The Ethiopian government reportedly used surveillance technology created by an Italian company to hack into the computers of Ethiopian journalists in the United States and Europe.
Journalists at the Ethiopian Satellite Television (ESAT), a news organization comprised mostly of Ethiopian expatriates, were targeted with spying software made by the Italian company company Hacking Team, according to a new report by Citizen Lab, a nonprofit research lab that investigates surveillance technology across the world.
The investigation, released on Wednesday, is another example of how governments around the world are increasingly using hacking tools. These are often purchased from vendors that design and market them specifically for law enforcement agencies — but often governments end up using them against dissidents or journalists.
“This stuff is sold widely, and as such it is also used widely,” Morgan Marquis-Boire, a security researcher who worked on the report, told Mashable. “This type of targeted surveillance is a common method for tracking journalist in the in the diaspora.”
Marquis-Boire, along with fellow Citizen Lab researchers Bill Marczak, Claudio Guarnieri and John Scott-Railton, have tracked three specific attacks against two ESAT employees: one based in Brussels and one who works at the ESAT offices in northern Virginia.
The attacks occurred in the span of just two hours on Dec. 20, 2013, but ESAT told The Washington Post that it has received similar attacks since then, some even against U.S. citizens.
Breaking In
In the first attack, an individual identified as Yalfalkenu Meches contacted the ESAT employee based in Brussels on Skype and sent over a file titled “An Article for ESAT.” The file looked like a PDF but was an executable file containing spyware. If opened, according to the researchers, the file didn’t actually display an article — instead, it tried to communicate with a server using an encryption certificate registered to “HT srl,” which is Hacking Team’s corporate name.
The ESAT employee who received the file didn’t open it; rather, he responded to Meches, who had sent the file, and wrote that the file was not a PDF, but an application that could contain malware. He also warned Meches to be careful, according to the logs of their conversation published on the Citizen Lab report. But Meches, deceptively, replied that the file “worked fine” for him.
Meches then sent the same employee another file, this time a Microsoft Word document (.doc). The file didn’t actually open a document, however, and instead exploited a Word vulnerability to download another .exe file that the researchers believe to be Hacking Team’s spying software called Remote Control System (RCS).
RCS is designed to “keep an eye” on a target’s computer or mobile phone
RCS is designed to “keep an eye” on a target’s computer or mobile phone, according to Hacking Team’s brochure. In practice, RCS is malware made to monitor a target, stealing files from his or her computer and intercepting all kinds of communications coming out of the infected device, including Skype calls and emails.
An hour and a half after these first two attacks on Dec. 20, Meches sent a file via Skype to Mesay Mekonnen, another ESAT reporter based in northern Virginia. This time, the file displayed a document, but it also contained a vulnerability that prompted the infected computer to download an .exe file the researchers believe was also a version of Hacking Team’s RCS spyware.
Who Are the Hackers?
The researchers at Citizen Lab noted the identities of the attackers remain unclear, but they believe the Ethiopian government to be the No. 1 suspect.
“Hacking Team’s spyware is sold only to governments and it’s hard to imagine that a different government besides the Ethiopian government would target ESAT,” Marczak, the lead researcher, told Mashable. Moreover, ESAT is often critical of the Ethiopian government, making it a perfect target, he said.
But Wahide Baley, head of public policy and communications of the Ethiopian embassy in Washington D.C., told The Washington Post that his government “did not use and has no reason at all to use any spyware or other products provided by Hacking Team or any other vendor inside or outside of Ethiopia.”
However,
this is the second time that Citizen Lab has connected the Ethiopian government to surveillance technology
this is the second time that Citizen Lab has connected the Ethiopian government to surveillance technology. In March 2013, the researchers there had already found evidence of another surveillance software, FinSpy, a spyware developed by Gamma International, a UK firm selling software similar to the Hacking Team’s.
With this precedent in mind, Marczak had few doubts.
“The Ethiopian government is so interested in surveilling and spying that has apparently resorted to purchasing two different systems for this purpose,” he told Mashable.
Hacking Team has long maintained that it “goes to great lengths to assure” that its software is not sold to “repressive” governments blacklisted by the European Union, the U.S., or NATO, as they told CNET in March, after Reporters Without Borders named it one of the five “Corporate Enemies of the Internet” for selling surveillance technology.
But Hacking Team’s RCS malware has reportedly been used before, against Moroccan journalists and Ahmed Mansoor, a human rights activist from the United Arab Emirates.
Contacted by Mashable, the secretary at their headquarters in Milan, Italy, referred questions to a company’s email address. Eric Rabe, Hacking Team’s Chief Communications Executive, sent a statement declining to reveal whether Ethiopia is a customer arguing the company’s software “is used in confidential law enforcement investigations.”
“If the Ethiopian government is not a Hacking Team customer,” said Eva Galperin, an activist at the Electronic Frontier Foundation and an expert in surveillance technology. “I would sure like to know how their tools wound up being used to spy on Ethiopian journalists.”
Related articles on the web
Ethiopia uses foreign kit to spy on opponents – HRW
U.S. citizen sues Ethiopia for allegedly using computer spyware against him
American Citizen Sues Ethiopian Government for Spyware Infection
Ethiopia: US House Appropriation Bill Requires Increased Accountability from Ethiopia as Prerequisite for Funding
Chinese Vice Premier to Visit US, Ethiopia
“The future is being defined by countries like Ethiopia”: John Kerry
Ethiopian Minister’s Twitter Account Deleted
Prime Minister Hailemariam meets US Secretary of State John Kerry
Ethiopia: UNDP, Microsoft in Deal to Empower 200,000 Entrepreneurs in Ethiopia
Why Ethiopia’s Software Industry Falters
Islamist gunmen kill at least 48 in Kenya attack
U.S. Secretary Kerry’s public speech at AU summit in Ethiopia was canceled after power outage
Join Conversations