Category: Full Text Articles – Audio Posts

As abusive uses of spyware continue to proliferate, countries such as the United States, the U.K., France, and Costa Rica have led several high-profile initiatives to respond to the threat. Alongside these efforts has been important work by regional organizations and United Nations entities. At the heart of all of these efforts is an emerging understanding of the existential risk spyware poses to democracy, human rights norms, and civil society.

The “Pall Mall Process,” which emerged from the U.K.-France Cyber Initiative, is the most intriguing of recent developments. An international initiative led by France and the U.K., it has brought in other countries, the private sector, and civil society to “tackl[e] the proliferation and irresponsible use of cyber intrusion capabilities.” Pall Mall reflects an emerging consensus among key States that inaction on spyware is no longer an option for democracies, and that the costs of misuse – both for the rule of law and for national security – are untenable.

Several thoughtful assessments of the Pall Mall Process highlight gaps, most notably the narrow focus on “commercially available” spyware which, by its very nature, fails to grapple with irresponsible use and proliferation by governments, as well as the vast expenditures of money supporting the development of spyware capacity with few restraints on design or export.

But the key question now, and particularly for a new British government, is how it and its French counterparts might assume more robust leadership with respect to global spyware regulation. If Pall Mall is not to be consigned to the scrap heap of talking points, France and the U.K. must become advocates for national regulation and regional and global coordinated action. In doing so, they can learn from the United States, which has leveraged a mix of targeted sanctions and export controls to restrict the reach of certain commercial spyware technologies.

Spyware Abuses and the Pall Mall Process

Thanks to investigations by advocacy groups such as Citizen Lab, Amnesty International, and others, it is indisputably clear that spyware technology has been opportunistically deployed, under the cover of national security, to target journalists, human rights defenders and opposition politicians, and on a scale that defies belief. Alongside these galvanizing concerns, countries will also be mindful of the risk that these technologies pose to their own security, should they continue to proliferate, including into the hands of recalcitrant governments, criminals, and U.N. designated terrorist organizations.

The question is: what more can countries like France and the U.K. do, building on their first commendable step in the form of the U.K.-France Cyber Initiative? It is crystal clear that the spyware scourge needs global, comprehensive, and broad-ranging regulation. An additional question is: how can this Anglo-Franco partnership on spyware be leveraged to help the European Union build on the comprehensive Pegasus report of the European Parliament and more firmly bring into focus for its members the importance of regulating spyware in a comprehensive and practical way domestically?

The Pall Mall Process culminated in a February 2024 London conference, and brought together an unusual mix of twenty-five States as well as the African Union and the Gulf Cooperation Council, a political, economic, and social union between six countries in the Middle East. Like Costa Rica’s call for a moratorium on the sale, use, and transfer of spyware, Pall Mall’s goal is to bring groups of States together to focus on collective action and build a network of governments united in their willingness to act. While Pall Mall has potential, it has yet to produce concrete results.

A unique feature of Pall Mall is that it also brought together industry (BAE Systems, Google, Meta, and Microsoft), civil society, and academics. The Process advertised its goals as “establish[ing] guiding principles and highlight[ing] policy options for States, industry and civil society in relation to the development, facilitation, purchase, and use of commercially available cyber intrusion capabilities.” The declaration explicitly recognized the indispensability of oversight, precision, transparency, and accountability, terms that have long been absent from regulatory conversations among institutional actors about cyber intrusion capabilities, including spyware, and long sought by NGOs and civil society. Despite the clarion call to action for industry and governments alike, pressing them to “ensure that the development, facilitation, purchase, export, and use of commercially available cyber intrusion capabilities does not undermine stability or threaten human rights and fundamental freedoms, including in cyberspace,” Pall Mall was low on specifics.

So, what is the best way forward? Pall Mall’s current commitments are thin; setting out “steps” to tackle the misuse problem, including developing existing international export control frameworks, and unspecified domestic action in national jurisdictions. Ongoing dialogue was affirmed, and another conference proposed for 2025 (the details and substance of which has yet to emerge). But, regretfully, meaningful collective action from both countries and the wider group invited to the Pall Mall Process is still awaited. The moment is ripe for action and the U.K. and France are well placed to lead again, and they can do so by learning from effective and deepening domestic measures in the United States.

U.S. Action on Spyware Abuses

In this context, France and the U.K. should take note that despite a lack of broader traction some States have not waited for the crowd to move and are instead proceeding tentatively forward on regulation. Just two days before the Pall Mall conference, the U.S. State Department announced restricted visa access for “individuals believed to have been involved in the misuse of commercial spyware.” This policy may be applied to citizens of any country, even those whose citizens do not typically require a visa to enter the United States. Adding to this policy, the State Department announced in April 2024 that it was imposing visa restrictions on 13 different individuals who were “involved in the development and sale of commercial spyware” or their immediate family members.

On top of visa restrictions, in March 2024, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against “two individuals and five entities associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware technology used to target Americans, including U.S. government officials, journalists, and policy experts.” The Consortium is a complex  network of companies founded by former Israeli military intelligence officer Tal Dilian (one of those named individuals now under U.S. sanctions), that have sold commercial spyware to repressive political regimes. All property of these individuals or entities within the United States must be blocked and reported to OFAC and any transactions involving any property or interests by these persons or entities are also generally prohibited. Any person or institution that does engage in transactions with these blocked persons or entities may face similar sanctions.

These sanctions are consistent with 50 U.S.C. § 1710 which became effective in April 2024. The statute, aimed at “confronting asymmetric and malicious cyber activities,” enables the president to sanction individuals the Treasury Secretary, Attorney General, and Secretary of State determine were involved in cyber-enabled activities that have or are reasonably likely to pose “a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.” Possible sanctions include ineligibility for, or revocation of, visas to enter the United States or blocking of property and property interests. This type of concrete domestic action builds important gap-filling work in the absence of comprehensive global regulation of an industry in distinct need of sustained oversight.

What Is Needed Now?

If Pall Mall is to achieve political and legal significance, specific and collective action is required. France and the U.K. need to move forward with urgency and purpose, matching meaningful action with rhetoric. The U.K. and France have not taken any concrete domestic measures to further the goals outlined in the Pall Mall Process nor to regulate spyware or cyber-intrusion more generally – and certainly, nothing close to the steps taken by the U.S. government domestically.

For London, domestic legislative action is critical given the opportunities that lie ahead for a new government with a vast majority to move an ambitious legislative agenda on human rights abuses. The U.K. is now led by a Prime Minister, who, before he assumed office, was regarded as one of the U.K.’s leading human rights lawyers, with a long-standing reputation for upholding the rule of law. The U.K. has made some efforts related to cyber security, most notably through the introduction of the Cyber Security and Resilience Bill and the Digital Information and Smart Data Bill, both of which are still awaiting consideration by the U.K. Parliament. Regrettably, however, neither bill targets commercial spyware or related cyber intrusion technology. Instead, the former is focused on protecting important national infrastructure from ransomware and other cyber-attacks, and the latter deals with data privacy and protection. Presuming the expected timeline holds, both bills might be expected to become law in 2026.

The U.K. should use the legislative opportunities ahead to seek to harmonize national spyware regulation with the basic minimums the PEGA Committee endorsed including transparency, oversight, and accountability as well as specifying procedures to protect human rights through the surveillance lifecycle from design and development through use and transfer.  The U.K. should also adopt a liability-based model in parallel to any export regimes. Adopting a human rights-based approach to surveillance requires regulating the design, use, and transfer of these technologies, but also, as per the U.S. practice of getting tough with abusers, they would be well served by “naming and shaming” companies and individuals using all of the criminal and civil tools at their disposal.

Such initiatives would build on the promising developments regarding State accountability for spyware in the English courts. The Court of Appeal recently held in Shehabi and Mohanned v. Kingdom of Bahrain that Bahrain is not immune under the UK State Immunity Act from claims regarding the use of spyware to infect laptop computers of human rights and pro-democracy activists. This case involved the alleged use of “FinSpy,” produced by the Gamma Group (also known as FinFisher). A previous case found Saudi Arabia was not immune for the alleged use of Pegasus spyware.

For France, a series of opportunities lie ahead in the EU context. Paris can assume an invaluable leadership position by supporting implementation of the PEGA Committee Report and encouraging the EU Polish Presidency starting in January 2025 to lead on spyware regulation given Warsaw’s unique position, having suffered widespread spyware abuse at the hands of the previous Polish government. France can make it a political priority to support updating EU dual use regulations which were described by the PEGA Report as “weak and patchy.” France’s leadership in the Pall Mall Process must extend to the EU where it can build the necessary political will and momentum to ensure that export control regimes are strengthened such that all major exporting nations agree to parallel rules and oversight procedures. For Pall Mall to be concrete and meaningful, France should in parallel endorse and adopt a liability based model of accountability, which would be complementary to any export reforms — something like that which was proposed by the Mandate of the Special Rapporteur for counter-terrorism and human rights in 2023.

Given the current uncertainty around the upcoming U.S. election, the need for other States countries to assume and demonstrate leadership on tackling abusive surveillance technologies is acute.

Having established the partnership and now the process, the French and British have a unique opportunity to join the United States in a fight for the life and health of democracies and civic space worldwide. The U.K.-France Cyber Initiative and the Pall Mall Process are commendable first and early steps, ready to be re-energized, re-focused, and made practical to meet the moment.

IMAGE: Cyber security concept art. (Photo via Getty Images)

The post Seizing the Moment: Opportunities to Regulate Spyware and the ‘Pall Mall Process’ appeared first on Just Security.

Signup to receive the Early Edition in your inbox here.

A curated weekday guide to major news and developments over the past 24 hours. Here’s today’s news:

ISRAEL-HAMAS WAR

CIA Director Bill Burns floated a new 28-day Gaza ceasefire and hostage swap proposal during a Sunday meeting with Israeli and Qatari envoys, according to Israeli sources. Separately, Netanyahu yesterday signaled his willingness to accept Egypt’s two-day ceasefire deal. Analysts say any breakthroughs are unlikely until the result of the U.S. presidential election is known. Barak Ravid reports for Axios; Lauren Izso, Niamh Kennedy, Jeremy Diamond and Becky Anderson report for CNN; Patrick Kingsley reports for the New York Times.

Israel’s Knesset yesterday voted to bar the UN Relief and Works Agency for Palestine Refugees (UNRWA) from activity within Israel and prohibit Israeli authorities from any contact with the organization. The move, set to take effect in 90 days, will likely severely restrict the agency’s ability to operate in Gaza and the West Bank. Nadeen Ebrahim and Salma Arafa report for CNN; Andrew Roth reports for the Guardian.

At least 60 people were killed by an Israeli strike on a building where displaced Palestinians were sheltering in North Gaza early today, the Hamas-run health ministry said. Wafaa Shurafa, Samy Magdy, and Bassem Mroue report for AP News.

Only one medic remains at a North Gaza hospital following a weekend Israeli raid on the facility, the Hamas-run health ministry said in a statement urging international organizations to send medical staff to the enclave. Ido Vock reports for BBC News.

ISRAEL-HAMAS WAR — U.S. RESPONSE

The United States is “deeply concerned” the UNRWA ban will further exacerbate Gaza’s dire humanitarian crisis and has urged Israel to pause its implementation, a State Department spokesperson said yesterday. Barak Ravid reports for Axios.

ISRAEL-HAMAS WAR — INTERNATIONAL RESPONSE

UNRWA yesterday condemned the Knesset’s ban on its activities, with the agency’s Commissioner-General saying the “unprecedented” move violates Israel’s international law obligations and amounts to collective punishment of Palestinians. The Guardian reports; Michael Ross reports for CNN.

U.N. Secretary-General António Guterres yesterday warned of “devastating consequences” of the UNRWA ban’s implementation, adding there is “no alternative” to the agency. Richard Roth and Irene Nasser report for CNN.

A host of countries have sharply criticized Israel’s vote to ban UNRWA. Prior to the vote, Canada, Australia, France, Germany, Japan, South Korea, and the U.K. expressed “grave concern” over the legislation and urged Israel to “abide by its international obligations.” Ireland, Norway, Slovenia, and Spain also jointly condemned the move. Niamh Kennedy, Benjamin Brown, and Kareem Khadder report for CNN; the Guardian reports.

South Africa’s legal team yesterday delivered its main legal case accusing Israel of genocide against Palestinians to the International Court of Justice. AP News reports.

ISRAEL-HEZBOLLAH WAR 

Hezbollah today named Naim Qassem, its longtime deputy leader, as its new secretary general, replacing Hassan Nasrallah who was killed by Israeli airstrikes last month. Ben Hubbard reports for the New York Times.

ISRAEL-IRAN CONFLICT — U.S. RESPONSE

Israel’s Saturday attack on Iran “should be the end of the direct exchange of fire” between the countries, U.S. Ambassador to the U.N. Linda Thomas-Greenfield told the U.N. Security Council yesterday, warning Iran of “severe consequences” if it launches any new attacks. The Guardian reports.

U.S. PRESIDENTIAL ELECTION

Philadelphia’s District Attorney yesterday launched a lawsuit seeking to stop $1mn giveaways from Elon Musk’s PAC, arguing they violate state consumer protection regulations. The complaint, which does not allege a violation of federal election laws, is the first legal challenge to the contest. Amy B Wang, Perry Stein, and Trisha Thadani report for the Washington Post.

Incendiary devices were dropped into ballot drop boxes early yesterday in Oregon and Washington, sparking a fire which destroyed hundreds of ballots. Police said the incidents were connected and that a “suspect vehicle” has been identified. Patrick Marley and Yvonne Wingett Sanchez report for the Washington Post; Mike Baker reports for the New York Times.

Former President Trump bragged about a “little secret” between him and the House Speaker Mike Johnson (R-LA) set to be revealed after Election Day during a Sunday rally, sparking concerns about a potential scheme to settle the contested presidential election. Robert Tait reports for the Guardian.

Republicans yesterday asked the Supreme Court to step into the legal fights over Pennsylvania provisional ballots and Virginia voter purge challenges. John Fritze and Tierney Sneed report for CNN; Josh Gerstein reports for POLITICO.

For years, grass-roots Republican networks have laid the groundwork that could be used to contest the outcome of the 2024 presidential election, materials obtained by the New York Times show. Alexandra Berzon, Nick Corasaniti, Dylan Freedman and Duy Nguyen report.

Three members of the Washington Post’s 10-person editorial board stepped down yesterday, amid continuing backlash against the newspaper’s decision to not endorse a presidential candidate. Sareen Habeshian reports for Axios.

TRUMP LEGAL MATTERS

A federal judge yesterday granted a request by Trump’s legal team to delay the deadline for submissions on the former president’s immunity from prosecution over his efforts to subvert the 2020 election to Nov. 21. Spencer S. Hsu reports for the Washington Post.

OTHER U.S. DOMESTIC DEVELOPMENTS 

The United States is running low on some types of air-defense missiles amid a widening crisis in the Middle East, raising questions about the Pentagon’s readiness to keep up with demand. Nancy A. Youssef and Gordon Lubold report for the Wall Street Journal.

The Global Engagement Center, a State Department unit focused on combating state-backed disinformation campaigns abroad, is set to potentially lose its congressional authorization in December over Republican mistrust of its role in domestic U.S. politics. Joseph Gedeon reports for POLITICO.

RUSSIA-UKRAINE WAR

North Korea sent 10,000 troops to Russia, of whom some are already moving towards the Ukraine border, a Pentagon spokesperson said yesterday. Separately, North Korea’s foreign minister arrived in Russia ahead of a planned Moscow visit, Russian state media said. Paul McLeary and Robbie Gramer report for POLITICO; Reuters reports.

The United States will not impose new limits on Ukraine’s use of U.S.-supplied weapons if North Korea joins Russia’s war, the Pentagon said yesterday. Phil Stewart and Andrew Gray report for Reuters.

GLOBAL DEVELOPMENTS 

Thousands of opposition protesters rallied outside Georgia’s Parliament late yesterday after the country’s president denounced Saturday’s parliamentary elections as rigged and illegitimate. A partial recount is ongoing following reports of voting irregularities. Robyn Dixon and Mary Ilyushina report for the Washington Post; Reuters reports.

A German-Iranian national and longtime U.S. resident Jamshid Sharmahd was executed in Iran yesterday, sparking condemnation from the United States and Germany. Benjamin Brown and Hamdi Alkhshali report for CNN.

At least 40 Chadian troops were killed on Sunday in an attack on a military base close to the country’s border, the presidency said. While the statement did not name any suspects, local residents believe Boko Haram fighters were responsible. Natasha Booty reports for BBC News.

Outside powers are “fuelling the fire” of Sudan’s warring forces’ escalating attacks, Secretary-General Guterres told the Security Council yesterday. Edith M. Lederer reports for AP News.

The International Criminal Court’s prosecutor Karim Khan yesterday asked the court’s oversight mechanism to open an investigation into allegations of misconduct against him, saying he will “fully cooperate” with the inquiry. Reuters reports.

The post Early Edition: October 29, 2024 appeared first on Just Security.

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks.

Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access.

CVE-2024-40766  is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August 2024.

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” reads the SonicWall’s advisory.

“This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com“

In September, SonicWall warned that the flaw CVE-2024-40766 in SonicOS is now potentially exploited in attacks.

“This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com,” warns the updated SonicWall advisory.

Threat actors can exploit the vulnerability to gain unauthorized resource access and crash the impacted firewalls.

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” reads the advisory.

The company urges customers to apply patches as soon as possible. The vendor also provided a workaround to minimize potential risks, they recommended to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. Similarly, for SSLVPN, ensure that access is limited to trusted sources or disable SSLVPN access from the Internet.

Arctic Wolf researchers detected over 30 Akira and Fog ransomware intrusions since August, all leveraging unpatched SonicWall SSL VPNs (CVE-2024-40766). The experts noticed shared IP infrastructure behind the attacks.

“In early August, Arctic Wolf Labs began observing a marked increase in Fog and Akira ransomware intrusions where initial access to victim environments involved the use of SonicWall SSL VPN accounts.” reads the advisory. “Based on victimology data showing a variety of targeted industries and organization sizes, we assess that the intrusions are likely opportunistic, and the threat actors are not targeting a specific set of industries.”

Prior to August 2024, Fog and Akira ransomware attacks targeted a variety of firewall brands. However, since early August they focused SonicWall appliances. The researchers observed 30 new ransomware infections between the start of August until mid-October 2024. Akira ransomware was deployed in approximately 75% of the attacks, and Fog ransomware was deployed in the remaining 25% instances. The duration between initial SSL VPN access to acting on ransom/encryption objectives was as short as 1.5 to 2 hours in some intrusions, while in other intrusions the interval was closer to 10 hours.

There’s no conclusive evidence that CVE-2024-40766 and other remote code execution vulnerabilities were exploited to compromise SonicWall appliances. The researchers speculate that the VPN credentials may have been acquired through other means, like data breaches.

“Based on intrusions investigated by Arctic Wolf since early August, a significant amount of activity was observed involving Fog and Akira ransomware in environments using the SonicWall SSL VPN service. Visibility gaps hampered analysis of firewall logs across a subset of intrusions, while others suggested that existing accounts had been compromised.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, SonicWall)

On Saturday, residents of Phoenix’s “historic” Country Club Manor neighborhood gathered for a “spooktacular” Halloween party aimed at helping neighbors “reconnect.” A party invitation obtained by the Washington Free Beacon touts uneventful offerings like lemonade, a craft table, and sweet and savory snacks. It also lists a noteworthy host: Dr. Amish Shah, the Democratic nominee for Arizona’s First Congressional District.

Shah’s status as party host is significant because the home is not located in that district, but rather in Arizona’s neighboring third district. Shah has thus attempted to distance himself from the home, saying that his “official residence” is a first district condominium he started renting with his girlfriend last year, not the third district home he bought for nearly $1 million in 2016.

Saturday’s party is the latest piece of evidence calling that claim into question. In addition to his role in hosting the party, Shah has campaigned from the home as recently as Sept. 24, when he joined a Zoom call with supporters from its sizable kitchen littered with groceries, the Free Beacon reported. One week later, Shah sent a fundraising email from his cat, Miss Meowerson, that included a photo of the pair in the same kitchen. Shah is also saving money on property taxes by declaring the home his primary residence, records show.

A video of the party obtained by the Free Beacon shows attendees conversing in Shah’s front yard, while a sign posted in the country club neighborhood advertising it touts a “Spooktacular Bash” at “Dr. Amish Shah’s” home.

Karen Underwood, Shah’s campaign manager, downplayed Shah’s involvement with the party. She said Shah “was asked to use the front lawn for a Halloween party for children who live nearby” and “did not attend the party but is happy that the kids had a good time in his absence.” A source who observed the party, however, suggested Shah did attend. The Democrat did not post a photo from the campaign trail on Saturday, though he did the day before.

Shah is not required to reside in the first district to represent it. Still, his living situation could pose more than just a political problem.

That’s because voting records obtained by the Free Beacon show Shah was registered to vote at his third district home until October 2023, when he changed his registration to reflect the address of his first district condo, which he began renting that same month. The move allowed Shah to cast a ballot for himself in his crowded July primary. But Arizona law bars its residents from registering to vote at a secondary address, meaning Shah’s address change—if he in fact permanently resides in his third district home—could have been illegal.

“It is illegal to register to vote in a precinct where you don’t actually live and intend to live indefinitely,” former U.S. attorney for the District of Arizona Michael Bailey told the Free Beacon last week.

Shah’s third district home, located in a “highly coveted” country club, is now worth roughly $2 million, roughly double what Shah paid in 2016. It features “gracious living spaces including a large formal dining room, an eat-in kitchen and both a formal living room and separate family room,” according to a real estate listing.

Shah campaigned from that kitchen well after he switched his voter registration to reflect his rented condo. During a Sept. 24 Zoom event with Swing Left, a left-wing group, Shah sat in the kitchen as he touted his background as an “emergency physician” who works “in the heart of our district.” At one point, Shah’s cat, Miss Meowerson, appeared in the background.

Miss Meowerson also appeared in an Oct. 3 fundraising email, which Shah sent from the perspective of the cat. “When I’m not hard at work running dad’s campaign,” the email said, “I can be found … waiting for my dad to come back from door-knocking so he can give me treats.” An accompanying photo showed Shah and Miss Meowerson seated in the kitchen of Shah’s third district home.

The Democrat’s 2024 property tax assessment, meanwhile, lists a $600 “State Aid to Education” tax credit that can only be applied to a home the owner actively lives in. The second half of Shah’s 2024 property taxes is due in March.

Shah has not addressed the evidence suggesting he still lives in the home. Last week, he acknowledged in a statement sent to the Free Beacon that he owns “a property just outside the district” but said the home is not his “official residence.” His campaign did not answer questions about his property taxes and photos showing Shah campaigning from the home.

The post AZ Congressional Candidate Amish Shah Hosts ‘Spooktacular’ Halloween Party—at His Country Club Home Located Outside District He’s Running To Represent appeared first on .

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram.

Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “Civil Defense.”

The Telegram channel was created on September 10, 2024 and at this time has 189 subscribers. The group also delivered the malware through the website civildefense[.]com.ua that was registered in April 2024.

Civil Defense” poses as a provider of free software programs that allow potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters. The apps are designed infect Android devices with malware if Google Play Protect is disabled.

“If installed with Google Play Protect disabled, these programs deliver an operating system-specific commodity malware variant to the victim alongside a decoy mapping application we track as SUNSPINNER.” reads the report published by Google.

The group UNC5812 also coordinated influence campaigns to spread narratives and solicit content aimed at weakening the support for Ukraine’s mobilization and military recruitment efforts.

UNC5812 is likely purchasing promoted posts in established Ukrainian-language Telegram channels to direct potential victims to their resources. On September 18, 2024, a missile alert channel with over 80,000 subscribers promoted the “Civil Defense” Telegram channel. Another news channel continued to promote Civil Defense posts as recently as October 8, suggesting an ongoing effort to engage more Ukrainian-language communities. These channels also offer sponsorship opportunities, indicating UNC5812’s approach to expanding its reach.

The threat actors use the Civil Defense website to distribute multiple software programs that, once installed, download different malware families. The site provides a downloader called Pronsis Loader to Windows users, this malware starts an attack chain, ultimately installing SUNSPINNER and the PURESTEALER information stealer. For Android users, a malicious APK installs a variant of the CRAXSRAT backdoor, sometimes bundled with SUNSPINNER. Although the site claims to support macOS and iPhones, only Windows and Android payloads were available during the analysis.

The experts noticed that Civil Defense website employs social engineering tactics to trick users into installing APK outside the App Store. Its FAQ claims this approach protects user anonymity and security, directing victims to video instructions. These videos guide users on disabling Google Play Protect, which checks for harmful app functionalities, and instruct them to manually enable all permissions after the malware installation.

“UNC5812’s campaign is highly characteristic of the emphasis Russia places on achieving cognitive effect via its cyber capabilities, and highlights the prominent role that messaging apps continue to play in malware delivery and other cyber dimensions of Russia’s war in Ukraine.” concludes the report that also provided indicators of compromise for this campaign. “We judge that as long as Telegram continues to be a critical source of information during the war, it is almost certain to remain a primary vector for cyber-enabled activity for a range of Russian-linked espionage and influence activity. “

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, UNC5812)

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information.

Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subscribers.

Free disclosed a cyber attack over the weekend after a threat actor attempted to sell the stolen data on a popular cybercrime forum. The threat actors had access to the internal management tool and gained access to some subscribers’ personal data.

“Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” are affected by this attack, the date and extent of which have not been specified, the company added. “No operational impact has been observed on (its) activities and (its) services. “”

The telecommunications firm has filed a criminal complaint and informed France’s agencies National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI).

The company said that passwords and bank card details were not compromised, it also pointed out that its customers’ communications were not exposed.

The seller listed two databases for sale one containing 19,192,948 customer accounts and another including 5.11 million IBAN details.

The seller also published a sample of the stolen data and some screenshots.

Exposed customers’ data includes First and last names, Phone numbers, Full postal addresses, Dates of birth, Emails, and more.

“This suspected data breach reportedly affects Free Mobile and Freebox customers, with the data leak dating back to October 17, 2024, according to the cybercriminals.” wrote the cyber evangelist SaxX. “Additionally, the cybercriminal’s profile was created just yesterday. Recently, many cybercriminals have been creating profiles shortly before sharing information about hacks, attacks, or data leaks in France.”

“Thus, this information should be taken cautiously until confirmed. There has been a rise in the use of AI-generated data leaks, a trend I mentioned weeks ago.”

The company has promptly taken measures to mitigate the security breach.

“All necessary measures have been taken immediately to put an end to this attack and strengthen the protection of our information systems,” stated Free.

Recently, Telecom operator SFR disclosed a data breach exposing customer information, including IBANs.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

Days after he was kicked out of a Kamala Harris rally in Michigan with no explanation, Ahmed Ghanim said he got a call from Donald Trump’s campaign: Would Ghanim be willing to star in a campaign ad?

Ghanim, a Democrat who mounted an unsuccessful primary challenge to a pro-Israel member of Congress earlier this year, said he swiftly turned team Trump down. “I definitely declined,” Ghanim said.

“I definitely declined.”

Still, the strange turn of events that left him receiving a call from Trump’s team crystallized his sense that the Harris campaign is botching its outreach to Arab and Muslim voters. (The Trump campaign did not immediately respond to a request for comment.) As insincere as Trump’s recent overtures to Muslims may be, Ghanim thinks they could work.

“Even our presence there is not welcome, at the same time Trump is reaching out and going to take pictures with the imams,” Ghanim said.

The incident involving Ghanim was a dramatic illustration of the high stakes and high emotions for Arab and Muslim voters in the final days of the presidential election. Both campaigns are courting the demographic. 

In 2020, Arab and Muslim voters helped Joe Biden win Michigan, but many have soured on him thanks to his support for Israel’s war in Gaza. If Harris loses the crucial swing state, some observers say, it may be due to missed opportunities and missteps like the one involving Ghanim.

Observers of Michigan politics say there have not been many visible signs of outreach to the Arab and Muslim communities.

“I know that the Harris campaign has tried to mend some fences,” said David Dulio, a political science professor at Oakland University in Michigan. “But it has never been enough to get them — at least as it seems to me as an outsider — back on board in the absence of a policy change in terms of U.S. support of Israel.”

The Harris campaign did not respond to a request for comment on its interactions with Ghanim or its outreach to the Arab and Muslim community in Michigan. Elsewhere, it has described pursuing a strategy of outreach via social media ads and small gatherings.

Unwilling to put daylight between herself and Biden on Gaza, the vice president appears to be losing ground with Arab voters to Trump, according to an Arab American Institute poll.

No Explanation

Ghanim, who was born in Egypt, has been vocal about his opposition to Israel’s war in Gaza, calling his primary foe, Rep. Haley Stevens, D-Mich., a “poster child” for the pro-Israel lobby.

“Our tax dollars, which we entrust to our representatives to use for building our economy, investing in educating our kids, and making our healthcare accessible and affordable, are being used to burn kids alive in Gaza,” he wrote on X in May.

Still, Ghanim said his goal was nothing more than to watch and listen when he went to see Harris in Royal Oak, Michigan, on October 24. The event featured war hawk co-headliner Liz Cheney, the former Republican representative who has been vociferous about her disgust for student protesters.

Ghanim said he had been invited to the event, was neatly attired, and had no intention of making a demonstration. After clearing security and sitting down, he was looking at his phone when a woman staffing the event asked him to follow her. 

He thought he was being reseated elsewhere when he realized he was being shown the door.

A police officer was waiting for him with a message, Ghanim said: “They want you out, so either you walk out, or I put you in the back of my car.”

Ghanim tried to get an answer from the woman who had shown him the door. “She said the conversation has ended … so I left,” Ghanim recalled.

Ghanim posted on social media about his experience with a video titled “No Muslims allowed at the Harris Rally in Michigan.”

The Muslim ban is real, and it just happened to me at Harris's rally today in Royal Oak, MI. They kicked me out without any reason, even after I received confirmation to attend and passed a security clearance at the gate. After I was seated, they called me and asked me to leave… pic.twitter.com/K1CrhbV6g5

— Ahmed A.G. Ghanim (@ag4congress) October 21, 2024

The Harris campaign soon reached out to him personally and sent out a public statement that it “regrets” what happened. Ghanim was welcome at future events, the campaign said.

Despite the outreach from the Harris campaign, Ghanim said he has never received an explanation for what happened at the venue. That has left him with a lingering suspicion.

“I think they kicked me out because of what I represent,” he said. “What I represent as a Muslim leader trying to bring the voice of Arabs and Muslims to the Democratic Party.”

Trump and the Imams

Ghanim said the contrast between the Harris campaign’s interactions with him, and Trump’s strategy in Michigan, could not be greater.

Despite his long history of anti-Muslim and anti-Arab invective, including the ban on travel from Muslim countries that he tried to implement as president, Trump has been on an outreach tour in recent days, sensing an opportunity among the tens of thousands of Arab and Muslim voters in Michigan outraged with the administration’s support for Israel.

Trump has taken a permissive stance on Israel’s war on Gaza — “Let Israel finish the job,” he said — but he has seized on Harris’s decision to spend some of her final days on the campaign trail with Cheney to paint the vice president as the true warmonger.

“The father killed more Arabs than any human being on earth,” Trump said in Traverse City, Michigan, referring to Dick Cheney, who as vice president was an architect of the U.S. invasion of Iraq in 2003.

Trump also recently visited Hamtramck, the Michigan city with an all-Muslim city council and a Yemeni-born mayor who endorsed the former president.

Ghanim said he is not convinced by Trump’s recent olive branches to the Muslim community, given his long history.

“I don’t think we can put genuine and politics in the same sentence,” he said. “What we can say is it’s a good move at a perfect time.”

“It’s a good move at a perfect time.”

Ghanim believes that some Arab and Muslim voters may be swayed by Trump’s transactionalism, telling themselves, “‘If you give him votes, he will give you benefits. And that is how we are going to work with Trump.’”

Ghanim said he believes many Arab and Muslim voters are waiting for Harris to give them a sign.

“I think she has to break away from Biden’s policies, advisers,” he said, “and show that she is really a leader that people would like to go out of their way to vote for.”

The post Michigan Muslim Booted From Kamala Harris Rally Says Team Trump Asked Him to Star in Campaign Ad appeared first on The Intercept.

The Washington Post has published a report corroborating the 2022 findings from the RLI, which highlighted Russia’s efforts to develop biological weapons using Cold War-era laboratory facilities. The report asserts that Russia has initiated a refurbishment and expansion of a biological weapons research center located in the Moscow region. Satellite images of the site confirm the construction of new facilities on the grounds of the former Soviet research base, Sergiev Posad-6. This closed military town, near the city of Sergiev Posad in the Moscow region, was originally established to support military unit 44026, known as the 48th Central Research Institute of the Ministry of Defense.

A study conducted by the publication shows that after the start of Russia’s full-scale invasion of Ukraine, work began on the center’s territory to restore and expand the premises of the facility.

In the past, the center was used by the USSR Ministry of Defense and was the main research center for biological weapons, viruses and other biological weapons.

According to the publication, 10 buildings with a total area of 23 square kilometers are currently under construction on the site, and the old ones are being reconstructed. Most of the buildings show signs of being used as laboratories due to the large and advanced air conditioning system.

The satellite imagery shows dozens of rooftop air conditioning units, a corresponding layout that matches the distribution of laboratories, as well as underground infrastructure and a separate power plant to continuously power these buildings. It should be noted that laboratories would meet the BSL-4 security level, which allowed operations to study the most dangerous viruses.Despite the development of biolaboratories in Russia, no signs of such weapons being used in Ukraine have been recorded to date.

Analysis Suggests Russian Military Virology Linked to Viral Outbreaks in Africa.

In 2022, our study of public procurement records from Russian research centers, including the 48th Central Institute of the Russian Ministry of Defense, led us to conclude that Russia is actively researching hemorrhagic fever viruses and smallpox. That same year, research conducted by Russian military virologists coincided with a monkeypox outbreak in Africa. In Ghana, a Marburg virus outbreak also occurred—a virus we had previously connected to Russian military virologists’ work in Russian biolabs.

By 2024, our analysts discovered the presence of Russian biolabs within African nations. In response, Russia has since restricted access to defense procurement records, classifying all data related to defense sector contracts. We are convinced that these viral outbreaks in Africa are not coincidental but are linked to the research of Russian military virologists. While it remains challenging to identify the specific viruses under study in Africa, we believe that the primary objective of these Russian biolabs is to collect biological materials and highly virulent virus strains.

In this light, we view Russia’s accusations against the United States—specifically, Pentagon-supported biolab operations in Ukraine, Kazakhstan, and Georgia—as an attempt to divert attention from Russia’s own biolab activities. The COVID-19 pandemic seemingly solidified the Kremlin’s view of biological weapons as an effective means of economic and geopolitical leverage against the West.

Donald Trump ventured to Fayetteville, North Carolina, earlier this month — a Democratic city in a swing state with a large veteran population, a powerful cross-section of defense contractors, and, right down the road, Fort Liberty, one of the largest military bases in the world.

Before an audience dressed almost entirely in red, white, and blue, Trump pledged to revert Fort Liberty back to its original name, Fort Bragg, which honored a slave-owning Confederate general. He also vowed to increase defense spending and scrub the Pentagon of “woke generals.” Then he turned to the Department of Veterans Affairs.

Trump offered few true or tangible details on his record at the VA, which operates a robust health and benefits system that serves 9 million veterans — proclaiming, for instance, that his leadership team had purged thousands of “sadists” from the agency and replaced them with thousands more “good, loving people that love our patriotic heroes.” He insisted that the VA “was better before, and I hear it’s sliding,” chalking up this alleged deterioration to President Joe Biden’s VA team, which he derided as a “group of lunatics that don’t give a damn about the military.”

In truth, the people Trump chose to staff the VA and lead on veterans’ policy during his presidency constitute a rogues’ gallery of wild characters that rivaled, and perhaps even surpassed, the dysfunctional, self-serving appointees who ran rampant across various agencies on Trump’s watch. Few of them, however, did as much damage as two-little noted appointees who implemented Trump’s most controversial changes over the VA: Darin Selnick and Peter O’Rourke.

Selnick and O’Rourke were key to implementing the twin pillars of Trump’s veterans affairs legacy: the 2017 VA Accountability and Whistleblower Protection Act and the 2018 VA MISSION Act, which together served as a one-two punch to weaken the agency. First, the Accountability Act degraded conditions inside the VA — undermining labor power, gutting workplace protections, and leading to thousands of suspensions, demotions, and firings of front-line staff. From there, MISSION funneled millions of patients to appointments outside the VA, enriching the private sector while weakening the agency’s health care capacity, budget, and reputation.

That the pair managed to avoid infamy may owe only to the buffoonish crew that operated Trump’s single-term VA. This cadre includes a beer mogul who promoted snake oil PTSD treatments; a slick-haired “Fox & Friends” host who sought GI Bill money for predatory for-profit colleges; a longtime Marvel Entertainment executive who, along with two fellow Mar-a-Lago members, pushed a shoddy electronic health records system that’s been tied to the deaths of at least four veterans; a White House doctor accused of handing out prescriptions “like candy” and whose nomination to be VA secretary was derailed after he was credibly accused of drinking on the job; and a Lost Cause sympathizer alleged to have attempted to dig up dirt on a congressional staffer and Navy veteran after she reported being sexually assaulted at the VA hospital in Washington.

These characters and their chaos emerged from an election that Trump won on the backs of veteran voters. While the decorated Vietnam War veteran, the late Sen. John McCain, R-Ariz., won the veteran vote by 10 percentage points during his 2008 presidential bid, Trump, who viciously insulted McCain on the trail, took veterans by a whopping 27-point margin. According to a political science analysis of 2016 voting data, Trump also received exceptionally high support in American communities with the highest combat casualty rates, which was key to his victories in three swing states: Pennsylvania, Michigan, and Wisconsin. Trump racked up similar margins in 2020 and appears poised to again dominate among those who served in the military come November 5.

Trump has generally talked a lot less about veterans’ policy during this campaign than his first two. Few tangible policy VA proposals have emerged from Trump or the Republican platform. There are, however, some clues in Project 2025’s detailed section on veterans policy, which, according to a former senior VA official, is eerily reminiscent of the VA road map drafted during Trump’s first transition. This slate of radical proposals includes further privatization of core agency services, as well as major restrictions to VA’s disability rating system, which determines the compensation amounts that veterans receive for their service-related disabilities.

If Trump’s presidential term proved anything, it’s that personnel is policy. The figures who staffed his first term can help illuminate how a second one may play out. Many would surely return to the VA under what Trump has promised will be a government flushed of career officials and then stocked exclusively with the type of loyal ideologues who dominated the VA during his administration.

“Government is serious business for serious people,” said Kayla Williams, an Iraq War veteran who served as a senior VA official during the Obama, Trump, and Biden administrations. “And that’s what I feel like is missing from these Trump people’s core understanding of the world. Government matters, people’s lives are at stake, and putting in charge figures who think government is a game or a joke or a way to enrich their buddies, or a way to score political points, is dangerous and misguided and deeply tragic.”

Selnick, an Air Force veteran brought into politics by the Koch network, helped write MISSION and oversaw its implementation. O’Rourke, an Air Force and Navy veteran with a background running a Republican political action committee, became the founding director of the VA’s Office of Accountability and Whistleblower Protection. (The MISSION and Accountability acts were top priorities for the Koch network, which has, since the Obama years, cynically cast the VA as a failing bureaucracy as part of its broader libertarian agenda.)

Four former senior VA officials said Selnick and O’Rourke were leaders in what they described as a pack of Trump-backed goons who worked to “break” or “blow up” the VA. (For this story, The Intercept spoke to five former senior VA officials, all of whom, apart from Williams, requested anonymity to insulate themselves from professional backlash.)

Two of the former VA officials singled out O’Rourke, who also briefly served as chief of staff and acting VA secretary, as being woefully unprepared for the job. Before the VA, O’Rourke helmed Strong America Now, a now-defunct Republican PAC that pushed presidential candidates to embrace a business-efficiency model known as “Lean Six Sigma.” Neither O’Rourke nor Selnick responded to press queries.

As head of the accountability office, O’Rourke pledged to target misconduct and fire poor leaders, but VA data I analyzed at the time showed that his office and authority were weaponized to discipline thousands of low-level employees, many of whom were veterans. (Roughly a third of all VA employees have a history of military service.)

“Management spends more time getting rid of people than helping them.”

Under the new law, a veteran employee at the VA medical center in Pittsburgh was recommended for dismissal and charged by the VA Police with disorderly conduct after he took away a television remote from a patient who had entered the dining hall after hours and demanded to watch television. The employee had gotten sober through his VA job, and he said his life would be ruined if he lost it. “It was good to get in — it gave me a sense of purpose and a chance at life,” he explained. “But it seems that now management spends more time getting rid of people than helping them.”

While the accountability office targeted front-line workers, it failed to scrutinize a senior official who’d advised staff to keep quiet about an outbreak of Legionnaires’ disease at the hospital, which killed at least six veterans and sickened more than a dozen others. 

This slanted approach to justice was personally embodied by O’Rourke who, according the VA’s Office of Inspector General, personally interfered in an investigation against his VA golf buddy, Peter Shelby, who had been accused of retaliation, harassment, and discrimination. According to the watchdog, O’Rourke personally pulled a seasoned investigator off the Shelby case and replaced him with someone directly under his control. O’Rourke’s office also launched an investigation into one of the whistleblowers who raised concerns with Shelby. 

Then came MISSION. One year after Trump ratified the Accountability Act, he signed the law that would push millions of patients out of the VA and into private care. “As a candidate for President, I promised to make reforming the VA one of my absolute highest priorities,” Trump said at the ceremony, beaming. “And from the first day of my administration, that is exactly what we’ve done.”

Getting the law passed had required a delicate approach. Studies consistently show that VA health care outperforms the private sector on quality and wait times while, in surveys, veterans express support for VA care and opposition to agency privatization. Trump allies pledged that MISSION would only supplement VA care, not replace it, and they sweetened the deal by injecting the law with a massive expansion of VA caregiver benefits — long a priority of veterans’ groups.

Yet core promises were broken immediately after the law was signed. Hours after Trump’s Rose Garden ceremony, the White House announced it would ignore some of the law’s key oversight statutes, including one that granted congressional input over future pilot programs with private partners. They also began freezing out veterans’ groups and lawmakers from the regulatory and rollout processes. One internal report I obtained at the time claimed Hill staff faced “coordinated and unprecedented obstruction” by national VA staff in their oversight efforts of MISSION Act implementation. “We have some concerns that whoever they are collaborating with might be running this thing off the tracks, and pushing for privatization,” a senior legislative staffer told me at the time.

Selnick played a key role. Along with his allies, he pushed MISSION to create what one of the former VA officials called “extreme eligibility” for private care. “[Selnick] bragged about passing MISSION by including the caregiver support elements to get veterans groups on board as a trick,” Williams said. “It was sabotage,” added another official. “They wanted to create an opportunity to dismantle VA without any concern for what happened in the interim.”

“They wanted to create an opportunity to dismantle VA without any concern for what happened in the interim.”

The severe consequences of MISSION were starkly laid out earlier this year in a VA Red Team Report authored by a bipartisan panel of health care experts. They detailed how the cost of VA care outsourcing has more than doubled in recent years, to nearly $30 billion annually, with 40 percent of all VA patients now getting some private sector care. The report deemed this trend an “existential threat” to the VA system, warning that, without a course correction, VA clinics and service could soon cease to exist, thereby “eliminating choice for the millions of Veterans who prefer to use the [VA] for all or part of their healthcare needs.”

One of the former officials, echoing others, told me that veterans were not factored into key decisions. Instead, ego, politics, and deception often dominated work and decision-making. As one example, two officials recounted that Selnick had a habit of parking in handicapped spots near the entrance of medical centers he was visiting. Once, when a security guard informed Selnick that he could not park there, he answered by saying: “I’m from the White House.”

O’Rourke and Selnick also faced allegations of misusing taxpayer resources. Selnick landed in hot water after ProPublica reported that he was commuting between his California home and D.C. on the taxpayer dime. O’Rourke was forced to resign after officials complained to the Washington Post that he was doing little work for his $161,000 salary.

In July 2018, Tim Walz, then the ranking member of the House Veterans Affairs Committee, led a letter to the Department of Justice, alleging that O’Rourke had lied and withheld information from Congress and demanding a criminal probe, though this probe never came to pass.

Today, this pair is now leading a think tank, Veterans 4 America First, a semi-active 501(c)(3) staffed with a number of former Trump VA officials, promulgating policies and apparently waiting in the wings should Trump win reelection. From this perch, O’Rourke and Selnick recently published an op-ed entitled “Biden’s Big Lie on Veterans.” (An email seeking information on the nonprofit’s finances and goals to the group’s only listed address bounced back.)

Dozens of competent people ran for the doors during the Trump administration as well. Responding to this staff exodus, a VA spokesperson at the time said, “We understand that not everyone is ready for this level of reform.”

In the past four years, Biden’s appointments to the VA have reasserted a level of professionalism throughout the agency, and the PACT Act, passed in 2022, secured a major increase in veterans’ benefits. But even as Biden’s VA officials express support for VA services in public, they’ve continued to carry out the privatization dictated by the MISSION Act, putting the VA and its patients in increasingly precarious positions.

Another four years of Trump could reshape the VA beyond recognition. “The danger now is that they’ve been vetting people, and doing more prep work,” Williams said. “And the stakes are high. Veterans die when terrible decisions are made at the largest integrated health care system in the world.”

The post Trump’s Cronies Threw the VA Into Chaos. Millions of Veterans’ Lives Are on the Line Again. appeared first on The Intercept.

The reliability of the US nuclear arsenal is based on the “never-always rule.” This means that the nuclear command, control, and communications (NC3) system must never permit nuclear weapons use unless authorized by the president, while always enabling their use in the specific ways the president authorizes. There must never be doubt about the United States’ ability to command and control its nuclear forces under any circumstances. Even perceptions of weaknesses in the US NC3 system can undermine deterrence and assurance.

