UPDATE 19. July 2021: THE BIOMETRIC ID ENDGAME + Amazon Shuts Down NSO Group Infrastructure

UPDATE 15. July 2021: A private Israeli firm has helped governments hack journalists and human rights advocates

UPDATE 09. July 2021: As U.S. Government Report Reveals Facial Recognition Tech Widely Used, WEF-Linked Israeli Facial Recognition Firm Raises $235 Million

Ending Anonymity: Why The WEF’s Partnership Against Cybercrime Threatens The Future Of Privacy

Cyber PolygonBy Whitney Webb - 08. July 2021

With many focusing on tomorrow’s Cyber Polygon exercise, less attention has been paid to the World Economic Forum’s real ambitions in cybersecurity – to create a global organization aimed at gutting even the possibility of anonymity online. With the governments of the US, UK and Israel on board, along with some of the world’s most powerful corporations, it is important to pay attention to their endgame, not just the simulations.

Amid a series of warnings and simulations in the past year regarding a massive cyber attack that could soon bring down the global financial system, the “information sharing group” of the largest banks and private financial organizations in the United States warned earlier this year that banks “will encounter growing danger” from “converging” nation-state and criminal hackers over the course of 2021 and in the years that follow.

The organization, called the Financial Services Information Sharing and Analysis Center (FS-ISAC), made the claim in its 2021 “Navigating Cyber” report, which assesses the events of 2020 and provides a forecast for the current year. That forecast, which casts a devastating cyber attack on the financial system through third parties as practically inevitable, also makes the case for a “global fincyber [financial-cyber] utility” as the main solution to the catastrophic scenarios it predicts.

Perhaps unsurprisingly, an organization close to top FS-ISAC members has recently been involved in laying the groundwork for that very “global fincyber utility” — the World Economic Forum, which recently produced the model for such a utility through its Partnership against Cybercrime (WEF-PAC) project. Not only are top individuals at FS-ISAC involved in WEF cybersecurity projects like Cyber Polygon, but FS-ISAC’s CEO was also an adviser to the WEF-Carnegie Endowment for International Peace report that warned that the global financial system was increasingly vulnerable to cyber attacks and was the subject of the first article in this 2-part series.

Another article, published earlier this year at Unlimited Hangout, also explored the WEF’s Cyber Polygon 2020 simulation of a cyber attack targeting the global financial system. Another iteration of Cyber Polygon is due to take place tomorrow July 9th and will focus on simulating a supply chain cyber attack.

A major theme in these efforts has not only been an emphasis on global cooperation, but also a merging of private banks and/or corporations with the State, specifically intelligence and law enforcement agencies. In addition, many of the banks, institutions and individuals involved in the creation of these reports and simulations are either actively involved in WEF-related efforts to usher in a new global economic model of “stakeholder capitalism” or are seeking to imminently introduce, or are actively developing, central bank-backed digital currencies, or CBDCs.

In addition, and as mentioned in the first article in this series, a cyber attack like those described in these reports and simulations would also provide the perfect scenario for dismantling the current failing financial system, as it would absolve central banks and corrupt financial institutions of any responsibility. The convergence of several concerning factors in the financial world, including the end of LIBOR at the end of year and the imminent hyperinflation of globally important currencies, suggests that the time is ripe for an event that would not only allow the global economy to “reset”, but also absolve the fundamentally corrupt financial institutions around the world from any wrongdoing. Instead, faceless hackers can be blamed and, given recent precedents in the US and elsewhere, any group or nation state can be blamed with minimal evidence as politically convenient.

This report will closely examine both FS-ISAC’s recent predictions and the WEF Partnership against Cybercrime, specifically the WEF-PAC’s efforts to position itself as the cybersecurity alliance of choice if and when such a catastrophic cyber attack cripples the current financial system.

Of particular interest is the call by both FS-ISAC and the WEF Partnership against Cybercrime to specifically target cryptocurrencies, particularly those that favor transactional anonymity, as well as the infrastructure on which those cryptocurrencies run. Though framed as a way to combat “cybercrime”, it is obvious that cryptocurrencies are to be unwanted competitors for the soon-to-be-launched central bank digital currencies. 

In addition, as this report will show, there is a related push by WEF partners to “tackle cybercrime” that seeks to end privacy and the potential for anonymity on the internet in general, by linking government-issued IDs to internet access. Such a policy would allow governments to surveil every piece of online content accessed as well as every post or comment authored by each citizen, supposedly to ensure that no citizen can engage in “criminal” activity online. 

Notably, the WEF Partnership against Cybercrime employs a very broad definition of what constitutes a “cybercriminal” as they apply this label readily to those who post or host content deemed to be “disinformation” that represents a threat to “democratic” governments. The WEF’s interest in criminalizing and censoring online content has been made evident by its recent creation of a new Global Coalition for Digital Safety to facilitate the increased regulation of online speech by both the public and private sectors.

FS-ISAC, its influence and its doomsday “predictions” for 2021

FS-ISAC officially exists to “help ensure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global economy.” In other words, FS-ISAC allows the private financial services industry to decide on and coordinate sector-wide responses regarding how financial services are provided during and after a given crisis, including a cyber attack. It was tellingly created in 1999, the same year that the Glass-Steagall Act, which regulated banks after the onset of the Great Depression, was repealed.

Though FS-ISAC’s members are not publicly listed on the group’s website, they do acknowledge that their membership includes some of the world’s largest banks, Fintech companies, insurance firms and payment processors. On their board of directors, the companies and organizations represented include CitiGroup, Bank of America, Wells Fargo and Morgan Stanley, among others, strongly suggesting that FS-ISAC is largely a Wall Street-dominated entity. SWIFT, the society that manages inter-bank communication and dominates it globally, is also represented on FS-ISAC’s board. Collectively, FS-ISAC members represent $35 trillion in assets under management in more than 70 countries.

FS-ISAC also has ties to the World Economic Forum due to the direct involvement of its then-CEO Steve Silberstein in the WEF-Carnegie initiative and FS-ISAC’s participation in the initiative’s “stakeholder engagements.” There is also the fact that some prominent FS-ISAC members, like Bank of America and SWIFT, are also members of the WEF’s Centre for Cybersecurity, which houses the WEF Partnership against Cybercrime project. 

At the individual level, the founding director of FS-ISAC, Charles Blauner, is now an agenda contributor to the WEF who previously held top posts at JP Morgan, Deutsche Bank and CitiGroup. He currently is a partner and CISO-in-residence of Team8, a controversial start-up incubator that operates as a front for Israeli military intelligence in tech-related ventures that is part of the WEF Partnership against Cybersecurity. Team8’s CEO and co-founder and the former commander of Israeli intelligence outfit Unit 8200, Nadav Zafrir, has contributed to WEF Centre for Cybersecurity policy documents and WEF panels on the “Great Reset”. 

In addition, current FS-ISAC board member Laura Deaner, CISO of Northwestern Mutual, served asthe co-chair for the WEF’s Global Futures Council on Cybersecurity. Teresa Walsh, the current global head of intelligence for FS-ISAC, will be a speaker at the WEF’s Cyber Polygon 2021 regarding how to develop an international response to ransomware attacks. Walsh previously worked as an intelligence analyst for Citibank, JP Morgan Chase and the US Navy. 

The FS-ISAC’s recent report is worth looking at in detail for several reasons, with the main one being the sheer power and influence that its members, both known and unknown, hold over the current fiat-based financial system. The full report is exclusive to FS-ISAC members, but a “thematic summary” is publicly available.

The FS-ISAC’s recent report on “Navigating Cyber” in 2021 is “based on the contributions of our members and the resulting trend analysis by FS-ISAC’s Global Intelligence Office (GIO)” and includes several “predictions” for the current calendar year. The group’s GIO, led by Teresa Walsh, soon-to-be speaker at Cyber Polygon 2021, also “coordinates with other cybersecurity organizations, companies and agencies around the world” in addition to its intelligence gathering from FS-ISAC members.

At the beginning of 2020, when the COVID-19 crisis resulted in an overt push towards digitization, FS-ISAC launched a “new secure chat and intelligence sharing platform” that “provided a new way for members to discuss threats and security trends.” It is fair to assume that the private discussions on this platform directly informed this report. According to the recent FS-ISAC report, the main trends and threats discussed by its members through this service over the past year were “third party risks”, such as the risk presented by major hacks of third party service providers, like the SolarWinds hack, and “geopolitical tensions.”

The report contains several “predictions for 2021 and beyond.” The first of these predictions is that adversarial nation-states will team up with “the cybercriminal underworld” in order to “obfuscate their activity and complication attribution.” FS-ISAC does not provide evidence of this having happened, but supporting this claim makes it easier to blame state governments for the activities of cybercriminals when politically convenient without concrete evidence. This has happened on several occasions with recent high-profile hacks, most recently with SolarWinds. As noted in previous reporting, prominent companies that contract for the US government and military, like Microsoft, and intelligence-linked cybersecurity companies, are often the sole sources for such narratives in the past and, in those cases, do not provide evidence, instead qualifying such assertions as “likely” or probable.” Even mainstream outlets reporting on FS-ISAC’s “predictions” noted that “FS-ISAC did not point to specific examples of spies relying on such tradecraft in the past,” openly suggesting that there is little factual basis to support this claim. 

Other predictions focus on how third party service providers, such as SolarWinds and the more recently targeted Kaseya, will dominate, affecting potentially many thousands of companies across multiple sectors at once. However, the SolarWinds hack was not properly investigated, merely labeled by US intelligence as having “likely” ties to “Russian” state-linked actors despite no publicly available evidence to support that claim. Instead, the SolarWinds hack appears to have been related to its acquisition of an Israeli company funded by intelligence-linked firms, as discussed in this report from earlier this year. SolarWinds acquired the company, called Samanage, and integrated its software fully into its platform around the same time that the backdoor used to execute the hack was placed into the SolarWinds platform that was later compromised.

FS-ISAC also predicts that attacks will cross borders, continents, and verticals, with increasing speed. More specifically, it states that the cyber pandemic will begin with cyber criminals that “test attacks in one country and quickly scale up to multiple targets in other parts of the world.” FS-ISAC argues that it is therefore “critical to have a global view on cyber threats facing the sector in order to prepare and defend against them.”  Since FS-ISAC made this prediction, cyber attacks and especially ransomware have been occurring throughout the world and targeting different sectors at a much more rapid pace than has ever been seen before. For instance, following the Colonial Pipeline hack in early May, JapanNew Zealand, and Ireland all experienced major cyber attacks, followed by the JBS hack on June 1. The hack of Kaseya, believed by some to be just as consequential and damaging as SolarWinds, took place about a month later on July 2, affecting thousands of companies around the world.

The final, and perhaps the most important, of these predictions is that “economic drivers towards cybercrime will increase.” FS-ISAC claims that the current economic situation created by COVID-related lockdowns will “make cybercrime an ever more attractive alternative,” noting immediately afterwards that “dramatic increases in cryptocurrency valuation may drive threat actors to conduct campaigns capitalising on this market, including extortion campaigns against financial institutions and their customers.”

In other words, FS-ISAC views the increase in the value of cryptocurrency as a direct driver of cybercrime, implying that the value of cryptocurrency must be dealt with to reduce such criminal activities. However, the data does not fit these assertions as the use of cryptocurrency by cybercriminals is low and getting lower. For instance, one recent study found that only 0.34% of cryptocurrency transactions in 2020 were tied to criminal activity, down from 2% the year prior. Though the decrease may be due to a jump in cryptocurrency adoption, the overall percentage of crime-linked crypto transactions is incredibly low, a fact obviously known to FS-ISAC and its members.

However, cryptocurrency does present a threat to the plans by FS-ISAC members and its partners to begin producing digital currencies controlled either by approved private entities (like Russia’s Sbercoin) or central banks themselves (like China’s digital yuan). The success of that project depends on neutering the competition, which is likely why FS-ISAC subtitled its 2021 report as “the case for a global fincyber utility,” with such a utility framed as necessary to defend the financial services industry against cyber threats.

Cyber Pandemic

The WEF’s Partnership Against Cybercrime

Conveniently for FS-ISAC, there is already a project that hopes to soon become this very global fincyber utility – the WEF Partnership Against Cybercrime (WEF-PAC). Partners in WEF-PAC include some of the world’s largest banks and financial institutions, such as Bank of America, Banco Santander, Sberbank, UBS, Credit Suisse and the World Bank, as well as major payment processors such as Mastercard and PayPal. Also very significant is the presence of all of the “Big Four” global accounting firms: Deloitte, Ernst & Young, KPMG and PricewaterhouseCoopers.

Think tanks/non-profits, including the Council of EuropeThird Way and the Carnegie Endowment for International Peace as well as the WEF itself, are also among its members as are several national government agencies, like the US Department of Justice, FBI and Secret Service, the UK’s National Crime Agency and Israel’s National Cyber Directorate. International and regional law enforcement agencies, such as INTERPOL and EUROPOL, both of which are repeat participants in the WEF’s Cyber Polygon, are also involved. Silicon Valley is also well represented with the presence of Amazon, Microsoft, and Cisco, all three of which are also major US military and intelligence contractors. Cybersecurity companies founded by alumni and former commanders of Israeli intelligence services, such as Palo Alto Networks, Team8 and Check Point, are also prominent members. 

The Israeli intelligence angle is especially important when examining WEF-PAC, as one of its architects and the WEF’s current Head of Strategy for Cybersecurity is Tal Goldstein, though his biography on the WEF website seems to claim that he is Head of Strategy for the WEF as a whole. Goldstein is a veteran of Israeli military intelligence, having been recruited through Israel’s Talpiot program, which feeds high IQ teenagers in Israel into the upper echelons of elite Israeli military intelligence units with a focus on technology.  It is sometimes referred to as the IDF’s “MENSA” and was originally created by notorious Israeli spymaster Rafi Eitan. Eitan is best known as Jonathan Pollard’s handler and the mastermind behind the PROMIS software scandal, the most infamous Israeli intelligence operation conducted against Israel’s supposed “ally”, the United States. 

Due to its focus on technological ability, many Talpiot recruits subsequently serve in Israel’s Unit 8200, the signals intelligence unit of Israeli military intelligence that is often described as equivalent to the US’ NSA or the UK’s GCHQ, before moving into the private tech sector, including major Silicon Valley companies. Other Talpiot-Unit 8200 figures of note are one of the co-founders of Check Point, Marius Nacht, and Assaf Rappaport, who designed major aspects of Microsoft’s cloud services and later managed that division. Rappaport later came to manage much of Microsoft’s research and development until his abrupt departure early last year.

In addition to his past as a Talpiot recruit and 8 years in Israeli military intelligence, the WEF’s Tal Goldstein had played a key role in establishing Israel’s National Cyber Bureau, now part of Israel’s National Cyber Directorate, now a WEF-PAC partner. The National Cyber Bureau was established in 2013 with the explicit purpose “to build and maintain the State of Israel’s national strength as an international leader in the field” of cybersecurity. According to Goldstein’s WEF biography, Goldstein led the formation of Israel’s entire national cybersecurity strategy with a focus on technology, international cooperation, and economic growth. 

Goldstein was thus also one of the key architects of the Israeli cybersecurity policy shift which took place in 2012, whereby intelligence operations formerly conducted “in house” by Mossad, Unit 8200 and other Israeli intelligence agencies would instead be conducted through private companies that act as fronts for those intelligence agencies. One admitted example of such a front company is Black Cube, which was created by the Mossad to act explicitly as its “private sector” branch. In 2019, Israeli officials involved in drafting and executing that policy openly yet anonymously admitted to the policy’s existence in Israeli media reports. One of the supposed goals of the policy was to prevent countries like the US from ever boycotting Israel in any meaningful way for violations of human rights and international law by seeding prominent multinational tech companies, such as those based in Silicon Valley, with Israeli intelligence front companies. This effort was directly facilitated by American billionaire Paul Singer, who set up Start Up Nation Central with Benjamin Netanyahu’s main economic adviser and a top AIPAC official in 2012 to facilitate the incorporation of Israeli start-ups into American companies.

Goldstein’s selection by the WEF as head of strategy for its cybersecurity efforts suggests that Israeli intelligence agencies, as well as Israeli military agencies focused on cybersecurity, will likely play an outsized role in WEF-PAC’s efforts, particularly its ambition to create a new global governance structure for the internet. In addition, Goldstein’s past in developing a policy whereby private companies acted as conduits for intelligence operations is of obvious concern given the WEF’s interest in simulating and promoting an imminent “cyber pandemic” in the wake of the COVID crisis. Given that the WEF had simulated a scenario much like COVID prior to its onset through Event 201, having someone like Goldstein as the WEF’s head of strategy for all things cyber ahead of an alleged “cyber pandemic” is cause for concern.

A Global Threat to Justify a Global “Solution”

Last November, around the same time the WEF-Carnegie report was released, the WEF-PAC produced its own “insight report” aimed at “shaping the future of cybersecurity and digital trust.” Chiefly written by the WEF’s Tal Goldstein alongside executives from Microsoft, the Cyber Threat Alliance, and Fortinet, the report offers “a first step towards establishing a global architecture for cooperation” as part of a global “paradigm shift” in how cybercrime is addressed.

The foreword was authored by Jürgen Stock, the Secretary-General of INTERPOL, who had participated in last year’s Cyber Polygon exercise and will also participate in this year’s Cyber Polygon as well. Stock claims in the report that “a public-private partnership against cybercrime is the only way to gain an edge over cybercriminals” (emphasis added). Not unlike the WEF-Carnegie report, Stock asserts that only by ensuring that large corporations work hand in glove with law enforcement agencies “can we effectively respond to the cybercrime threat.”

The report first seeks to define the threat and focuses specifically on the alleged connection between cryptocurrencies, privacy enhancing technology, and cybercrime. It asserts that “cybercriminals abuse encryption, cryptocurrencies, anonymity services and other technologies”, even though their use is hardly exclusive to criminals. The report then states that, in addition to financially motivated cybercriminals, cybercriminals also include those who use those technologies to “uphold terrorism” and “spread disinformation to destabilize governments and democracies”. 

While the majority of the report’s discussion on the cybercrime threat focuses on ransomware, the WEF-PAC’s inclusion of “disinformation” highlights the fact that the WEF and their partners view cybercriminals through a much broader lens. This, of course, also means that the methods to combat cybercrime contained within the report could be used to target those who “spread disinformation”, not just ransomware and related attacks, meaning that such “disinformation” spreaders could see their use of cryptocurrency, encryption, etc. restricted by the rules and regulations WEF-PAC seeks to promote. However, the report promotes the use of privacy-enhancing technologies for WEF-PAC members, a clear double standard that reveals that this group sees privacy as something for the powerful and not for the general public.

This broad definition of “cybercriminal” conveniently dovetails with the Biden administration’s recent “domestic terror” strategy, which similarly has a very broad definition of who is a “domestic terrorist.” The Biden administration’s strategy is also not exclusive to the US, but a multinational framework that is poised to be used to censor and criminalize critics of the WEF stakeholder capitalism model as well as those deemed to hold “anti-government” and “anti-authority” viewpoints. 

The WEF-PAC report, which was published several months before the US strategy, has other parallels with the new Biden administration policy, such as its call to crack down on the use of anonymity software by those deemed “cybercriminals” and calling for “international information sharing and cross-border operational cooperation,” even if that cooperation is “not always aligned with existing legislative and operational frameworks.” In addition, the Biden administration’s strategy concludes by noting that it is part of a broader US government effort to “restore faith” in public institutions. Similarly, the WEF-PAC report frames combatting all types of activities they define as cybercrime necessary to improving “digital trust”, the lack of which is “greatly undermining the benefits of cyberspace and hindering international cyber stability efforts.”

In discussing “solutions”, the WEF-PAC calls for the global targeting of “infrastructures and assets” deemed to facilitate cybercrime, including those which enable ransomware “revenue streams”, i.e. privacy-minded cryptocurrencies, and enable “the promotion of illegal sites and the hosting of criminal content.” In another section, it discusses seizing websites of “cybercriminals” as an attractive possibility. Given that this document includes online “disinformation” as cybercrime, this could potentially see independent media websites and the infrastructure that allows them to operate (i.e. video sharing platforms that do not censor, etc.) emerge as targets.

The report continues, stating that “in order to reduce the global impact of cybercrime and to systematically restrain cybercriminals, cybercrime must be confronted at its source by raising the cost of conducting cybercrimes, cutting the activities’ profitability and deterring criminals by increasing the direct risk they face.” It then argues, unsurprisingly, that because the cybercrime threat is global in scope, it’s “solution must also be a globally coordinated effort” and says the main way to achieve this involves “harnessing the private sector to work side by side with law enforcement officials.” This is very similar to the conclusions of the WEF-Carnegie report, released around the same time as the WEF-PAC report, which called for private banks to work alongside law enforcement and intelligence agencies as well as their regulators to “protect” the global financial system from cybercriminals.

The Framework for a Global Cyber Utility

This global coordination, per the WEF-PAC, should be based around a new global system uniting law enforcement agencies from around the world with cybersecurity companies, large corporations such as banks, and other “stakeholders.” 

The stakeholders that will make up this new entity, the structure of which will be discussed shortly, is based around 6 founding principles, several of which are significant. For example, the first principle is to “embrace a shared narrative for collective action against cybercrime.” Per the report, this principle involves the stakeholders comprising this organization having “joint ownership of a shared narrative and objective for the greater good of reducing cybercrime across all industries and globally.” The second principle involves the stakeholders basing their cooperation on “long-term strategic alignment.” The fifth principle involves “ensuring value for participating in the cooperation”, with such that “value” or benefit being “aligned with the public and private sectors’ strategic interests.” In other words, the stakeholders of this global cyber utility will be united in their commitment to a common, public-facing “narrative” that serves their organizations’ “strategic interests” over the long term. The decision to emphasize the term “shared narrative” is important as a narrative is merely a story that does not necessarily need to reflect the truth of the situation, thus suggesting that stakeholders merely be consistent in their public statements so they all fit the agreed upon narrative. 

Many organizations that are related to or are formally part of WEF-PAC are deeply invested in Central Bank Digital Currencies (CBDCs) as well as efforts to digitalize and thus more easily control nearly every sector of the global economy and to regulate the internet. Therefore, it is reasonable to conclude that many of these groups may look to justify regulations and other measures that will advance these agendas in which they have long-term “strategic interests” through the promotion of a “shared narrative” that is deemed most palatable to the general public, but not necessarily based in fact. Business is business, after all.

The WEF-PAC report concludes with its three-tier model for “a global architecture for public-private cooperation against cybercrime.” The top level of this system is referred to as the “global partnership”, which will build on the existing WEF-PAC and will “bring together international stakeholders to provide an overarching narrative and commitment to cooperate; foster interaction within a global network of entities that drive efforts to fight cybercrime; and facilitate strategic dialogues and processes aiming to support cooperation and overcome barriers in the long term.” 

Elsewhere in the report it notes that chief among these “barriers” are existing pieces of legislation in many countries that prohibit law enforcement agencies and government regulators from essentially fusing their operations with private sector entities, particularly those they are meant to either oversee or prosecute for wrongdoing. In addition, the report states that this “global partnership” would focus on fostering “a shared narrative to increase commitment and affiliation”, amplifying “operational cooperation” between the public and private sectors and improving “stakeholders’ understanding of respective interests, needs, goals, priorities and constraints.”

The second level of this system is called “permanent nodes” in the report. These are defined as “a global network of existing organizations that strive to facilitate public-private cooperation over time.” The main candidates to occupy the role of “permanent nodes” are “non-profit organizations that are already spurring cooperation between private companies and law enforcement agencies,” specifically the Cyber Threat Alliance and the Global Cyber Alliance. Both are discussed in detail in the next section. Other potential “permanent nodes” mentioned in the report are INTERPOL, EURPOL and, of course, FS-ISAC. While the top level “global partnership” represents the “strategic level” of the organization, the “permanent node” level represents the “coordination level” as the nodes would supply necessary infrastructure, operational rules, and management, as well as “strategic dialogue” among member organizations.

FS-ISAC

The permanent nodes would directly enable the third level of the organization, which are referred to as “Threat Focus Cells” and are defined as representing the organization’s “operational level.” The WEF-PAC defines these cells as “temporary trust groups consisting of both public- and private-sector organizations and they would focus on discreet cybercrime targets or issues.” Per the report, each cell “would be led jointly by a private-sector participant, a law enforcement participant and a designated representative” of the permanent node that is sponsoring the cell. 

Ideally, it states that cells should have between 10 to 15 participants and that “private-sector participants would typically represent organizations that can act to enhance cybersecurity on behalf of large constituencies, that have unique access to relevant cybersecurity information and threat intelligence, or that can contribute on an ecosystem-wide basis.” Thus, only massive corporations need apply. In addition, it states that law enforcement members of threat cells should “represent national-level agencies” or hail from “network defence or sector-specific agencies” at the national, regional or international level. Cell activities would range from “scouting a new threat” to “an infrastructure takedown” to “arrests.”

The WEF-PAC concludes by stating that “in the coming months, the Partnership against Cybercrime Working Group will continue to prepare the implementation of these concepts and widen the scope of the initiative’s efforts”, including by inviting “leading companies and law enforcement agencies” to pledge their commitment to the WEF-PAC’s efforts. It then states that “the suggested architecture could eventually evolve into a newly envisioned, independent Alliance to Combat Global Cybercrime.” “In the interim,” it continues, “the World Economic Forum and key stakeholders will work together to promote the desired processes and assess the validity of the concept.”

Meet the “Nodes”

Among the organizations that the WEF-PAC highlights as shoo-in candidates for “permanent nodes” in their proposal for a global cyber utility, there are two that stand out and are worth examining in detail. They are the Cyber Threat Alliance (CTA) and the Global Cyber Alliance (GCA), both of which are formal members of the WEF-PAC.

The Cyber Threat Alliance (CTA) was initially founded by the companies Fortinet and Palo Alto Networks in May 2014, before McAfee and Symantec joined CTA as co-founders that September. Today, Fortinet and Palo Alto Networks are charter members alongside Check Point and Cisco, while Symantec and McAfee are affiliate members alongside Verizon, Sophos and Avast, among several others. The mission of CTA is to allow for information sharing among its many partners, members, and affiliates in order to “allow the sharing of threat intelligence to better protect their customers against cyberattacks and to make the defense ecosystem more effective,” according to CTA’s current chief executive. CTA, per their website, also focuses on “advocacy” aimed at informing policy initiatives of governments around the world.

CTA is directly partnered with FS-ISAC and the WEF-PAC as well as the hawkish, US-based think tank the Aspen Institute, which is heavily funded by the Bill and Melinda Gates Foundation and the Carnegie Corporation. Other partners include: MITRE Engenuity, the “tech foundation for public good” of the secretive US intelligence and military contractor MITRE; the Cyber Peace Institute, a think tank seeking “peace and justice in cyberspace” that is largely funded by Microsoft and Mastercard (both of which are WEF partners and key players in ID2020); the Cybersecurity Coalition, whose members include Palo Alto Networks, Israeli intelligence front company Cybereasonintelligence and military operative Amit Yoran’s Tenable, Intel, AT&T, Google, McAfee, Microsoft, Avast and Cisco, among others; the Cybercrime Support Network, a non-profit funded by AT&T, Verizon, Google, Cisco, Comcast, Google and Microsoft, among others; and the Global Cyber Alliance, to be discussed shortly. Another key partner is the Institute for Security and Technology (IST), which has numerous ties to the US military, particularly DARPA, and the US National Security State, including the CIA’s In-Q-Tel. The CEO of the Cyber Peace Institute, Stéphane Duguin, was a participant in Cyber Polygon 2020, and the CEO of the Cybercrime Support Network, Kristin Judge, contributed to the WEF-PAC report. Some of the CTA’s partners are listed in the WEF-PAC report as other potential “permanent nodes.”

The CTA is led by Michael Daniel, who co-wrote the WEF-PAC report with Tal Goldstein. Daniel, immediately prior to joining CTA as its top executive in early 2017, was a Special Assistant to former President Obama and the Cybersecurity coordinator of Obama’s National Security Council. In that capacity, Daniel developed the foundations for the US government’s current national cybersecurity strategy, which includes partnerships with the private sector, NGOs and foreign governments. Daniel has stated that some of his cybersecurity views at CTA are drawn “in part on the wisdom of Henry Kissinger” and he has been an agenda contributor to the WEF since his time in the Obama administration. Daniel is one of Cyber Polygon 2021’s experts and will be speaking alongside Teresa Walsh of FS-ISAC and Craig Jones of INTERPOL on how to develop an international response to ransomware attacks.

The fact that CTA was founded by Fortinet and Palo Alto Networks is notable as both companies are intimately related. Fortinet’s founder Ken Xie, who sits on CTA’s board and is a founding member and advisor to the WEF’s Centre for Cybersecurity, previously founded and then ran NetScreen Technologies, where Palo Alto Network’s founder, Nir Zuk, worked after his earlier company OneSecure was acquired by NetScreen in 2002. Zuk is an alumni of Israeli intelligence’s Unit 8200and was recruited directly out of that unit in 1994 by Check Point, a CTA charter member, WEF-PAC member and tech company founded by Unit 8200 alumni. Zuk has been open about maintaining close ties to the Israeli government while operating the California-based Palo Alto Networks. Fortinet, for its part, is known for hiring former US intelligence officials, including former top NSA officials. Fortinet is a US government and US military contractor and came under scrutiny in 2016 after a whistleblower filed suit against the company for illegally selling the US military technological products that had been disguised in order to appear as American-made, but were actually made in China. Fortinet’s Derek Manky is one of the co-authors of the WEF-PAC report.

Check Point’s co-founder and current CEO, Gil Shwed, currently sits on CTA’s board of directors and is also a WEF “Global Leader for Tomorrow”, in addition to his longstanding ties to the Israeli National Security State and his past work for Unit 8200. Another Check Point top executive, Dorit Dor, is a member of the WEF Centre for Cybersecurity and a speaker at Cyber Polygon 2021, where she will speak on protecting supply chains. Gil Shwed, over the past few weeks, has been making numerous appearances on US cable television news to warn that a “cyber pandemic” is imminent. In addition to those appearances, Shwed produced a video on June 23rd asking “Is a Cyber Pandemic Coming?”, in which Shwed answers with a resounding yes. The term “cyber pandemic” first emerged on the scene last year during WEF chairman Klaus Schwab’s opening speech at the first WEF Cyber Polygon simulation and it is notable that the WEF-connected Shwed uses the same terminology. Schwab also stated in that speech that the comprehensive cyber attacks that would comprise this “cyber pandemic” would make the COVID-19 crisis appear to be “a small disturbance in comparison.”

In addition to CTA, another international alliance named by the WEF-PAC as a “permanent node” candidate is the Global Cyber Alliance (GCA). The GCA was reportedly the idea of Manhattan District Attorney Cyrus Vance Jr. who “knew that there had to be a better way to confront the cybercrime epidemic” back in 2015. GCA was born through discussions Vance held with William Pelgrin, former President and CEO of the Center for Internet Security (CIS) and one of New York Governor Andrew Cuomo’s top cyber advisors. Pelgrin and Vance later approached Adrian Leppard, the then- police commissioner of the City of London, the controversial financial center of the UK. Unsurprisingly, CityUK, the City of London’s main financial lobby group, is a member of the GCA. 

If one is familiar with Cyrus Vance’s time as Manhattan DA, his interest in meaningfully pursuing crime, particularly if committed by the wealthy and powerful, is laughable. Vance infamously dropped cases against and/or declined to prosecute powerful New York figures, including Donald Trump’s children and Harvey Weinstein, subsequently receiving massive donations to his re-election campaigns from Trump family and Weinstein lawyers. His office also once lobbied a New York court on behalf of intelligence-linked pedophile Jeffrey Epstein, who was seeking at the time to have his registered sex offender status downgraded. Vance’s office later U-turned in regards to Weinstein and Epstein after more and more accusers came forward and after considerable press attention was paid to their misdeeds. Vance also came under scrutiny after dropping charges against former head of the International Monetary Fund (IMF), Dominique Strauss-Kahn, for the sexual assault of a hotel maid.

Vance used $25 million in criminal asset forfeiture funds to create GCA, in addition to funding from Pelgrin’s CIS and the Leppard-run City of London police. Its official yet opaque purpose is “to reduce cyber risk” on a global scale in order to create “a secure, trustworthy internet.” Their means of accomplishing this purpose is equally vague as they claim to “approach this challenge by building partnerships and creating a global community that stands strong together.” For all intents and purposes, GCA is a massive organization whose members seek to create a more regulated, less anonymous internet. 

The role of the Center for Internet Security (CIS) in the GCA is highly significant, as CIS is the non-profit that manages key bodies involved in the maintenance of critical US infrastructure, including for US state and local governments and for federal, state and local elections. CIS, which is also partnered with CTA, also works closely with the main groups responsible for protecting the US power grid and water supply systems and is also directly partnered with the Department of Homeland Security (DHS). Its board of directors, in addition to William Pelgrin, includes former high-ranking military and intelligence operatives (i.e. the aforementioned Amit Yoran), former top officials at the DHS and the National Security Agency (NSA) and one of the main architects of US cyber policy under the administrations of both George W. Bush and Barack Obama. CIS was created through private meetings between “a small group of business and government leaders” who were members of the Cosmos Club, the “private social club” of the US political and scientific elite whose members have included three presidents, a dozen Supreme Court justices and numerous Nobel Prize winners.

GCA’s main funders are the founders listed above as well as the William and Flora Hewlett Foundation, the foundation of the co-founder of Hewlett-Packard (HP), a tech giant with deep ties to US intelligence; Craig Newmark Philanthropies, the “philanthropic” arm of the Craigslist founder’s influence empire; and Bloomberg, the media outlet owned by billionaire and former Mayor of New York Mike Bloomberg. GCA’s premium partners, which also fund GCA and secure a seat on GCA’s Strategic Advisory Committee, include Facebook, Mastercard, Microsoft, Intel, and PayPal as well as C. Hoare & Co., the UK’s oldest privately owned bank and the fifth oldest bank in the world. Other significant premium partners include the Public Interest Registry, which manages the .org domain for websites, and ICANN (the Internet Corporation for Assigned Names and Numbers), that manages much of the Internet’s global Domain Name System (DNS). Those two organizations together represent a significant portion of website domain name management globally. Notably, the founding chairwoman of ICANN was Esther Dyson, whose connections to Jeffrey Epstein and the Edge Foundation were discussed in a recent Unlimited Hangout investigation.

In terms of partners, GCA is much larger than CTA and other such alliances, most of which are themselves partners of GCA. Indeed, nearly every partner of CTA, including the CTA itself are part of the GCA as is CTA co-founder Palo Alto Networks. GCA’s partners include several international law enforcement agencies including: the National Police, National Gendarmerie and Ministry of Justice of France, the Ministry of Justice of Lagos, the Royal Canadian Mounted Police, the UK Met Police, and the US Secret Service. The state governments of Michigan and New York are also partners. Several institutions and companies deeply tied to the US National Security State, such as Michael Chertoff’s the Chertoff Groupthe National Security Institute, and MITRE, are part of GCA as are some of the most controversial and intelligence-connected cybersecurity companies, such as Crowdstrike and Sepio Systems, another Unit 8200 alumni-founded company whose chairman of the board is former Mossad director Tamir Pardo. The Israeli intelligence-linked initiative CyberNYC is also a member. Major telecommunication companies like Verizon and Virgin are represented alongside some of the world’s largest banks, including Bank of America and Barclays, as well as FS-ISAC and the UK’s “most powerful financial lobby”, the CityUK.

Also crucial is the presence of several media organizations as partners, chief among them Bloomberg. Aside from Bloomberg and Craig Newmark Philanthropies (which funds several mainstream news outlets and “anti-fake news” initiatives), media outlets and organizations partnered with GCA include Free Press Unlimited (funded by George Soros’ Open Society Foundations, the European Union, and the US, Dutch, Belgian and UK governments), the Institute for Nonprofit News (funded by Craig Newmark, Pierre Omidyar’s Omidyar Network and George Soros’ Open Society Foundations, among others), and Report for America (funded by Craig Newmark Philanthropies, Facebook, Google and Bloomberg). PEN America, the well-known non-profit  and literary society focused on press freedom, is also a member. PEN has become much more closely aligned with US government policy and particularly the Democratic Party in recent years, likely owing to its current CEO being Suzanne Nossel, a former deputy Assistant Secretary of State for International Organizations at the Hillary Clinton-run State Department. The many other members of GCA can all be found here.

 The End of Anonymity

The considerable involvement of some of the most powerful corporations in the world from some of the most critical sectors that underpin the current economy, as well as non-profits that manage key internet, government and utility infrastructure in these organizations that comprise WEF-PAC is highly significant and also concerning for more than a few reasons. Indeed, if all were to follow the call to form a “shared narrative”, whether it is true or not, in pursuit of long-term “strategic interests”, which the WEF and many of its partners directly relate to the rapid implementation of the 4thIndustrial Revolution via the “Great Reset”, the WEF-PAC  global cyber utility could emerge sooner rather than later. 

As evidenced by the architecture put forth by WEF-PAC, the power that organization would have over the public and private sectors is considerable. Such an organization, once established, could usher in long-standing efforts to both require a digital ID to access and use the internet as well as eliminate the ability to conduct anonymous financial transactions. Both policies would advance the overarching goal of both the WEF and many corporations and governments to usher in a new age of unprecedented surveillance of ordinary citizens.

The effort to eliminate anonymous transactions in digital currency has become very overt in some countries in recent weeks, particularly in the US. For instance, Anne Neuberger, current Deputy National Security Adviser who has deep ties to the US-Israel lobby, stated on June 29 that the Biden administration was considering obtaining more “visibility” into ransomware groups’ activities, particularly anonymous cryptocurrency transactions. Such efforts could easily cross the line into state surveillance of any and all Americans’ online crypto transactions, especially given the US government’s history of habitually engaging in surveillance overreach in the post-9/11 era. One specific possibility mentioned by Neuberger was to prohibit companies from keeping crypto payments of concern secret, suggesting possible, imminent regulation of cryptocurrency exchanges. Current efforts, per Neuberger, also include an effort to build “an international coalition” against ransomware, which will likely tie into WEF-PAC given that the FBI, DOJ and US Secret Service are already members. 

Neuberger also stated that the recent public-private partnership that took down the Trickbot botnet “should be the kind of operation used to tackle ransomware gangs in the future.” However, that effort, led by WEF partner Microsoftpreemptively took down a network of computers “out of fear that hackers could deploy [that network] to launch ransomware attacks to inhibit election-supporting IT systems” ahead of the US election. Using Trickbot as the model for future ransomware operations means opening the door to companies like Microsoft taking preemptive action against infrastructure used by people that the government and private sector “fear” may engage in “cybercrime” at some point in the future.

