Hacking Public Schools, 757’s and the Defense Dept

Hack-O-Matic…some good ones and others not so much.

800 Schools

“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”

photo

The breached school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut, are all powered by a company called SchoolDesk. The company since has handed over its server —  which runs out of Georgia —  to the FBI for investigation and also has hired external security firms to trace the hackers. The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites.

“The websites were redirected to an iframed YouTube video. No data was lost or altered in any way. Because we’re currently working with the FBI in an active investigation of this incident, as well as forensic team from Microsoft, we cannot yet discuss any technical details or exact methods of access to SchoolDesk’s network or software,” a spokesperson for SchoolDesk told Fox News.

The company has insisted that no personal or student information was exposed, but some security experts say the matter should be closely monitored, especially as minors are involved.

“In most hacks, organizations do not have full visibility into what happened or what information was compromised,” surmised Eric Cole, who served as commissioner on cyber security for President Barack Obama, and was formally a senior vice president at MacAfee and the chief scientist at Lockheed Martin. “In almost every breach, what is initially reported is usually extremely conservative and over the weeks following a breach, it is always worse than what was originally reported.”

The proud culprits of the hack? A shadowy pro-ISIS hacktivist outfit known as “Team System DZ.” Barely reported by Fox News, while other media outlets did nothing about about.

***

Pentagon Hackers for Hire

Just over a year ago, following the success of the pilot, we announced the U.S. Department of Defense was expanding its “Hack the Pentagon,” initiatives. To date, HackerOne and DoD have run bug bounty challenges for Hack the Pentagon, Hack the Army and Hack the Air Force.

The success of these programs has been undeniable and our amazing community of hackers continues to impress even us!

DoD has resolved nearly 500 vulnerabilities in public facing systems with bug bounty challenges and hackers have earned over $300,000 in bounties for their contributions — exceeding expectations and saving the DoD millions of dollars. You can read more in our recent case study “Defending the Federal Government from Cyber Attacks.”

htp

2,837 Bugs Resolved With DoD’s Vulnerability Disclosure Policy

The DoD’s Vulnerability Disclosure Policy (VDP) is another essential, likely less talked about, part of the Hack the Pentagon initiative pioneered by DoD’s Defense Digital Service team.

A VDP is the, “see something say something of the internet”. DoD’s policy, and others like it, provide clear guidance for any hacker anywhere in the world to safely report a potential vulnerability so it can be resolved. Maintaining the security of the DoD’s networks is a top priority and their VDP is another proven way to resolve unknown security issues.

While a bounty or cash incentives are not awarded for vulnerabilities reported through the VDP, that has not stopped hackers eager to do their part to help protect the DoD’s assets. Nearly 650 hackers from more than 50 countries have successfully reported valid vulnerabilities through the VDP.

Thanks to these hackers and the pioneering team at DoD, 2,837 security vulnerabilities have been resolved in nearly 40 DoD components. Of these vulnerabilities, over 100 have been high or critical severity issues, including remote code executions, SQL injections, and ways to bypass authentication.

While the majority of participating hackers have been from United States, the top contributing countries include India, Great Britain, Pakistan, Philippines, Egypt, Russia, France, Australia and Canada. More here, at least this was a positive objective, we think.

*** Related reading: Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says

Hacking Through Aircraft Wi-Fi

A Department of Homeland Security official admitted that a team of experts remotely hacked a Boeing 757 parked at an airport.

During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.

This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now hearing about it thanks to a keynote delivered by Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” Hickey said in an article in Avionics Today. “[That] means I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security, and we were able to establish a presence on the systems of the aircraft.”

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “radio frequency communications.”

We’ve been hearing about how commercial airliners could be hacked for years.

You might remember when a governmental watchdog admitted that the interconnectedness of modern commercial airliners could “potentially provide unauthorized remote access to aircraft avionics systems.” The concern was that a hacker could go through the Wi-Fi passenger network to hijack a plane while it was in flight.

And in a 2015 report by the U.S. Government Accountability Office (pdf), the agency warned, “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.”

At the time, U.S. Rep. Peter DeFazio (D-Ore.) said, the “FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”

The same year, security researcher Chris Roberts ended up in hot water with the feds after tweeting about hacking the United Airlines plane he was traveling on. The FBI claimed Roberts said he took control of the navigation.

A Hack In The Box presentation by Hugo Teso in 2013 suggested that thanks to the lack of authentication features in the protocol Aircraft Communications Addressing and Report System (ACARS), an airliner could be controlled via an Android app. Flight management software companies, as well as the FAA, disputed Teso’s claims.

All of that means that airline pilots have heard of those vulnerabilities before, too. Yet at a technical meeting in March 2017, several shocked airline pilot captains from American Airlines and Delta were briefed on the 2016 Boeing 757 hack. Hickey said, “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible.’”

As CBS News pointed out, Boeing stopped producing 757s in 2004, but that aircraft is still used by major airlines, such as American, Delta and United. President Trump has a 757, and Vice President Pence also uses one. In fact, Avionics Today claimed 90 percent of commercial planes in the sky are legacy aircraft that were not designed with security in mind.

Boeing told CBS that it firmly believes the test “did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”

Furthermore, an unnamed official briefed on the test told CBS the results of the hack on an older aircraft was good information to have, adding, “but I’m not afraid to fly.” (Not feeling good about this aircraft hack at all, dont we have a missing plane or one that crashed where it was suspected there may have been a hack involved?)

Trifecta of Intel Chaos, Shadow Brokers, Wikileaks, NSA

photo

WikiLeaks announces “Vault 8”

Those releases were part of a series of leaks WikiLeaks called Vault 7. Now, WikiLeaks says Hive is just the first of a long string of similar releases, a series WikiLeaks calls Vault 8, which will consist of source code for tools previously released in the Vault 7 series.

The WikiLeaks announcement has sent shivers up the spines of infosec experts everywhere, as it reminded them of April this year when a hacking group named The Shadow Brokers published cyber-weapons allegedly stolen from the NSA.

Some of the tools included in that release have been incorporated in many malware families and have been at the center of all three major ransomware outbreaks that have taken place n 2017 — WannaCry, NotPetya, and Bad Rabbit. More here.

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide

 

WASHINGTON — Jake Williams awoke last April in an Orlando, Fla., hotel where he was leading a training session. Checking Twitter, the cybersecurity expert was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence.

Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

America’s largest and most secretive intelligence agency had been deeply infiltrated.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”

With a leak of intelligence methods like the N.S.A. tools, Mr. Panetta said, “Every time it happens, you essentially have to start over.”

Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.

Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach. But Mr. Snowden released code words, while the Shadow Brokers have released the actual code; if he shared what might be described as battle plans, they have loosed the weapons themselves. Created at huge expense to American taxpayers, those cyberweapons have now been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

A screenshot taken as ransomware affected systems worldwide last summer. The Ukrainian government posted the picture to its official Facebook page.

Millions of people saw their computers shut down by ransomware, with demands for payments in digital currency to have their access restored. Tens of thousands of employees at Mondelez International, the Oreo cookie maker, had their data completely wiped. FedEx reported that an attack on a European subsidiary had halted deliveries and cost $300 million. Hospitals in Pennsylvania, Britain and Indonesia had to turn away patients. The attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide.

American officials had to explain to close allies — and to business leaders in the United States — how cyberweapons developed at Fort Meade in Maryland, came to be used against them. Experts believe more attacks using the stolen N.S.A. tools are all but certain.

Inside the agency’s Maryland headquarters and its campuses around the country, N.S.A. employees have been subjected to polygraphs and suspended from their jobs in a hunt for turncoats allied with the Shadow Brokers. Much of the agency’s cyberarsenal is still being replaced, curtailing operations. Morale has plunged, and experienced cyberspecialists are leaving the agency for better-paying jobs — including with firms defending computer networks from intrusions that use the N.S.A.’s leaked tools.

“It’s a disaster on multiple levels,” Mr. Williams said. “It’s embarrassing that the people responsible for this have not been brought to justice.”

In response to detailed questions, an N.S.A. spokesman, Michael T. Halbig, said the agency “cannot comment on Shadow Brokers.” He denied that the episode had hurt morale. “N.S.A. continues to be viewed as a great place to work; we receive more than 140,000 applications each year for our hiring program,” he said.

Compounding the pain for the N.S.A. is the attackers’ regular online public taunts, written in ersatz broken English. Their posts are a peculiar mash-up of immaturity and sophistication, laced with profane jokes but also savvy cultural and political references. They suggest that their author — if not an American — knows the United States well.

“Is NSA chasing shadowses?” the Shadow Brokers asked in a post on Oct. 16, mocking the agency’s inability to understand the leaks and announcing a price cut for subscriptions to its “monthly dump service” of stolen N.S.A. tools. It was a typically wide-ranging screed, touching on George Orwell’s “1984”; the end of the federal government’s fiscal year on Sept. 30; Russia’s creation of bogus accounts on Facebook and Twitter; and the phenomenon of American intelligence officers going to work for contractors who pay higher salaries.

The Shadow Brokers have mocked the N.S.A. in regular online posts and released its stolen hacking tools in a “monthly dump service.”

One passage, possibly hinting at the Shadow Brokers’ identity, underscored the close relationship of Russian intelligence to criminal hackers. “Russian security peoples,” it said, “is becoming Russian hackeres at nights, but only full moons.”

Russia is the prime suspect in a parallel hemorrhage of hacking tools and secret documents from the C.I.A.’s Center for Cyber Intelligence, posted week after week since March to the WikiLeaks website under the names Vault7 and Vault8. That breach, too, is unsolved. Together, the flood of digital secrets from agencies that invest huge resources in preventing such breaches is raising profound questions.

Have hackers and leakers made secrecy obsolete? Has Russian intelligence simply outplayed the United States, penetrating the most closely guarded corners of its government? Can a work force of thousands of young, tech-savvy spies ever be immune to leaks?

Some veteran intelligence officials believe a lopsided focus on offensive cyberweapons and hacking tools has, for years, left American cyberdefense dangerously porous.

“We have had a train wreck coming,” said Mike McConnell, the former N.S.A. director and national intelligence director. “We should have ratcheted up the defense parts significantly.”

America’s Cyber Special Forces

At the heart of the N.S.A. crisis is Tailored Access Operations, the group where Mr. Williams worked, which was absorbed last year into the agency’s new Directorate of Operations.

The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies. Jim Lo Scalzo/European Pressphoto Agency

T.A.O. — the outdated name is still used informally — began years ago as a side project at the agency’s research and engineering building at Fort Meade. It was a cyber Skunk Works, akin to the special units that once built stealth aircraft and drones. As Washington’s need for hacking capabilities grew, T.A.O. expanded into a separate office park in Laurel, Md., with additional teams at facilities in Colorado, Georgia, Hawaii and Texas.

The hacking unit attracts many of the agency’s young stars, who like the thrill of internet break-ins in the name of national security, according to a dozen former government officials who agreed to describe its work on the condition of anonymity. T.A.O. analysts start with a shopping list of desired information and likely sources — say, a Chinese official’s home computer or a Russian oil company’s network. Much of T.A.O.’s work is labeled E.C.I., for “exceptionally controlled information,” material so sensitive it was initially stored only in safes. When the cumulative weight of the safes threatened the integrity of N.S.A.’s engineering building a few years ago, one agency veteran said, the rules were changed to allow locked file cabinets.

The more experienced T.A.O. operators devise ways to break into foreign networks; junior operators take over to extract information. Mr. Williams, 40, a former paramedic who served in military intelligence in the Army before joining the N.S.A., worked in T.A.O. from 2008 to 2013, which he described as an especially long tenure. He called the work “challenging and sometimes exciting.”

T.A.O. operators must constantly renew their arsenal to stay abreast of changing software and hardware, examining every Windows update and new iPhone for vulnerabilities. “The nature of the business is to move with the technology,” a former T.A.O. hacker said.

Long known mainly as an eavesdropping agency, the N.S.A. has embraced hacking as an especially productive way to spy on foreign targets. The intelligence collection is often automated, with malware implants — computer code designed to find material of interest — left sitting on the targeted system for months or even years, sending files back to the N.S.A.

The same implant can be used for many purposes: to steal documents, tap into email, subtly change data or become the launching pad for an attack. T.A.O.’s most public success was an operation against Iran called Olympic Games, in which implants in the network of the Natanz nuclear plant caused centrifuges enriching uranium to self-destruct. The T.A.O. was also critical to attacks on the Islamic State and North Korea.

It was this cyberarsenal that the Shadow Brokers got hold of, and then began to release.

Like cops studying a burglar’s operating style and stash of stolen goods, N.S.A. analysts have tried to figure out what the Shadow Brokers took. None of the leaked files date from later than 2013 — a relief to agency officials assessing the damage. But they include a large share of T.A.O.’s collection, including three so-called “ops disks — T.A.O.’s term for tool kits — containing the software to bypass computer firewalls, penetrate Windows and break into the Linux systems most commonly used on Android phones.

Evidence shows that the Shadow Brokers obtained the entire tool kits intact, suggesting that an insider might have simply pocketed a thumb drive and walked out.

But other files obtained by the Shadow Brokers bore no relation to the ops disks and seem to have been grabbed at different times. Some were designed for a compromise by the N.S.A. of Swift, a global financial messaging system, allowing the agency to track bank transfers. There was a manual for an old system code-named UNITEDRAKE, used to attack Windows. There were PowerPoint presentations and other files not used in hacking, making it unlikely that the Shadow Brokers had simply grabbed tools left on the internet by sloppy N.S.A. hackers.

After 15 months of investigation, officials still do not know what was behind the Shadow Brokers disclosures — a hack, with Russia as the most likely perpetrator, an insider’s leak, or both.

Some officials doubt that the Shadow Brokers got it all by hacking the most secure of American government agencies — hence the search for insiders. But some T.A.O. hackers think that skilled, persistent attackers might have been able to get through the N.S.A.’s defenses — because, as one put it, “I know we’ve done it to other countries.”

The Shadow Brokers have verbally attacked certain cyberexperts, including Mr. Williams. When he concluded from their Twitter hints that they knew about some of his hacks while at the N.S.A., he canceled a business trip to Singapore. The United States had named and criminally charged hackers from the intelligence agencies of China, Iran and Russia. He feared he could be similarly charged by a country he had targeted and arrested on an international warrant.

He has since resumed traveling abroad. But he says no one from the N.S.A. has contacted him about being singled out publicly by the Shadow Brokers.

“That feels like a betrayal,” he said. “I was targeted by the Shadow Brokers because of that work. I do not feel the government has my back.”

The Hunt for an Insider

For decades after its creation in 1952, the N.S.A. — No Such Agency, in the old joke — was seen as all but leakproof. But since Mr. Snowden flew away with hundreds of thousands of documents in 2013, that notion has been shattered.

The Snowden trauma led to the investment of millions of dollars in new technology and tougher rules to counter what the government calls the insider threat. But N.S.A. employees say that with thousands of employees pouring in and out of the gates, and the ability to store a library’s worth of data in a device that can fit on a key ring, it is impossible to prevent people from walking out with secrets.

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

Mr. Martin’s gargantuan collection of stolen files included much of what the Shadow Brokers have, and he has been scrutinized by investigators as a possible source for them. Officials say they do not believe he deliberately supplied the material, though they have examined whether he might have been targeted by thieves or hackers.

But according to former N.S.A. employees who are still in touch with active workers, investigators of the Shadow Brokers thefts are clearly worried that one or more leakers may still be inside the agency. Some T.A.O. employees have been asked to turn over their passports, take time off their jobs and submit to questioning. The small number of cyberspecialists who have worked both at T.A.O. and at the C.I.A. have come in for particular attention, out of concern that a single leaker might be responsible for both the Shadow Brokers and the C.I.A.’s Vault7 breaches.