But that’s exactly what Washington is facing right now, as the comprehensive modernization of the US nuclear triad continues. Despite warnings from top national security officials, important improvements to NC3 have been fragmented; in 2017, then US Strategic Command Commander General John Hyten testified that “NC3 is my biggest concern when I look out towards the future.”

An important part of the United States’ NC3 is space-based equipment, such as communications and early warning satellites. Efforts to modernize these space-based components have started, such as eliminating exploitable cyber and supply chain vulnerabilities and reducing overreliance on a small number of satellites. These efforts are part of the Department of Defense’s work to deploy a resilient, hybrid architecture to support all national security space missions. But the Department of Defense’s efforts so far have not focused enough on NC3, and it is not clear that the modernizations currently underway will meet the stringent requirements for nuclear surety.

The United States needs to ensure it has a secure and effective NC3 because of the devolving threat environment challenging nuclear surety, as China is aiming to join Russia as a nuclear peer of the United States at the same moment that Moscow and Beijing are strengthening their counterspace capabilities.

Evolving threats

The geopolitical situation has fundamentally shifted since space-based NC3 systems were first deployed in the 1960s. The United States and the Soviet Union pursued strategic arms control, sought to constrain the dangers of inadvertent use, and often considered limited nuclear use to be easy to prevent so long as overall strategic deterrence held fast. Today, two evolving threats pose new challenges for NC3.

First, China is improving the quality and quantity of its nuclear arsenal, which raises the two-nuclear-peer problem: NC3 must now enable the United States to deter or, if deterrence fails, restore deterrence against, two nuclear peers—Russia and China—that may attack the United States or its allies in coordination, in sequence, or in overlapping timeframes. Beijing may also lack understanding of, or appreciation for, the idea that deliberate attacks on NC3 constitute a “red line” (meaning an unacceptable action that could trigger a nuclear war). Unlike Russia (at least during the Cold War), China has avoided arms control talks, has only recently deployed missile warning/missile tracking satellites, and may see value in uncertainty over red lines.

Second, it is imperative that NC3 better cope with the growing potential of limited nuclear use, given Beijing’s evolving nuclear doctrine and recent reports that raise concerns about what Moscow might do with its weapons, including the possibility of it deploying a nuclear weapon in space.

Countering Russia and China in space

Space systems provide three essential NC3 capabilities: missile warning, assured communications, and nuclear detonation detection. Infrared sensors on space-based missile warning can detect missile launches worldwide and indicate an attack first. The Space-Based Infrared System currently provides missile warning, and several complex upgrades have begun. Assured, survivable communications are essential for the president to convene with senior leaders and command and control nuclear forces globally. Today, the Advanced Extremely High-Frequency system provides communication links for nuclear command and control; this system is to be augmented and then replaced by the Evolved Strategic Satellite system during the 2030s. Finally, the US Nuclear Detonation Detection System supports adaptive planning in the event of a nuclear conflict using sensors across several satellites to locate nuclear detonations in the atmosphere and space.

But much more needs to be done, as Chinese and Russian counterspace capabilities increasingly challenge the ability of space-based NC3 to deliver nuclear surety. For instance, if Russia wanted to disable satellites currently supporting Ukraine, it would only need to detonate one nuclear weapon in low-Earth orbit (LEO). A high-altitude nuclear detonation would raise radiation in LEO, causing failure in as little as weeks of most, if not all, LEO satellites that have not been specifically hardened against this nuclear-pumped radiation. Direct financial damages could approach five hundred billion dollars, and potentially over three trillion dollars in overall economic impact. With Russia apparently on the verge of violating its Outer Space Treaty obligations by orbiting a nuclear weapon, this scenario is no longer hypothetical. The United States must counter this daunting challenge multidimensionally, including by ensuring that LEO satellites supporting NC3 address high-altitude nuclear detonation threats.

Meanwhile, China’s new Aerospace Force now fields a range of significant and comprehensive counterspace capabilities, including satellites with rendezvous-and-proximity and robotic arm capabilities in geostationary Earth orbit (GEO). This is particularly threatening, as Chinese counterspace assets could grab noncooperative satellites belonging to its adversaries, including crucial US NC3 satellites in GEO. For its part, Russia has long developed doctrine and capabilities to target US satellites, including NC3 systems. Russia is also fielding several counterspace systems, such as Nudol direct-ascent antisatellite missiles. Moscow tested this system against a defunct Russian satellite in November 2021, creating thousands of pieces of potentially lethal LEO debris that still threaten spacecraft and astronauts.

How the US can ensure nuclear surety

Many of the Department of Defense’s bureaucratic structures that have acquired current NC3 systems have changed. Primary acquisition responsibility for space-based NC3 systems is now divided between the Space Systems Command, the Space Development Agency, and the Missile Defense Agency. None of these acquisition organizations are focused on nuclear surety, and this structure makes it more difficult for the Air Force Nuclear Weapons Center to meet its overall responsibility to acquire and sustain the NC3 weapons system. A hybrid national security space architecture with commercial, international, and government systems clearly benefits most missions but is not necessarily optimal for NC3.

Before overly committing to a hybrid architecture for space-based NC3, the Department of Defense should better understand how new approaches can be certified to meet stringent nuclear surety requirements. In particular, it must consider the benefits and drawbacks of disaggregated nuclear communications, and it should carefully assess how proliferated space and ground architectures, such as the Future Operationally Resilient Ground Evolution and Rapid Resilient Command and Control, can integrate data from many systems. If proliferated LEO architectures cannot be made sufficiently resilient to nuclear attack at an acceptable cost, then the Pentagon should not entrust these systems with the crucial NC3 mission.

The United States must field space-based NC3 that matches today’s and tomorrow’s threats, appropriately harnesses hybrid national security space architectures to strengthen deterrence, and meets nuclear surety requirements across a range of increasingly challenging scenarios. The Department of Defense should recognize the challenges and incompatibilities it faces in rapidly and simultaneously modernizing space-based NC3 and fielding an overall hybrid national security space architecture. It should not rush to deploy space-based NC3 that is not well integrated, suffers from avoidable supply chain and cybersecurity vulnerabilities, or contains other weaknesses that adversaries and hackers could exploit during the decades in which the next generation of space-based NC3 is likely to operate.

---

Peter L. Hays is an adjunct professor of space policy and international affairs at George Washington University’s Space Policy Institute, senior fellow for the Prague Security Studies Institute, space policy advisor for the Nonproliferation Policy Education Center, and senior associate (nonresident) for the Aerospace Defense and Missile Defense Projects at the Center for Strategic and International Studies.

Sarah Mineiro is the founder and CEO of Tanagra Enterprises, a defense, intelligence, space, science, and technology consulting firm. 

This article was adapted from the authors’ previously published issue brief, “Modernizing space-based nuclear command, control, and communications.”

The post How the US can counter Russian and Chinese nuclear threats in space appeared first on Atlantic Council.