AusCERT 2015: How governments are using cyber crime tools to target activists

Electronic Frontier Foundation global policy analyst Eva Galperin discusses campaigns against citizens

Electronic Frontier Foundation global policy analyst Eva Galperin.

Electronic Frontier Foundation global policy analyst Eva Galperin.

Activists in countries such as Syria, Vietnam and Ethiopia are under online attack online from their governments for expressing dissident opinions according to research by the Electronic Frontier Foundation (EFF).

Speaking at AusCERT on the Gold Coast, EFF global policy analyst Eva Galperin told delegates that supporters of Syrian president Bashar al-Assad have used malware and phishing against Syrians who speak up against the regime.

“In February 2011, the Assad regime lifted its long standing ban on Facebook. At the time, some Western observers considered it to be a sign of liberalisation,” she said.

Syrian users flocked to Facebook to speak out against the government. However, it was a trap. The Syrian government launched a man-in-the-middle attack against the site. This was at a time when Facebook didn’t have HTTPS installed by default, said Galperin.

“The attack was not very sophisticated and triggered a security warning in user’s browsers. Syrians were used to seeing these security warnings and clicking right through them.”

This is because due to sanctions, Syrians can’t purchase authentic anti-virus software, said Galperin.

“The attack didn’t last long but it turned out to be one of a series of campaigns in which the pro-Syrian government actors tried to get access to activist communications.”

For example, an activist received a Skype message from the account of an imprisoned friend. The message advised him to install a “useful tool” which would enable him to disguise his online identity from the Assad regime.

However, the tool turned out to be a remote surveillance tool which recorded key stroke logs and used the victim’s webcam to spy on him.

Turning to Vietnam, she said that the government has used malware to spy on journalists, activists, dissidents and bloggers.

“Vietnam's Internet spying campaign dates back to at least March 2010 when engineers at Google discovered malware broadly targeting Vietnamese computer users. The infected machines were used to spy on their owners as well as participate in DDoS attacks against dissident websites,” said Galperin.

Bloggers such as human rights lawyer Lê Quốc Quân have been sent to prison.

Even the EFF has been targeted by the Vietnamese government. For example, an email from `Andrew Oxfam’ was sent to Galperin inviting her to an angel conference.

However, the email was not hosted on Oxfam’s servers and contained malicious attachments.

The Vietnamese government also sent the email to a colleague of Galperin’s who had written a blog post on her behalf about the plight of bloggers in Vietnam.

“One blog post is enough to get you targeted by state sponsored malware," she said.

The Ethiopian government has purchased intercept software and used it against bloggers and journalists.

According to documents leaked by Edward Snowden, Ethiopia received $450,000 from the NSA to build its surveillance capabilities.

Reports by The Citizen Lab have found Finfisher and Hacking Team command and control servers operating in Ethiopia, said Galperin.

She presented the AusCERT delegates with a challenge: “If you find malware targeting vulnerable groups, publish your research. It should be written in a way that can be understood by journalists and activists so they can turn it into advice for the targets.”

“If you can’t do that, partner with a journalist or activist from the affected community,” she said.

The EFF can provide legal advice to security researchers who want to publish their research, Galperin added.

Follow Hamish Barwick on Twitter: @HamishBarwick Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia.

Tags auscertElectronic Frontier Foundation (EFF)AusCERT 2015

Show Comments