Trump’s search for the whistleblower behind the Ukraine scandal- an infosec issue?

Trump’s search for the whistleblower behind the Ukraine scandal- an infosec issue?


U.S. President Donald Trump’s determination to uncover the identity of the whistleblower, who alleged that Trump is practically misusing his office to force Ukraine to investigate Joe Biden and his son, could soon determine if modern privacy controls are sufficient to protect the identity of individuals from the cluthes of an overbearing sovereign.

On August 12, an unnamed US intelligence official filed a whistleblower complaint with the inspector general of the intelligence community, alleging that the President, his lawyer Rudy Guiliani, and other officials were using strongarm tactics with Ukraine’s new President Volodymyr Zelensky to force him to initiate investigations into the activities of Democrat nominee for the 2020 Presidential elections Joe Biden and his son Hunter Biden.

According to various reports, Donald Trump and many other Republicans believe that Joe Biden played a principal role in strong-arming the former Ukrainian administration in 2016 to fire the country’s prosecutor general Viktor Shokin as he was allegedly not cracking down on corruption sufficiently enough. The tactics included putting a hold to a $1 billion in loan guarantees to Ukraine.

However, the Trump line is that Joe Biden did so in order to stop Shokin’s investigations into the activities of Ukrainian natural gas company Burisma of whom Biden’s son Hunter is a board member. Hunter Biden served as a board member of Burisma from 2014 to 2019 despite having no real qualifications for the job, according to Vox.

In the whistleblower complaint filed with the inspector general of the intelligence community, the whistleblower alleged that in a call with the Ukrainian President on July 25, President Trump “sought to pressure the Ukrainian leader to take actions to help the President’s 2020 reelection bid”.

By asking Ukraine to initiate or continue an investigation into the activities of former Vice President Joe Biden and his son, Trump hoped to get enough dirt on Joe Biden and his son’s activities to destroy the latter’s presidential campaign even before it started.

According to news reports, the Trump administration also tried to armtwist Ukraine by holding up a $400 million military aid between July and September. This military aid included $250 million for weaponry and another $141 million for maritime security. Recently, Trump said that he withheld the military aid as he had concerns about corruption in Ukraine.

The whistleblower complaint was forwarded by the inspector general to Rep. Adam Schiff (D-CA) and Sen. Richard Burr (R-NC) in September which eventually led to Speaker Nancy Pelosi announcing that the House will conduct an impeachment inquiry based on the chain of events that took place in the past few years.

Even though it is unlikely that Trump will be impeached considering that the Republicans have a 53 to 47 majority in the Senate and most of the whistleblower’s allegations are based on hearsay, Trump’s recent statement on unearthing the identity of the whistleblower poses an entire different question: Whether modern privacy controls are sufficient to protect the identity of individuals from the cluthes of an overbearing sovereign?

“We’re trying to find out about a whistleblower. When you have a whistleblower that reports things that were incorrect. The statement I made to the president of Ukraine, a good man, a nice man… was perfect. It was perfect. But the whistleblower reported a totally different statement, like the statement was not even made.

“When the whistleblower reported it, he made it sound terrible. Then you have Adam Schiff, even worse, made up my words. Which I think is just horrible. The new president of Ukraine ran on the basis of no corruption… but there was a lot of corruption having to do with the 2016 election against us. We want to get to the bottom of it and it’s very important that we do,” said Trump.

If Donald Trump is confident about making the public believe that his aim behind asking Ukraine to investigate Biden is patriotism, then one may ask why he intends to shoot the messenger and uncover the identity of a whistleblower who is legally entitled to keep their identity a secret?

Piers Wilson, Head of Product Management at Huntsman Security, said in 2017 that any responsible organisation should have mechanisms to allow whistleblowing and reporting of issues as part of its normal governance structures, and ensuring that any reports are dealt with correctly and appropriately.

He added that staff should have a way to flag various issues and trust that action will be taken whenever an organisation crosses ethical boundaries. If staff believe that action will not be taken, they will resort to leaking inside information to the public or resort to potentially criminal activity.

It is possible that Trump intends to uncover the whistleblower’s identity in order to give the whistleblower a thorough dressing down on Twitter, as he has been doing to various individuals in the media and political spheres during his presidency.

Governments’ use of technology to uncover the identities of whistleblowers

However, this issue goes beyond the ensuing political slugfest in the United States. Many governments across the world are using various technologies and cyber resources to get their hands around the identities of whistleblowers, anonymous human rights campaigners and activists, and critics who use anonymous social media profiles to uncover illegal actions of governments.

In March last year, MalwareBytes revealed that U.S. law enforcement agencies had started using a sophisticated iPhone unlocker device named GrayKey to hack into devices owned by suspected criminals, thereby bypassing security controls developed by Apple.

GrayKit can be used to unlock even the latest iPhone X and help users of the device access details like “account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers stored in targeted iPhones”, the firm said.

A number of governments across the world have also been using Pegasus, an espionage/spying app for Android devices, to spy on citizens, dissidents, and human rights campaigners as the software is capable of keylogging, capturing screenshots, capturing live audio, exfiltrating messaging data from applications including WhatsApp, Skype, Facebook, Twitter, and Viber, stealing contacts and text messages, and exfiltrating email from Android’s Native Email Client.

In June 2017, security firm Citizen Lab also uncovered a spate of spyware attacks conducted on a number of Mexican journalists and lawyers between August 2015 and July 2016. These journalists and lawyers were, at that time, investigating allegations of corruption by the Mexican President as well as of human rights abuses initiated by Mexican federal authorities.

Paul Bischoff, privacy advocate at, says that if President Trump can use his power to uncover the identity of the whistleblower, then that completely defeats the purpose of the whistleblower programme, and no one will ever use it again.

“Whether or not you believe the whistleblower, it’s important that the integrity of the whistleblower programme remains intact. Not every whistleblower has access to a responsible and trustworthy journalist, and even if they do, they could put themselves at serious risk by leaking classified info,” he adds.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]