By Rufo Guerreschi*
Elected officials, prime ministers, front-line journalists and news editors are increasingly hacked on their phones. So are hundreds of thousands of law-abiding citizens. Banning or regulating spyware will not stop foreign hackers. We know how to make secure devices. But they are over-complex for our entertainment needs, and compromised surreptitiously to enable lawful access. A solution would require an international UN-like body to guarantee both utmost security and legitimate lawful access of mobile devices. Wide adoption would require mobile devices of an ultra-thin form factor, carried in leather wallets or embedded face-out in the back of everyone’s next mobile phone.
Last week, we learned that the foreign minister of the UK, Liz Truss, was spied on for months on her communications with colleagues, friends and foreign diplomats. A few days ago, Ignazio Cassis, the president and foreign minister of Switzerland, and 100 other top officials were revealed to be victims of a hacking-for-hire via UK legal firms and Indian hacker gangs.
They are in good company. Last year alone, the sitting prime ministers of Spain and of Finland, the head of opposition of Greece and Poland, the son of the new prime minister of Israel, and the editor of the Financial Times, suffered similar attacks.
Earlier this year, the UK Minister of Defense and several EU parliamentarians were fooled by foreign agents impersonating the attorney of a Russian opposition leader. Even the president of the US runs the same risks, as detailed in 2017 by the New York Times. As bad as that is, it’s just the tip of the iceberg, as the number of victims is most likely in the hundreds of thousands, and maybe yourself, as we detail below.
Those same devices enable users to permanently delete evidence of crimes, as shown by investigations on the US president’s secret service detail and leaders of top swiss banks, while others may have acquired such evidence before its deletion for use in blackmail.
Why don’t they use their classified “work” phones? Are our leaders careless?
They don’t always use their work phones because a large majority of those they need to speak to – colleagues, parliamentarians, international colleagues, relatives, lovers – do not have those, are not allowed to have them, or incompatible, as is often the case for their foreign interlocutors.
Sure, they could and should be more careful, assuming that any use of their smartphone could result in blackmail, extortion or public shaming as legal or illegal snapshots of their life could be leaked to the media and published out of context or to prosecutors.
Most of them know the risks by now. However, they still do “for the same reasons as the rest of us”, as The Economist wrote: they are forced to use hegemonic mobile phones, app stores and apps if they want to function at all in their job or life, while evidently, no protective tools by their security agencies are remotely sufficient. To make matters even worse, they are also forced into extensive self-censorship to minimize the risk, with enormous costs to personal and professional effectiveness.
Furthermore, the difficulty of attributing hacks on today’s devices makes it often impossible to know if a leak was due to a hacker or to the victim’s interlocutor, as seen in the hack of Finnish Prime Minister Sanna Marin, fostering distrust among associates, and more self-censorship.
Are hackers just too good? But can’t those phones be made more secure?
Every year, Apple, top Android phone makers, and cybersecurity protection suite makers, introduce new security improvements. Like a mirage, decent security is never attained. Why is that? Sure, state and non-state hackers keep significantly increasing their investments. Yet, as shown, for example, by Crypto AG – the Swiss-based western standard devices for secure diplomatic communications in the Cold War – we can make IT devices that are both reliably secure against the most advanced attackers and accessible to interception only to intended entities.
Two are the root causes. First, hyper-complexity and obscurity are demanded by competition for rich entertainment performance features that are required of top-end smartphones. Second, the unconfessed need to surreptitiously ensure that several powerful nations can hack them at any time to prevent terrorist, enemy or adversary nations. Third, carrying an extra device may be acceptable for the most targeted persons but too cumbersome for their many sensitive non-classified interlocutors.
As bad as it is, is the problem limited to a few hundred top officials?
The actual number of how many are hacked or hackable is very hard to determine, by design. It is a very high priority for all public security agencies to ensure that criminals and terrorists overestimate the security of all secure devices so that they can continue their legitimate interception – while spyware and secure IT companies Apple play along for profit reasons.
But once in a while, some hard verified data comes around. The NSO Group, just one of a dozen spyware firms in Israel alone, testified last June to the 42-strong EU Parliament Committee of Inquiry to Investigate the Use of Pegasus and Equivalent Surveillance Spyware that over 12,000 citizens each year are hacked via their Pegasus system.
