When Ahmed Mansoor opened an e-mail from “Arabic Wikileaks” last July, the Dubai human-rights activist didn’t expect he would unwittingly be downloading a virus that could monitor his key strokes, open his e-mails, even record his Skype conversations.
He wasn’t the only victim. Ten days before Mr. Mansoor’s desktop was infected, the same spying program, developed by a security company in Milan, had targeted a citizen journalist’s website in Morocco.
The connection between the Italian company and the spying on the Emirati activist is detailed in a report released today by the Citizen Lab, a unit of the University of Toronto’s Munk School of Global Affairs. The lab monitors the impact of computers on democracy.
Written by Google engineer Morgan Marquis-Boire, who is also an advisor at Citizen Lab, the report adds to the growing body of evidence that Middle Eastern governments have relied on commercial surveillance programs designed by Western companies to track political dissidents.
Mr. Mansoor, a student and blogger, was one of five activists in the United Arab Emirates, dubbed the “UAE 5,” who were charged last year with criminal defamation after they criticized government policies on an online forum. He received a three-year sentence, which was lifted under a presidential pardon. Though according to Amnesty International, his criminal record remains. Twice last month, unknown assailants attacked him on the campus of Ajman University, Mr. Masoor has said.
In that context, the cyber-spying on Mr. Mansoor is “another example of commercial network intrusion tools being used against dissidents in countries with poor human rights records,” says the Citizen Lab report.
The report also says Mr. Mansoor received the “Arabic Wikileaks” e-mail on July 23, which contained an attachment, titled “veryimportant.doc,” that appeared to be a Microsoft Word document but was in fact spying malware.
Mr. Mansoor’s e-mail account was later accessed by suspicious IP addresses in the Emirates, says the report, which connected the server controlling the malware to an Abu Dhabi corporate office.
The report says Mr. Mansoor’s virus was similar to a “backdoor” program that bypassed the safeguards of the Windows operating system to infect Mamfakinch.com, a citizen website critical of the Moroccan government, in July.
Some of the backdoor programming code in the Mamfakinch infection alluded to a user named “Guido” and the software has been identified as a variant of a commercial spyware marketed by Hacking Team, a Milan company, the report says.
Promotional materials for Hacking Team says its spyware has remote-control ability to record a user’s web browsing history, the files that are opened or deleted, keystrokes, printed documents, online chat, instant messaging and Skype conversations.
Hacking Team did not reply to a request for comment.
The firm’s website says that “we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities … Our technology is used daily to fight crime in all the five continents.”
The Citizen Lab report says the latest revelation underlines the dangers pro-democracy activists increasingly face every time they use their computers to e-mail or Skype.
“The use of social engineering and commercial surveillance software attacks against activists and dissidents is becoming more commonplace,” the report says.
Last July, the Citizen Lab linked the surveillance software FinFisher, sold by Gamma International UK Ltd., to malware attacks that targeted the pro-democracy movement in Bahrain. In May, Bahrain activists received e-mails purporting to come from an Al-Jazeera correspondent, Melissa Chan. The e-mails had attachments which, unbeknownst to the recipients, flipped the setting of their “right to left override” (RLO) character, the code that ensures that Arabic or Hebrew text flow right to left.
As a result, the activists clicked on e-mail attachments with names such as “exe.Rajab1.jpg” that suggested they were harmless pictures. In fact, they were activating a viral program named “gpj.1bajaR.exe.”
The malware then collected data from their computers – screenshots, passwords, audio from Skype chats, even individual key strokes – then transferred the content to an Internet address owned by the principal telecommunications company of Bahrain, the Citizen Lab said.
Original Article
Source: the globe and mail
Author: Ha Tu Thanh
He wasn’t the only victim. Ten days before Mr. Mansoor’s desktop was infected, the same spying program, developed by a security company in Milan, had targeted a citizen journalist’s website in Morocco.
The connection between the Italian company and the spying on the Emirati activist is detailed in a report released today by the Citizen Lab, a unit of the University of Toronto’s Munk School of Global Affairs. The lab monitors the impact of computers on democracy.
Written by Google engineer Morgan Marquis-Boire, who is also an advisor at Citizen Lab, the report adds to the growing body of evidence that Middle Eastern governments have relied on commercial surveillance programs designed by Western companies to track political dissidents.
Mr. Mansoor, a student and blogger, was one of five activists in the United Arab Emirates, dubbed the “UAE 5,” who were charged last year with criminal defamation after they criticized government policies on an online forum. He received a three-year sentence, which was lifted under a presidential pardon. Though according to Amnesty International, his criminal record remains. Twice last month, unknown assailants attacked him on the campus of Ajman University, Mr. Masoor has said.
In that context, the cyber-spying on Mr. Mansoor is “another example of commercial network intrusion tools being used against dissidents in countries with poor human rights records,” says the Citizen Lab report.
The report also says Mr. Mansoor received the “Arabic Wikileaks” e-mail on July 23, which contained an attachment, titled “veryimportant.doc,” that appeared to be a Microsoft Word document but was in fact spying malware.
Mr. Mansoor’s e-mail account was later accessed by suspicious IP addresses in the Emirates, says the report, which connected the server controlling the malware to an Abu Dhabi corporate office.
The report says Mr. Mansoor’s virus was similar to a “backdoor” program that bypassed the safeguards of the Windows operating system to infect Mamfakinch.com, a citizen website critical of the Moroccan government, in July.
Some of the backdoor programming code in the Mamfakinch infection alluded to a user named “Guido” and the software has been identified as a variant of a commercial spyware marketed by Hacking Team, a Milan company, the report says.
Promotional materials for Hacking Team says its spyware has remote-control ability to record a user’s web browsing history, the files that are opened or deleted, keystrokes, printed documents, online chat, instant messaging and Skype conversations.
Hacking Team did not reply to a request for comment.
The firm’s website says that “we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities … Our technology is used daily to fight crime in all the five continents.”
The Citizen Lab report says the latest revelation underlines the dangers pro-democracy activists increasingly face every time they use their computers to e-mail or Skype.
“The use of social engineering and commercial surveillance software attacks against activists and dissidents is becoming more commonplace,” the report says.
Last July, the Citizen Lab linked the surveillance software FinFisher, sold by Gamma International UK Ltd., to malware attacks that targeted the pro-democracy movement in Bahrain. In May, Bahrain activists received e-mails purporting to come from an Al-Jazeera correspondent, Melissa Chan. The e-mails had attachments which, unbeknownst to the recipients, flipped the setting of their “right to left override” (RLO) character, the code that ensures that Arabic or Hebrew text flow right to left.
As a result, the activists clicked on e-mail attachments with names such as “exe.Rajab1.jpg” that suggested they were harmless pictures. In fact, they were activating a viral program named “gpj.1bajaR.exe.”
The malware then collected data from their computers – screenshots, passwords, audio from Skype chats, even individual key strokes – then transferred the content to an Internet address owned by the principal telecommunications company of Bahrain, the Citizen Lab said.
Original Article
Source: the globe and mail
Author: Ha Tu Thanh
No comments:
Post a Comment