Italian spyware and the demise of a Moroccan news site

Western companies selling surveillance technology to law enforcement and intelligence services are on the rise. In 2012 the Moroccan news website Mamfakinch, founded to report on the Arab Spring protests, was targeted with spyware developed by an Italian company called Hacking Team. The attack proved to be the fatal blow to the site and its many collaborators who wanted to remain anonymous. Mamfakinch stopped publishing altogether last year. A unique story shining light behind the curtain of global online surveillance.

  • andronicusmax (CC BY 2.0) Hacking Team is part of a growing industry of Western tech companies that sell surveillance equipment to law enforcement and intelligence agencies around the world. For small to medium size countries it is difficult to develop such technology on their own: they depend completely on the private sector. andronicusmax (CC BY 2.0)
  • Magharebia (CC BY 2.0) Because of the fact that the so-called February 20 Movement, attracting protesters to the streets every weekend in many cities and villages, was still being ignored in mainstream media, Mamfakinch soon became a success. Magharebia (CC BY 2.0)
  • Asteris Masouras (CC BY-NC-SA 2.0) After a year or so the site was awarded the Google/Global Voices Breaking Borders Award for its work on online free speech. Asteris Masouras (CC BY-NC-SA 2.0)
  • Magharebia (CC BY 2.0) 'The political context had changed since the beginning of the February 20 Movement some of the initial spirit was lost.' Magharebia (CC BY 2.0)

Early last year news spread that Washington-based Ethiopian journalists with the Ethiopian Satellite Television Service (ESAT) were targeted with sophisticated spyware, aimed at intercepting their communications.

Customer information remains a secret: corporate policy.

The expatriate satellite news service is known to be critical of the Ethiopian government. Cybersecurity researchers at Citizenlab, a research group from the university of Toronto, got to work analyzing the spyware.

They found out the spyware was most likely created by Hacking Team, an Italian company selling surveillance technology to police and intelligence services across the globe.

The spyware infection happened through an ESAT employee who was residing in Belgium at the time. The incident was reported on the front page of the Washington Post.

 

Video from The Washington Post on the incident.

Hacking Team has confirmed nor denied having sold software to the Ethiopian government. Its customers remain a secret: corporate policy.

The company does stress that it does not cooperate with governments that have a bad human rights record, or that it discontinues support when abuses surface.

However, the opposite seems to be true. Early last March Citizenlab published another report: late last year some ESAT journalists are said to have been targeted once again with updated Hacking Team software. This time researchers traced the attack all the way back to the Ethiopian government. Clues indicate that it was the Ethiopian Network Security Agency, the government agency that oversees the country’s internet traffic.

Lies

The Ethiopian story sounds all too familiar to Hisham Almiraat. When in 2011 the first major Arab Spring-inspired Moroccan demonstration was announced, the medical doctor says he was dismayed that the official press agency, Maghreb Arabe Presse, immediately discredited the budding protests that followed Tunisia’s and Egypt’s example.

‘It was shocking to see how they literally spread lies about the movement’, Hisham says over Skype from Rabat. ‘Because the Moroccan press is either directly or indirectly in the hands of government and the ruling class, some friends and I decided to start our own medium.’

Magharebia (CC BY 2.0)

Because of the fact that the so-called February 20 Movement, attracting protesters to the streets every weekend in many cities and villages, was still being ignored in mainstream media, Mamfakinch soon became a success.

It was to be called ‘Mamfakinch’, Moroccan dialect for ‘we won’t give up’. The idea was to create a medium for and by the people, decidedly democratic and progressive: a militant platform for activists and citizen journalists, ‘for those who never got to have their say in the official newspapers.’

Because of the fact that the so-called February 20 Movement, attracting protesters to the streets every weekend in many cities and villages, was still being ignored in mainstream media, Mamfakinch soon became a success: up to a million people found their way to the website those first few months. Mamfakinch’s liveblogging and tweeting was perfectly in touch with the buzz around social media at the beginning of the Arab Spring.

The site also published investigations, or collaborated with anonymous sources that could provide sensitive material. Many collaborators therefore valued their anonymity or trusted Mamfakinch to protect their identity. After a year or so the site was awarded the Google/Global Voices Breaking Borders Award for its work on online free speech. Mamfakinch had some thirty regular contributors at that time.

Asteris Masouras (CC BY-NC-SA 2.0)

After a year or so the site was awarded the Google/Global Voices Breaking Borders Award for its work on online free speech.

