"If you block the internet for access to activism or investigative journalism, no one will care. But block their access to cute cats, there will be blood on the streets”.
With that Eva Galperin, a Global Policy Analyst with the Electronic Frontier Foundation, opened AusCERT 2015.
Galperin looked at the situation in Syria where the conflict by the government and ISIS/ISIL. In 2011, the Syrian government opened up access to Facebook, before https was enabled by default. While this looked like a liberation in the eyes of most people, it was really a trap.
The Syrian government launched a man-in-the-middle attack where pro-Syrian government forces intercepted communications from opposing activists. They were also able to use social engineering attacks which spawned headlines like "Computer spyware is newest weapon in Syrian conflict”.
Other vectors such as phishing and Skype - popular with activists seeking to avoid government-run telecommunications networks - were also used in the fight between activists on both sides of the conflict.
Galperin’s talk detailed the escalating campaign. Interestingly, like Brian Krebs in his talk at the CheckPoint Cybersecurity Symposium, Galperin noted that the actors in this battle often exhibit poor security controls themselves, using the same usernames and other identifiers over and over again.
Much of Galperin’s research ended a little while ago as she was unable to tell the difference between the “good guys and bad guys” as the dispute escalated. She also noted the attacks became increasingly sophisticated and were able to fool users. As a result, user education was a key to preventing the tools being successful.
What the dispute in Syria did was create an environment where anti-activist malware was able to develop quickly. Galperin noted such malware is routinely used by other governments now, such a Vietnam, to track and prosecute “dissidents” - like one man who was convicted of “attempting to overthrow the government” when blogging about education for poor children. That man is now serving a 13-year sentence in a high-security prison.
That malware is far more sophisticated than ever before and is not riddled with the poor spelling and weird fonts early phishing attacks and other malware used to exhibit. Today’s attacks are far harder to detect.
The culmination of this was what has happened in Ethiopia. That government received $450,000 from the NSA for surveillance tools to use against “terrorists”. According to Galperin, that label is applied to almost anyone who opposes the government.
Although that sounds like a small amount, with online surveillance tools being so inexpensive and readily available, $450,000 goes a long way.
How is it possible to combat these sorts of threats? Galperin says you can learn a lot from the “superhero team-up” of activists, technologists and lawyers.
Galperin was contracted in 2007 to look into the Ethiopian funding (that was originally revealed by Wikileaks) and her team was able to find the hackers using the same tools they were using and bring them in front of the courts.Read more: Analyses reveal 2013's most conspicuous phishing giveaways
The tools and methods used by Galperin and her team were widely available although they were not particularly well understood by the media. With that, Galperin challenged the media and researchers in the room to present information relating to spying and monitoring of activists in a way that can be understood so it can be turned into advice for targeted parties.
Although the EFF is based in the United States, Galperin says her network of contacts means activists in other countries can approach them for advice as she may be able to direct them to parties in their home countries where they can get appropriate protection and advice.
This article is brought to you by Enex TestLab, content directors for CSO Australia.Analyses reveal 2013's most conspicuous phishing giveaways