Hacking Team Spyware ‘Hits Ethiopian Journalists’

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

“Lawful intercept” tech allegedly used in attacks on Ethiopian journalists, as civil rights activists fret about abuse of the software

Hacking Team spyware, which is sold to governments across the world, has allegedly been found targeting journalists in Ethiopia, leading to concern amongst civil rights bodies.

The Italian firm’s  Remote Control System (RCS) was seen hitting various systems run by the Ethiopian Satellite Television Service (ESAT), according to a report from Citizen Lab, an activist-focused malware research group based at the University of Toronto.

Ethiopia - Shutterstock - Tang Yan SongThe first attempt tried to snoop on ESAT’s Skype account, run by a contributor based out of Belgium. Analysis of a file sent to the journalist over Skype indicated it was part of an attack using Hacking Team kit.

Hacking Team attacks

The file communicated with a server that returned two SSL certificates, one of which was was issued by “RCS Certification Authority” and “HT srl”. That certificate was also similar to SSL certificates returned by two other servers apparently owned by Hacking Team.

It also matched up with previous samples uncovered by Citizen Lab.

A second attempt on the same journalist, involved a mailcious Word file sent by a contact going by the name Yalfalkenu , involved a malicious Word file.

The same attacker appeared to try breaching ESAT through another journalist, based in the organisation’s Northern Virginia offices.

“We talked to employees of ESAT, who said that Yalfalkenu used to collaborate with them, but then he ‘disappeared for a while’,” Citizen Lab wrote in its report. “It is possible that someone else is now using Yalfalkenu’s account.

“While Hacking Team and other ‘lawful intercept’ spyware vendors purport to practice effective self-regulation, this case seems to be part of a broader pattern of government abuse of such spyware.

“‘Lawful intercept’ spyware has also apparently been abused to target Bahraini activists, Moroccan journalists, critics of the Turkish Government, and Emirati human rights activists.”

Hacking Team had not responded to a TechWeekEurope request for comment at the time of publication. It has previously claimed to carry out a thorough assessment of clients to ensure they aren’t contravening human rights.

Hacking Team software is not dissimilar to that offered by British firm Gamma International, which has also come under fire after its services were allegedly in use in nations with poor human rights records, including Bahrain.

Like Internet anonymity? Try our Anonymous quiz!