Ethiopian Government Hacks Journalists in U.S. and Europe

ፖለቲካ ፣ ወቅታዊ ጉዳዮች
Politics , Current affairs
User avatar
zeru
Leader
Leader
Posts: 952
Joined: 19 Aug 2009 17:01
Contact:

Ethiopian Government Hacks Journalists in U.S. and Europe

Unread post by zeru » 12 Feb 2014 20:18

The Ethiopian government reportedly used surveillance technology created by an Italian company to hack into the computers of Ethiopian journalists in the United States and Europe.
Journalists at the Ethiopian Satellite Television (ESAT), a news organization comprised mostly of Ethiopian expatriates, were targeted with spying software made by the Italian company company Hacking Team, according to a new report by Citizen Lab, a nonprofit research lab that investigates surveillance technology across the world.
See also: The Mask Is Off: Cyber Spy Operation Uncovered After 7 Years
The investigation, released on Wednesday, is another example of how governments around the world are increasingly using hacking tools. These are often purchased from vendors that design and market them specifically for law enforcement agencies — but often governments end up using them against dissidents or journalists.
"This stuff is sold widely, and as such it is also used widely," Morgan Marquis-Boire, a security researcher who worked on the report, told Mashable. "This type of targeted surveillance is a common method for tracking journalist in the in the diaspora."
Marquis-Boire, along with fellow Citizen Lab researchers Bill Marczak, Claudio Guarnieri and John Scott-Railton, have tracked three specific attacks against two ESAT employees: one based in Brussels and one who works at the ESAT offices in northern Virginia.
The attacks occurred in the span of just two hours on Dec. 20, 2013, but ESAT told The Washington Post that it has received similar attacks since then, some even against U.S. citizens.
Breaking In
In the first attack, an individual identified as Yalfalkenu Meches contacted the ESAT employee based in Brussels on Skype and sent over a file titled "An Article for ESAT." The file looked like a PDF but was an executable file containing spyware. If opened, according to the researchers, the file didn't actually display an article — instead, it tried to communicate with a server using an encryption certificate registered to "HT srl," which is Hacking Team's corporate name.
The ESAT employee who received the file didn't open it; rather, he responded to Meches, who had sent the file, and wrote that the file was not a PDF, but an application that could contain malware. He also warned Meches to be careful, according to the logs of their conversation published on the Citizen Lab report. But Meches, deceptively, replied that the file "worked fine" for him.
Meches then sent the same employee another file, this time a Microsoft Word document (.doc). The file didn't actually open a document, however, and instead exploited a Word vulnerability to download another .exe file that the researchers believe to be Hacking Team's spying software called Remote Control System (RCS).
RCS is designed to "keep an eye" on a target's computer or mobile phone
RCS is designed to "keep an eye" on a target's computer or mobile phone
, according to Hacking Team's brochure. In practice, RCS is malware made to monitor a target, stealing files from his or her computer and intercepting all kinds of communications coming out of the infected device, including Skype calls and emails.
An hour and a half after these first two attacks on Dec. 20, Meches sent a file via Skype to Mesay Mekonnen, another ESAT reporter based in northern Virginia. This time, the file displayed a document, but it also contained a vulnerability that prompted the infected computer to download an .exe file the researchers believe was also a version of Hacking Team's RCS spyware.
Who Are the Hackers?
The researchers at Citizen Lab noted the identities of the attackers remain unclear, but they believe the Ethiopian government to be the No. 1 suspect.
"Hacking Team's spyware is sold only to governments and it's hard to imagine that a different government besides the Ethiopian government would target ESAT," Marczak, the lead researcher, told Mashable. Moreover, ESAT is often critical of the Ethiopian government, making it a perfect target, he said.
But Wahide Baley, head of public policy and communications of the Ethiopian embassy in Washington D.C., told The Washington Post that his government "did not use and has no reason at all to use any spyware or other products provided by Hacking Team or any other vendor inside or outside of Ethiopia."
Click here to read more

Post Reply

Return to “Ethio Politics .... ኢትዮ ፖለቲካ”