by Matt Kennard and Mark Curtis
Declassified UK, 15 November 2019
The son of Julian Assange’s senior judge is linked to an anti-data leak company created by the UK intelligence establishment and staffed by officials recruited from the US intelligence agencies behind that country’s prosecution of the Wikileaks founder.
The son of Lady Emma Arbuthnot, the Westminster chief magistrate overseeing the extradition proceedings of Julian Assange, is the vice-president and cyber-security adviser of a firm heavily invested in a company founded by GCHQ and MI5 which seeks to stop data leaks, it can be revealed.
Alexander Arbuthnot’s employer, the private equity firm Vitruvian Partners, has a multimillion-pound investment in Darktrace, a cyber-security company which is also staffed by officials recruited directly from the US National Security Agency (NSA) and the Central Intelligence Agency (CIA).
These intelligence agencies are behind the US government’s prosecution of Julian Assange for publishing secret documents. Darktrace has also had access to two former UK prime ministers and former US President Barack Obama.
The revelations raise further concerns about potential conflicts of interests and appearance of bias concerning Lady Arbuthnot and the ties of her family members to the UK and US military and intelligence establishments. Lady Arbuthnot’s husband is Lord James Arbuthnot, a former UK defence minister who has extensive links to the UK military community.
As far as is known, Lady Arbuthnot has failed to disclose any potential conflicts of interest in her role overseeing Assange’s case. However, UK legal guidance states that “any conflict of interest in a litigious situation must be declared.”
Her son, Alexander Arbuthnot, a graduate of Britain’s elite school Eton, joined Vitruvian Partners as vice-president in December 2018 and is likely to be managing the firm’s Darktrace account. Vitruvian, which has a portfolio of over £4-billion, made its first investment in Darktrace in April 2018, leading a consortium of firms committing £50-million.
“Alexander Arbuthnot advises Vitruvian on cyber-security” was the headline in Intelligence Online when he joined, while the article noted that the company had “recently stepped up its investment in cyber-security”. Darktrace appears to be one of two cyber-security companies in Vitruvian’s portfolio.
Relations were further cemented in 2018 when Alexander Arbuthnot’s colleague Sophie Bower-Straziota, then managing director at Vitruvian, was appointed to the board of Darktrace.
Darktrace and UK intelligence
Darktrace, which Alexander Arbuthnot describes as an “AI [artificial intelligence] based cyber-security” company, was established by members of the UK intelligence community in June 2013.
GCHQ, the UK’s major surveillance agency, approached investor Mike Lynch—regarded as Britain’s most established technology entrepreneur – who then brokered a meeting between GCHQ officers and Cambridge mathematicians who co-founded the company.
Company material openly mentions “the UK intelligence officials who founded Darktrace”. It states that its team includes “senior members of the UK’s and US’s intelligence agencies including the Government Communications Headquarters (GCHQ), the Security Service (MI5) and the NSA.”
Another co-founder was Stephen Huxter, a senior figure in MI5’s “cyber defence team” who became Darktrace’s managing director. Soon after the company launched in September 2013, Darktrace announced that former MI5 director-general Sir Jonathan Evans had been appointed to its advisory board. Huxter welcomed Evans’ “unparalleled stature in the field of cyber operations”.
Huxter then hired 30-year GCHQ veteran Andrew France as chief executive of Darktrace. France, like Huxter, had been involved in dealing with “cyber threats”, rising to the position of deputy director of cyber defence operations at GCHQ, where he was charged with “protecting government data” from cyber threats.
France is also linked to Alexander Arbuthnot’s father, Lord Arbuthnot, who was until November 2018 a member of the advisory board of Information Risk Management (IRM), a cyber-security consultancy based in Cheltenham, the home of GCHQ. France is listed as one of IRM’s “experts”.
Darktrace later appointed Dave Palmer, who had worked at MI5 and GCHQ, as its director of technology, while John Richardson OBE, director of security, had a long career in “UK government security and intelligence” working on “cyber defence”.
“We are a mixture of spooks and geeks,” says Nicole Eagan, the chief executive of Darktrace, which now has a thousand employees and 40 offices worldwide. Poppy Gustafsson, another co-founder, has said that her work left her feeling like she was “living in a story by the novelist John le Carré”.
The ‘insider threat’
Vitruvian’s investee Darktrace appears to have been established in response to data leaks from Bradley (now Chelsea) Manning to Julian Assange’s WikiLeaks and from NSA whistle-blower Edward Snowden.
Darktrace was, in fact, incorporated just four days after the first of the Snowden revelations was published by The Guardian in June 2013. These showed GCHQ to be operating programmes of mass surveillance.
As Channel 4 News put it when Darktrace launched: “In the wake of the massive data leaks from Edward Snowden and Bradley Manning, Darktrace is targeting corporate and government customers by promising to track down troublesome employees or intruders that are already within the firewall.”
Another article on Darktrace, this time from Wired in 2018, noted, “After Edward Snowden’s data dump from the NSA and Chelsea Manning’s transfer of military intelligence to WikiLeaks, governments and companies woke up to the dangers of sabotage from within.”
Manning is currently in jail in the US after refusing to testify in the new grand jury for the ongoing WikiLeaks case. Assange’s conversations with Manning form the basis of the US prosecution and attempts to extradite him from the UK.
Presiding over the UK legal case is Alexander Arbuthnot’s mother, Lady Arbuthnot, who as a judge has herself previously made rulings on Assange and now oversees the junior judge, Vanessa Baraitser.
MI5 and GCHQ have been especially concerned about leaks of secret government material since WikiLeaks published thousands of CIA files in its “Vault 7” exposures in March 2017. The files – the largest leak in CIA history – showed how UK agencies held workshops with the CIA to find ways to “hack” into household devices.
Darktrace’s flagship product, called the “enterprise immune system”, is described as a “self-learning cyber [artificial intelligence] technology that detects novel attacks and insider threats at an early stage”.
The company pinpoints the particular problem of whistle-blowers by stating that “Darktrace begins with the premise that a network has already been infiltrated — and that some of the risk might come from a company’s own employees.”
It adds, “Malicious employees have the advantage of familiarity with the networks and information they manipulate, and their credentials allow them to exfiltrate the most sensitive such information without raising red flags. Moreover, even well-intentioned employees present major security risks”. Darktrace’s technology is specifically designed to deal with this problem.
The degree of interaction between the intelligence agencies and their ex-employees at Darktrace is not known. However, Darktrace clearly has connections to the highest levels of the UK and US governments.
In January 2015, Nicole Eagan accompanied British prime minister David Cameron on an official visit to Washington DC “to discuss cyber-security policy with US President Barack Obama”. It is unclear how the company was able to obtain an audience with the US president barely a year after it launched.
Eagan noted at the time that “hostile agents develop increasingly stealthy and sophisticated attacks on valued data” and lamented “the damage that these threats can cause to hard earned reputations”. She also noted that “traditional methods of security are no longer enough.”
Eagan went on to accompany Cameron on another visit, this time to Asia in July 2015. Cameron said Darktrace was “flying the flag” for the UK. She also accompanied Cameron’s successor, Theresa May on a trip to Japan in August 2017. Two of Darktrace’s founders were awarded OBEs earlier this year.
Arbuthnot, Symantec and WikiLeaks
Alexander Arbuthnot is linked to another company concerned with countering leaks, and WikiLeaks in particular. During 2010-16 he worked at Symantec, a US company producing cyber-security and anti-data leak products which has contracts with the US government. Arbuthnot eventually became head of global sales at the company.
In 2010, after Julian Assange and WikiLeaks hit the headlines with their revelations on US war crimes in Iraq and Afghanistan, Symantec released a report titled, “Avoiding a repeat of WikiLeaks: What can be done to prevent malicious insiders?”
The report notes, “Symantec has identified a distinct pattern of malicious insider activity that is easily blocked.” It adds, “In most cases the perpetrators are in a heightened state of emotional distress and very sloppy about their trade craft.” The report makes clear that it regards Chelsea Manning as such a “malicious insider”.
Arbuthnot appears to have worked exclusively on issues of cyber-security and data protection since he joined Symantec, where he managed 22 people across the company’s Americas, Europe and Asia sales team. It is likely that in this role, Arbuthnot championed sales of products intended to “avoid a repeat of Wikileaks”, in the words of the Symantec report.
Symantec has also published a document called “Going ‘all in’ on defending against insider threats” which states, “Government agencies have always been exceedingly concerned about security – but that concern ramped up significantly in the wake of the Edward Snowden and Bradley Manning scandals. Regardless of the threat level, a systematic plan to combat insider threats is a must.”
After Symantec, Arbuthnot went on to co-found Rightly, another company focused on data security, in April 2017. Rightly states that it aims to solve the problem of the public “losing faith in companies to handle their personal data, due to the behaviour of a few key organisations”, without naming those organisations. It adds: “We work closely with… web security firms to ensure that we exceed expectations for data security.”
Arbuthnot himself states, “We aim to change the world of personal information.”
Darktrace, CIA and NSA
Darktrace has particularly focused on breaking into the US market and has recruited former CIA and NSA intelligence officers.
In November 2013, Mike Lynch, the investor initially approached with the idea of Darktrace, extolled the virtues of the company on a conference platform in London with Alec Ross, the then secretary of state Hillary Clinton’s technology adviser, and Martin Howard, GCHQ’s director of cyber policy. Ross has been personally critical of Julian Assange.
The conference was organised by the Cheltenham cyber-security consultancy IRM, on whose advisory board Lady Arbuthnot’s husband, Lord Arbuthnot, sat until November 2018.
The company quickly tapped the US intelligence community for new personnel. In July 2014, Darktrace announced the recruitment of “two senior officials from the US intelligence community”, specifically the NSA.
One was Jim Penrose, who spent 17 years at the agency as an expert in data security, and served as chief of the Operational Discovery Center, helping to develop new signals intelligence capabilities – the mass surveillance programmes revealed by Edward Snowden.
The other recruit was Jasper Graham, another NSA veteran who – as technical director – worked with US Cyber Command to develop strategic planning for responding to cyber-attacks.
Little over a year after Darktrace launched, the company opened its first US office in Washington DC.
The following year, Darktrace was part of a “select group” chosen by the US government for a trade mission to Tokyo, Seoul and Taipei. In the same month, Darktrace announced another coup: the recruitment of the CIA’s former chief intelligence officer, Alan Wade, to its board of advisors.
Wade spent 35 years in the CIA – also serving as director of security – before retiring in 2005 and was a recipient of several medals for his service. He now sits on the board of Assyst, a cyber-security company based in Herndon, Virginia, a 20-minute drive from CIA headquarters.
Another recruit to Darktrace was Justin Fier, its director for cyber intelligence and analytics, who came to the company after “working for US intelligence agencies on counterterrorism”. From 2002-2008 Fier worked for arms manufacturer Lockheed Martin, also in Herndon, Virginia.
Earlier this year, Darktrace recruited Marcus Fowler, a former Marine and 15-year veteran of the CIA, to be its new “director of strategic threat”. At the CIA, Fowler worked on “developing global cyber operations and technical strategies” and “conducted nearly weekly briefings for senior US officials”, he says.
It is unclear what relationship, if any, the NSA and CIA still has with its ex-employees at Darktrace.
The CIA has made clear that it is “working to take down” the WikiLeaks organisation. It was recently revealed that the CIA was given audio and video of Julian Assange’s private meetings in the Ecuadorian embassy by a Spanish security company. These included privileged discussions with Assange’s lawyers who are now representing him in the extradition case overseen by Alexander Arbuthnot’s mother, Lady Arbuthnot.
Alexander Arbuthnot and Lady Arbuthnot did not respond to requests for comment.