Incompetent Intelligence: The Case of Black Cube

Stand in the center of the capital city of your choice and throw a stone. Odds are, your stone will land in proximity to any of the hundreds of firms whose shingle reads, “Intelligence Contractor.”

When you encounter a competent group, you hardly know they are there, such is their adroit manner. When you encounter the ham-handed among the private intelligence contractor, you scratch your head. You wonder, Is this real? Or perhaps you have stepped back in time and into an episode of Secret Squirrel of International Sneaky Service fame.

Recently, we learned of the work of an Israeli company advertised as a security and intelligence organization, Black Cube. According to The New York Times, Black Cube was hired to dig up dirt on two Obama-era White House staffers, ostensibly because of their involvement in the Iranian nuclear deal. The affected former staffers were identified as Benjamin Rhodes and Colin Kahl.

Black Cube, despite numerous allegations to the contrary, assured all concerned that the operational execution of its contracted intelligence collection duties is always reviewed by legal counsel and its manner of business never runs afoul of the law.

The Not-Invisible Black Cube

Yet, as we walk the cat back from the various instances when someone was reached out to, the information led back to Black Cube and its associates. One of the most visible was Stella Penn Pechanac.

Her internet biography tells us she immigrated to Israel in 1994 from Sarajevo in the former Yugoslavia. She served in the Israeli Air Force as an officer, is an actor and does a good deal of philanthropic work.  It also tells us she is trilingual—able to speak Hebrew, Serbo-Croatian and English, as well as conversational Spanish.

Pechanac first surfaced as part of Harvey Weinstein’s effort to gather information on his accusers. Her presence percolated upward when she reached out and contacted Rose McGowan under the guise of “Reuben Capital Partners” and the alias “Diana Filip,” a women’s rights advocate, and her firm’s “Women in Focus” initiative. She traveled to Los Angeles more than a few times to directly engage McGowan on her allegations of rape against Weinstein. The $1 million-plus contract reads like a professional sports contract, with lucrative performance incentives, and clearly indicates Black Cube would be putting its A-team on the project.

Pechanac surfaced again in a defamation legal proceeding associated with activity in 2017. Again, she is accused as having reached out representing a London investment firm to elicit information from employees of West Face, a Canadian developer. Apparently Black Cube was hired by a Canadian firm to “collect confidential and privileged information on contacts, family members, for use by the contracting firm or associates.” The name Pechanac used for this operation was not revealed in court documents. Her identity was confirmed when individuals who met with Pechanac recognized her in a photo published as part of the Weinstein case.

This loops us back to the Rhodes and Kahl effort. Again, Pechanac was operating as point on this effort, again using the London investment house cover, and this time using a new alias “Adriana Gavrilo.” When McGowan was shown a photo of Gavrilo, she instantly recognized her as Filip. In addition, the content of the emails were similar: advocacy for charitable organizations, etc.

The Pechanac version of the Black Cube playbook is becoming obvious.

Secret Squirrel?

Picking up all the crumbs left behind by these efforts, one has to be scratching their head at infrastructure supporting the “private intelligence” entity.

Let’s look at the website: The domain name, “ReubenCapitalPartners” was set up March 27, 2017 as a .com domain, not to be confused with the very legitimate RubensCapital in the Netherlands.

The website was built with a free-to-use content management system—WIX—and all the DNS addresses associated to the site were sorted through WIX, appropriately.

Backstopping the Personas

LinkedIn profiles were created for at least two of the names associated with Pechanac’s personas. The template used for one was used by the other, and the skill of the makeup artists showed what could be the same woman looking quite different in each profile photo. Perhaps the thespian in her background was put to good use. Each had the commonality of obtaining their master’s from University of London and their bachelor’s from the London Business School. And the profile of Gavrilo is still available for perusal.

The uses of throwaway aliases with light backstopping makes sense only in the context that the firm could not create false travel documents, and thus one could speculate that a trail for operational activity by Pechanac could be pulled together if those with access to immigration logs were to do some basic research and then pin the dates and locations on a global map.

The overall investment in these soft aliases and light backstopping might have reached $500.

Legal or No?

Is pretexting illegal? Is creating false personas illegal? Is eliciting information on behalf of a false entity illegal? This is for others to decide.

Social engineering is here to stay, and it will continue to be used by investigators of all ilk and experience levels. In this instance, the trail of crumbs was not difficult to follow, which perhaps is the true public service here: Trust but verify. If someone drops into your being, invest the time to determine if they are who they say they are before you share your personal or company information freely.

Who knows? That new acquaintance you’re having coffee with tomorrow might just be working for the International Sneaky Service.

Featured eBook
451 Research: Securing Open Source

451 Research: Securing Open Source

In this report, we look at how the boom in OSS adoption has also led to an increase in awareness of open source risks, from licensing issues to security – and the measures required to protect organizations against those risks. We examine two incidents in particular – the Heartbleed vulnerability and the 2017 Equifax data ... Read More
WhiteSource

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 68 posts and counting.See all posts by burgesschristopher