FBI cyber guidance lacks sufficient detail for lawmakers, claims U.S. senator
In a recent move to bolster the cybersecurity of U.S. lawmakers, Senator Ron Wyden (D-Ore.) has put forth a series of detailed recommendations to the FBI Director, Kash Patel. These recommendations aim to strengthen the protection against foreign spyware and other cyber threats.
Senator Wyden, one of Congress's most vocal opponents of the spread of commercial spyware, has expressed concern over the use of such tools by foreign governments to surveil American diplomats, White House officials, members of Congress, human-rights activists, and journalists. These advanced cyber tools, including commercial spyware with 'zero-click' capabilities that do not require any action by the victim, have been employed by adversaries such as Russia, China, and other unnamed entities.
Western governments have imposed sanctions on some spyware makers, yet these efforts have had limited impact. In response, Senator Wyden has proposed four specific security practices that he believes could significantly improve the situation.
1. **Enabling Anti-Spyware Defenses**: Senator Wyden suggests utilising Apple's Lockdown Mode, which restricts non-essential features to reduce the device's attack surface, for Apple iOS devices. For Google Android devices, he recommends implementing Advanced Protection Mode, similar in purpose to Lockdown Mode.
2. **Blocking Ads**: Wyden proposes using ad blockers to guard against malicious advertisements that can deliver malware, helping to reduce the risk of unwanted software installations through compromised ads.
3. **Disabling Ad Tracking IDs**: Disabling unique ad identification numbers assigned to each phone is another security practice recommended by Senator Wyden. This makes it harder for trackers and potential attackers to target devices.
4. **Opting Out of Commercial Data Brokers**: Removing personal information from commercial data-broker services is another practice Senator Wyden suggested. This not only protects against doxing but also limits the data available to malicious actors who might use it for spyware-related attacks.
These measures are designed to enhance mobile device security and reduce the risk of being targeted by sophisticated spyware and other cyber threats. Senator Wyden's concerns stem from the belief that the FBI is not taking seriously the counterintelligence threat posed by spyware and is not providing effective cybersecurity guidance to government officials.
The FBI has provided senators with basic remedial advice, such as warning them not to click suspicious links, but Wyden considers these tips insufficient to keep out foreign spies using advanced cyber tools. Furthermore, the FBI has warned about attempts to impersonate senior U.S. officials, underscoring the need for enhanced cybersecurity measures.
In a bid to up the defenses against these threats, Senator Wyden has requested that future FBI briefings to Congress cover these four specific security practices. He stated that our adversaries have upped their game, and we must do the same to protect our democratic institutions and personal freedoms.
- Senator Wyden, in response to concerns about foreign spyware and cyber threats, has proposed that the FBI Director, Kash Patel, considers enabling Anti-Spyware Defenses such as Apple's Lockdown Mode for iOS devices and Advanced Protection Mode for Android devices.
- To guard against malicious advertisements delivering malware, Wyden suggests using ad blockers, which could help reduce the risk of unwanted software installations.
- Senator Wyden has also recommended disabling unique ad identification numbers assigned to each phone as a security practice, making it harder for trackers and potential attackers to target devices.
- In addition, he suggests removing personal information from commercial data-broker services to protect against doxing and limit the data available to malicious actors who might use it for spyware-related attacks. These measures are aimed at enhancing mobile device security and protecting democratic institutions and personal freedoms from sophisticated spyware and cyber threats.
