The January 6 Secret Service Text Scandal Turns Criminal Leave a comment

As the United States midterm elections near, lawmakers and law enforcement officials are on high alert about violent threats targeted at election officials across the country—domestic threats that have taken first billing over foreign influence operations and meddling as the primary concern for the 2022 elections. In another arena, though, Congress is making progress on generating bipartisan support for sorely needed and overdue privacy legislation in the form of the American Data Privacy and Protection Act.

Iranian women’s rights activists sounded the alarm this week that Meta has not been responsive to their concerns about targeted bot campaigns flooding their Instagram accounts during a crucial moment for the country’s feminist movement. And investigators looking at attacks on internet cables in Paris have still not determined who was behind the vandalism or what their motive was, but new details have emerged about the extent of the sabotage, making the situation all the more concerning and intriguing. 

The ACLU released documents this week that detail the Department of Homeland Security’s contracts with phone-tracking data brokers who peddle location information. And if you’re worried about Big Brother snooping on your reproductive data, we have a ranking of the most popular period-tracking apps by their data privacy protections

And there’s more. Each week we round up the news that we didn’t break or cover in-depth. Click on the headlines to read the full stories. And stay safe out there!

The Department of Homeland Security Inspector General told the Secret Service on Thursday to halt its investigation into the deletion of January 6 insurrection-related text messages because of an “ongoing criminal investigation” into the situation. Secret Service spokespeople have said conflicting things: that data on the phones was erased during a planned phone migration or factory reset, and that the erased messages were not relevant to the January 6 investigation. The Secret Service said it provided agents with a guide to backing up their data before initiating the overhaul process, but noted that it was up to the individuals to complete this backup. 

Zero Day spoke to Robert Osgood, director of the forensics and telecommunications program at George Mason University and a former FBI digital forensics examiner, about the situation. “Osgood said that telling agents to back up their own phones ‘makes absolutely no sense’— particularly for a government agency engaged in the kind of work the Secret Service does and required to retain records. The agency is not only charged with protecting the president, vice president and others, it also investigates financial crimes and cybercrime,” reports Zero Day author Kim Zetter. “I’m pro-government, and [telling agents to back up their own phones] sounds strange,” Osgood told Zetter. “If that did happen, the IT manager that’s responsible for that should be censured. Something should happen to that person because that’s one of the dumbest things I’ve ever heard in my life.’”

The Federal Communications Commission’s Robocall Response Team said on Thursday that it is ordering phone companies to block robocalls that warn about expiring car warranties and offer renewal deals. The FCC said that the calls, which are familiar to people around the US, have come from “Roy Cox Jr., Aaron Michael Jones, their Sumco Panama companies, and international associates.” Since 2018 or possibly earlier, their operations have resulted in more than 8 billion prerecorded message calls to Americans, the FCC said. “We are not going to tolerate robocall scammers or those that help make their scams possible,” FCC chairperson Jessica Rosenworcel said in a statement. “Consumers are out of patience and I’m right there with them.”

After Apple warned a number of Thai activists and their associates in November that their devices might have been targeted with NSO Group’s notorious Pegasus spyware, a number of them reached out to human rights groups and researchers who established a broader picture of a campaign in Thailand. In all, more than 30 Thai victims have been identified. The targets worked with the local human rights group iLaw, which found that two of its own members had been victims of the campaign, as well as University of Toronto’s Citizen Lab and Amnesty International. The researchers did not provide attribution for who was behind the Pegasus campaigns, but found that a lot of the targeting occurred in the same general time when the targets were participating in protests against government policies.

Google’s Threat Analysis Group reported this week that it has seen Russia’s digital meddling continue apace, both in Ukraine as the Kremlin’s invasion rages on and in Eastern Europe more broadly. TAG detected the Russia-linked hacking group Turla attempting to spread two different malicious Android apps through sites that masqueraded as being Ukrainian. The group tried to market the apps by claiming that downloading them would play a role in launching denial of service attacks on Russian websites, an interesting twist given the civilian efforts in Ukraine to mount cyberattacks against Russia. TAG also detected activity from other known Russian hacking groups that were exploiting vulnerabilities to target Ukrainian systems and launching disinformation campaigns in the region.

Ukrainian officials also said this week that Russia had conducted an attack on Ukraine’s TAVR Media, hacking nine popular radio stations to spread false information that Ukrainian President Volodymyr Zelensky was in intensive care because of a critical ailment. The broadcast further claimed that Ruslan Stefanchuk, chairperson of the Verkhovna Rada, was in command in Zelensky’s stead. TAVR put out a statement on Facebook saying that the broadcasts did “not correspond to reality.” And Zelensky posted a video on his Instagram attributing the attack to Russia and saying that he is in good health.