Latest News

Wayane regime uses spyware against journalists, even in U.S.

 Video: The Post's Craig Timberg breaks down a new report by digital watchdog group The Citizen Lab, which suggests the Ethiopian government is hacking the computers of Ethiopian journalists in the D.C. area.  

By Craig Timberg, Published: February 12 

E-mail the writer  

Mesay Mekonnen was at his desk, at a news service based in Northern Virginia, when gibberish suddenly exploded across his computer screen one day in December. A sophisticated cyber­attack was underway. 

But this wasn’t the Chinese army or the Russian mafia at work. 

Origin of hacking attempts on journalists

 (Astrid Riecken/For The Washington Post) - Neamin Zeleke, managing director of Ethiopian Satelite Television, suspects that the Ethiopian government has employed spyware to identify opposition supporters.

 Instead, a nonprofit research lab has fingered government hackers in a much less technically advanced nation, Ethi­o­pia, as the likely culprits, saying they apparently used commercial spyware, essentially bought off the shelf. This burgeoning industry is making surveillance capabilities that once were the exclusive province of the most elite spy agencies, such as National Security Agency, available to governments worldwide. 

The targets of such attacks often are political activists, human rights workers and journalists, who have learned that the Internet allows authoritarian governments to surveil and intimidate them even after they have fled to supposed safety. 

That includes the United States, where laws prohibit unauthorized hacking but rarely succeed in stopping intrusions. The trade in spyware itself is almost entirely unregulated, to the great frustration of critics. 

“We’re finding this in repressive countries, and we’re finding that it’s being abused,” said Bill Marczak, a research fellow for Citizen Lab at the University of Toronto’s Munk School of Global Affairs, which released a report Wednesday. “This spyware has proliferated around the world . . . without any debate.”

 Citizen Lab says the spyware used against Mekonnen and one other Ethio­pian journalist appears to have been made by Hacking Team, an Italian company with a regional sales office in Annapolis. Its products are capable of stealing documents from hard drives, snooping on video chats, reading e-mails, snatching contact lists, and remotely flipping on cameras and microphones so that they can quietly spy on a computer’s unwitting user. 

Some of the targets of recent cyberattacks are U.S. citizens, say officials at Ethio­pian Satellite Television’s office in Alexandria, where Mekonnen works. Others have lived in the United States or other Western countries for years. 

“To invade the privacy of American citizens and legal residents, violating the sovereignty of the United States and European countries, is mind-boggling,” said Neamin Zeleke, managing director for the news service, which beams reports to Ethi­o­pia, providing a rare alternative to official information sources there. 

Citizen Lab researchers say they have found evidence of Hacking Team software, which the company says it sells only to governments, being used in a dozen countries, including Uzbekistan, Kazakhstan, Sudan, Saudi Arabia and Azerbaijan. 

The Ethio­pian government, commenting through a spokesman at the embassy in Washington, denied using spyware. “The Ethiopian government did not use and has no reason at all to use any spyware or other products provided by Hacking Team or any other vendor inside or outside of Ethi­o­pia,” Wahide Baley, head of public policy and communications, said in a statement e-mailed to The Washington Post.

 Hacking Team declined to comment on whether Ethi­o­pia was a customer, saying it never publicly confirms or denies whether a country is a client because that information could jeopardize legitimate investigations. The company also said it does not sell its products to countries that have been blacklisted by the United States, the United Nations and some other international groups.  

“You’ve necessarily got a conflict between the issues around law enforcement and the issues around privacy. Reasonable people come down on both sides of that,” said Eric Rabe, a U.S.-based senior counsel to Hacking Team. “There is a serious risk if you could not provide the tools that HT provides.”

 The FBI, which investigates computer crimes, declined to comment on the Citizen Lab report.

 Allegations of abuse 

 Technology developed in the aftermath of the Sept. 11, 2001, terrorist attacks has provided the foundation for a multibillion-dollar industry with its own annual conferences, where firms based in the most developed countries offer surveillance products to governments that don’t yet have the ability to produce their own. 

Hacking Team, which Reporters Without Borders has named on its list of “Corporate Enemies” of a free press, touted on its Web site that its “Remote Control System” spyware allows users to “take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices.” 

Hacking Team software has been used against Mamfakinch, an award-winning Moroccan news organization, and Ahmed Mansoor, a human rights activist in the United Arab Emirates who was imprisoned after signing an online political petition, Citizen Lab reported. Another research group, Arsenal Consulting, has said Hacking Team software was used against an American woman who was critical of a secretive Turkish organization that is building schools in the United States. 

Such discoveries have sparked calls for international regulation of Hacking Team and other makers of spyware, which typically costs in the hundreds of thousands of dollars, according to experts. 

By selling spyware, “they are participating in human rights violations,” said Eva Galperin, who tracks spyware use for the Electronic Frontier Foundation, a civil liberties group based in San Francisco. “By dictator standards, this is pretty cheap. This is pocket change.” 

Rabe, the Hacking Team official, said that the company does not itself deploy spyware against targets and that, when it learns of allegations of human rights abuses by its customers, it investigates those cases and sometimes withdraws licenses. He declined to describe any such cases or name the countries involved. 

Ethio­pian Satellite Television, typically known by the acronym ESAT, started in 2010 and operates on donations from members of the expatriate community. The news service mainly employs journalists who left Ethi­o­pia in the face of government harassment, torture or criminal charges. Though avowedly independent, ESAT is viewed as close to Ethiopia’s opposition forces, which have few other ways of reaching potential supporters. 

Despite the nation’s close relationship with the U.S. government — especially in dealing with unrest and Islamist extremism in neighboring Somalia — the State Department has repeatedly detailed human rights abuses by the Ethi­o­pian government against political activists and journalists. There has been little improvement, observers say, since the 2012 death of the nation’s longtime ruler, Meles Zenawi. 

“The media environment in Ethi­o­pia is one of the most repressive in Africa,” said Felix Horne, a researcher for Human Rights Watch. “There are frequent cases of people who have spoken to journalists being arrested. There’s very little in the way of free flow of information in the country. The repressive anti-terrorism law is used to stifle dissent. There are a number of journalists in prison for long terms for doing nothing but practicing what journalists do.” 

Taking the bait  

Mekonnen was wary as soon as he received a document, through a Skype chat with a person he did not know, on Dec. 20. But the file bore the familiar icon of a Microsoft Word file and carried a name, in Ethiopia’s Amharic language, suggesting that it was a text about the ambitions of a well-known political group there. The sender even used the ESAT logo as his profile image, suggesting the communication was from a friend, or at least a fan. 

When the screen filled with a chaotic series of characters, Mekonnen knew he had been fooled — in hacker jargon, he had taken “the bait” — yet it wasn’t clear what exactly was happening to his computer, or why. 

That same day, an ESAT employee in Belgium also had received mysterious documents over Skype chats. Noticing that the files were of an unusual type, he chose not to open them on his work computer. Instead, the ESAT employee uploaded one of the files to a Web site, VirusTotal, that scans suspicious software for signs of their origins and capabilities. 

That Web site also has a system to alert researchers when certain types of malicious software are discovered. Marczak, the Citizen Lab researcher, who had been tracking the spread of spyware from Hacking Team and other manufacturers, soon got an e-mail from VirusTotal reporting that a suspicious file had been found, carrying telltale coding. 

Marczak, a doctoral student in computer science at the University of California at Berkeley, had worked with members of the Ethio­pian community before, during an attempted hacking incident last April. When he received the alert from VirusTotal, he got in touch with ESAT’s offices in Alexandria and began looking for signs of Hacking Team software on the news service’s computers. He was eventually joined in the detective work by three other researchers affiliated with Citizen Lab, Claudio Guarnieri, Morgan Marquis-Boire and John Scott-Railton. They did not detect an active version of the spyware on Mekonnen’s computer, suggesting it had failed to activate properly or was removed by the hackers who deployed it. But when Citizen Lab analyzed the file itself — still embedded in Mekonnen’s Skype account — its coding tracked closely to other Hacking Team spyware, Marczak said. 

The Citizen Lab team found that the spyware was designed to connect to a remote server that used an encryption certificate issued by a group listed as “HT srl,” an apparent reference to Hacking Team. The certificate also mentioned “RCS,” which fits the acronym for the company’s “Remote Control System” spyware. 

The researchers discovered a similar encryption certificate used by a server whose IP address was registered to Giancarlo Russo, who is Hacking Team’s chief operating officer. The phone number and mailing address associated with that server’s IP address matched the company’s headquarters in Milan, Citizen Lab said. 

The evidence of Ethiopia’s involvement was less definitive — as is common when analysts attempt to learn the origin of a cyberattack — though the Citizen Lab researchers express little doubt about who was behind the attack. The document that Mekonnen downloaded, they noted, had a title in Amharic that referred to Ethio­pian politics, making clear that the attackers had deep knowledge of that country. 

In addition, few governments have enough interest in Ethio­pian politics to deploy a sophisticated spyware attack against journalists covering the country, Marczak said. “I can’t really think of any other government that would like to spy on ESAT.” 

The biggest fear among journalists is that spies have accessed sensitive contact lists on ESAT computers, which could help the government track their sources back in Ethi­o­pia. 

“This is a really great danger for them,” Mekonnen said. 

