February 14, 2014 (Voice of Russia) — The Ethiopian government used a new Italian surveillance program to hack into computers of their own journalists located in the US and Europe. A new report by Citizen Lab have confirmed the speculations regarding the Ethiopian government hacking into the computers of Ethiopian journalists in the US and Europe.
According to the report, all journalists belonged to the Ethiopian Satellite Television (ESAT).
ESAT is a news organization, which consists of mainly Ethiopian expats. In order to get access to their files the authorities used a program, developed in Italy, by Italian company Hacking Team.
This update is just another example of various government organizations around the world using local surveillance companies for espionage.
According to Morgan Marquis-Boire, a security researcher: “This stuff is sold widely, and as such it is also used widely. This type of targeted surveillance is a common method for tracking journalist in the in the diaspora.”
Marquis-Boire, who worked on the project with his colleagues from Citizen Lab, Bill Marczak, Claudio Guarnieri and John Scott-Railton, found proof of tracking two ESAT employees: one located in Brussels and one who is in northern Virginia.
The attacks took place on December, 20, 2013 in two hour period.
The first attack took place in the Brussels office, when a journalist received a file through Skype from someone named Yalfalkenu Meches. The name of the file was “An Article for ESAT”, which looked like a PDF format file but contained a spyware. The program once opened tries to communicate with the server, using a special encryption system.
However, the journalist who has received the file didn’t open it but contacted the sender and said that the file is corrupted and might contain the malware. In response to that, Meches stated that file worked fine for him and instead sent another one, this time in a doc. format. This new file managed to trigger and download another one, which was spying software, known as Remote Control System (RCS).
The aim of RCS is to monitor upcoming and outgoing files on the computer as well as steal them along with intercepting the Skype calls and other chat communications.
After an hour and a half, the same person who sent files in Brussels, did the same thing to another journalist in Virginia. For now, the main suspects of the hacking are unclear but according to Citizen Lab, the Ethiopian government is on the top of the most suspected.
“Hacking Team’s spyware is sold only to governments and it’s hard to imagine that a different government besides the Ethiopian government would target ESAT,” stated Marczak.
However, Wahide Baley, head of public policy and communications of the Ethiopian embassy in Washington DC has already announced that his government “did not use and has no reason at all to use any spyware or other products provided by Hacking Team or any other vendor inside or outside of Ethiopia.”
Despite the contradiction, it is not the first time that the Ethiopian government was accused of spying. Back in March 2013, the same company found proof of another program, FinSpy, developed by Gamma International being used by Ethiopia.
“The Ethiopian government is so interested in surveilling and spying that has apparently resorted to purchasing two different systems for this purpose,” Marczak says.
Meanwhile, Eric Rabe, Hacking Team’s Chief Communications Executive, has already officially declined in his statement to reveal whether spying enquiry came from the Ethiopian government. He stated that his company’s software “is used in confidential law enforcement investigations.”
Source: Voice of Russia
Repressive governments buy cheap spyware to keep tabs on critics
February 14, 2014 (South China Morning Post) — Spyware is now a growing business giving less technically advanced nations a surveillance edge
Ethiopian journalist Mesay Mekonnen was at his desk at a news service based in the US when gibberish skittered across his computer screen in December. A sophisticated cyberattack was under way.
But this wasn’t an attack from the likes of China or Russia.
The likely culprits were government hackers from a much less technically advanced nation, Ethiopia, where the perpetrators apparently bought commercial spyware off the shelf, a non-profit research lab says.
Once the exclusive province of the most elite spy agencies like the National Security Agency, spyware is now a growing commercial industry, making surveillance capabilities widely available to governments worldwide.
The targets often are political activists, human rights workers and journalists who have learned that the internet allows authoritarian governments to watch and intimidate them, even after they have fled to supposedly safe havens.
That includes the United States, where laws prohibit unauthorised hacking but rarely stop intrusions. The trade in spyware itself is almost entirely unregulated, to the critics’ frustration.
“We’re finding this in repressive countries and we’re finding that it’s being abused,” says Bill Marczak, a research fellow for Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “This spyware has proliferated around the world … without any debate.”
Citizen Lab says the spyware used against Mekonnen and one other Ethiopian journalist appears to be made by Hacking Team, an Italian company. Its products are capable of stealing documents from hard drives, snooping on video chats, reading e-mails, snatching contact lists and remotely flipping on cameras and microphones so they can quietly spy on a computer’s unwitting user.
Some of the targets of recent cyberattacks are US citizens, say officials at Ethiopian Satellite Television’s office in Virginia, where Mekonnen works.
