As commercial spyware proliferates and hackers linked to U.S. adversaries step up their attempts to breach high-profile American targets, one U.S. senator says the FBI isn’t doing enough to help lawmakers protect themselves.
In a Monday letter to FBI Director Kash Patel, Sen. Ron Wyden, D-Ore., asked the bureau for more detailed recommendations that his colleagues could implement to keep Russian, Chinese and other cyber operatives from accessing their communications and devices.
Wyden said he was concerned that the FBI — which has warned about attempts to impersonate senior U.S. officials — was “not taking seriously the counterintelligence threat posed by spyware” and was “not providing government officials with effective cybersecurity guidance to defend against that threat.”
FBI representatives have given senators basic “remedial advice,” such as warning them not to click suspicious links, according to Wyden, but these tips are “insufficient” to keep out “foreign spies using advanced cyber tools,” including commercial spyware with “‘zero-click’ capabilities … that do not require any action by the victim.”
Wyden has been one of Congress’s most outspoken opponents of the spread of commercial spyware. In his letter, he noted that foreign governments had used the technology to surveil American diplomats, White House officials and members of Congress, as well as human-rights activists and journalists. Western governments have sanctioned some spyware makers, but those efforts have had limited impact.
“In spite of the seriousness of the spyware threat,” Wyden wrote, “the FBI has yet to provide effective defensive guidance.”
Cyber defense recommendations
Wyden asked Patel to ensure that future FBI briefings to Congress cover four specific security practices: enabling anti-spyware defenses in Apple’s iOS and Google’s Android operating systems; blocking ads, which can be subverted to deliver malware; disabling unique ad identification numbers assigned to each phone, which make it easier to track them; and opting out of commercial data-broker services so those companies can’t sell their data.
Wyden noted that removing one’s information from commercial data warehouses, while primarily a defense against doxing, could also protect politicians from spyware that relies on hackers obtaining a lawmaker’s phone number.
“Our adversaries have upped their game,” Wyden told Patel, “and we must up our defenses.”