Then there are the Shadow Brokers’ writings, which betray a seeming immersion in American culture. Last April, about the time Mr. Williams was discovering their inside knowledge of T.A.O. operations, the Shadow Brokers posted an appeal to President Trump: “Don’t Forget Your Base.” With the ease of a seasoned pundit, they tossed around details about Stephen K. Bannon, the president’s now departed adviser; the Freedom Caucus in Congress; the “deep state”; the Alien and Sedition Acts; and white privilege.

“TheShadowBrokers is wanting to see you succeed,” the post said, addressing Mr. Trump. “TheShadowBrokers is wanting America to be great again.”

The mole hunt is inevitably creating an atmosphere of suspicion and anxiety, former employees say. While the attraction of the N.S.A. for skilled cyberoperators is unique — nowhere else can they hack without getting into legal trouble — the boom in cybersecurity hiring by private companies gives T.A.O. veterans lucrative exit options.

Got a confidential news tip?

The New York Times would like to hear from readers who want to share messages and materials with our journalists.

Young T.A.O. hackers are lucky to make $80,000 a year, while those who leave routinely find jobs paying well over $100,000, cybersecurity specialists say. For many workers, the appeal of the N.S.A’s mission has been more than enough to make up the difference. But over the past year, former T.A.O. employees say an increasing number of former colleagues have called them looking for private-sector work, including “graybeards” they thought would be N.S.A. lifers.

“Snowden killed morale,” another T.A.O. analyst said. “But at least we knew who he was. Now you have a situation where the agency is questioning people who have been 100 percent mission-oriented, telling them they’re liars.”

Because the N.S.A. hacking unit has grown so rapidly over the past decade, the pool of potential leakers has expanded into the hundreds. Trust has eroded as anyone who had access to the leaked code is regarded as the potential culprit.

Some agency veterans have seen projects they worked on for a decade shut down because implants they relied on were dumped online by the Shadow Brokers. The number of new operations has declined because the malware tools must be rebuilt. And no end is in sight.

“How much longer are the releases going to come?” a former T.A.O. employee asked. “The agency doesn’t know how to stop it — or even what ‘it’ is.”

One N.S.A. official who almost saw his career ended by the Shadow Brokers is at the very top of the organization: Adm. Michael S. Rogers, director of the N.S.A. and commander of its sister military organization, United States Cyber Command. President Barack Obama’s director of national intelligence, James R. Clapper Jr., and defense secretary, Ashton B. Carter, recommended removing Admiral Rogers from his post to create accountability for the breaches.

But Mr. Obama did not act on the advice, in part because Admiral Rogers’ agency was at the center of the investigation into Russia’s interference in the 2016 election. Mr. Trump, who again on Saturday disputed his intelligence agencies’ findings on Russia and the election, extended the admiral’s time in office. Some former intelligence officials say they are flabbergasted that he has been able to hold on to his job.

A Shadow War With Russia?

Lurking in the background of the Shadow Brokers investigation is American officials’ strong belief that it is a Russian operation. The pattern of dribbling out stolen documents over many months, they say, echoes the slow release of Democratic emails purloined by Russian hackers last year.

But there is a more specific back story to the United States-Russia cyber rivalry.

Starting in 2014, American cybersecurity researchers who had been tracking Russia’s state-sponsored hacking groups for years began to expose them in a series of research reports. American firms, including Symantec, CrowdStrike and FireEye, reported that Moscow was behind certain cyberattacks and identified government-sponsored Russian hacking groups.

The Moscow headquarters of Kaspersky Lab, a Russian cybersecurity firm that hunted for N.S.A. malware. Kirill Kudryavtsev/Agence France-Presse — Getty Images

In the meantime, Russia’s most prominent cybersecurity firm, Kaspersky Lab, had started work on a report that would turn the tables on the United States. Kaspersky hunted for the spying malware planted by N.S.A. hackers, guided in part by the keywords and code names in the files taken by Mr. Snowden and published by journalists, officials said.

Kaspersky was, in a sense, simply doing to the N.S.A. what the American companies had just done to Russian intelligence: Expose their operations. And American officials believe Russian intelligence was piggybacking on Kaspersky’s efforts to find and retrieve the N.S.A.’s secrets wherever they could be found. The T.A.O. hackers knew that when Kaspersky updated its popular antivirus software to find and block the N.S.A. malware, it could thwart spying operations around the world.

So T.A.O. personnel rushed to replace implants in many countries with new malware they did not believe the Russian company could detect.

In February 2015, Kaspersky published its report on the Equation Group — the company’s name for T.A.O. hackers — and updated its antivirus software to uproot the N.S.A. malware wherever it had not been replaced. The agency temporarily lost access to a considerable flow of intelligence. By some accounts, however, N.S.A. officials were relieved that the Kaspersky report did not include certain tools they feared the Russian company had found.

As it would turn out, any celebration was premature.

On Aug. 13 last year, a new Twitter account using the Shadow Brokers’ name announced with fanfare an online auction of stolen N.S.A. hacking tools.

“We hack Equation Group,” the Shadow Brokers wrote. “We find many many Equation Group cyber weapons.”

Inside the N.S.A., the declaration was like a bomb exploding. A zip file posted online contained the first free sample of the agency’s hacking tools. It was immediately evident that the Shadow Brokers were not hoaxsters, and that the agency was in trouble.

The leaks have renewed a debate over whether the N.S.A. should be permitted to stockpile vulnerabilities it discovers in commercial software to use for spying — rather than immediately alert software makers so the holes can be plugged. The agency claims it has shared with the industry more than 90 percent of flaws it has found, reserving only the most valuable for its own hackers. But if it can’t keep those from leaking, as the last year has demonstrated, the resulting damage to businesses and ordinary computer users around the world can be colossal. The Trump administration says it will soon announce revisions to the system, making it more transparent.

Mr. Williams said it may be years before the “full fallout” of the Shadow Brokers breach is understood. Even the arrest of whoever is responsible for the leaks may not end them, he said — because the sophisticated perpetrators may have built a “dead man’s switch” to release all remaining files automatically upon their arrest.

“We’re obviously dealing with people who have operational security knowledge,” he said. “They have the whole law enforcement system and intelligence system after them. And they haven’t been caught.”

Surveillance: China’s Big Brother, America’s Also?

photo

Video footage sent back to China, for what? Comprehensive espionage… Are U.S. manufacturers no longer making camera equipment or offering surveillance technology? What that any part of the trade deals President Trump signed with President Xi? Anyone?

Surveillance Cameras Made by China Are Hanging All Over the U.S.

Company 42%-owned by the Chinese government sold devices that monitor U.S. Army base, Memphis streets, sparking concerns about cybersecurity

The Memphis police use the surveillance cameras to scan the streets for crime. The U.S. Army uses them to monitor a base in Missouri. Consumer models hang in homes and businesses across the country. At one point, the cameras kept watch on the U.S. embassy in Kabul.

All the devices were manufactured by a single company, Hangzhou Hikvision Digital Technology. It is 42%-owned by the Chinese government. More here.

***

Its state-of-the-art surveillance cameras monitor the movements of millions of Britons going about their daily lives in airports, government buildings, sports stadiums, high streets and stations.

Hikvision, a company controlled by the Chinese government, was recently revealed to be Britain’s biggest supplier of CCTV equipment, raising fears its internet-linked cameras could be hacked from Beijing at the touch of a button.

Last week, undercover Mail on Sunday reporters posed as businessmen to infiltrate its headquarters in the ‘surveillance city’ of Hangzhou in eastern China, to investigate its activities.

What they found will raise fresh cause for concern about a company whose growing influence in the UK has already been questioned by former MI6 officers and Security Ministers. Far from being the independently run business it claims to be in its customer-friendly marketing, Hikvision is controlled by China’s ruling Communist Party. These capacities enable the Chinese authorities to track dissidents, activists and human-rights campaigners, who are routinely rounded up and detained.

As it rapidly expands its global presence, Hikvision has been generously bankrolled by Chinese state banks, which critics say give it an unfair commercial edge.

It received £2.4 billion from China Development Bank in December and a further £2.3 billion loan from the Export-Import Bank of China in August, both of which are controlled by the Chinese government. More here.

***

According to yearly independent research data from IHS Market, Hikvision accounted for 19.5% of market share in global video surveillance industry in 2015, up from 4.6% in 2010, and has been ranked the No.1 market share leader globally for video surveillance equipment for five consecutive years. In 2015, Hikvision was ranked first in EMEA market with 12.2% market share, and was ranked second in Americas market with 7.3% market share.

Hikvision provides video surveillance products and vertical market solutions in the global market, through more than 2,400 partners in 155 countries and regions. In mainland China, Hikvision now partners with more than 40,000 distributors, system integrators and installers. The Company’s products and solutions have been widely deployed in a number of vertical markets and in notable facilities around the world including the Beijing Olympic Stadium, Shanghai Expo, Philadelphia Safe Communities in the U.S., South Korea Seoul Safe City, Brazil World Cup Stadium, the Italy Linate Airport, and many others.

Hikvision is dedicated to providing global resources and locally-based technical, engineering, sales and service supports to its valued customers around the world. In Hikvision’s oversea sales team, about 90% of the employees are local residents; for example, Hikvision European has about 210 employees, among which, over 190 are locals.

***

Imagine a world where almost everyone can be tracked, and everything can be seen by cameras linked directly to the Chinese government.

The rapid growth of a little known Chinese manufacturer of high-powered surveillance technology has some people concerned that it’s no longer a theory.

American flag waves beside CCTV cameras on top of the U.S. embassy in Berlin, Germany, Oct. 25, 2013.

American flag waves beside CCTV cameras on top of the U.S. embassy in Berlin, Germany, Oct. 25, 2013.

Hangzhou Hikvision Digital Technology, a company controlled by the Chinese government, is now the world’s largest supplier of video surveillance equipment, with internet-enabled cameras installed in more than 100 countries.

Capable of capturing sharp images even in fog, rain or darkness, Hikvision claims its most advanced technologies can recognize license plates and tell if a driver is texting while behind the wheel. They can also track individuals with unrivaled “face-tracking” technology and by identifiers such as body metrics, hair color and clothing.

In the United States alone, the company’s surveillance systems can be found everywhere from prisons to airports to private homes and public schools, and even in places with sensitive national security concerns, such as Fort Leonard Wood military base in Missouri. Abroad, its cameras were installed in the U.S. embassy in Kabul, Afghanistan.

According to a U.S. government procurement document published on IPVM.com, the world’s largest online video surveillance trade magazine, U.S. embassy officials decided in August 2016 to allow only Hikvision suppliers to bid on the installation contract.

Stephen Bryen, a widely published expert on international affairs and cyber security, wrote an article outlining his concerns about the purchase, saying the Hikvision cameras were never proven to be any more secure than comparable models.

“If the procurement officer actually thought these cameras were more secure than others, that would have been claimed as part of the sole-source justification,” he said of the embassy purchase agreement, adding that no claims of any kind were made regarding the Hikvision products.

“The issue is that the U.S. embassy is installing commercial cameras in one if its most sensitive locations,” Bryen wrote. “This is a big mistake, and mistakes like this can cost lives.”

On Monday, a State Department official confirmed the installation via email.

“A Hikvision camera system was initially installed to monitor non-sensitive electrical closets for theft prevention,” the official said of U.S. Embassy Kabul. “The procurement in question was to either expand this or to install a new system. The procurement was cancelled September 2016 and the previously installed cameras were removed.”

It is not known whether other Hikvision products have ever been installed in other U.S. embassies.

Spreading the word

Edward Long, a former employee of a video surveillance equipment company in Florida, recently petitioned the U.S. government with a letter warning that Hikvision cameras are sending information back to China.

“Over the past year, [Hikvision has] … flooded the United States with their equipment,” he wrote. “Every time one of their machines is plugged into the internet, it sends all your data to three servers in China. With that information, the Chinese government can log in to any camera system, anytime they want.”

Frank Fisherman, a general manager for Long’s former employer, IC Realtime Security Solutions, tells VOA that Hikvision devices are engineered for effortless hacking.

“They have their encrypted information set up so they can access even if you change the admin [passwords] and the firewall,” he said, adding that Hikvision may have set aside a “back door” in the production process, such that the manufacturer can monitor devices remotely without the users being aware.

IPVM President John Honovich, however, strikes a less alarmist tone.

“So far, we haven’t found any evidence showing these cameras are sending information back to China, and there is no evidence of such back doors,” he told VOA, cautioning, however, that these facts alone do not rule out a possible security threat.

“The issue that still remains is that maybe [back doors] haven’t been found yet,” he said. “All devices have firmware, [which is] updated all the time, just like you update your computer [or] your PC. At any point during the firmware upgrade, back doors can be added by the manufacturers.”

Among well-known video surveillance equipment manufacturers, Honovich added, Hikvision products may not be worth the risk.

“There are hundreds of security camera manufacturers in the world,” he said. “One can [find a reliable system] without the risk of buying products made by a company largely owned and controlled by the Chinese government.”

A Beijing incubator company

Established in 2001, Hikvision, which originated as a Chinese government research institute, maintains strong ties with that government. More than 42 percent of the company is owned by China’s state-owned enterprises, with the remaining stock owned by a combination of general public stockholders and venture capital investors, including 18 percent from private equity in Hong Kong.

In 2015, when Chinese President Xi Jinping went on an inspection tour of the southern city of Hangzhou, capital of Zhejiang Province, he visited Hikvision’s main office instead of the famous Alibaba headquarters. Xi also met with Pu Shiliang, 38, Hikvision’s head of research and development.

According to the official website of Zhejiang Police Academy, Pu is also the director of a technology laboratory within China’s Ministry of Public Security, the main domestic security agency that has long been criticized for tracking and detaining dissidents and perceived Communist Party opponents of any stripe.

Beginning in 2015, China’s state Development Bank and Export-Import Bank provided Hikvision with 20 billion yuan (nearly $3 billion) in low-interest loans and a 20 billion yuan line of credit. Loans of this size are typically unavailable to Chinese or foreign companies.

Invisible to consumers

Despite the enormous security implications, the United States appears to have made no national security assessment of Hikvision products. As indicated by Long’s online petition, which ultimately closed with only 15 supporters, Hikvision’s links to Beijing are virtually invisible to American consumers.

In April, a New York Times report addressed similar concerns about Chinese drone maker DJI — the world’s largest manufacturer of small drones. The report says the company issued a user agreement that warns customers: “if you conduct your flight in certain countries, your flight data might be monitored and provided to the government authorities according to local regulatory laws.”

In Britain, where many Hikvision cameras have been installed, some government officials have begun voicing concerns.

“If you’ve got cameras that are IP enabled, or potentially could covertly be so enabled … they could potentially be used for malign purposes,” Nigel Inkster, a former British intelligence official, told The Times.

Canadian-based Genetec, one of the world’s leading video surveillance software companies, recently announced that it would no longer offer free technical support for products from either Hikvision or Huawei — a Shenzen-based multinational networking and telecommunications equipment and services company — citing ongoing “security considerations.”

Issuing the announcement, Genetec cited government and corporate clients who called Hikvision and Huawei products “too risky.”

Voice of America received no response to multiple attempts to contact Hikvision’s headquarters in Hangzhou and its branch in California.

Jeffrey He, president of Hikvision’s U.S. and Canadian branch, defended the company during an undated interview with U.S. security monitoring website SourceSecurity.com.

“There have been some misguided accusations targeting Hikvision’s public and industry image, sometimes seeking to create controversy where none exists,” he said. “These questions are geared in general not just to Hikvision, but also to many Chinese manufacturers, and none of these accusations have been proven to be true. These accusations are baseless.

“The Cold War was officially over when the Berlin Wall came down, but I am seeing that, in the minds of some, it never ended,” he added. “We all would be better served if, instead of living in the past, we would look toward the future and the realities of world changes and technology changing along with it.”

 

 

Paychecks Stop at Podesta Group, New Operations Launch

Kimberly Fritts, has resigned and announced no more paychecks from the Podesta Group after Tony, the founder stepped down. Fleeing to other corners, other lobby groups are cherry picking to hire former Podesta Group employees.

photo

Podesta Group Unravels as CEO Plans to Take Clients to New Firm

Less than two weeks after Democratic mega-lobbyist Tony Podesta stepped down from his firm amid questions over its foreign work, one of Washington’s most prominent lobbying shops is unraveling as its employees try to reconstitute under new leadership.

