intelligence Complex. Like the Military-Industrial Complex that President Dwight D. Eisenhower warned against in 1961, it represents a symbiotic relationship in which the lines between one and the other are blurred.²

Analyst Comment:

In a fitting tribute to President Eisenhower’s 1961 farewell address warning society of a growing military-industrial complex, this piece tells the tale of the mutually beneficial relationship between major tech companies (such as Amazon) and the federal government. Specifically, this piece addresses how the U.S. intelligence community relies heavily on big tech firms for their digital needs, with executives and senior leaders often using former government positions and contacts to slip laterally into positions with their tech providers upon conclusion of their government service, constituting a possible evolution towards the formation of an ever-growing digital-intelligence complex. Using the professional career of a former CIA and eventually senior member of the Office of the Director of National Intelligence as an example, this article highlights the relationship between intelligence agencies and their reliance upon digital services from the tech giants. We’re most wary of how the lines between big tech and government are being drawn, and closely monitor how major tech firms capitalize (literally) on the government’s need for their services.

Google expands controversial pilot project using patient data

More than a year after facing widespread criticism over its patient data-sharing arrangement with hospital chain Ascension, Google on Tuesday [Feb 23] unveiled new details and a name for a core product of the partnership. The tool — a kind of Google search for electronic medical records — is called Care Studio and will now be available to roughly 250 clinicians in pilot mode. The software lets clinicians research through reams of patient health record data without needing to know precisely where to look. Like the traditional Google search bar, the tool automatically generates responses as a doctor types inside of it, with the goal of retrieving relevant clinical information faster and more easily.³

Analyst Comment:

If this sounds a lot like a Google search but of personal medical records, that’s because it is. And while we absolutely are supportive of the ability for clinicians and healthcare providers to possess increased search capabilities — in the name of improving patient healthcare — we are wary of leveraging Google’s tools as the means by which to achieve that end. This pilot program is controversial to privacy and security-minded populations because it requires unfettered access by Google to sensitive medical data, adding to the tech giant’s already extensive command of personal data. Coupled with Google’s use of personal data to generate revenue from targeted advertisements, the last thing we want to do is voluntarily cede additional leverage to the tech giant to obtain an arguably limited return on investment — and in such a sensitive and personal area of our lives nonetheless. The privacy costs and unforeseen future consequences thereof are not worth this relatively marginal short-term convenience.

Chinese hackers stole another NSA-linked hacking tool, research finds

The U.S. intelligence community was rocked in 2017 when a group of mysterious hackers known as the Shadow Brokers leaked a trove of National Security Agency hacking tools for public consumption. The exact identity of the leakers remains unknown to this day. According to a growing body of security research, though, hackers with suspected links to the Chinese government may have had access to some of the same tools before they were published, and the Shadow Brokers may not be the only thieves the U.S. intelligence community has to worry about. According to new research from Israeli security firm Check Point published Monday, a group of Chinese hackers known as APT31 appear to have copied an exploit developed by Equation Group, a hacking group broadly believed to be associated with the NSA, more than two years before the Shadow Brokers leaked the trove of NSA tools.⁴

Analyst Comment:

Generally speaking, a cyber “tool” is some form of exploit or code used for offensive cyber operations, aka hacking. In this instance, we are faced with the embarrassing and gravely damaging realization that China had somehow accessed and stolen a set of advanced tools used by the National Security Agency (NSA) to conduct its operations. This is an unbelievably unfortunate and costly occurrence that has caused and will continue to cause unquantifiable damage around the world. As we’ve already covered regarding the CIA’s authorities to conduct covert action in cyberspace, (illicit) proliferation of dangerous cyber weapons will only result in more noise across the spectrum — with average citizens bearing the brunt of the damage. This is why we emphasize the necessity for individual action and diligence in digital security and online privacy, because no perfect centralized defense can be effectively mounted against such persistent and capable nation-state threat actors. While you may not get directly “hacked” by advanced nation-state cyber actors like the Chinese group mentioned here, you most certainly will feel the effects when dangerous cyber weapons are used to target U.S. critical infrastructure such as the electric grid, water supply monitoring systems, or others during a period of open cyber conflict.

Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn

For all the nation-state hacker groups that have targeted the United States power grid—and even successfully breached American electric utilities—only the Russian military intelligence group known as Sandworm has been brazen enough to trigger actual blackouts, shutting the lights off in Ukraine in 2015 and 2016. Now one grid-focused security firm is warning that a group with ties to Sandworm’s uniquely dangerous hackers has also been actively targeting the US energy system for years. On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos. But most noteworthy, perhaps, is a group that Dragos calls Kamacite, which the security firm describes as having worked in cooperation with the GRU's Sandworm. Kamacite has in the past served as Sandworm's "access" team, the Dragos researchers write, focused on gaining a foothold in a target network before handing off that access to a different group of Sandworm hackers, who have then sometimes carried out disruptive effects. Dragos says Kamacite has repeatedly targeted US electric utilities, oil and gas, and other industrial firms since as early as 2017.⁵

Analyst Comment:

Speaking of nation-states targeting U.S. critical infrastructure in cyberspace, this piece highlights the real and present threat of actors such as Russia targeting American electric utilities. In this instance, the article discusses a group known as “Sandworm” and how it was used with great effect to trigger actual blackouts across cities, most prominently in 2015 and 2016 in the Ukraine, which has been embattled by Russian meddling and active conflict for years. As we’ve covered before, the intent of cyber capabilities such as these is to impose costs and to hold at risk various elements of a nation’s safety and security, as a means to achieve desired endstates. As with most covert action, the intent of groups such as Sandworm (among countless others) is to do damage and to disrupt. We like this article because it reveals more about what malign actors such as Russia have been trying to do for years against the U.S., activities that are most often hidden behind the veil of top secret security clearances.

New public report to blame Saudi crown prince for 2018 killing of Jamal Khashoggi

The Biden administration will release an intelligence report as early as Thursday that concludes that Saudi Crown Prince Mohammed bin Salman approved the 2018 killing of journalist Jamal Khashoggi, three U.S. officials familiar with the matter said. The intelligence assessment, based largely on work by the CIA, is not new; NBC News was among the organizations that confirmed it in 2018. But its public release will mark a significant new chapter in the U.S.-Saudi relationship and a clear break by President Joe Biden with former President Donald Trump's policy of equivocating about the Saudi state's role in a brutal murder that was widely condemned by members of Congress, journalists and a U.N. investigator.⁶

Analyst Comment:

We are less concerned with which U.S. administration released this damning report as we are with the fact that the Saudi Crown Prince’s behavior has largely gone unpunished on the world stage as long as it has. The confirmed assassination by Saudi Arabia — at Crown Prince Mohammed bin Salman’s (MBS) orders and approval — of Washington Post reporter and Saudi dissident Jamal Khashoggi in 2018 are visible fruits of MBS’ leadership in the kingdom, and must be strongly condemned. Official investigations recounting the manner in which Khashoggi was lured under false pretense into the Saudi Embassy in Istanbul where he was tortured, dismembered, and dissolved in acid are the horrors of MBS’ leadership that seek to maintain power and crush any who seek to loose his stranglehold over the country and region. We are eager to see what amount of pressure this creates on U.S. - Saudi relations, and how MBS responds to a direct threat to his monopoly on power.

Hong Kong sees rush for burner phones as govt pushes Covid-19 contact-tracing app

Electronics shops in Hong Kong have seen a sharp increase in demand for cheap burner phones as the Chinese-ruled city's government eases coronavirus restrictions but pushes the use of a contact-tracing app which has raised privacy concerns. The financial hub saw anti-government and anti-China protests erupt in 2019 and a sweeping national security law imposed by Beijing in 2020 in response, along with the arrest of most of its prominent pro-democracy activists. The swift authoritarian turn taken by the government, which denies curbing the rights and freedoms of the special administrative region's 7.5 million residents, has resulted in deep-seated mistrust of public policies, including of measures to curb the coronavirus. Health Secretary Sophia Chan said the app poses no privacy risks, as it only stores data on users' phones and no third party collects it. The app notifies users if they had been in the same place as a person confirmed with Covid-19. "I'm buying a burner phone because the government clearly doesn't trust Hong Kong people, so why would I trust them?" said Vincent, 28, an accountant who gave only his first name because of the sensitivity of the issue.⁷

Analyst Comment:

As we are fond of saying, security cannot be applied retroactively. It is thus we are thrilled to see the demand for privacy emerge in Hong Kong, which is struggling under the Chinese-ruled city government’s implementation of a contact tracing app used to curb the spread of COVID-19. Contact tracing is widely misunderstood and exists across a diverse spectrum of methods, which we’ll cover late this week using a U.S. city as an exemplar. Regardless, the arrest of prominent pro-democracy activists and the passage of a sweeping national security law by Beijing in 2020 offer Americans a clear distinction between proper and rightful governmental respect and dignity for individual civil liberties, as opposed to the oppressive machinations of the Chinese state as bound by the ruling Communist elites.

1

https://apnews.com/article/el-chapo-wife-arrested-us-drug-charges-70bf4320547802587246adc2bff342c8

2

https://www.realclearinvestigations.com/articles/2021/02/23/60_years_after_eisenhowers_warning_distinct_signs_of_a_digital-intelligence_complex_127207.html

3

https://www.statnews.com/2021/02/23/google-project-nightingale-care-studio/

4

https://www.cyberscoop.com/chinese-hack-nsa-tool-check-point/

5

https://www.wired.com/story/russia-gru-hackers-us-grid/?fbclid=IwAR0MrMh0DMRsgXeYr4_uRTL5idNAyo3BjZwirK1wSMhGjCVkFnAMhiLaUuA

6

https://www.nbcnews.com/news/all/new-public-report-blame-saudi-crown-prince-2018-killing-jamal-n1258800

7

https://www.straitstimes.com/asia/east-asia/hong-kong-sees-rush-for-burner-phones-as-government-pushes-contact-tracing-app