Welcome to Covert Comms (Issue № 1)

Introducing our new weekly(ish) brief on current events, espionage, digital security, and privacy from around the world.

Welcome to our new periodical brief Covert Comms, where you receive current events, espionage, digital security, and privacy-related insights from us directly to your inbox.

Behind the cloak & dagger: covert communications have long been used for two parties, normally handler and spy, to communicate secretly (and oftentimes remotely) without the knowledge of the Opposition aka bad guys. Covert communications are a classic tool of spycraft and have been used since literally the beginning of time (espionage is the world’s second-oldest profession so we’ve got some history behind us), the ancient form being steganography, or concealing a message within another message or object.

Leave your secrets (aka your email) with us and you’ll receive the latest insights, commentary, and news directly to your inbox. We strive for timeliness, relevance, conciseness, and of course — a dash of intrigue and occasional wit.

---

Court documents show FBI may have tool to access private Signal messages on locked iPhones

Court documents from a recent gun-trafficking case in New York suggest the FBI may have developed a way to access texts on Signal, the encrypted messaging app that has risen in popularity in recent months for its secure communication.

¹

Analyst Comment:

As avid Signal users and advocates, we almost suffered a gripper (aka myocardial infarction) when first seeing this bombshell headline from Fox Business. However, there is some serious nuance here that may not be obvious at first blush — it wasn’t to us. The article states that technology exists, likely from well-known digital forensics companies GrayKey or Cellebrite (who are competitors), capable of decrypting Signal messages so that law enforcement officials could access and read private messages from the otherwise end-to-end encrypted (E2EE), zero-knowledge messaging application. To say this is a serious claim is an understatement. However, hope remains. The digital forensics investigations devices (aka lawful government and law enforcement hacking tools) only decrypted the Signal messages when the device in question was in a specific vulnerable state, known as “partial AFU” (“after first unlock”). This is our non-technical understanding: after a device is powered on and unlocked (you enter your passcode), the device and its data is decrypted and remains accessible until the device is restarted/powered down, at which point it re-enters an encrypted state. It appears as though this in-between state after first unlock is the exploitable vulnerability. To successfully read your Signal messages, unauthorized users (aka not you) would have to 1) physically have access to or control your device, and 2) you would have already decrypted the device upon entering your passcode at startup. Should either one of these conditions be unmet, the hacking attempt would likely prove unsuccessful. Such is the cat and mouse game of privacy and technology. We standby for additional updates as experts learn more about this capability.

Congress bans anonymous shell companies after long campaign by anti-corruption groups

A groundbreaking measure to ban anonymous shell companies in the United States cleared Congress on Friday [11 December 2020] as the Senate joined the House in passing a defense-spending bill with a veto-proof margin.

²

Analyst Comment:

We are advocates for these so-called shell companies so long as they help us fulfill our personal, familial, and business goals of privacy and security, but obviously do not condone their misuse for the purposes of criminal or otherwise unlawful activities such as money laundering. That said, we look forward to learning more about the implementation of the Corporate Transparency Act, which would “require corporations and [LLCs] established in the United States to disclose their real owners to the Treasury Department”, a rule which applies to future and existing entities alike. For our intents and purposes, the practical ramifications of this act are relatively limited, given we seek privacy and security not exclusively from government oversight (for the sole purpose of taxation, mind you), but rather from non-state actors that pose a more pressing threat to our daily lives — criminals, hackers, surface-level online searches, and prying eyes. In order to effectively evade nation-state actors (a threat model most unlikely unless you moonlight as a Saudi dissident or Russian political opposition), we require sufficiently greater resources and sacrifice. For now, we continue to monitor for practical consequences of this act and its impact on our privacy posture.

America's Spy-Busters Put Secret-Stealing Chinese 'Grad Students' Under the Microscope

The FBI last month arrested Gang Chen, a well-known MIT nanotechnologist, and charged the China-born naturalized American with concealing close and lucrative connections to China's scientific and technological establishment on his applications for federal research grants.

³

Analyst Comment:

The seemingly never-ending problem of Chinese theft of U.S. intellectual property comes to the fore with this highly public (and embarrassing) display of the amount of soft power wielded by the Chinese government within the completely exposed and (rightfully) open U.S. (and Western) academic world. We were not shocked at the particular fields of study in which China showed great interest, in this case being nanotechnology and other scientific studies. We remind you that this incident highlights the significant state-sponsored Chinese effort to recruit other nations’ top scientists and engineers in order to co-opt them to support Chinese global technological advance — a very real and malign threat to individual (and global) privacy and security. While espionage and theft of intellectual property are important issues, they are the tip of the proverbial iceberg; they are symptoms of the underlying Chinese effort to supplant the U.S. as the world's preeminent technological behemoth, and they play the long game. Why do we dislike, distrust, and despise the Chinese government’s efforts in the academic (and corporate) world, no matter their publicly stated pretense? Read about their inhumane treatment of the Chinese Uighur population and convince us they possess a well-ordered sense of human dignity.