Chief Executive Officer Kimberly Fritts told employees Thursday afternoon she is working on launching a new firm that would take many of Podesta’s staff and clients with her, said two people familiar with the meeting. She told employees they shouldn’t expect a paycheck past Nov. 15, the people said.

It was not an entirely unexpected moment for the 30-year-old firm after Podesta’s sudden resignation Oct. 31, when he announced he was stepping down following an indictment issued against Trump’s former campaign manager Paul Manafort by U.S. Justice Department Special Counsel Robert Mueller.

The charges detailed Manafort’s clandestine influence campaign on behalf of Ukraine’s deposed president Viktor Yanukovych, including work with two unidentified companies that “lobbied multiple members of Congress and their staff about Ukraine sanctions, the validity of Ukraine elections, and the propriety of Yanukovych’s imprisoning his presidential rival.”

Mueller’s indictment identified the firms as Company A and Company B and said they were allegedly paid by Manafort with more than $2 million in offshore funds. A person familiar with the matter confirmed that Company B is the Podesta Group, which disclosed in April that it had worked for the European Centre for a Modern Ukraine. Company A is Mercury Public Affairs LLC, said another person familiar with the matter.

The Podesta Group represents some of the the world’ biggest companies, including Alphabet Inc.’s Google, Altria Group Inc., Wells Fargo & Co., Lockheed Martin Corp., Pfizer Inc. and other representatives of some of the most active industries in Washington.

Podesta’s next steps were not discussed at the meeting, one person said. A spokeswoman for Tony Podesta and the Podesta Group declined to comment.

Podesta is the brother of John Podesta, the chairman of Hillary Clinton’s presidential campaign, who also served as White House chief of staff under President Bill Clinton and was counselor to Barack Obama.

*** 

Kimberley Fritts, the longtime chief executive of the Podesta Group, is leaving the firm to start her own lobbying shop, according to three Podesta Group staffers.

Paul Brathwaite, a Podesta Group principal, said last week that he was leaving to start his own shop, Federal Street Strategies.

Rival lobbying firms, meanwhile, see this is a prime moment to poach the Podesta Group’s top lobbyists. At least six other firms have reached out to Podesta Group staffers about leaving since Tony Podesta stepped down. More here.

*** It must be chaos as there are contracts with countless companies, organizations and foreign entities that must be either cancelled or completed under a new process. According to Open Secrets, the Podesta group has $15,780,000 in lobby income for 2017.

Tony Podesta’s lavish art collection is coming down off the walls at the Podesta Group, as the lobbying firm — among the largest and most powerful in Washington — prepares to close up shop.

Workers started removing dozens of pieces in Podesta’s collection of photography and other artworks from the walls of the firm on Thursday, the same day Kimberley Fritts, the firm’s longtime chief executive, abruptly resigned, according to a Podesta Group staffer.

“The firm as it existed is essentially over,” one Podesta Group staffer said. “The vast majority of people are going their own way.”

At an emotional staff meeting late Thursday afternoon, Fritts told staffers they could clear out their offices and said that Wednesday might be their last payday.

“We will try to compensate you on the 30th, but we can’t make any promises,” Fritts said, according to one staffer who was in the meeting.

Fritts had been expected to relaunch the Podesta Group under a new name in the days after Podesta stepped down. But she instead announced in the meeting on Thursday that she was leaving to start her own firm after negotiations with Podesta broke down. Her last day was Friday, according to Podesta Group staffers.

Fritts is now hustling to find new office space and get her new firm off the ground. Staffers, meanwhile, are struggling to figure out what will happen to the Podesta Group with Fritts gone and Podesta — an outsized presence in Washington known for his flamboyant ties and ubiquity at Democratic fundraisers — nowhere to be found.

Staffers are wondering why a firm that brought in $24 million last year suddenly can’t pay their salaries, and why Podesta and Fritts were unable to strike a deal to transfer ownership of the firm.

“There’s a lot of anger at Tony because of that,” one Podesta Group staffer said.

Some Podesta Group lobbyists are now planning to join Fritts at her new firm, which The New York Times reported on Friday would be named Cogent Strategies.

Others are considering joining rival lobbying firms or starting their own shops. One lobbyist, Paul Brathwaite, sent a note to clients last week announcing he was starting his own firm, Federal Street Strategies. More here.

Hey Harvey Weinstein, Tell us About Black Cube

So, Harvey has not been heard from in a while. Hey may still be in rehab and it is now reported that Kevin Spacey is there too….sheesh

The Meadows is an upscale addiction treatment centre located about an hour’s drive out of Phoenix, Arizona. The sprawling facility boasts an outdoor swimming pool, lush grounds and a fitness centre.

Treatment at the facility can cost around $AU50,000 per month, meaning it’s a favoured destination for the rich and famous — celebs including Tiger Woods, Selena Gomez and Elle Macpherson have all stayed at the centre for issues ranging from alcohol abuse to sex addiction. More here.

Meanwhile Weinstein has hired a team of lawyers in California and New York where investigations are underway and charges are pending. His California lawyer is Blair Berk who has previously represented Mel Gibson, Britney Spears and Kiefer Sutherland. His lawyer in New York is known as Benjamin Brafman. His client list included Martin Shkreli and Dominique Strauss Kahn.

There is also a lawyer of record on the Weinstein team named David Boies. This fella has a real interesting legal portfolio. He is in fact pretty shady himself. Read about him here.

So what is this about Black Cube?

Set-up: Black Cube says that they had no idea what Harvey Weinstein wanted when they were contracted and wouldn’t have accepted it if they did. Well…hold on here… (Boies signed the contract with Black Cube, plausible deniability in play)

Farrow: In the fall of 2016, Harvey Weinstein set out to suppress allegations that he had sexually harassed or assaulted numerous women. He began to hire private security agencies to collect information on the women and the journalists trying to expose the allegations. According to dozens of pages of documents, and seven people directly involved in the effort, the firms that Weinstein hired included Kroll, which is one of the world’s largest corporate-intelligence companies, and Black Cube, an enterprise run largely by former officers of Mossad and other Israeli intelligence agencies. Black Cube, which has branches in Tel Aviv, London, and Paris, offers its clients the skills of operatives “highly experienced and trained in Israel’s elite military and governmental intelligence units,” according to its literature.

Two private investigators from Black Cube, using false identities, met with the actress Rose McGowan, who eventually publicly accused Weinstein of rape, to extract information from her. One of the investigators pretended to be a women’s-rights advocate and secretly recorded at least four meetings with McGowan. The same operative, using a different false identity and implying that she had an allegation against Weinstein, met twice with a journalist to find out which women were talking to the press. In other cases, journalists directed by Weinstein or the private investigators interviewed women and reported back the details.

The explicit goal of the investigations, laid out in one contract with Black Cube, signed in July, was to stop the publication of the abuse allegations against Weinstein that eventually emerged in the New York Times and The New Yorker. Over the course of a year, Weinstein had the agencies “target,” or collect information on, dozens of individuals, and compile psychological profiles that sometimes focussed on their personal or sexual histories. Weinstein monitored the progress of the investigations personally. He also enlisted former employees from his film enterprises to join in the effort, collecting names and placing calls that, according to some sources who received them, felt intimidating.

In some cases, the investigative effort was run through Weinstein’s lawyers, including David Boies, a celebrated attorney who represented Al Gore in the 2000 Presidential-election dispute and argued for marriage equality before the U.S. Supreme Court. Boies personally signed the contract directing Black Cube to attempt to uncover information that would stop the publication of a Times story about Weinstein’s abuses, while his firm was also representing the Times, including in a libel case.

Boies confirmed that his firm contracted with and paid two of the agencies and that investigators from one of them sent him reports, which were then passed on to Weinstein. He said that he did not select the firms or direct the investigators’ work. He also denied that the work regarding the Times story represented a conflict of interest. Boies said that his firm’s involvement with the investigators was a mistake. “We should not have been contracting with and paying investigators that we did not select and direct,” he told me. “At the time, it seemed a reasonable accommodation for a client, but it was not thought through, and that was my mistake. It was a mistake at the time.”

Techniques like the ones used by the agencies on Weinstein’s behalf are almost always kept secret, and, because such relationships are often run through law firms, the investigations are theoretically protected by attorney-client privilege, which could prevent them from being disclosed in court. The documents and sources reveal the tools and tactics available to powerful individuals to suppress negative stories and, in some cases, forestall criminal investigations.

In a statement, Weinstein’s spokesperson, Sallie Hofmeister, said, “It is a fiction to suggest that any individuals were targeted or suppressed at any time.”

In May, 2017, McGowan received an e-mail from a literary agency introducing her to a woman who identified herself as Diana Filip, the deputy head of sustainable and responsible investments at Reuben Capital Partners, a London-based wealth-management firm. Filip told McGowan that she was launching an initiative to combat discrimination against women in the workplace, and asked McGowan, a vocal women’s-rights advocate, to speak at a gala kickoff event later that year. Filip offered McGowan a fee of sixty thousand dollars. “I understand that we have a lot in common,” Filip wrote to McGowan before their first meeting, in May, at the Peninsula Hotel in Beverly Hills. Filip had a U.K. cell-phone number, and she spoke with what McGowan took to be a German accent. Over the following months, the two women met at least three more times at hotel bars in Los Angeles and New York and other locations. “I took her to the Venice boardwalk and we had ice cream while we strolled,” McGowan told me, adding that Filip was “very kind.” The two talked at length about issues relating to women’s empowerment. Filip also repeatedly told McGowan that she wanted to make a significant investment in McGowan’s production company.

Filip was persistent. In one e-mail, she suggested meeting in Los Angeles and then, when McGowan said she would be in New York, Filip said she could meet there just as easily. She also began pressing McGowan for information. In a conversation in July, McGowan revealed to Filip that she had spoken to me as part of my reporting on Weinstein. A week later, I received an e-mail from Filip asking for a meeting and suggesting that I join her campaign to end professional discrimination against women. “I am very impressed with your work as a male advocate for gender equality, and believe that you would make an invaluable addition to our activities,” she wrote, using her wealth-management firm’s e-mail address. Unsure of who she was, I did not respond.

Filip continued to meet with McGowan. In one meeting in September, Filip was joined by another Black Cube operative, who used the name Paul and claimed to be a colleague at Reuben Capital Partners. The goal, according to two sources with knowledge of the effort, was to pass McGowan to another operative to extract more information. On October 10th, the day The New Yorker published my story about Weinstein, Filip reached out to McGowan in an e-mail. “Hi Love,” she wrote. “How are you feeling? . . . Just wanted to tell you how brave I think you are.” She signed off with an “xx.” Filip e-mailed McGowan as recently as October 23rd.

In fact, “Diana Filip” was an alias for a former officer in the Israeli Defense Forces who originally hailed from Eastern Europe and was working for Black Cube, according to three individuals with knowledge of the situation. When I sent McGowan photos of the Black Cube agent, she recognized her instantly. “Oh my God,” she wrote back. “Reuben Capital. Diana Filip. No fucking way.”

Ben Wallace, a reporter at New York who was pursuing a story on Weinstein, said that the same woman met with him twice last fall. She identified herself only as Anna and suggested that she had an allegation against Weinstein. When I presented Wallace with the same photographs of Black Cube’s undercover operative, Wallace recalled her vividly. “That’s her,” he said. Like McGowan, Wallace said that the woman had what he assumed to be a German accent, as well as a U.K. cell-phone number. Wallace told me that Anna first contacted him on October 28, 2016, when he had been working on the Weinstein story for about a month and a half. Anna declined to disclose who had given her Wallace’s information. Over the course of the two meetings, Wallace grew increasingly suspicious of her motives. Anna seemed to be pushing him for information, he recalled, “about the status and scope of my inquiry, and about who I might be talking to, without giving me any meaningful help or information.” During their second meeting, Anna requested that they sit close together, leading Wallace to suspect that she might be recording the exchange. When she recounted her experiences with Weinstein, Wallace said, “it seemed like soap-opera acting.” Wallace wasn’t the only journalist the woman contacted. In addition to her e-mails to me, Filip also e-mailed Jodi Kantor, of the Times, according to sources involved in the effort.

The U.K. cell-phone numbers that Filip provided to Wallace and McGowan have been disconnected. Calls to Reuben Capital Partners’ number in London went unanswered. As recently as Friday, the firm had a bare-bones Web site, with stock photos and generic text passages about asset management and an initiative called Women in Focus. The site, which has now been taken down, listed an address near Piccadilly Circus, operated by a company specializing in shared office space. That company said that it had never heard of Reuben Capital Partners. Two sources with knowledge of Weinstein’s work with Black Cube said that the firm creates fictional companies to provide cover for its operatives, and that Filip’s firm was one of them.

Black Cube declined to comment on the specifics of any work it did for Weinstein. The agency said in a statement, “It is Black Cube’s policy to never discuss its clients with any third party, and to never confirm or deny any speculation made with regard to the company’s work. Black Cube supports the work of many leading law firms around the world, especially in the US, gathering evidence for complex legal processes, involving commercial disputes, among them uncovering negative campaigns. . . . It should be highlighted that Black Cube applies high moral standards to its work, and operates in full compliance with the law of any jurisdiction in which it operates—strictly following the guidance and legal opinions provided by leading law firms from around the world.” The contract with the firm also specified that all of its work would be obtained “by legal means and in compliance with all applicable laws and regulations.”

Last fall, Weinstein began mentioning Black Cube by name in conversations with his associates and attorneys. The agency had made a name for itself digging up information for companies in Israel, Europe, and the U.S. that led to successful legal judgments against business rivals. But the firm has also faced legal questions about its employees’ use of fake identities and other tactics. Last year, two of its investigators were arrested in Romania on hacking charges. In the end, the company reached an agreement with the Romanian authorities, under which the operatives admitted to hacking and were released. Two sources familiar with the agency defended its decision to work for Weinstein, saying that they originally believed that the assignment focussed on his business rivals. But even the earliest lists of names that Weinstein provided to Black Cube included actresses and journalists.

On October 28, 2016, Boies’s law firm, Boies Schiller Flexner, wired to Black Cube the first hundred thousand dollars, toward what would ultimately be a six-hundred-thousand-dollar invoice. (The documents do not make clear how much of the invoice was paid.) The law firm and Black Cube signed a contract that month and several others later. One, dated July 11, 2017, and bearing Boies’s signature, states that the project’s “primary objectives” are to “provide intelligence which will help the Client’s efforts to completely stop the publication of a new negative article in a leading NY newspaper” and to “obtain additional content of a book which currently being written and includes harmful negative information on and about the Client,” who is identified as Weinstein in multiple documents. (In one e-mail, a Black Cube executive asks lawyers retained by the agency to refer to Weinstein as “the end client” or “Mr. X,” noting that referring to him by name “will make him extremely angry.”) The article mentioned in the contract was, according to three sources, the story that ultimately ran in the Times on October 5th. The book was “Brave,” a memoir by McGowan, scheduled for publication by HarperCollins in January. The documents show that, in the end, the agency delivered to Weinstein more than a hundred pages of transcripts and descriptions of the book, based on tens of hours of recorded conversations between McGowan and the female private investigator.

Weinstein’s spokesperson, Hofmeister, called “the assertion that Mr. Weinstein secured any portion of a book . . . false and among the many inaccuracies and wild conspiracy theories promoted in this article.”

The July agreement included several “success fees” if Black Cube met its goals. The firm would receive an additional three hundred thousand dollars if the agency “provides intelligence which will directly contribute to the efforts to completely stop the Article from being published at all in any shape or form.” Black Cube would also be paid fifty thousand dollars if it secured “the other half” of McGowan’s book “in readable book and legally admissible format.”