“To invade the privacy of American citizens and legal residents, violating the sovereignty of the United States and European countries, is mind-boggling,” says Neamin Zeleke, managing director for the news service, which beams reports to Ethiopia, providing a rare alternative to official information sources there.
Citizen Lab researchers say they have found evidence of Hacking Team software, which the company says it sells only to governments, being used in a dozen countries, including Uzbekistan, Kazakhstan, Sudan, Saudi Arabia and Azerbaijan.
The Ethiopian government, commenting through a spokesman at the embassy in Washington, denied using spyware. “The Ethiopian government did not use and has no reason at all to use any spyware or other products provided by Hacking Team or any other vendor inside or outside of Ethiopia,” says Wahide Baley, head of public policy and communications.
Hacking Team declined to comment on whether Ethiopia was a customer, saying it never publicly confirms or denies whether a country is a client because that information could jeopardise legitimate investigations. The company also says it does not sell its products to countries that have been blacklisted by the United States, the United Nations and some other international groups.
“You’ve necessarily got a conflict between the issues around law enforcement and the issues around privacy,” says Eric Rabe, a US-based senior counsel to Hacking Team.
The FBI, which investigates computer crimes, declined to comment on Citizen Lab’s findings.
Technology developed in the aftermath of the September 11, 2001 terrorist attacks has provided the foundation for a multibillion-dollar industry with its own annual conferences, where firms based in the most developed countries offer surveillance products to governments that don’t yet have the ability to produce their own.
Hacking Team – named by Reporters Without Borders on its list of “Corporate Enemies” of a free press – touted on its website that its “Remote Control System” spyware allows users to “take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices”.
By selling spyware, Hacking Team and other makers “are participating in human rights violations”, says Eva Galperin, who tracks spyware use for the Electronic Frontier Foundation, a civil liberties group based in San Francisco. “By dictator standards, this is pretty cheap. This is pocket change.”
Rabe, the Hacking Team official, says that the company does not itself deploy spyware against targets and that, when it learns of allegations of human rights abuses by its customers, it investigates those cases and sometimes withdraws licences. He has declined to describe any such cases or name countries.
Ethiopian Satellite Television (ESAT) started in 2010 and operates on donations from members of the expatriate community. The news service mainly employs journalists who left Ethiopia when they faced government harassment, torture or criminal charges. Though avowedly independent, ESAT is seen as close to Ethiopia’s opposition forces.
Mekonnen was wary when he received a document through a Skype chat with a person he did not know on December 20. But the file bore the familiar icon of a Microsoft Word file and carried a name, in Ethiopia’s Amharic language, suggesting it was a text about the ambitions of a well-known political group there. The sender even used the ESAT logo as his profile image, suggesting the communication was from a friend, or at least a fan.
When the screen filled with a chaotic series of characters, Mekonnen knew he had been fooled. Yet it wasn’t clear what exactly was happening to his computer, or why.
That same day, an ESAT employee in Belgium also received mysterious documents over Skype chats. Noticing that the files were of an unusual type, he refused to open them on his work computer. Instead, the ESAT employee uploaded one of the files to a website, VirusTotal, that scans suspicious software for signs of their origins and capabilities.
That website also has a system to alert researchers when certain types of malicious software are discovered. Marczak, the Citizen Lab researcher who had been tracking the spread of spyware from Hacking Team and other manufacturers, soon got an e-mail from VirusTotal reporting that a suspicious file had been found, carrying telltale coding.
Marczak, a doctoral student in computer science at the University of California at Berkeley, contacted ESAT’s offices in Alexandria and began looking for signs of Hacking Team software on the news service’s computers.
When Citizen Lab analysed the file itself – still embedded in Mekonnen’s Skype account – its coding tracked closely to other Hacking Team spyware, Marczak says.
The Citizen Lab team found that the spyware was designed to connect to a remote server that used an encryption certificate issued by a group listed as “HT srl”, an apparent reference to Hacking Team. The certificate also mentioned “RCS”, which fits the acronym for the company’s “Remote Control System” spyware.
The researchers discovered a similar encryption certificate used by a server whose IP address was registered to Giancarlo Russo, who is Hacking Team’s chief operating officer. The phone number and mailing address associated with that server’s IP address matched the company’s headquarters in Milan, Citizen Lab says.
The evidence for Ethiopia’s involvement was less definitive – as is common when analysts attempt to learn the origin of a cyberattack – though the Citizen Lab researchers express little doubt about who was behind the attack. The document that Mekonnen downloaded, they noted, had a title in Amharic that referenced Ethiopian politics.
Journalists fear that spies have accessed sensitive contact lists on ESAT computers, which could help the government track their sources back in Ethiopia.
“This is a really great danger for them,” Mekonnen says.
source,south china morning post
No comments:
Post a Comment