Spyware hacks by federal workers could run into the hundreds, lawmaker says
A US government investigation into how many cellphones belonging to diplomats and government workers have been infected with spyware could “easily run into the hundreds,” according to a member of the House Intelligence Committee.
Jim Himes, a Democratic representative from Connecticut, told Bloomberg News that the Biden administration is “just beginning to get a sense of the scope of the problem.” He predicted the probe could find that spyware was used against “hundreds” of federal personnel in “several countries.”
Himes was the lead author of a letter in September urging the federal government to better protect US diplomats abroad from spyware and publicly detail cases of such abuse. He received a letter last month written jointly by the Departments of Commerce and State confirming that commercial spyware has targeted U.S. government officials serving overseas.
“Spyware technology has kind of moved beyond our ability to make sure that the communications of our diplomats are protected, or even the locations and contacts and photographs of our diplomats are protected. And that’s obviously a huge vulnerability,” he said.
The official confirmation follows a Reuters report from last year that the iPhones of at least nine State Department employees were hacked with spyware developed by Israel’s NSO Group. The employees were either based in Uganda or focused on issues related to the country, according to the report.
The inquiry is focused on how many diplomats and other US personnel have been targeted, who is targeting them and what spyware tools were used, according to the letter and two US officials familiar with the matter. The government’s efforts are also focused on how to prevent US government employees from falling victim to spyware.
NSO Group’s spyware can covertly record emails, phone calls and text messages, track location and record video and audio using the phone’s camera and microphone. The company has been criticized — and blacklisted by the Commerce Department — because spyware has been used by its government clients to target government officials, journalists, activists and others.
NSO Group has repeatedly said it sells its technology to law enforcement and government agencies for the purpose of catching criminals and terrorists.
A US official familiar with the investigation said it was ongoing and had not yet reached a conclusion on the number of employees targeted. Another person, a senior US official familiar with the investigation, said even a small number of targeted personnel would pose a serious counterintelligence risk. Both officials spoke on condition of anonymity given the sensitive nature of the probe.
A new executive order is also in the works that would prohibit government officials from using commercial spyware if there is a risk that it could be misused or pose a counterintelligence or security risk to the United States, according to the letter.
The inquiry underscores the challenges facing the State Department as it tries to protect diplomats working abroad from spyware. Many use apps like Signal and Meta Platforms Inc.’s Facebook and WhatsApp on their official phones as a necessary part of their work, according to Kelly Fletcher, a former Pentagon official who is the State Department’s new chief information officer.
She said, in her first interview since taking the post, that her agency is “actively hardening” its systems and has “robust processes” to detect intrusions on mobile device operating systems and applications. But she said challenges remain.
At least half of the State Department’s telecommuters still use their personal laptops at work, she said. “I would love to see every State Department user on a State Department laptop,” she added.
Fletcher said she wants to prioritize protecting the most valuable five to 10 people at the State Department, including top US diplomat Antony Blinken, describing them as “really rich targets”.
“I think there should be separate standards for these users at the very highest level,” she said. “What I don’t want these people to do is to be like, ‘Oh forget it, I’m just going to use my personal phone.'”
Fletcher said in a statement that the State Department continues to work with other agencies “to monitor and respond to worrisome activity targeting government officials.” But she declined to discuss details of the spyware request “for security reasons and to protect our ongoing investigation.”
Photo: Representative Jim Himes, a Democrat from Connecticut, speaks during a House Financial Services Committee hearing in Washington, DC/Bloomberg
Copyright 2022 Bloomberg.
Interested in Legislation?
Get automatic notifications for this topic.