The Ethiopian government used a new Italian surveillance program to hack into computers of their own journalists located in the US and Europe. A new report by Citizen Lab have confirmed the speculations regarding the Ethiopian government hacking into the computers of Ethiopian journalists in the US and Europe.
According to the report, all journalists belonged to the Ethiopian Satellite Television (ESAT).
ESAT is a news organization, which consists of mainly Ethiopian expats. In order to get access to their files the authorities used a program, developed in Italy, by Italian company Hacking Team.
This update is just another example of various government organizations around the world using local surveillance companies for espionage.
According to Morgan Marquis-Boire, a security researcher: “This stuff is sold widely, and as such it is also used widely. This type of targeted surveillance is a common method for tracking journalist in the in the diaspora.”
Marquis-Boire, who worked on the project with his colleagues from Citizen Lab, Bill Marczak, Claudio Guarnieri and John Scott-Railton, found proof of tracking two ESAT employees: one located in Brussels and one who is in northern Virginia.
The attacks took place on December, 20, 2013 in two hour period.
The first attack took place in the Brussels office, when a journalist received a file through Skype from someone named Yalfalkenu Meches. The name of the file was “An Article for ESAT”, which looked like a PDF format file but contained a spyware. The program once opened tries to communicate with the server, using a special encryption system.
However, the journalist who has received the file didn’t open it but contacted the sender and said that the file is corrupted and might contain the malware. In response to that, Meches stated that file worked fine for him and instead sent another one, this time in a doc. format. This new file managed to trigger and download another one, which was spying software, known as Remote Control System (RCS).
The aim of RCS is to monitor upcoming and outgoing files on the computer as well as steal them along with intercepting the Skype calls and other chat communications.
After an hour and a half, the same person who sent files in Brussels, did the same thing to another journalist in Virginia. For now, the main suspects of the hacking are unclear but according to Citizen Lab, the Ethiopian government is on the top of the most suspected.
“Hacking Team’s spyware is sold only to governments and it’s hard to imagine that a different government besides the Ethiopian government would target ESAT,” stated Marczak.
However, Wahide Baley, head of public policy and communications of the Ethiopian embassy in Washington DC has already announced that his government “did not use and has no reason at all to use any spyware or other products provided by Hacking Team or any other vendor inside or outside of Ethiopia.”
Despite the contradiction, it is not the first time that the Ethiopian government was accused of spying. Back in March 2013, the same company found proof of another program, FinSpy, developed by Gamma International being used by Ethiopia.
“The Ethiopian government is so interested in surveilling and spying that has apparently resorted to purchasing two different systems for this purpose,” Marczak says.
Meanwhile, Eric Rabe, Hacking Team’s Chief Communications Executive, has already officially declined in his statement to reveal whether spying enquiry came from the Ethiopian government. He stated that his company’s software “is used in confidential law enforcement investigations.”
Voice of Russia, mashable.com