The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
In late October, a week before the presidential election, Kamala Harris’ cybersecurity team called Apple looking for help. A spyware detection tool had flagged anomalies on two iPhones belonging to senior members of the vice president’s team, and her office was worried they’d been hacked.
The Harris team’s ask was a simple one, sources familiar with the incident told Forbes. It wanted Apple to extract a “raw image” copy of the operating system from one of the devices to better assess what had happened to it.
Though the phone’s owner had consented to its examination, Apple declined to provide the image, sources said, and the Harris campaign, now disbanded, did not press the issue over fears of it becoming politicized. The phone continues to be investigated by iVerify, the company whose spyware detection tool first flagged the issues. Both Apple and the Harris campaign declined to comment on the matter. The FBI, which had been investigating the matter, declined to comment.
That Apple refused the Harris campaign’s request for forensic assistance is hardly surprising. The company has long maintained that privacy is a fundamental human right and has been adamant that the information stored on its devices be accessible only to the people that own them. In 2016, it famously refused to help the FBI access data on the iPhone of a man who shot and killed 14 in a terrorist shooting in San Bernardino, setting off a legal battle that only petered out when the government eventually hired a contractor to hack their way in.
But Dan Guido, founder of cybersecurity company Trail of Bits and one of the creators of iVerify, told Forbes there’s more Apple can do to help those who have evidence their devices have been hacked. “Apple’s current approach to iPhone investigations is deeply flawed,” Guido said. By limiting access to lower levels of iOS, Apple is trying to protect iPhones from malware, but at the cost of blocking security tools that could identify hackers who’ve broken through those defenses, he said. While the company’s security precautions are well intentioned, Guido added, they “leave defenders flying blind.”
User frustration is often compounded by threat notifications Apple sends to targeted users when its security team determines iPhones have been hit with spyware. The company doesn’t offer further technical assistance beyond the warning, which does not specify how, when or why the user was targeted, and points them to nonprofits like Access Now for additional support. “It’s woefully inadequate,” Guido said, adding that it “falls short of their responsibility to protect users.”
On the technical side, Guido said Apple could open up what are known as “application programming interfaces” (APIs) on iOS. Such APIs could, with some security protections around them, allow deeper access to the operating system so researchers could more easily uncover malware on an iPhone, Guido said.
But there’s plenty of disagreement over whether iOS should be opened up to researchers and companies whose business models would benefit from a more open architecture. Apple has good reasons for being restrictive: it’s often more secure. Indeed, opening up those APIs could benefit the same spyware companies the likes of iVerify are trying to block.
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
14 North Koreans Indicted Over Fake IT Worker Scheme
The Justice Department says North Koreans used “false, stolen, and borrowed identities of U.S. and other persons” to get jobs as remote IT workers for U.S. companies and nonprofit organizations.
Prosecutors allege that the defendants were secretly working for North Korea-controlled companies based in China and Russia, sending back as much as $88 million to their paymasters over a six-year period. They also stole proprietary source code and threatened to leak pilfered data unless their legitimate U.S. employer paid a ransom, according to the DOJ.
Stories You Have To Read Today
In Serbia, police used a phone forensics tool made by Israeli industry giant Cellebrite to pull data from a journalist’s phone, before installing spyware on their device, according to Amnesty International.
A Chinese hacking group known as Salt Typhoon recorded telephone calls of “very senior” American political figures, a White House official said. It’s part of what lawmakers have described as one of the most significant attacks on America’s telecoms industry in recent memory.
Winner of the Week
In his first byline since getting out of Russian prison, Wall Street Journal reporter Evan Gershkovich is back writing on what he and his colleagues say is “at the very core” of President Putin’s wartime administration. They lift the lid on the Department for Counterintelligence Operations, known as DKRO, which has become a crucial cog in Russia’s repression machine.
Per the report, “It wields the power to compel hundreds of thousands of personnel across Russia into surveilling, intimidating, or arresting foreigners and the Russians it suspects of working with them.”
Loser of the Week
The U.S. has sanctioned Chinese cybersecurity company Sichuan Silence Information Technology Company and one of its employees, Guan Tianfeng, over claims they helped hack “tens of thousands of firewalls worldwide, including firewalls at U.S. critical infrastructure companies.” The attacks happened in 2020, according to the Department of State, which also said it was offering $10 million to anyone with information about the company or its employees.