Notably, on the same day as Neuberger’s statements, Congressional representative Bill Foster (D-IL) told Axios that “there’s significant sentiment in Congress that if you’re participating in an anonymous crypto transaction that you are a de facto participant in a criminal conspiracy.” Coming from Rep. Foster, this is quite significant as he is a member of the Financial Services Committee, the Blockchain Caucus and a recently formed Congressional working group on cryptocurrency. His decision to use the phrase “anonymous crypto transaction” as opposed to a transaction linked to ransomware or criminal activity is also significant, as it suggests that the possibility that complete anonymity is seen to be the target of coming efforts to regulate the crypto space by the US Congress. While Foster claims to oppose a “completely surveilled environment” for crypto, he qualifies that by stating that “you have to be able to unmask and potentially reverse those [crypto] transactions.” However, if this becomes government policy, it will mean the only group allowed to have complete anonymity in online financial transactions will be the State and will open the door to the government’s abuse of “unmasking”, which the US government has done in numerous instances over the years through the systematic abuse of FISA warrants.

It is also important to mention that the US is hardly alone in its effort to wipe out online financial anonymity in the crypto world, as several governments that are supporting Central Bank Digital Currency (CBDC) projects, which includes the US, are either moving towards or have already cracked down on the crypto space. For example, soon after China introduced the “digital yuan”, it cracked down on bitcoin miners and companies that provide services, including ads and marketing, to crypto-related entities. This had major implications for the crypto market and resulted in a considerable reduction in bitcoin’s value, which it has yet to fully recover. It is reasonable to assume that other governments will work to aggressively regulate or even ban crypto markets following the introduction of their CBDC projects in order to force widespread adoption of the digital currency favored by the State. It is also worth highlighting the additional fact that, as China introduced the digital yuan, it also sought to crackdown on cash, stating that the anonymity offered by cash – much like anonymous crypto transactions – could also be used for “illicit activity.”

However, there are some obvious holes in the WEF-PAC’s narratives and justifications for its “solutions.” For example, even if cryptocurrencies are banned or heavily regulated, it is unlikely that this will end cyber attacks, with hackers likely finding a new way to conduct operations that provide them with some sort of financial benefit. Cyber attacks and cybercrime precede the creation of crypto considerably and would continue even if crypto were somehow magically removed from the equation.

In addition, there has been speculation about the nature of the 3 big hacks that took place over the past year: SolarWinds, Colonial and JBS. In the case of SolarWinds, attribution of blame to “Russian hackers” came down to CIA-linked cybersecurity firm FireEye claiming that the “disciplined” methodology of the hackers could only possibly have been individuals tied to Russia’s government and because FireEye’s CEO received a postcard he “suspects” was Russian in origin. Left uninvestigated was the firm Samanage, which is linked to the same intelligence networks in which the WEF’s current head of cyber strategy worked for years. 

Regarding the Colonial pipeline hack, there is the fact that the original narrative was later proven false, as the pipeline itself remained functional, but services were halted due to the company’s concerns about their ability to bill customers properly. In addition, the US Department of Justice managed to seize the vast majority of the bitcoin ransomware payment Colonial had made, suggesting that extreme regulation of the crypto market may not actually be necessary to deter cybercriminals or recuperate ransomware payments. Surely, WEF-PAC is aware of this because the US Department of Justice is one of its members. 

With the JBS hack, there is the fact that the company, the world’s largest meats processor, had partnered with the WEF just months before regarding the need to reduce meat consumption and had begun to heavily invest and acquire non-animal-based alternatives. Blackrock, a major WEF partner, is the 3rd largest shareholder in JBS. Notably, after the hack, the situation was quickly used to warn of upcoming, widespread meat shortages, even though the disruption of the hack paused operations for just one day. In addition, the JBS hack was supposedly executed by “Russian hackers” being given “safe haven” by Russia’s government. However, JBS somehow has no problem partnering the WEF, which co-hosts Cyber Polygon alongside the cybersecurity subsidiary of Sberbank, which is majority owned by the same Russian government supposedly enabling JBS’ hackers.

In addition to the effort to regulate crypto, there is also a push by WEF-partnered governments to end privacy and the potential for anonymity on the internet in general, by linking government-issued IDs to internet access. This would allow every piece of online content accessed to be surveilled, as well as every post or comment authored by each citizen, supposedly to ensure that no citizen can engage in “criminal” activity online. This policy is part of an older effort, particularly in the US, where creating a nationwide “Driver’s License for the Internet” was proposed and then piloted by the Obama administration. The European Union made a similar effort to require government-issued IDs for social media access a few years later. 

The UK also launched its Verify digital ID program around the same time, something which former UK Prime Minister and WEF associate Tony Blair has been pushing aggressively to have expanded into a compulsory requirement in recent months. Then, just last month, the EU implemented asweeping, new digital ID service that could easily be expanded to fit with the Union’s past efforts to link such IDs to access to online services. As Unlimited Hangout noted earlier this year, the infrastructure for many of these digital IDs, as well as vaccine passports, have been set up so that they are also eventually linked to financial activity and potentially online activity as well. 

Ultimately, what WEF-PAC represents is a global organization that aims to neuter anonymity online, whether for financial purposes or for browsing and other activities. It is a global effort combining powerful governments and corporations that seeks to usher in a new age of surveillance that makes such surveillance a requirement to participate in the online world or use online services. It is being sold to the public as the only way to stop a coming “pandemic” of cybercrime, a crisis taking place largely in murky parts of the internet that few understand or have any direct experience with. Having to rely on State intelligence agencies and intelligence-linked cybersecurity firms for attribution of these crimes, it has never been easier for corrupt actors in those agencies or their partners to either manufacture or manipulate a crisis that could upend online freedom as we have known it, something these very groups have sought to implement for years.

All of this should serve as a poignant reminder that, as much as our lives have become interconnected with the internet and online activity, the fight to protect human freedom, dignity and liberty against a predatory, global oligarchy is fundamentally one that must take place in the real world, not only online. May the coming “cyber war”, whatever form it takes, remind many that online activism must be accompanied by real world actions and organizing.

Author:

Whitney Webb

Whitney Webb is a staff writer for The Last American Vagabond. She has previously written for Mintpress News, Ben Swann's Truth In Media. Her work has appeared on Global Research, the Ron Paul Institute and 21st Century Wire, among others. She currently lives with her family in southern Chile. https://www.thelastamericanvagabond.com/category/whitney-webb/

Related

WEF

WEF Warns of Cyber Attack Leading to Systemic Collapse of the Global Financial System - April 7, 2021

 

power grid

Why Are 'Conspiracy Theorists' Worried About an Impending Power Grid Failure? - July 1, 2021

 

ransomware

24 Hours Later: "Unprecedented" Fallout From "Biggest Ransomware Attack In History" - May 13, 2017

===

===

MUST READ ALSO:

 You Will be Subject to Total Control III
Global Vaccine Passports Have Arrived Courtesy of Google, EU UPDATE 29. June 2021: Vaccine passports: It's all over! UK Cabinet agrees it's time to 'live with Covid'... and you ...
You Will be Subject to Total Control II
... and credit cards, transit passes, and more.  Under the guise of aiding the marginalized and protecting their civil liberties, despotic technocrats will be able to use digital IDs to control access ...
 
You Will be Subject to Total Control
... legal process for addressing violations of European values. The EU Commission has stated that the Polish judiciary is under “the political control of the ruling majority. In the absence of judicial independence, ...

===

UPDATES:

THE BIOMETRIC ID ENDGAME

First published on BITCHUTE July 19th, 2021.

 

BANNED.VIDEO

Infowars

Because a few are addicted to the narcotic of power like hopeless opium junkies the new normal dictates that freedom must be relegated to the dust bin of history.

But it isn’t merely a temporary tyranny. These lunatics are driving humanity towards the end game implementation of the biometric I.D. Enslavement plan war gamed 11 years ago by the Rockefeller Foundation’s Operation Lockstep which has almost completely unfolded as it was written. The implementation of a full blown biometric ID system won’t merely address the fears of the COVID cult. It will enslave humanity in utilizing numerous levels of technocracy.

===

Amazon Shuts Down NSO Group Infrastructure

The move comes as activist and media organizations publish new findings on the Israeli surveillance vendor.

 

IMAGE: JASON ALDEN/BLOOMBERG VIA GETTY IMAGES

By Joseph Cox - 19. July 2021

Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli surveillance vendor NSO Group, Amazon said in a statement.

The move comes as a group of media outlets and activist organizations published new research into NSO's malware and phone numbers potentially selected for targeting by NSO's government clients.

"When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts," an AWS spokesperson told Motherboard in an email.

Amnesty International published a forensic investigation on Sunday that, among other things, determined that NSO customers have had access to zero-day attacks in Apple's iMessage as recently as this year. As part of that research, Amnesty wrote that a phone infected with NSO's Pegasus malware sent information "to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months." The Amnesty report included part of the same statement from Amazon, showing Amnesty contacted the company before publication.

Citizen Lab, in a peer review of Amnesty's findings, said in its own post that the group "independently observed NSO Group begin to make extensive use of Amazon services including CloudFront in 2021."

Do you work at NSO Group, did you used to, or do you know anything else about the company? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on , or email .

CloudFront is a content delivery network (CDN) that allows customers, in this case NSO, to more quickly and reliably deliver content to users. 

"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment," CloudFront's website reads.

CloudFront infrastructure was used in deployments of NSO's malware against targets, including on the phone of a French human rights lawyer, according to Amnesty's report. The move to CloudFront also protects NSO somewhat from researchers or other third parties trying to unearth the company's infrastructure.

"The use of cloud services protects NSO Group from some Internet scanning techniques," Amnesty's report added.

Amazon has previously remained silent on NSO using its infrastructure. In May 2020 when Motherboard uncovered evidence that NSO had used Amazon infrastructure to deliver malware, Amazon did not respond to a request for comment asking if NSO had violated Amazon's terms of service.

The Amnesty report said NSO is also using services from other companies such as Digital Ocean, OVH, and Linode.

On Sunday, journalistic organization Forbidden Stories and its media partners published a series of stories based in part on a leak of more than 50,000 phone numbers that were allegedly selected by NSO's clients for potential surveillance.

In a statement to The Guardian, NSO said "NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets. NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers. Due to contractual and national security considerations, NSO cannot confirm or deny the identity of our government customers, as well as identity of customers of which we have shut down systems."

Joseph Cox

 

 

 

===

A private Israeli firm has helped governments hack journalists and human rights advocates

By Joseph Marks - 15. July 2021

An Israeli hacking-for-hire firm has helped government clients spy on more than 100 victims around the world, including politicians, dissidents, human rights activists, embassy workers and journalists, according to a Microsoft report.

graphical user interface: WhatsApp sued the most prominent spyware company, another Israeli firm called NSO, in U.S. federal court. T (AP Photo/Patrick Sison, File)© WhatsApp sued the most prominent spyware company, another Israeli firm called NSO, in U.S. federal court. T Patrick Sison/AP  (AP Photo/Patrick Sison, File)

The firm, which goes by the name Candiru, is part of a burgeoning industry of largely unregulated spyware companies that sell snooping technology to government intelligence services and law enforcement agencies — often with questionable human rights records.

Candiru has likely sold spying tools to governments in the Middle East and Asia, according to the cybersecurity research group Citizen Lab, which identified people targeted by Candiru’s malicious software and helped Microsoft compile its report. Those governments then use the spying tools independently.

The report comes amid roiling concern about the proliferation of cyberweapons once limited to a handful of nations that are now becoming far more widespread. In addition to helping authoritarian regimes spy on dissidents and adversaries, that growth has enabled a wave of criminal hacks, including ransomware campaigns that have disrupted U.S. oil supplies and meat production.

The Biden administration has moved aggressively to confront the ransomware epidemic, including threatening Russian President Vladimir Putin with severe consequences if he doesn’t crack down on criminal groups operating on Russian territory. But the United States has been far less aggressive about the proliferation of spyware.

Microsoft is part of a chorus of large tech firms that are increasingly criticizing the spyware industry and calling on governments to regulate their products through export bans and other measures. As part of its investigation, Microsoft patched major bugs that Candiru used to spy on its users.

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Cristin Goodwin, general manager of Microsoft’s Digital Security Unit, said in a blog post.

Citizen Lab researchers identified targets of Candiru’s spyware across the globe, suggesting governments are using the tool to target and silence citizens and critics living outside their borders. The group, which is based at the University of Toronto’s Munk School, found victims in Israel and the Palestinian territories, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia and Singapore.

“Every time we find one of these companies, it’s only a matter of time before we find abuses associated with them,” John Scott-Railton, a senior researcher at Citizen Lab, said. “We cannot allow authoritarian regimes to export self-censorship around the world, and that’s exactly what companies like Candiru are allowing them to do.”

The full capabilities of Candiru’s spying tools aren’t clear, but they probably allow users to intercept victims’ communications, steal their data, track their location and spy through microphones and cameras, Scott-Railton said. The tools were effective against both Windows and Mac computers, as well as iPhone and Android smartphones.

The researchers also found phony websites masquerading as international media, human rights organizations and other legitimate groups that were used to deliver Candiru spyware. Among them were phony sites that appeared to be affiliated with the Black Lives Matter movement and sites related to gender equality.

Spyware firms have effectively leveled the playing field for countries that wish to spy on dissidents and government critics but lack the technical resources to develop their own spying tools.

Human rights advocates have accused such firms of running roughshod over civil liberties and enabling harassment and oppression of government opponents, though the firms say they only aid legitimate law enforcement and intelligence operations.

Candiru did not respond to emails seeking comment. A phone call to a company number was not answered.

The most significant tech response came in 2019, when WhatsApp sued the most prominent spyware company, another Israeli firm called NSO, in U.S. federal court. The Facebook affiliate claimed NSO acted illegally by helping governments hack hundreds of its customers, including journalists, human rights workers and women who had been targeted with online attacks.

Microsoft filed a brief supporting WhatsApp’s position in that case, which is still working its way through the legal system. An NSO surveillance tool was also implicated in spying on Washington Post contributing writer Jamal Khashoggi before he was killed by people affiliated with Saudi Arabia’s security services in 2018.

Far less is known about Candiru’s activities. The firm has maintained a high level of secrecy, including by changing its official corporate name four times during its six years in operation, according to a Citizen Lab report. The firm is now officially named Saito Tech Ltd., though it is still widely known as Candiru, the report states.

“Candiru has tried to remain in the shadows ever since its founding but there is no space in the shadows for companies that facilitate authoritarianism,” Bill Marczak, a senior fellow at Citizen Lab, said.

Microsoft is referring to Candiru’s activities under the name Sourgum, part of a naming convention it has developed to describe nongovernment hacking groups using the names of trees and shrubs. The company has a separate naming convention for hacking groups linked with national governments based on elements on the periodic table.

===

As U.S. Government Report Reveals Facial Recognition Tech Widely Used, WEF-Linked Israeli Facial Recognition Firm Raises $235 Million

By Derrick Broze - 09. July 2021

In June the U.S. Government Accountability Office released a report detailing the widespread use of facial recognition technology, including law enforcement using databases of faceprints from government agencies and private firms. Privacy and civil rights organizations have been warning for the last few years that the use of facial recognition technology was a digital Wild West with little to no regulation determining the limits of the tech.

facial recognition

Now, the GAO’s new report shows that at least twenty of the forty-two U.S. government agencies surveyed have used the technology. These departments include those associated with law enforcement – the FBI, Secret Service, US Immigration and Customs Enforcement, US Capitol Police, Federal Bureau of Prisons, and the Drug Enforcement Administration – as well as less obvious departments such as the U.S. Postal Service, the Fish and Wildlife Service and NASA.

Six U.S. agencies admitted to using facial recognition on people who attended the protests after the killing of George Floyd in May 2020. The report states that the agencies claim they only used the tech on people accused of breaking the law.

“Thirteen federal agencies do not have awareness of what non-federal systems with facial recognition technology are used by employees,” the report said. “These agencies have therefore not fully assessed the potential risks of using these systems, such as risks related to privacy and accuracy.”

The GAO calls for increased training for law enforcement, stating that such training could “reduce risks associated with analyst error and decision-making; understand and interpret the results they receive; raise awareness of cognitive bias and improve objectivity; and increase consistency across agencies.” The GAO also calls for agencies to implement controls to better track what systems their employees are using.

While some of the U.S. government agencies have their own databases, the FBI’s database of faceprints is likely the most extensive, with some estimates at over 100 million faceprints. The U.S. government’s top law enforcement agency has been fighting to keep the database a secret since at least 2013.

Agencies have also used facial recognition databases from Amazon Rekognition, BI SmartLink, Giant Oak Social Technology, Clearview AI and Vigilant Solutions. By far, government agencies used technology from Clearview and Vigilant the most. The report provides further insight:

“Moreover, federal law enforcement can use non-government facial recognition service providers, such as Vigilant Solutions and Clearview AI. For example, law enforcement officers with a Clearview AI account can use a computer or smartphone to upload a photo of an unknown individual to Clearview AI’s facial recognition system. The system can return search results that show potential photos of the unknown individual, as well as links to the site where the photos were obtained (e.g., Facebook). According to Clearview AI, its system is only used to investigate crimes that have already occurred and not for real-time surveillance.”

The US Postal Inspection Service said it has used Clearview AI’s software to help track down people suspected of stealing and opening mail and stealing from Postal Service buildings. Altogether, ten agencies used Clearview AI between April 2018 and March 2020. The U.S. Capitol Police used the company’s tech to investigate suspects from the event at the Capitol on January 6th.

TLAV has previously reported on the dangers associated with facial recognition technology, and specifically, how Clearview AI’s technology was being used to target so-called domestic extremists.

In 2020, the NY Times wrote about Clearview’s efforts to gather, store, and sell faceprint data as “the end of privacy as we know it” and they are not wrong. This company has been capturing billions of faceprints from online photos and now claims to have the world’s largest facial recognition database. This gives Clearview the opportunity to sell customers access to all our faces to secretly target, identify, and track any of us. This could be for marketing and advertising purposes, but it could be for government and law enforcement surveillance of activists, journalists and organizers who are performing constitutionally protected activity. As the Mind Unleashed reported, Clearview is collecting data from unsuspecting social media users and the Chicago Police Department (CPD) is using the controversial facial recognition tool to pinpoint the identity of unknown suspects.

Clearview said in May it would stop selling its technology to private companies and instead provide it for use by law enforcement only – they have thus far made their technology available to some 2,400 law enforcement agencies across the United States. The American Civil Liberties Union has filed a lawsuit against Clearview, alleging that the company violated Illinois’ Biometric Information Privacy Act (BIPA), a state law that prohibits capturing individuals’ biometric identifiers without notice and consent.

While Vigilant Solutions is less well-known than Clearview, they are an essential part of the growing surveillance apparatus operated by private industry and shared with U.S. government agencies. The company is listed in the GAO report for their role in facial recognition technology, but they are widely known for their database of license plate records. In 2018 it was revealed that Vigilant Solutions signed a contract with U.S. Immigration and Customs Enforcement (ICE) making the controversial agency the latest of several federal agencies who have access to billions of license plate records which can used for real-time location tracking.

Vigilant Solutions has more than 2 billion license plate photos in their database due to partnerships with vehicle repossession firms and local law enforcement agencies with vehicles equipped with cameras. Local law enforcement agencies typically use some version of an Automatic License Plate Reader. ALPRs are used to gather license plate, time, date, and location that can be used to create a detailed map of what individuals are doing. The devices can be attached to light poles, or toll booths, as well as on top of or inside law enforcement vehicles.

AnyVision, Softbank, and the Push Towards a Technocratic Surveillance Grid

While the GAO report stands as a warning to anyone paying attention, the reality is that facial recognition technology is already ubiquitous. Despite the warnings of privacy organizations the public has blindly walked into an era of facial recognition for opening your smart phone, while purchasing groceries, and for video games. Generally speaking, the public seems downright ignorant of the attacks on privacy taking place every single day.

The GAO report notes that places like San Francisco and Portland, Oregon have banned police from using facial recognition technology, and Amazon currently has a moratorium on selling their Rekognition program to law enforcement. Most recently, Maine has passed what is being called the strongest law against facial recognition in the country. (The law does allow law enforcement to make use of the federal databases mentioned in the GAO report.)

Will these steps be enough to stem the tide of facial recognition cameras intruding into every aspect of your life? Not likely.

In the month since the release of the GAO report we have seen Israeli facial recognition firm AnyVision raise $235 million in startup funding. AnyVision uses Artificial Intelligence techniques to identify people based on their faces. TechCrunch notes that“AnyVision said the funding will be used to continue developing its SDKs (software development kits), specifically to work in edge computing devices — smart cameras, body cameras, and chips that will be used in other devices — to increase the performance and speed of its systems.”

AnyVision has not been without controversy. A report in 2019 alleged that AnyVision’s technology was being secretly used by the Israeli government to run surveillance on Palestinians in the West Bank. AnyVision denied the claims. Another report published in The Markup, examined public records for AnyVision, including a user guidebook from 2019, which showed the company is collecting vast amounts of data. One report involved tracking children in a school district in Texas. AnyVision collected 5,000 student photos in just seven days.

An April report from Reuters detailed how many companies are using AnyVision’s technology today, including hospitals like Cedars Sinai in Los Angeles, retailers like Macy’s and energy giant BP. AnyVision was also the subject of a New York Times report in 2020 which highlighted how the company was partnering with Israel’s Defense Ministry to use its facial recognition technology to “detect COVID-19 cells”.

As further evidence that companies offering facial recognition technology are here to stay – and play a vital role in the Great Reset agenda – we need look no further than the institutions investing in AnyVision. The latest round of fundraising is being co-led by SoftBank’s Vision Fund 2 and Eldridge. Interestingly, AnyVision’s CEO Avi Golan is a former operating partner at SoftBank’s investment arm. Softbank is also a partner organization with the World Economic Forum, the international public-private organizations pushing for The Great Reset.

The reason this small detail matters is because the technocratic agenda being promoted by the fine folks at the WEF will absolutely involve a world of AI and facial recognition. The technology is ostensibly being used to catch criminals for the moment, but it’s also ripe for abuse by law enforcement agencies. Not to mention the larger role the technology will play in implementing future “social credit score” schemes, as seen in China.

The U.S. GAO is right to warn about the widespread use of this dangerous technology, but the fact is that it is already pervasive. It has become extremely difficult to avoid having your faceprint stolen and stored by both governmental agencies and private organizations. If we are to regain any semblance of privacy we must find a way to put an end to this technology before it is too late.

Derrick Broze, a staff writer for The Last American Vagabond, is a journalist, author, public speaker, and activist. He is the co-host of Free Thinker Radio on 90.1 Houston, as well as the founder of The Conscious Resistance Network & The Houston Free Thinkers. https://www.thelastamericanvagabond.com/category/derrick-broze/

Related

Facial Recognition

In The Aftermath of the Capitol Raid, The Facial Recognition Threat Persists - January 16, 2021

 

Surveillance

The Trump Admin Is Setting The Stage for a Biden Surveillance State - December 31, 2020

 

Biden

More Than 40 Organizations Call on Biden Administration To Abandon "Virtual Wall" Immigration Bill March 5, 2021

 

 

enafareucazh-CNcsfrdehiisgaitjaptruesswsvtrurcy
July 2021
S M T W T F S
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31