The contracts also show some of the techniques that Black Cube employs. The agency promised “a dedicated team of expert intelligence officers that will operate in the USA and any other necessary country,” including a project manager, intelligence analysts, linguists, and “Avatar Operators” specifically hired to create fake identities on social media, as well as “operations experts with extensive experience in social engineering.” The agency also said that it would provide “a full time agent by the name of ‘Anna’ (hereinafter ‘the Agent’), who will be based in New York and Los Angeles as per the Client’s instructions and who will be available full time to assist the Client and his attorneys for the next four months.” Four sources with knowledge of Weinstein’s work with Black Cube confirmed that this was the same woman who met with McGowan and Wallace.

Black Cube also agreed to hire “an investigative journalist, as per the Client request,” who would be required to conduct ten interviews a month for four months and be paid forty thousand dollars. Black Cube agreed to “promptly report to the Client the results of such interviews by the Journalist.”

In January, 2017, a freelance journalist called McGowan and had a lengthy conversation with her that he recorded without telling her; he subsequently communicated with Black Cube about the interviews, though he denied he was reporting back to them in a formal capacity. He contacted at least two other women with allegations against Weinstein, including the actress Annabella Sciorra, who later went public in The New Yorker with a rape allegation against Weinstein. Sciorra, whom he called in August, said that she found the conversation suspicious and got off the phone as quickly as possible. “It struck me as B.S.,” she told me. “And it scared me that Harvey was testing to see if I would talk.” The freelancer also placed calls to Wallace, the New York reporter, and to me.

Two sources close to the effort and several documents show that the same freelancer received contact information for actresses, journalists, and business rivals of Weinstein from Black Cube, and that the agency ultimately passed summaries of those interviews to Weinstein’s lawyers. When contacted about his role, the freelancer, who spoke on condition of anonymity, said that he had been working on his own story about Weinstein, using contact information fed to him by Black Cube. The freelancer said that he reached out to other reporters, one of whom used material from his interviews, in the hopes of helping to expose Weinstein. He denied that he was paid by Black Cube or Weinstein.

Weinstein also enlisted other journalists to uncover information that he could use to undermine women with allegations. A December, 2016, e-mail exchange between Weinstein and Dylan Howard, the chief content officer of American Media Inc., which publishes the National Enquirer, shows that Howard shared with Weinstein material obtained by one of his reporters, as part of an effort to help Weinstein disprove McGowan’s allegation of rape. In one e-mail, Howard sent Weinstein a list of contacts. “Let’s discuss next steps on each,” he wrote. After Weinstein thanked him, Howard described a call that one of his reporters made to Elizabeth Avellan, the ex-wife of the director Robert Rodriguez, whom Rodriguez left to have a relationship with McGowan.

Avellan told me that she remembered the interview. Howard’s reporter “kept calling and calling and calling,” she said, and also contacted others close to her. Avellan finally called back, because “I was afraid people might start calling my kids.” In a long phone call, the reporter pressed her for unflattering statements about McGowan. She insisted that the call be off the record, and the reporter agreed. The reporter recorded the call, and subsequently passed the audio to Howard.

In subsequent e-mails to Weinstein, Howard said, “I have something AMAZING . . . eventually she laid into Rose pretty hard.” Weinstein replied, “This is the killer. Especially if my fingerprints r not on this.” Howard then reassured Weinstein, “They are not. And the conversation . . . is RECORDED.” The next day, Howard added, in another e-mail, “Audio file to follow.” (Howard denied sending the audio to Weinstein.) Avellan told me that she would not have agreed to coöperate in efforts to discredit McGowan. “I don’t want to shame people,” she said. “I wasn’t interested. Women should stand together.”

In a statement, Howard said that, in addition to his role as the chief content officer at American Media Inc., the National Enquirer’s publisher, he oversaw a television-production agreement with Weinstein, which has since been terminated. He said that, at the time of the e-mails, “absent a corporate decision to terminate the agreement with The Weinstein Company, I had an obligation to protect AMI’s interests by seeking out—but not publishing—truthful information about people who Mr. Weinstein insisted were making false claims against him. To the extent I provided ‘off the record’ information to Mr. Weinstein about one of his accusers—at a time when Mr. Weinstein was denying any harassment of any woman—it was information which I would never have allowed AMI to publish on the internet or in its magazines.” Although at least one of Howard’s reporters made calls related to Weinstein’s investigations, Howard insisted that he strictly divided his work with Weinstein from his work as a journalist. “I always separated those two roles carefully and completely—and resisted Mr. Weinstein’s repeated efforts to have AMI titles publish favorable stories about him or negative articles about his accusers,” Howard said. An A.M.I. representative noted that, at the time, Weinstein insisted that the encounter was consensual, and that the allegations were untrue.

Hofmeister, Weinstein’s spokesperson, added, “In regard to Mr. Howard, he has served as the point person for American Media’s long-standing business relationship with The Weinstein Company. Earlier this year, Mr. Weinstein gave Mr. Howard a news tip that Mr. Howard agreed might make a good story. Mr. Howard pursued the tip and followed up with Mr. Weinstein as a courtesy, but declined to publish any story.”

Weinstein’s relationship with Kroll, one of the other agencies he contracted with, dates back years. After Ambra Battilana Gutierrez, an Italian model, accused Weinstein of sexually assaulting her, in 2015, she reached a settlement with Weinstein that required her to surrender all her personal devices to Kroll, so that they could be wiped of evidence of a conversation in which Weinstein admitted to groping her. A recording of that exchange, captured during a police sting operation, was released by The New Yorker last month.

During the more recent effort to shut down emerging stories, Kroll again played a central role. E-mails show that Dan Karson, the chairman of Kroll Americas’ Investigations and Disputes practice, contacted Weinstein at his personal e-mail address with information about women with allegations. In one October, 2016, e-mail, Karson sent Weinstein eleven photographs of McGowan and Weinstein together at different events in the years after he allegedly assaulted her. Three hours later, Weinstein forwarded Karson’s e-mail to Boies and Weinstein’s criminal-defense attorney, Blair Berk, and told them to “scroll thru the extra ones.” The next morning, Berk replied that one photo, which showed McGowan warmly talking with Weinstein, “is the money shot.”

Berk defended her actions. “Any criminal-defense lawyer worth her salt would investigate unproven allegations to determine if they are credible,” she said. “And it would be dereliction of duty not to conduct a public-records search for photographs of the accuser embracing the accused taken after the time of the alleged assault.”

Another firm, the Los Angeles-based PSOPS, and its lead private investigator, Jack Palladino, as well as another one of its investigators, Sara Ness, produced detailed profiles of various individuals in the saga, sometimes of a personal nature, which included information that could be used to undermine their credibility. One report on McGowan that Ness sent to Weinstein last December ran for more than a hundred pages and featured McGowan’s address and other personal information, along with sections labelled “Lies/Exaggerations/Contradictions,” “Hypocrisy,” and “Potential Negative Character Wits,” an apparent abbreviation of “witnesses.” One subhead read “Past Lovers.” The section included details of acrimonious breakups, mentioning Avellan, and discussed Facebook posts expressing negative sentiments about McGowan. (Palladino and Ness did not respond to multiple requests for comment.)

Other firms were also involved in assembling such profiles, including ones that focussed on factors that, in theory, might make women likely to speak out against sexual abuse. One of the other firm’s profiles was of Rosanna Arquette, an actress who later, in The New Yorker, accused Weinstein of sexual harassment. The file mentions Arquette’s friendship with McGowan, social-media posts about sexual abuse, and the fact that a family member had gone public with an allegation that she had been molested as a child.

All of the security firms that Weinstein hired were also involved in trying to ferret out reporters’ sources and probe their backgrounds. Wallace, the reporter for New York, said that he was suspicious when he received the call from the Black Cube operative using the pseudonym Anna, because Weinstein had already requested a meeting with Wallace; Adam Moss, the editor-in-chief of New York; David Boies; and a representative from Kroll. The intention, Wallace assumed, was to “come in with dossiers slagging various women and me.” Moss declined the meeting.

