• Afghanistan, Policy Choices, and Claims of Intelligence Failure

    Was the chaotic evacuation from Afghanistan the result of an intelligence failure? David Priess, who served as a CIA analyst in the administrations of Bill Clinton and George W. Bush, writes that to make this judgment, we need answers to many questions. But even if the written records, such as the PDBs, are declassified, “unless and until Joe Biden opens his mind and soul, we are unlikely to understand if he internalized the core judgments in any intelligence documents or briefings.”

  • Cybersecurity Experts Worried by Chinese Firm’s Control of Smart Devices 

    From rooftop to basement and the bedrooms in between, much of the technology making consumer products smart comes from a little-known Chinese firm, Tuya Inc. of Hangzhou.More than 5,000 brands have incorporated Tuya’s technology in their products. Cybersecurity experts are worried, and they urge Washington to limit or ban Tuya from doing business in the United States, in part because a broad new Chinese law requires companies to turn over any and all collected data when the government requests it.

  • Chinese Hackers Used Cyber-Disguising Technology against Israel: Report

    Beginning in January 2019, UNC215, a Chinese government digital spy group, had hacked into Israeli government networks after using remote desktop protocols (RDPs) to steal credentials from trusted third parties.

  • What is Pegasus? Explaining How the Spyware Invades Phones and What It Does When It Gets In

    Pegasus is a spyware that can stealthily enter a smartphone and gain access to everything on it, including its camera and microphone. Pegasus is designed to infiltrate devices running Android, Blackberry, iOS and Symbian operating systems and turn them into surveillance devices.

  • Responsible Cyber Offense

    There is responsible conduct in cyberspace, and there is irresponsible conduct. Perri Adams, Dave Aitel, George Perkovich, and JD Work write that “If the SolarWinds operation was a case of somewhat responsible hacking within the bounds of acceptable state action (even if Russia is far from a responsible actor in cyberspace), the Exchange operation, by contrast, demonstrates how an irresponsibly conducted espionage operation can escalate into collateral damage and instability.” They write that, despite critical preventive efforts, “offensive operations will continue apace in the foreseeable future—conducted by the United States, its allies and its adversaries. The choice is whether and how to engage in them responsibly and minimize cost to societies.”

  • Haiti Assassination Revives Concerns over “Private Armies”

    Most of the 20-plus suspects arrested in the assassination of Haitian President Jovenel Moïse as part of an attempted coup appear to be from outside the country, with no known connection to the nation’s politics or military. The assassination of Haitian President Jovenel Moïse has renewed concerns over the shadowy, unregulated trade of professional militaries — companies staffed by veteran fighters from armed forces around the world that provide private security to the ultra-rich and powerful, various nations, and sometimes to warlords, arms traders, and aspiring dictators.

  • Israel Tries to Limit Fallout from the Pegasus Spyware Scandal

    Israel has been trying to limit the damage the Pegasus spyware scandal is threatening to do to France-Israel relations. The Moroccan intelligence service used the software, made by an Israeli company with close ties to Israel’s defense and intelligence establishments, to spy on dozens of French officials, including fourteen current and former cabinet ministers, among them President Emmanuel Macron and former prime minister Edouard Phillipe. It would not be unreasonable for the French intelligence services to assume that there was a measure of Israeli spying on France involved here, with or without the knowledge of the Moroccans. Macron, in a phone conversation with Israel’s prime minister Naftali Bennett, pointedly asked for an explanation.

  • U.S. Leads Coalition Accusing China of Hacking

    On 19 July, the United States joined other countries in condemning the hacking by Chinee government hackers of Microsoft Exchange email server software. Despite the condemnations, there have not been any sanctions against China for its role in the breach, leading critics to charge that the Biden’s response was weak and “not proportionate to the severity of the breach.” Abby Lemert and Eleanor Runde write that “Part of the problem is that escalatory retaliation carries special risks to a highly digitized society like the United States. Accordingly, some commentators assess that Biden’s response is properly calibrated to the risks.”

  • Biden: Russia Already Interfering in 2022 Election

    President Joe Biden on Tuesday said that Russia is already interfering in the 2022 mid-term elections. Speaking after classified briefing prepared by the intelligence community, Biden said that the escalating cyberattacks by Russia and China are not only a “pure violation of our sovereignty,” but that these attacks make it more likely the United States could “end up in a real shooting war with a major power.”

  • Combating Foreign Disinformation on Social Media

    How are other nations using disinformation on social media to advance their interests? What is the U.S. response to these campaigns, and how has it evolved? What does the Joint Force—and the U.S. Air Force in particular—need to be prepared to do in response?

  • France Accuses China of “Vast” Cyberattacks Campaign against French Organizations, Companies

    The director-general of ANSSI, France’s cyber defense agency, said France has been under a sustained and sever cyberattacks by Chinese government hackers since the beginning of the year. France has so far abstained from publicly attributing cyberattacks on its infrastructure or on French companies.

  • Pegasus Project Shows the Need for Real Device Security, Accountability and Redress for those Facing State-Sponsored Malware

    It is no surprise that people around the world are angry to learn that surveillance software sold by NSO Group to governments has been found on cellphones worldwide. People all around the world deserve the right to have a private conversation. Communication privacy is a human right, a civil liberty, and one of the centerpieces of a free society. And while we all deserve basic communications privacy, the journalists, NGO workers, and human rights and democracy activists among us are especially at risk, since they are often at odds with powerful governments.

  • Growing Unease in Israel over Pegasus Case

    Israel is worried that the Pegasus spyware revelations may turn a PR black eye into a diplomatic crisis. Israel never exhibited any qualms about dealing with and selling arms to pretty unsavory regimes, but such deals were typically kept secret. The fact that the Israeli Ministry of Defense authorized the NSO Group to sell the Pegasus spyware to regimes which then used it to spy on opposition figures, civil society activists, and journalists – and, in the case of Saudi Arabia, to track Jamal Khashoggi and kill him — has raised questions about what did the government know and when did it know it.

  • Macron’s Secure Mobile Phone Compromised by Pegasus Spyware

    The secure smartphone of French president Emmanuel Macron was compromised by the Pegasus surveillance malware. It was surreptitiously installed by Moroccan intelligence operatives, who introduced the virus into the phones of former Prime Minister Edouard Philippe and fourteen other current and former French cabinet ministers.

  • China Spy Agency Using Contract Hackers to Extort, Destabilize Western Companies

    The United States and its allies in Europe and Asia have charged that China’s Ministry of State Security is employing criminal contract hackers to conduct cyber operations globally, from which the hackers personally profit. The activities include ransomware operations against private companies which are forced to pay millions in ransom demands to regain access to their data.