The 12,000 number above (1) doesn’t include dozens of other similar spyware companies that rent or sell to nations and private groups; (2) nor does it includes those hacked by security agencies of powerful nations; (3) nor hundreds or thousands of other entities to discover, buy, steal, or just rent access to illegitimately hacking of high-profile users, as shown by Shadow Brokers and Vault 7 scandals, as consequence of the surreptitious way in which powerful nations ensure their “backdoor” access.
Also, a vast majority of these cyber crimes go undiscovered for years, if ever, as they often leave no trace, as outlined above. When discovered, they are nearly always kept secret as both victims and attackers gain from keeping them unreported. Victims are not required to disclose, and hacking of top officials are often classified as state secrets.
So, therefore, the 12,000 number above is just the tip of the iceberg. Truth is that the most likely number of victims and potential victims are in the hundreds of thousands. The most targeted know it by now. Pre-Covid surveys by UBS and by Northern Trust showed that the 16 million wealthiest persons in the World and family offices regard cybersecurity as their n.2 or their n.1 concern, respectively. There is nothing money can buy. Even the richest have nowhere to hide, not to mention journalists and activists: a true democratic emergency and a huge unmet demand.
Towards a Solution
Many EU parliamentarians and human rights organizations believe the solution is to be found in national and international regulations or bans of spyware. Sure state regulation is needed to better oversee the use of those powerful tools. Banning instead would result in unregulated nations and criminals being able to spy, duly authorized security agencies cannot intercept the most dangerous criminals. In both cases, there are vast technical and jurisdictional complexities in trying to adequately enforce bans or adequate regulations.
So, a solution must go through making mobile devices that are radically more secure, and we know how to do that, though perfect security can never be achieved. But then how do we ensure wide adoption? How do we prevent their abuse by criminal, terrorists and adversarial nations? How do we minimize the risk that backdoors are not inserted?
Suitable solutions to this problem of mobile security and mobile accountability requires that they are both widely-adoptable and globally-trusted by a wide majority of sensitive persons all around the world, and that reliably enable only legitimate lawful access, national and international.
To be widely-adoptable, it must be convenient and cheap enough to be adopted by a large majority of the typical interlocutors of our elected officials and other vulnerable persons. Sure, we’d love to solve it with an open-source secure messaging app that everyone can review, but it can only be as secure as the device they run on. An external hardware solution would only protect from some of the hardware vulnerabilities. So, the answer must be an additional standalone hardware device. But everyone is weary of carrying an extra device. Fortunately, the same miniaturization today that enables foldable phones could enable an ultra-thin minimalistic but ultra-secure device to be embedded face-out in the back of any smartphone or carried face-out in custom leather wallets, for those that prefer that.
To be globally-trusted, all critical technical and process of the solution and its use should be openly inspectable, and minimal enough to be sufficiently inspectable. Given that the utmost security cannot be verified “after the sausage is made”, any technical and human components, including every coder, architect, critical tech provider, chip fabrication, and user training, should be subject to full transparency, and extremely trustworthy oversight. Design quality and oversight should be assured by some international body, whose governance quality can be assessed by moderately educated and informed citizens, just as in properly designed democratic election processes and procedures. It could involve a mix of globally-diverse nations, IGOs and NGOs, randomly-sampled world citizens, and proven “ethical” experts.
To enable legitimate lawful access, while sufficiently reducing the risk of its abuse, the same extreme technical and organizational safeguards mentioned above should be applied to “in-person” procedural mechanisms to vet legitimate lawful access requests – including in-presence authorization by several randomly-selected citizens for national ones, and an international judicial board for international ones.
Some nations appear to be less damaged than others by the status quo. Due to their control over the leading private firms in this domain, the US and Israel have an apparent distinct advantage, via their ability to access better protections, better espionage capabilities and better espionage countermeasures. Yet, the current model also creates huge collateral damages for their national security, democracy and their main allies, so much so that we suspect they’d be open to a better solution if one can be conceived and realized.
………….
*Rufo Guerreschi, is a leading-edge IT security and privacy activist, researcher and entrepreneur. He is founder of the Trustless Computing Association and its spin-in TRUSTLESS.AI. Andrew Kelly is a technical writer in the area of cybersecurity, and content manager at the Trustless Computing Association. Article sent to Other News by the author.