America's Global WhatsApp Surveillance | Microsoft Ukraine Warning | Russia REvil Arrests

Plus: Internet’s Biggest Marketplace For Stolen Credit Cards Will Shut Down

Thanks to a prolonged Christmas break, this is the first edition of The Wiretap in 2022, and to start the year I'm looking at how America uses a 35-year-old law to spy on WhatsApp users across the world without having to give much of an explanation as to why, or know who they're targeting.

In Ohio, a just-unsealed government surveillance application reveals that in November 2021, DEA investigators demanded the Facebook-owned messaging company track seven users based in China and Macau. The application reveals the DEA didn’t know the identities of any of the targets, but told WhatsApp to monitor the IP addresses and numbers with which the targeted users were communicating, as well as when and how they were using the app. Such surveillance is done using a technology known as a pen register and under the 1986 Pen Register Act, and doesn't seek any message content, which WhatsApp couldn’t provide anyway, as it is end-to-end encrypted.

This isn't the first time the government has used the Act in this way. I'd previously reported on another case in Ohio, where another seven WhatsApp users were targeted, three in the U.S., four in Mexico. For each, the U.S. either knew the alias or the real name of the user.

At least in the latest case, I was able to uncover a little more about what the DEA was investigating by looking at the WhatsApp numbers the government wanted to target. Two of the numbers were posted on Facebook, selling chemicals and powders for drugs such as benzodiazepines, which include diazepam (better known by its brand name Valium) and alprazolam (Xanax.)  The U.S. has long looked into how opioids are shipped in from China and other nations.

Though the DEA may be legitimately using the Pen Register Act to track the Chinese chemical suppliers fuelling America’s opioid crisis, there remain concerns about the lack of an explanation of “probable cause.” 

You can read my story in full here on Forbes. And you can read the government's surveillance application, with numbers redacted, here.

We'll be back to the usual schedule as of next week, so expect The Wiretap every Monday for the foreseeable future.

If you have any tips on government surveillance or cybercrime, drop me an email on tbrewster@forbes.com or message me on Signal at +447782376697.

The Big Story

The Stories You Have To Read Today

Microsoft reported that it had seen malware designed to wipe infected computers of data targeting Ukrainian organizations, including some of those that were hit earlier in the week. Independent reporter Kim Zetter has a great rundown of what we know and don't know about the attacks.

Despite claims it did not provide surveillance services to Israeli government agencies, beleaguered smartphone surveillance company NSO Group allegedly sold tools that ended up being used on protesters within its homeland, according to Calcalist. Neither the police nor NSO confirmed or denied specific facts laid out in the report, though the policing agency said that the claims put to them by the Israeli publication were "untrue."

A cyberattack forced the Albuquerque, New Mexico, public school system to close for 2 days, according to CNN. In what appears to be a separate incident, a New Mexico jail was also hit by a cyber incident.

Winner Of The Week

Russia is more often in the news as an alleged state backer of hacking activities, not a prosecutor, but late last week, Russian law enforcement announced the arrests of individuals who allegedly used the REvil ransomware in their hacking campaigns, such as the one on Colonial Pipeline. It's a sign that Russia can crack down on serious digital criminality when it wants.

Loser Of The Week

Europol has announced a law enforcement shut down of VPNLab.net, which it claimed was being used to help criminals hide their online footprints. The agency claimed it was "being used in support of serious criminal acts such as ransomware deployment and other cybercrime activities."