The latest from Craig Timberg: 

New surveillance technology can track everyone in an area for several hours at a time 

Blimplike surveillance craft set to deploy over Maryland heighten privacy concerns 

FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance

 New surveillance technology can track everyone in an area for several hours at a time

Video: The Post's Craig Timberg describes an aerial camera setup from Persistent Surveillance Systems that acts almost like a time machine for police, letting them watch criminals—and everyone else. 

By Craig Timberg, Published: February 5E-mail the writer  

DAYTON, Ohio — Shooter and victim were just a pair of pixels, dark specks on a gray streetscape. Hair color, bullet wounds, even the weapon were not visible in the series of pictures taken from an airplane flying two miles above. 

But what the images revealed — to a degree impossible just a few years ago — was location, mapped over time. Second by second, they showed a gang assembling, blocking off access points, sending the shooter to meet his target and taking flight after the body hit the pavement. When the report reached police, it included a picture of the blue stucco building into which the killer ultimately retreated, at last beyond the view of the powerful camera overhead. 

A surveillance system designed by a Dayton, Ohio-based company can track crimes in real time, as they occur. 

Gallery

From 10,000 feet up, tracking an entire city at one glance: Ohio-based Persistent Surveillance Systems is trying to convince cities across the country that its surveillance technology can help reduce crime. Its new generation of camera technology is far more powerful than the police cameras to which America has grown accustomed. But these newer cameras have sparked some privacy concerns.

“I’ve witnessed 34 of these,” said Ross McNutt, the genial president of Persistent Surveillance Systems, which collected the images of the killing in Ciudad Juárez, Mexico, from a specially outfitted Cessna. “It’s like opening up a murder mystery in the middle, and you need to figure out what happened before and after.” 

As Americans have grown increasingly comfortable with traditional surveillance cameras, a new, far more powerful generation is being quietly deployed that can track every vehicle and person across an area the size of a small city, for several hours at a time. Although these cameras can’t read license plates or see faces, they provide such a wealth of data that police, businesses and even private individuals can use them to help identify people and track their movements. 

Already, the cameras have been flown above major public events such as the Ohio political rally where Sen. John McCain (R-Ariz.) named Sarah Palin as his running mate in 2008, McNutt said. They’ve been flown above Baltimore; Philadelphia; Compton, Calif.; and Dayton in demonstrations for police. They’ve also been used for traffic impact studies, for security at NASCAR races and at the request of a Mexican politician, who commissioned the flights over Ciudad Juárez. 

Video: A time machine for police, letting them watch criminals — and everyone else. 

Defense contractors are developing similar technology for the military, but its potential for civilian use is raising novel civil liberties concerns. In Dayton, where Persistent Surveillance Systems is based, city officials balked last year when police considered paying for 200 hours of flights, in part because of privacy complaints. 

“There are an infinite number of surveillance technologies that would help solve crimes . . . but there are reasons that we don’t do those things, or shouldn’t be doing those things,” said Joel Pruce, a University of Dayton postdoctoral fellow in human rights who opposed the plan. “You know where there’s a lot less crime? There’s a lot less crime in China.” 

The Supreme Court generally has given wide latitude to police using aerial surveillance as long as the photography captures images visible to the naked eye. 

McNutt, a retired Air Force officer who once helped design a similar system for the skies above Fallujah, a battleground city in Iraq, hopes to win over officials in Dayton and elsewhere by convincing them that cameras mounted on fixed-wing aircraft can provide far more useful intelligence than police helicopters do, for less money.  

A single camera mounted atop the Washington Monument, McNutt boasts, could deter crime all around the Mall. He said regular flights over the most dangerous parts of Washington — combined with publicity about how much police could see — would make a significant dent in the number of burglaries, robberies and murders. His 192-megapixel cameras would spot as many as 50 crimes per six-hour flight, he estimated, providing police with a continuous stream of images covering more than a third of the city. 

“We watch 25 square miles, so you see lots of crimes,” he said. “And by the way, after people commit crimes, they drive like idiots.” 

What McNutt is trying to sell is not merely the latest techno-wizardry for police. He envisions such steep drops in crime that they will bring substantial side effects, including rising property values, better schools, increased development and, eventually, lower incarceration rates as the reality of long-term overhead surveillance deters those tempted to commit crimes. 

Dayton Police Chief Richard Biehl, a supporter of McNutt’s efforts, has proposed inviting the public to visit the operations center to get a glimpse of the technology in action. 

“I want them to be worried that we’re watching,” Biehl said. “I want them to be worried that they never know when we’re overhead.” 

Technology in action  

McNutt, a suburban father of four with a doctorate from the Massachusetts Institute of Technology, is not deaf to concerns about his company’s ambitions. Unlike many of the giant defense contractors that are eagerly repurposing wartime surveillance technology for domestic use, he sought advice from the American Civil Liberties Union in writing a privacy policy. 