In a series of e-mails sent in the weeks before Wallace received the call from Anna, Dan Karson, of Kroll, sent Weinstein preliminary background information on Wallace and Moss. “No adverse information about Adam Moss so far (no libel/defamation cases, no court records or judgments/liens/UCC, etc.),” Karson wrote in one e-mail. Two months later, Palladino, the PSOPS investigator, sent Weinstein a detailed profile of Moss. It stated, “Our research did not yield any promising avenues for the personal impeachment of Moss.”

Similar e-mail exchanges occurred regarding Wallace. Kroll sent Weinstein a list of public criticisms of Wallace’s previous reporting and a detailed description of a U.K. libel suit filed in response to a book he wrote, in 2008, about the rare-wine market. PSOPS also profiled Wallace’s ex-wife, noting that she “might prove relevant to considerations of our response strategy when Wallace’s article on our client is finally published.”

In January, 2017, Wallace, Moss, and other editors at New York decided to shelve the story. Wallace had assembled a detailed list of women with allegations, but he lacked on-the-record statements from any victims. Wallace said that the decision not to run a story was made for legitimate journalistic reasons. Nevertheless, he said, “There was much more static and distraction than I’ve encountered on any other story.”

Other reporters were investigated as well. In April, 2017, Ness, of PSOPS, sent Weinstein an assessment of my own interactions with “persons of interest”—a list largely consisting of women with allegations, or those connected to them. Later, PSOPS submitted a detailed report focussing jointly on me and Jodi Kantor, of the Times. Some of the observations in the report are mundane. “Kantor is NOT following Ronan Farrow,” it notes, referring to relationships on Twitter. At other times, the report reflects a detailed effort to uncover sources. One individual I interviewed, and another whom Kantor spoke to in her separate endeavor, were listed as having reported the details of the conversations back to Weinstein.

For years, Weinstein had used private security agencies to investigate reporters. In the early aughts, as the journalist David Carr, who died in 2015, worked on a report on Weinstein for New York, Weinstein assigned Kroll to dig up unflattering information about him, according to a source close to the matter. Carr’s widow, Jill Rooney Carr, told me that her husband believed that he was being surveilled, though he didn’t know by whom. “He thought he was being followed,” she recalled. In one document, Weinstein’s investigators wrote that Carr had learned of McGowan’s allegation in the course of his reporting. Carr “wrote a number of critical/unflattering articles about HW over the years,” the document says, “none of which touched on the topic of women (due to fear of HW’s retaliation, according to HW).”

Weinstein’s relationships with the private investigators were often routed through law firms that represented him. This is designed to place investigative materials under the aegis of attorney-client privilege, which can prevent the disclosure of communications, even in court.

David Boies, who was involved in the relationships with Black Cube and PSOPS, was initially reluctant to speak with The New Yorker, out of concern that he might be “misinterpreted either as trying to deny or minimize mistakes that were made, or as agreeing with criticisms that I don’t agree are valid.”

But Boies did feel the need to respond to what he considered “fair and important” questions about his hiring of investigators. He said that he did not consider the contractual provisions directing Black Cube to stop the publication of the Times story to be a conflict of interest, because his firm was also representing the newspaper in a libel suit. From the beginning, he said, he advised Weinstein “that the story could not be stopped by threats or influence and that the only way the story could be stopped was by convincing the Times that there was no rape.” Boies told me he never pressured any news outlet. “If evidence could be uncovered to convince the Times the charges should not be published, I did not believe, and do not believe, that that would be averse to the Times’ interest.”

He conceded, however, that any efforts to profile and undermine reporters, at the Times and elsewhere, were problematic. “In general, I don’t think it’s appropriate to try to pressure reporters,” he said. “If that did happen here, it would not have been appropriate.”

Although the agencies paid by his firm focussed on many women with allegations, Boies said that he had only been aware of their work related to McGowan, whose allegations Weinstein denied. “Given what was known at the time, I thought it was entirely appropriate to investigate precisely what he was accused of doing, and to investigate whether there were facts that would rebut those accusations,” he said.

Of his representation of Weinstein in general, he said, “I don’t believe former lawyers should criticize former clients.” But he expressed regrets. “Although he vigorously denies using physical force, Mr. Weinstein has himself recognized that his contact with women was indefensible and incredibly hurtful,” Boies told me. “In retrospect, I knew enough in 2015 that I believe I should have been on notice of a problem, and done something about it. I don’t know what, if anything, happened after 2015, but to the extent it did, I think I have some responsibility. I also think that if people had taken action earlier it would have been better for Mr. Weinstein.”

Weinstein also drafted individuals around him into his efforts—willingly and not. In December, 2016, Weinstein asked the actress Asia Argento, who ultimately went public in The New Yorker with her allegation of rape against Weinstein, to meet in Italy with his private investigators to give testimony on his behalf. Argento, who felt pressure to say yes, declined after her partner, the chef and television personality Anthony Bourdain, advised her to avoid the meeting. Another actress, who declined to be named in this story, said that Weinstein asked her to meet with reporters to extract information about other sources.

Weinstein also enlisted two former employees, Denise Doyle Chambers and Pamela Lubell, in what turned out to be an effort to identify and call people who might speak to the press about their own, or others’, allegations. Weinstein secretly shared the lists they compiled with Black Cube.

Hofmeister, speaking on Weinstein’s behalf, said, “Any ‘lists’ that were prepared included names of former employees and others who were relevant to the research and preparation of a book about Miramax. Former employees conducting interviews for the book reported receiving unwanted contacts from the media.”

Doyle Chambers declined an interview request. But Lubell, a producer who worked for Weinstein at Miramax decades ago, told me that she was manipulated into participating. In July, 2017, Lubell visited Weinstein’s offices to pitch him on an app that she was developing. In the middle of the meeting, Weinstein asked Lubell if they could have a private conversation in his office. Lubell told me that a lawyer working with Weinstein was already there, along with Doyle Chambers. Weinstein asked if Lubell and Doyle Chambers could write a “fun book on the old times, the heyday, of Miramax.” “Pam,” she recalled him saying, “write down all the employees that you know, and can you get in touch with them?”

A few weeks later, in August, after they had made the list, Weinstein “called us back into the office,” Lubell recalled. “And he said, ‘You know what, we’re going to put a hold on the book.’ ” He asked Doyle Chambers and Lubell to “call some of your friends from the list and see if they got calls from the press.” In early September, Weinstein summoned Lubell and Doyle Chambers to his office and asked them to start making calls to people connected to several actresses. “It got kind of intense,” Lubell recalled. “We didn’t know these people, and all of a sudden this was something very different from what we signed up for.” Several of the targeted women said that they felt the calls they received from Lubell and Doyle Chambers, and from Weinstein himself, were frightening.

Lubell told me that hours before the first Times story broke, on October 5th, Weinstein summoned her, Doyle Chambers, and others on his team, including the attorney Lisa Bloom, who has since resigned, to his office. “He was in a panic,” Lubell recalled. “He starts screaming, ‘Get so-and-so on the phone.’ ” After the story was published, the team scrambled to respond to it. Bloom and others pored over pictures that, like the ones featured in the Kroll e-mails, showed ongoing contact between Weinstein and women who made allegations. “He was screaming at us, ‘Send these to the board members,’ ” Lubell recalled. She e-mailed the photographs to the board ahead of the crisis meeting at which Weinstein’s position at his company began unravelling.

Since the allegations against Weinstein became public, Lubell hasn’t slept well. She told me that, although she knew that Weinstein “was a bully and a cheater,” she “never thought he was a predator.” Lubell has wondered if she should have known more, sooner.

After a year of concerted effort, Weinstein’s campaign to track and silence his accusers crumbled. Several of the women targeted, however, said that Weinstein’s use of private security agencies deepened the challenge of speaking out. “It scared me,” Sciorra said, “because I knew what it meant to be threatened by Harvey. I was in fear of him finding me.” McGowan said that the agencies and law firms enabled Weinstein’s behavior. As she was targeted, she felt a growing sense of paranoia. “It was like the movie ‘Gaslight,’ ” she told me. “Everyone lied to me all the time.” For the past year, she said, “I’ve lived inside a mirrored fun house.”