AusCERT 2015: How governments are using cyber crime tools to target activists

Electronic Frontier Foundation global policy analyst Eva Galperin discusses campaigns against citizens

Electronic Frontier Foundation global policy analyst Eva Galperin.

Electronic Frontier Foundation global policy analyst Eva Galperin.

Activists in countries such as Syria, Vietnam and Ethiopia are under online attack online from their governments for expressing dissident opinions according to research by the Electronic Frontier Foundation (EFF).

Speaking at AusCERT on the Gold Coast, EFF global policy analyst Eva Galperin told delegates that supporters of Syrian president Bashar al-Assad have used malware and phishing against Syrians who speak up against the regime.

“In February 2011, the Assad regime lifted its long standing ban on Facebook. At the time, some Western observers considered it to be a sign of liberalisation,” she said.

Syrian users flocked to Facebook to speak out against the government. However, it was a trap. The Syrian government launched a man-in-the-middle attack against the site. This was at a time when Facebook didn’t have HTTPS installed by default, said Galperin.

“The attack was not very sophisticated and triggered a security warning in user’s browsers. Syrians were used to seeing these security warnings and clicking right through them.”

This is because due to sanctions, Syrians can’t purchase authentic anti-virus software, said Galperin.

“The attack didn’t last long but it turned out to be one of a series of campaigns in which the pro-Syrian government actors tried to get access to activist communications.”

For example, an activist received a Skype message from the account of an imprisoned friend. The message advised him to install a “useful tool” which would enable him to disguise his online identity from the Assad regime.

However, the tool turned out to be a remote surveillance tool which recorded key stroke logs and used the victim’s webcam to spy on him.

Turning to Vietnam, she said that the government has used malware to spy on journalists, activists, dissidents and bloggers.

“Vietnam's Internet spying campaign dates back to at least March 2010 when engineers at Google discovered malware broadly targeting Vietnamese computer users. The infected machines were used to spy on their owners as well as participate in DDoS attacks against dissident websites,” said Galperin.

Bloggers such as human rights lawyer Lê Quốc Quân have been sent to prison.

Even the EFF has been targeted by the Vietnamese government. For example, an email from `Andrew Oxfam’ was sent to Galperin inviting her to an angel conference.

However, the email was not hosted on Oxfam’s servers and contained malicious attachments.

The Vietnamese government also sent the email to a colleague of Galperin’s who had written a blog post on her behalf about the plight of bloggers in Vietnam.

“One blog post is enough to get you targeted by state sponsored malware," she said.

The Ethiopian government has purchased intercept software and used it against bloggers and journalists.

According to documents leaked by Edward Snowden, Ethiopia received $450,000 from the NSA to build its surveillance capabilities.

Reports by The Citizen Lab have found Finfisher and Hacking Team command and control servers operating in Ethiopia, said Galperin.

She presented the AusCERT delegates with a challenge: “If you find malware targeting vulnerable groups, publish your research. It should be written in a way that can be understood by journalists and activists so they can turn it into advice for the targets.”

“If you can’t do that, partner with a journalist or activist from the affected community,” she said.

The EFF can provide legal advice to security researchers who want to publish their research, Galperin added.

Follow Hamish Barwick on Twitter: @HamishBarwick Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Electronic Frontier Foundation (EFF)auscertAusCERT 2015

More about EFFElectronic Frontier FoundationFacebookGoogleNSASkypeTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts