This is How They Tell Me the World Ends

This is funny, in a macabre sort of way
United States Government Security
How the NSA’s Hubris Left America Vulnerable ( 1 Posted by Editor David on Sun. Feb. 07, 2021 from the exceptionalism dept.

A new book promises “the untold story of the cyberweapons [] market — the most secretive, invisible, government-backed market on earth — and a terrifying first look at a new kind of global warfare.”


Its author — a New York Times cybersecurity reporter — shares the book’s story about David Evenden, a former National Security Agency analyst who later worked in Abu Dhabi:
He, like two dozen other N.S.A. analysts and contractors, had been lured to the United Arab Emirates by a boutique Beltway contractor with offers to double, even quadruple, their salaries and promises of a tax-free lifestyle in the Gulf’s luxury playground. The work would be the same as it had been at the agency, they were told, just on behalf of a close ally. It was all a natural extension of America’s War on Terror. Mr. Evenden started tracking terror cells in the Gulf. This was 2014, ISIS had just laid siege to Mosul and Tikrit and Mr. Evenden tracked its members as they switched out burner phones and messaging apps…

Soon, though, he was assigned to a new project: proving the Emiratis’ neighbor, Qatar, was funding the Muslim Brotherhood. The only way to do that, Mr. Evenden told his bosses, would be to hack Qatar. “Go for it,” they told him. No matter that Qatar was also an American ally or that, once inside its networks, his bosses showed no interest in ever getting out. Before long his team at the contractor, CyberPoint, was hacking Emirati enemies, real and perceived, all over the world: Soccer officials at FIFA, the monarchy’s Twitter critics, and especially Qatari royals. They wanted to know where they were flying, who they were meeting, what they were saying. This too was part of the mission, Mr. Evenden was told; it had all been cleared up high. In the War on Terror and the cyber arms market, you could rationalize just about anything.

All the rationalizations were stripped away the day emails from the first lady of the United States popped up on his screen. In late 2015, Michelle Obama’s team was putting the finishing touches on a trip to the Middle East. Qatar’s Sheikha Moza bint Nasser had invited Mrs. Obama to speak… And every last email between the first lady, her royal highness, and their staff — every personal reflection, reservation, itinerary change and security detail — was beaming back to former N.S.A. analysts’ computers in Abu Dhabi. “That was the moment I said, ‘We shouldn’t be doing this,’ he told me. “We should not be targeting these people.”

Mr. Evenden and his family were soon on a flight home. He and the few colleagues who joined him tipped off the F.B.I. (The agency does not comment on investigations, but interviews suggest its review of CyberPoint is ongoing.) To pre-empt any fallout, some employees came clean to Reuters. The hack of Sheika Moza’s emails with Mrs. Obama has never been reported.

It wasn’t long after Mr. Evenden settled back in the states that he started fielding calls and LinkedIn messages from his old buddies at the N.S.A., still in the service, who had gotten a “really cool job offer” from Abu Dhabi and wanted his advice. By 2020, the calls had become a drumbeat.

“Don’t go,” he pleaded. “This is not the work you think you will be doing.” You might think you’re a patriot now, he wanted to warn them, but one day soon you too could wake up and find you’re just another mercenary in a cyber arms race gone horribly wrong…

The author criticizes America’s security establishment. “When we discovered openings in the systems that govern the digital universe, we didn’t automatically turn them over to manufacturers for patching. We kept them vulnerable in the event the F.B.I. needed to access a terrorist’s iPhone or Cyber Command had reason to drop a cyberweapon on Iran’s grid one day…”

But the author also warns that “the potential for a calamitous attack — a deadly explosion at a chemical plant set in motion by vulnerable software, for example — is a distraction from the predicament we are already in. Everything worth taking has already been intercepted: Our personal data, intellectual property, voter rolls, medical records, even our own cyberweaponry…”

%d bloggers like this: