President-elect Donald Trump is a “high risk target” for cyber-espionage and intrusion, private sector cybersecurity experts and former intelligence officials say — a situation only heightened by recent reports suggesting that Trump continues to use an off-the-shelf smartphone that would be less secure than the customized Blackberry provided to President Barack Obama in 2009 by the NSA.
Due to the unique class of cyberattacks typically levied at world leaders and influential business leaders, Trump’s enigmatic device faces a considerable threat.
“First, there is the obvious risk of unencrypted calls, mobile messaging and Web browsing being intercepted and logged by hostile actors at the carrier level. Next, there could easily be censorship and monitoring capabilities in place on local Wi-Fi networks,” explained KoolSpan executive chairman Elad Yoran. “[The fact is that] there are corresponding defensive technologies and steps to mitigate all of these stages.”
Obama’s device was “stripped of most of its functionality to make way for extra layers of encryption,” IBTimes reported. The president himself previously said that his phone could not “take pictures, you can’t text, the phone doesn’t work … you can’t play your music on it.”
Attackers value a high-profile target’s mobile phone because of the incredible amount of personal and professional data it collects, explained NowSecure manager Sam Bakken.
“Your laptop doesn’t usually know precisely where you’re located, for example, but your phone does,” he said.
Hackers intent on breaching politicians and businessmen typically employ different tactics and resources to compromise their victims, said James Plouffe, lead solutions architect at MobileIron — a company which provides services to the CIA.
In short, high profile targets “don’t want to be at the back of the pack,” Rob Joyce, head of the NSA’s Tailored Access Operations unit, or TAO, said at the USENIX Enigma Conference last year. TAO is often described as employing some of the government’s best hackers; they’re tasked with gaining access to and exploiting foreign computer networks.
“Most cyber-crime is largely opportunistic but what’s at stake in these attacks is not the typical targets of payment card info or personally identifiable information, but corporate or even state secrets,” Plouffe said. “As simplistic as it may sound, the attackers will have more resources and work harder. They will have dedicated research and exploit-building teams, and they will look for any vulnerability they can use to get what they need.”
Repeated email and phone attempts to contact Trump’s Presidential Transition Team went unanswered. The Washington Post, Politico and New York Times have all similarly reported that Trump continues to use an off-the-shelf Android smartphone. The most recent report came just this week.
“The vast resources, patience and persistence of foreign intelligence and law enforcement agencies are the biggest differentiators. These entities’ targeting of groups and individuals — like government officials or business travelers, for example — is often very meticulous and narrow, by definition,” described Yoran, a former advisor to the FBI and U.S. Department of Homeland Security.
“Consider that these adversaries [likely] already have access to things like flight records, the agenda of the conference, where you are appearing, your hotel room details and possibly your co-workers’ personal information,” Yoran said, “an attacker with nation state infrastructure will try to target someone multiple times at different stages.”
On a diplomatic mission to Moscow in 2009, then White House speech writer Ben Rhodes returned to his hotel room to find unfamiliar men in suits rummaging through his belongings.
“I was working in the staff office, and I went back to my room to get something, and the cleaning lady was there and there were three guys in suits going through all my stuff or doing things in the room. As soon as I walked in, they put everything down and walked out of the room without saying anything,” Rhodes said in an interview with Time magazine.
Rhodes’ experience in Moscow underlines a different cyber-threat typically reserved for high value targets, security experts told CyberScoop: physical access and potential manipulation of an electronic device.
Control points such as customs and checkpoints, where an individual may be compelled to give up a device, is just one example of this threat.
“If the attacker can access the device unlocked, they can quickly extract the necessary information or simply install a piece of spyware to silently mine the data and send it to the attacker’s server,” said Alex Manea, director of BlackBerry Security, “Even a locked device can be very valuable to the attacker, as any unencrypted data can be dumped and analyzed by physically extracting the flash memory from the device.”
Broadly deployed phishing emails, malware-laden apps in open marketplaces and malicious links sent via text message tend to be the most common cyberattacks aimed specifically at smartphones.
“Many executives are receiving mobile malware remote access trojans in the form of spear phishing SMS messages from trusted friends in their contact list who are infected,” said Gary Miliefsky, CEO of SnoopWall. “One click on the wrong SMS attachment and you’re infected without knowing it. The phone then becomes a tracking device — GPS, microphone, webcam, etc.”
Milierfsky’s example — in which a hacker can imitate a known, trusted contact or organization to trick a target into downloading a virus — has been studied by researchers and witnessed in other instances.
“In the Pegasus spyware attacks the attackers used different domains that could appear to the casual observer to be real. They impersonate sites such as the International Committee for the Red Cross, the U.K. government’s visa application processing website, and a wide range of news organizations and major technology companies,” said Andrew Blaich, a researcher with Lookout Security. “Attackers take advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile.”
The Pegasus malware variant was first uncovered by Lookout Security in collaboration with Citizen Lab. The exploit was originally found lurking on the iPhone of a prominent Middle Eastern human rights activist. Researchers traced the digital weapon back to its creator, an Israeli security firm named the NSO Group — a global surveillance competitor to known spyware vendors like FinFisher and Hacking Team. Shortly after the security firm’s findings were published publicly, Apple released an operating system update to patch the newly discovered vulnerability that Pegasus had exploited.
“What high-value targets need to consider is that their attackers are going to be more persistent and better funded,” Plouffe said. “Pegasus [for example] was a piece of bespoke malware, built for high value targets and priced accordingly — roughly $25k per target, according to some estimates.”