Women systematically raped and tortured in Uighur ‘re-education’ camps, says report

Women detained within Uighur internment camps in China’s Xinjiang province have experienced mass rape, sexual abuse and torture, it has been reported. According to the BBC, a number of former detainees and a guard have come forward to speak about what they experienced and saw within the camps, which China says are to “re-educate” Uighurs and other minorities.

⁴

Analyst Comment:

Since we’re on the topic, more information was recently publicly revealed regarding Chinese government treatment of Uighur minorities in so-called “re-education” camps, including [WARNING: GRAPHIC] mass rape, sexual abuse, and torture. China has received strong condemnations around the world for its treatment of the Muslim Uighurs, which the U.S. has labeled as genocide and crimes against humanity, labels with which we strongly agree. Most appalling to us is the utter disregard and contempt for the dignity of the human person, and the corruption, power, greed, and other blatant evils that compel the ruling Chinese Communist Party to commit such heinous acts. How many more times can we say it?

North Korean hackers tried to steal Pfizer vaccine know-how, lawmaker says

South Korea’s intelligence agency has said North Korea attempted to steal information on coronavirus vaccines and treatments by hacking Pfizer Inc, a lawmaker briefed by the agency said on Tuesday. Digital espionage targeting health bodies, vaccine scientists and drug makers has surged during the COVID-19 pandemic as state-backed hacking groups scramble to secure the latest research and information about the outbreak.

⁵

Analyst Comment:

The COVID-19 pandemic has done a fantastic job revealing the top priorities of several nation-state actors’ national security policies. For Russia, it involves (continued) assassination attempts of Putin’s political opposition in an attempt to consolidate and maintain power in the face of uncertainty. For China, it involves continued exploitation of vulnerable networks the world around for the purposes of intellectual property theft. For North Korea, it means desperately grasping at critical information needed to develop its own vaccine and prevent even greater portions of the stricken population (who already suffers from malnutrition, disease, lack of freedom, and destitute poverty) from being thoroughly ravaged by the pandemic. As intelligence is designed to deepen understanding and improve decision-making, noticing where intelligence agencies are being directed can yield useful context. It is thus unsurprising to us that North Korea would target health bodies in an effort to steal vaccine know-how; much like their Chinese bedfellows and their rampant theft of intellectual property, it is often far less costly to steal a capability than it is to develop it oneself. And when you happen to be a rogue state suffering amid international sanctions, cybercrime is a brilliantly cost effective means through which to achieve desired endstates. We would expect to see increased publicized nation-state hacking attempts of vaccine-related intellectual property conducted by more challenging states such as Iran, North Korea, Turkey, and of course — Russia and China — moving forward.

France identifies Russia-linked hackers in large cyberattack

France's cybersecurity agency ANSSI on Monday said "several French entities" had been breached, and linked the attacks to a Russian hacker group thought to be behind some of the most devastating cyberattacks in past years. The agency said it had identified "an intrusion campaign" in which hackers, linked to Russian military intelligence agency GRU, compromised the French software firm Centreon in order to install two pieces of malware into its clients' networks. The "supply chain attack" is similar to the recently discovered compromise of U.S. business software SolarWinds that breached several U.S. government agencies and many others.

⁶

Analyst Comment:

The Motherland, and particularly its military intelligence agency the GRU, continues to demonstrate aggressively unwelcome hostility to Western interests across the cyber domain. We remain interested in other GRU hacking exploits and their payoffs, similar to the recent SolarWinds revelation that stunned lawmakers and governments the world around with the extent of its damage to U.S. national security. Here we are met with a similarly themed supply chain attack attempt by the GRU but in France. Evidently, the payoffs of Russia’s malign cyber activity far outweigh the costs associated with discovery and attribution when it occurs, of which the common penalty is the imposition of international sanctions — a price Russia is clearly eager to pay. We are keenly interested in learning what threshold must be crossed before Russia curtails her malign activity, but are not optimistic this is realistic at present.

---

Enjoy Covert Comms? Brief your friends, colleagues, and others (including grandmothers, who are avid consumers of intelligence). Have a tip or article you want us to cover? Send it our way by leaving a comment below.

Covert Comms is a periodical brief of Privacy Matters, an informal publication of Signature Management Unit, a private intelligence, risk, and security firm from Milwaukee, Wisconsin.

1

https://www.foxbusiness.com/technology/fbi-tool-access-private-signal-messages-locked-iphones

2

https://www.washingtonpost.com/us-policy/2020/12/11/anonymous-shell-company-us-ban/

3

https://www.realclearinvestigations.com/articles/2021/02/11/americas_spy-busters_put_secret-stealing_chinese_grad_students_under_the_microscope_127077.html

4

https://www.independent.co.uk/news/world/asia/china-uighur-women-rape-b1796945.html

5

https://www.reuters.com/article/us-northkorea-cybercrime-pfizer/south-korean-spy-agency-says-north-korea-hackers-tried-stealing-pfizer-vaccine-know-how-yonhap-idUSKBN2AG0NI

6

https://www.politico.eu/article/france-cyber-agency-russia-attack-security-anssi/