Dangerous email

The Word document concealed sophisticated spyware, developed by the Italian company Hacking Team.

Some weeks after the award ceremony, on July 13th 2012, an email arrived through the site’s contact page. The subject line read ‘Dénonciation’ (denunciation, in French) and a Word document entitled ‘scandale’ (scandal, in French) seemed to be attached. It was accompanied by a sloppily written note that read, in French: ‘Please don’t mention my name or anything else, I don’t want to get in trouble…’

The attachment was empty: no salacious scandal, as promised. ‘In hindsight it was too good to be true’, says Hisham. ‘We didn’t pay it any more attention, until someone in our mailing list started asking questions.’

Did some malicious software slip in unnoticed? Through the citizen media network Global Voices, Mamfakinch got in touch with a few cybersecurity researchers at Citizenlab, who investigate the case.

The Word document concealed sophisticated spyware, developed by the Italian company Hacking Team. Seeing as the company states that it only works with governments, it’s clear where the attack originated from.

The powerful spyware, which reportedly costs 200.000 euros, enables its user to gain access to infected computers from a distance, and thus to every document on the hard drive as well. It is also possible to follow in real time everything happening on screen and to register every keystroke, including passwords. It can even switch on the webcam to take pictures and video.

Promotional video for the spyware that was used. After publication a password was all of a sudden required to view the footage.

‘The incident had caused irreparable harm to something fundamental: the trust that people had in our ability to protect their identities.’

‘I felt really violated’, Hisham remembers. ‘Because even if I didn’t have much to hide myself, I still had data on my computer that might identify others, or just prove that I was in contact with them.’

‘So even if I would stay out of harm’s way, the affair might have consequences for others. I felt really angry and powerless.’ Citizenlab’s report came as a blow to the Mamfakinch team. Many of them were disillusioned.

In all fairness, Mamfakinch had lost some of its momentum, says Hisham. ‘The political context had changed since the beginning of the February 20 Movement some of the initial spirit was lost. In the meantime, we were confronted with the horrific reality of Syria, and radical Islam was starting to rise. Many people had doubts, and the movement had lost its heart. Maybe too much democracy leads to chaos, as in Syria or Libya today?’

‘A lot of people were seduced by the thought of some sort of an enlightened despot: someone to cross the desert with. The enthusiasm and democratic naivety of 2011 had somewhat dissipated, and today it’s limited to only a small circle of inspired democrats.’

‘Be that as it may, the incident had definitely caused irreparable harm to something fundamental: the trust that people had in our ability to protect their identities. Secure communication was out the window as well. I immediately feared that was the end of our project, that people had lost the will to do something because they had suddenly gotten scared.’

‘This turned out to be true. The psychological impact was obvious: people started making up all sorts of lame excuses to stop working with us. We slowly regressed into an untenable situation.’ Toward the end of February 2014 Mamfakinch stopped publishing altogether.

Magharebia (CC BY 2.0)

‘The political context had changed since the beginning of the February 20 Movement some of the initial spirit was lost.’

Shopping for surveillance technology

As North African countries were flooded with protesters, they went shopping for surveillance technology.

Morocco isn’t the only country that, during the Arab Spring, sought to purchase services from, then obscure, western surveillance companies. Investigations have shown that as North African countries were flooded with protesters, almost all of them literally went shopping for surveillance technology.

Syria used specialists from the Italian company Area SpA to intercept all emails going over the Syrian network. In the offices of the Egyptian security services, human rights activists encountered documents from the German-British Gamma Group that specified the price of their FinSpy software.

And in government offices in Lybia, equipment made by French company Amesys was discovered, meant to intercept and analyze internet traffic. Some of these companies were labeled ‘corporate enemies of the internet’ by Reporters without Borders.

Hacking Team is part of a growing industry of Western tech companies that sell surveillance equipment to law enforcement and intelligence agencies around the world. For small to medium size countries it is difficult to develop such technology on their own: they depend completely on the private sector.

A source in the Belgian intelligence community described this as a ‘necessary evil’ in an article published by De Standaard some months ago. At that time, whistleblowing platform Wikileaks had just published a list of companies that had purchased Gamma Group’s FinFisher spyware and Belgium was shown to have purchased a million euros worth of FinFisher licenses.

Ethiopia appeared to have used the product, along with Bahrain, that later deployed the software against a person residing in Belgium, most likely an activist.

Belgium purchased a million euros worth of FinFisher licenses.

Hisham Almiraat has become rather familiar with the world of cyber spies and hackers. Even before the discovery of the Italian spyware, Mamfakinch had repeatedly been besieged with so-called DDoS attacks, that hit a site with a massive amount of refresh requests until it crashes.

In the aftermath of the discovery at Mamfakinch, Hisham saw a whole wave of cyber attacks against activists and critical journalists take place. Amongst other things, social media accounts where hijacked. He suspects that the regime was behind these attacks:

‘You don’t just see this in Morocco. In the United Arab Emirates, Bahrain and Egypt the same occurs: electronic spying enables undemocratic and repressive regimes to turn the internet into a kind of surveillance machine. It’s reprehensible and it saddens me.’

This is, he says, how an unbalanced situation originated online: ‘The internet, an extraordinarily democratic invention, is today mostly the territory of nihilistic fundamentalists with nothing to lose. Le jeu a changé, the game has changed. Reasonable people with something to lose, a job, a family, will think twice before voicing political opinions online because the stakes are too high. What happened with Mamfakinch might repeat itself with other activists that want to organize.’

Surveillance as the new censorship

Hisham Almiraat’s testimony is also to be found in a report published by the NGO Privacy International about surveillance in Morocco, alongside the testimonies of two other former Mamfakinch collaborators.

One of them, Yassir Kazar, founded a company that specializes in computer security and electronic self-defense after the spyware incident. Also in this report, known Moroccan investigative journalist Ali Anouzla testifies about many years of government surveillance and harassment and attacks by hacker militias.

Anouzla was imprisoned for having placed a link on his now blocked website Lakome to an article by Spanish newspaper El País that showed an Al-Qaeda video calling for violence against Morocco. Privacy International’s report paints a picture of a very authoritarian Morocco, where invasive surveillance and intimidation of dissidents is common practice.

‘Privacy is fundamentally the problem of the oppressed, of people who live under the thumb of authoritarian regimes.’

In april of 2014 Hisham, together with the NGO Privacy International, founded the Association des Droits Numériques, an organization that, amongst other things, advocates electronic privacy.

Two conferences organized by the ADN, the most recent one in December, were forbidden by authorities and had to go underground. In this, Hisham sees confirmation that they’re doing good work.

If the Hacking Team affair has taught him anything, it is the importance of privacy. ‘Before, I thought that privacy was a typical first world concern. I thought that it was a rich person’s pet issue, a luxury we couldn’t afford.’

‘But the Hacking Team attack has made me realize that in fact it’s not a first world problem, quite the contrary: it’s fundamentally the problem of the oppressed, of people who live under the thumb of authoritarian regimes.’

‘Why? Because the internet has changed everything. It used to be easy to silence the press: one only had to forbid a newspaper, or, as Moroccan elites tended to do, withdraw advertising. Done. The press gets back in line.’

‘But with the internet this has gotten way more difficult, because it’s everywhere. It’s not easy to censor: close one door, a new one opens. But unfortunately technology has come to the rescue of authoritarian regimes, in the guise of Western companies that operate in democratic countries and enjoy the freedom to innovate and make money.’

‘Such companies have placed their technology in the service of those regimes, with the promise that they don’t have to censor anymore. They said: we’ve got a better solution for you and that’s surveillance.’

‘There’s really no better way to control someone than to make them feel that they’re being watched. They’ll censor themselves and think twice before doing anything online. Everyone has their weakness, their sins. It suffices to watch someone long enough before they’re revealed and then you have a repression tool. And this happens today, because of companies that make a lot of money off of their spying weapons.’

Ik ben proMO*

Nu je hier toch bent

Om de journalistiek van MO* toekomst te geven, is de steun van elke lezer meer dan ooit nodig. Vind je dat in deze tijden van populisme en nepnieuws een medium als MO* absoluut nodig is om de waarheid boven te spitten? Word proMO*.

Wil je bijdragen tot de mondiale (onderzoeks)journalistiek in het Nederlandstalig taalgebied? Dat kan, als proMO*.

Wil je er mee voor zorgen dat de journalistiek van MO* mogelijk blijft en, ondanks de besparingspolitiek, verder uitgebouwd wordt? Dat doe je, als proMO*.

Je bent proMO* voor € 4/maand of € 50/jaar.

Word proMO* of Doe een gift