It has rules on how long data can be kept, when images can be accessed and by whom. Police are supposed to begin looking at the pictures only after a crime has been reported. Fishing expeditions are prohibited. 

The technology has inherent limitations as well. From the airborne cameras, each person appears as a single pixel indistinguishable from any other person. What people are doing — even whether they are clothed or not — is impossible to see. As technology improves the cameras, McNutt said he intends to increase their range, not the precision of the imagery, so that larger areas can be monitored. 

The notion that McNutt and his roughly 40 employees are peeping Toms clearly rankles. The company made a PowerPoint presentation for the ACLU that includes pictures taken to assist the response to Hurricane Sandy and the severe Iowa floods last summer. The section is titled: “Good People Doing Good Things.” 

“We get a little frustrated when people get so worried about us seeing them in their backyard,” McNutt said in his operation center, where the walls are adorned with 120-inch monitors, each showing a different grainy urban scene collected from above. “We can’t even see what they are doing in their backyard. And, by the way, we don’t care.” 

Yet in a world of increasingly pervasive surveillance, location and identity are becoming all but inextricable. One quickly leads to the other for those with the right tools. 

During one of the company’s demonstration flights over Dayton in 2012, police got reports of an attempted robbery at a bookstore and shots fired at a Subway sandwich shop. The cameras revealed a single car moving between the two locations. 

By reviewing the images frame by frame, analysts were able to help police piece together a larger story: A man had left a residential neighborhood at midday and attempted to rob the bookstore, but fled when somebody hit an alarm. Then he drove to Subway, where the owner pulled a gun and chased him off. His next stop was a Family Dollar Store, where the man paused for several minutes. He soon returned home, after a short stop at a gas station where a video camera captured an image of his face. 

A few hours later, after the surveillance flight ended, the Family Dollar Store was robbed. Police used the detailed map of the man’s movements, along with other evidence from the crime scenes, to arrest him for all three crimes. 

On another occasion, Dayton police got a report of a burglary in progress. The aerial cameras spotted a white truck driving away from the scene. Police stopped the driver before he got home and found the stolen goods in the back of the truck. A witness identified him soon afterward. 

Privacy concerns  

In addition to normal cameras, the planes can carry infrared sensors that permit analysts to track people, vehicles or wildlife at night — even through foliage and into some structures, such as tents. 

Courts have put stricter limits on technology that can see things not visible to the naked eye, ruling that they can amount to unconstitutional searches when conducted without a warrant. But the lines remain fuzzy as courts struggle to apply old precedents — from a single overflight carrying an officer equipped with nothing stronger than a telephoto lens, for example — to the rapidly advancing technology. 

“If you turn your country into a totalitarian surveillance state, there’s always some wrongdoing you can prevent,” said Jay Stanley, a privacy expert with the American Civil Liberties Union. “The balance struck in our Constitution tilts toward liberty, and I think we should keep that value.” 

Police and private businesses have invested heavily in video surveillance since the Sept. 11, 2001, attacks. Although academics debate whether these cameras create significantly lower crime rates, an overwhelming majority of Americans support them. A Washington Post poll in November found that only 14 percent of those surveyed wanted fewer cameras in public spaces. 

But the latest camera systems raise new issues because of their ability to watch vast areas for long periods of time — something even military-grade aerial cameras have struggled to do well. 

The military’s most advanced experimental research lab is developing a system that uses hundreds of cellphone cameras to watch 36-square-mile areas. McNutt offers his system — which uses 12 commercially available Canon cameras mounted in an array — as an effective alternative that’s cheap enough for local police departments to afford. He typically charges between $1,500 and $2,000 per hour for his services, including flight time, operation of the command center and the time that analysts spend assisting investigations. 

Dayton police were enticed by McNutt’s offer to fly 200 hours over the city for a home-town discount price of $120,000. The city, with about 140,000 people, saw its police force dwindle from more than 400 officers to about 350 in recent years, and there is little hope of reinforcements. 

“We’re not going to get those officers back,” Biehl, the police chief, said. “We have had to use technology as force multipliers.” 

Still, the proposed contract, coming during Dayton’s campaign season and amid a wave of revelations about National Security Agency surveillance, sparked resistance. Biehl is looking for a chance to revive the matter. But the new mayor, Nan Whaley, has reservations, both because of the cost and the potential loss of privacy. 

“Since 2001, we haven’t had really healthy conversations about personal liberty. It’s starting to bloom about a decade too late,” Whaley said. “I think the conversation needs to continue.” 

To that end, the mayor has another idea: She’s encouraging the businesses that own Dayton’s tallest buildings to mount rooftop surveillance cameras capable of continuously monitoring the downtown and nearby neighborhoods. Whaley hopes the businesses would provide the video feeds to the police. 

McNutt, it turns out, has cameras for those situations, too, capable of spotting individual people from seven miles away.