MBIE used intelligence gathering tools to search social media accounts | RNZ News


imagePowerful web-scraping tools were used several times by an immigration intelligence unit before proper controls for their use had been put in place.The Ministry of Business, Innovation and Employment’s Intelligence unit, called MI, says it only uses the Cobwebs tools to scan social media in order to detect and prevent mass arrivals of asylum-seekers by boat.Since April 2022, it has used the tools in six “projects”, according to MBIE reports released under the Official Information Act (OIA).For five of those, no monitoring group was yet in place to provide oversight.Documents showed that for the first three projects from April to September 2022, MI had nobody trained in monitoring their use.The internal monitoring group was eventually set up in late February this year, and in its first series of checks in April found faults in how projects were ordered – but concluded they had been “successful”.MBIE told RNZ it was fixing the faults.

RNZ asked Immigration Minister Andrew Little how many mass arrivals had been detected or prevented by Cobwebs but he did not say.”The risk of a mass arrival in New Zealand which only a few years ago might have been regarded as all but impossible, is in fact, becoming more possible.”My expectation is that Immigration New Zealand and other agencies are responding to and dealing with that risk, and I’m comfortable and confident that they are.” He said Cobwebs would not be used on asylum seekers.

It was only used to gather information on “entities and individuals” on the open Internet, Little said.However, Cobwebs Technologies says it has the ability to search the Dark Web.

A business case prior to MBIE contracting Cobwebs in 2020, shows the ministry listed being able to look into encrypted channels on WhatsApp as a “must-have”.It is not clear if MBIE has the capability to decode private messages on the platform.Cobwebs is one of several private surveillance firms that [Facebook’s parent company Meta has accused of hacking](https://www.rnz.co.nz/news/world/458158/facebook-exposes-spy-firms-accused-of-targeting-thousands-on-its-platforms) and other abuses across its platforms.Cobwebs was founded in Israel and sold to US private equity firm Spire Capital for $200M (NZD 338) in July 2023.

The monitoring in April was an indication that Cobwebs was getting where MI wanted it to.”The projects undertaken has shown that Cobwebs is most effective when the customer has supplied the OSINT identity information in which to pivot from for the investigation and analysis work,” the April assurance report read, in between many redacted parts.”Cobwebs allows us to investigate leads from the [REDACTED] at a scale and provide fidelity to limited information that would not be possible without this tool.” Concerns raised The monitoring since April 2023 is being done by a Model Standards Info Gathering Oversight Group.In the group’s first minutes, it was noted: “There were some concerns raised that the review was undertaken by the users of the system”.

MI does not have any external oversight of its intelligence functions in the way the spy agencies do.The Muslim community has questioned the wisdom of this.The flawed way the projects were set up meant “requests were delivered through email only resulting in no logged audit trail or ability to collect Cobwebs request metrics”.But the oversight group concluded in its assessment: “Overall, the use of Cobwebs over this period (April 2022-April 2023) has been justified and the methodology has been described in detail.Analysts were able to clearly outline their search history and the log contents cross-referenced with the project file.” MBIE told RNZ that two more assessments were being done this month, one by the group and the second by an internal group covering all Cobwebs projects so far.

The ministry’s 2020 business case to find and buy a tool said the scraped data would be stored by the vendor.It showed MI wanted a user to be able to “geo-fence” world geographical areas to “establish areas of interest”.”Advances in Open-Source Intelligence (OSINT) and Social Media Intelligence (SOCMINT) technology mean that the MIU (now MI) can undertake both overt and covert [REDACTED] intelligence function to proactively identify [REDACTED],” the business case said.The first use of Cobwebs by MI recorded in the reports, April 2022, was around the same time media reported 300 Sri Lankans were trying to get to Australia by boat.New Zealand has never had a mass arrival.A Mass Arrivals Bill to extend the period of time asylum-seekers can be detained without a warrant [stalled at the end of the select committee stage](https://www.rnz.co.nz/news/political/494965/immigration-minister-spars-with-national-and-greens-over-asylum-seekers-wilfully-blind) in Parliament in August “Aspects of the SOPs (standard operating procedures) on these projects were not followed, specifically, the drafting of a ToR (terms of reference) for each project and a formal request being submitted by the customer.Work is underway to address these areas and facilitate the continuous improvement of the OSINT team.” Some “projects” appeared to last as little as an hour, some were “longer term”.

MI has more than tripled its budget of $3 million in 2017-18 to over $11m today.It has grown to 115 people and spread out of Immigration NZ, to across all of MBIE; its Head of Intelligence is a former manager of the whole-of-government terrorism assessment centre and was deputy director of the police’s National Intelligence Centre.The Federation of Islamic Associations expressed shock MI in its national security and intelligence role had grown so big without consultation with the community.Little said MI had not expanded but simply consolidated various intelligence-gathering activities across the ministry’s seven regulatory arms, focused on “largely business activities”..

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Over 17,000 WordPress sites hacked in Balada Injector attacks last month

Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins. Balada Injector is a massive operation discovered in December 2022 by Dr.Web, which has been leveraging various exploits for known WordPress plugin and theme flaws to inject a Linux backdoor. The […]
Over 17,000 WordPress sites hacked in Balada Injector attacks last month

Subscribe US Now