It is often said that in warfare, all is free and fair. But the type of warfare implied in the axiom must be clearly defined – not just any type of war. But even at that, the axiom is now outdated. These days, warfare has become regulated. The United Nations now insists that groups and nations must declare wars openly before they would be recognized as such. Spyware can only be used for warfare.
The Ethiopian government, which has been targeting dissidents and journalists in nearly two dozen countries with spyware, provided by an Israeli software company, should be made to understand the UN Code on warfare. According to a new report from Citizen Lab, a research and development group at the University of Toronto, this has been going on since last year.
The report says that once their computers are infected, victims of the attack can be monitored covertly whenever they browse the web. Based on an in-depth analysis of the methods used to trick victims into installing the software, Citizen Lab concluded that “agencies of the Ethiopian government” deployed the spyware to target individuals critical of their policies.
It is believed that more than forty devices in twenty countries were infected, according to Citizen Lab’s research. No one knows exactly how many individuals might have been targeted. Citizen Lab’s report found that attackers used email to target dissidents, outspoken critics and perceived enemies by impersonating legitimate websites and software companies. In some cases, they sent messages about events related to Ethiopian politics, with links purporting to show related videos.
Those links led to web pages that prompted victims to update their Flash Players or download “Adobe PdfWriter,” fictitious software that, in fact, led to CutePDF Writer, a tool to create PDF files.
Government-sponsored attackers embedded the spyware in bona fide programs by exploiting security vulnerabilities, creating the impression that recipients were installing legitimate software and coaxing them to provide the administrator-level permissions needed to activate the surveillance. Once installed, the spyware spread to additional files tied to web browsers, making the software difficult to remove and nearly always active.
Any activity on an infected computer can be monitored, and information from web searches, emails and Skype contact lists can be extracted. A remote operator can take screenshots and record audio and video from a connected webcam.
Based on information provided by WiFi networks, attackers can also track the physical location of the infected device. In the words of Bill Marak, a senior research fellow at Citizen Lab and author of the new report, “Once the government has that information, they can do things like hijacking your email account. So, they’ll sign into your email account and then use your account to target your friends and basically expand the number of targets they have”. Mr. Marak pointed out that apart from violating the human rights of the victims this is clearly cybercrime which the international community must reject.
