Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘espionage’ Category

Khashoggi’s Watch

leave a comment »

I’ve been following the disappearance and possible (likely) murder of expat Saudi Arabian journalist Jamal Khashoggi at the Saudi consulate in Istanbul, Turkey with both horror and fascination.

When I read that Turkish newpaper Sabah wrote that Khashoggi’s Apple Watch may have provided evidence by Turkish officials of his murder, I paid even closer attention.

Could Khashoggi have activated a recording app on his Apple Watch, which was, in turn, connected to the iPhone he left in the car with his wife, and then have had that recording automagically uploaded to his iCloud account?

A report from CNBC pointed out some holes in Sabah’s story which bear following up.

First, they point out there’s no fingerprint sensor on the Apple Watch, so Sabah’s report that the Saudis attempt to delete the audio recording using Khashoggi’s fingerprint to unlock the Apple Watch wouldn’t be viable. The Apple Watch is unlocked with a passcode.

Also, the Apple Watch typically remains unlocked as long as the wearer keeps it strapped to their wrist after inputting the passcode.

Second, CNBC reports that the Sabah report indicated the audio recording was sent to Khashoggi’s iPhone from his Apple Watch, but if he left his iPhone with his fiancee outside the Saudi consulate, it would likely be difficult to maintain a Bluetooth connection to send the audio recording data to that phone.  

The rate of data transfer between Bluetooth 4.0 devices can be up to 25 Mbps, and though the signal can work through walls, the more objects in between the devices, the less overall range. The general range for Bluetooth 4.0 is up to 300 feet, so depending on how close his fiancee’s car was to the actual room where Khashoggi was allegedly being dismembered, the file might or might not have been transferrable back to his iPhone.

If you were thinking perhaps Khaoshoggi was wearing an Apple Watch that has a cellular data connection, CNBC points out that that particular model of the Apple Watch is incompatible with cellular networks in Turkey.

Finally, even if Khashoggi used an app to record from his Apple watch, Apple doesn’t actually ship the watch with a recording app.

So, he would have had to use one of several third-party apps that enable audio recording on the watch, and Apple’s privacy rules require such apps to display a red indicator on the watch a screen while it’s recording audio.

Anyone who looked at the watch would likely know they were being recorded. Of course, it’s certainly possible someone unfamiliar with the Apple Watch might not know what that big red button meant. But an alleged 15 highly-trained assassins?

Which leads me back to a hypothesis shared with me via a former member of the U.S. military. The Sabah Apple Watch story was very possibly a smokescreen published by Turkish intelligence intended to protect its own sources and methods.

Meaning, the Turkish government most likely had that Saudi consulate bugged to high heaven, so it’s very likely they do know if there was a murder and dismemberment taking place there. 

But suggesting via an open source record like a Turkish newspaper that such knowledge came in via an Apple Watch versus a well-placed bug is a very convenient way to let the world know that the Turks had that information, without really letting the world, and the Saudis, know exactly how.

Whatever the role these technologies did or didn’t play, the disappearance of Jamal Khashoggi has evolved into an international incident.

Just this morning, The New York Times reported that President Trump said that he spoke with the king of Saudi Arabia and that “the ruler denied any knowledge of what happened to a missing Saudi dissident journalist [Jamal Khashoggi].”

Yet, Trump indicated he would still be sending Secretary of State Mike Pompeo to Saudia Arabia later this morning to meet with King Salman.

No word yet on whether or not Secretary Pompeo will be wearing an Apple Watch!

Written by turbotodd

October 15, 2018 at 11:03 am

The Spy Who Tracked Me

with one comment

This is a juicy headline from Bloomberg: U.K. Reveals its First Major Cyber-Attack Was Against IS

GCHQ isn’t typically known for advertising its very-much-behind-the-scenes-on-the-down-low headline making when it comes to espionage, cyber or otherwise.

But according to this Bloomberg report, Britain “carried out its first major cyber-attack in 2017, disrupting Islamic State’s communications and propaganda for much of the year.”

“This is the first time the U.K. has systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign,” [GCHQ Director Jeremy] Fleming told a cybersecurity conference in Manchester, England, “Did it work? I think it did.”

Fleming (great last night for a spy head, right?) also mentioned Russia in his comments:

The use of a nerve agent against former double agent Sergei Skripal, he said, “demonstrates how reckless Russia is prepared to be, how little the Kremlin cares for the international rules-based order.” Russia “widely uses its cyber capabilities,” Fleming said, “blurring the boundaries between criminal and state activity” and deploying “industrial-scale disinformation to sway public opinion.”

Written by turbotodd

April 12, 2018 at 12:59 pm

Internet Insecurity

leave a comment »

You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?

That’s what I got today in a Washington Post email newsletter:

“New malware is 20 times size of Stuxnet”

“Cybersecurity experts needed to meet growing demand”

Surely the Post newsletter editor at least chuckled when he put those two together.

I didn’t chuckle, however, when I started reading up on this new Internet security phenom.

Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”

Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.

And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.

The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”

Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?

Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”

If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges.  This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”

Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”

Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”

Recorded conversations?

Yes, indeedy.  According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”

It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”

It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture.  Literally.

I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.

More details on Flame as they emerge…
%d bloggers like this: