A few days ago, we discussed the strange case of Sharyl Attkisson
, who seems to have functioned as a sort of right-wing "mole" in CBS News. She was fired, in part, because she pushed a silly story about Benghazi. She made the news lately, at least the right-wing news, with her claim
in a book that an unnamed spook friend of hers found a super-duper extra-special keylogger on her laptop.
Attkisson says the source, who’s “connected to government three-letter agencies,” told her the computer was hacked into by “a sophisticated entity that used commercial, nonattributable spyware that’s proprietary to a government agency: either the CIA, FBI, the Defense Intelligence Agency or the National Security Agency.”
The breach was accomplished through an “otherwise innocuous e-mail” that Attkisson says she got in February 2012, then twice “redone” and “refreshed” through a satellite hookup and a Wi-Fi connection at a Ritz-Carlton hotel.
I was befuddled by this phrase: "commercial, nonattributable spyware that’s proprietary to a government agency." It's a little hard to see how something can be both commercial and gummint at the same time.
To be frank, I was dismissive of Attkisson when this story first came to my attention. I am suspicious of pretty much every "journalist" who pals around with spooks.
But maybe there's something going on here.
Look at this story in The Intercept
: It's about a spyware program developed in Annapolis, MD and sold to thuggish governments throughout the world. The MD firm is called Hacking Team -- and the owners are Italian
, believe it or not.
Run your eyeballs over the following, and tell me if some of the details seem familiar...
The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software.
Doesn't that description sound exactly like what Sharryl says she found on her system? Of course, the presence of Hacking Team's pride-n-joy does not necessarily mean that Obama
called for a cyber-hit, although everyone on the right will so presume.
The Italian connection:
Here's a cute detail which may reveal much: Hacking Team "has even taken an investment from a firm headed by America’s former ambassador to Italy."
There are really only two possibilities here.
First, we may be talking about Bush crony Mel Sembler, about whom I've written much due to his controversial association with Straight. Sembler (ambassador to Italy from 2001 to 2005) now runs a real estate development company called The Sembler Company.
The other suspect is Ronald P. Spogli (ambassador from 2005 to 2009), who runs a private equity investment firm called Freeman, Spogli & Co.
Sembler's two predecessors as Italian ambassador are now dead. Spogli was succeeded by David Thorne, who doesn't own a company. Thus, practically speaking, we have only Sembler and Spogli as possibilities.
I would love to write more posts about Sembler, a close associate of Mitt Romney
and a very strange player
in the world of parapolitics. However, it seems likelier that the investment came from Spogli's private equity firm than from Sembler's real estate firm. Spogli's company was associated with former Los Angeles Mayor Richard Riordan, who was an interesting character in his own right.
More on Hacking Team.
Hacking Team offers the assurance that its users are all government institutions. Spyware is perfectly legal in law enforcement or intelligence investigations “if used with the proper legal authorization in whatever jurisdiction they’re in,” according to Nate Cardozo, staff attorney at the Electronic Frontier Foundation. Hacking Team’s “customer policy” also claims that it will not sell to countries listed on international “blacklists” or that it believes “facilitate gross human rights abuses.” The company won’t disclose what it means by blacklists, how its review process works, or which, if any, customers have been dumped. Hacking Team’s spokesman refused to provide details beyond what is on the company’s website.
The software can be installed physically, via a USB stick, if the authorities have direct access to the computer (imagine a police stop or an airport search.)
Or, the infection can happen remotely. It could take the familiar form of a phishing attack or email scam – as a group of Moroccan reporters found out in 2012. A document promising them a secret scoop (it was titled “scandale,” in French) turned out to be a decoy for Hacking Team software. An Emirati blogger fell victim to the same trick. The implant can also be melded with legitimate, useful software that the victim is prompted to download.
This next bit should give you the chills...
As The Intercept has previously reported, Hacking Team also installs its bugs via “network injectors” – physical devices housed with internet service providers, that allow them to intercept ordinary web traffic, like streaming video, and replace it with infectious code.
Supposedly, YouTube has "hardened" its system to protect against such intrusions. Supposedly.
This is all very frightening to think about, isn't it? Happy Halloween...