Ethiopia Deployed Israeli-Made Spyware Against Dissidents

网络安全宣传动画——个人信息安全保护
Source: Citizen Lab
Ethiopian dissidents living overseas were infected with spyware made by an Israeli defense company, Canadian researchers allege. Their findings again raise questions about whether surveillance tools should be supplied to governments with shaky human rights records.
See Also: Ransomware: The Look at Future Trends

Dissidents living in Australia, India, Japan, Norway, the United Kingdom, the United States and beyond received emails with links purported to be to videos or news content. But the links actually tried to deliver a spying program disguised as Adobe Systems software updates or PDF plugins, say the researchers at Citizen Lab, which is based at the Munk School of Global Affairs at the University of Toronto.
The targeted spying campaigns began in 2016, but so many operational security errors were made that Citizen Lab researchers were able to unravel them. And their findings have been seized on by privacy and human rights watchers.
“Ethiopia continues to be one of the sloppiest state actors in the nation-state spyware game and Israeli companies continue to be gleeful enablers,” says Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation, who was not involved in the research.
Ethiopia continues to be one of the sloppiest state actors in the nation-state spyware game and Israeli companies continue to be gleeful enablers.— Eva (@evacide) December 6, 2017
Due Diligence?
Citizen Lab has conducted several investigations over the past few years into commercial spying tools from surveillance software vendors such as Hacking Team, NSO Group and Gamma Group.
The software used in the Ethiopian surveillance campaign, however, was built by Cyberbit, a subsidiary of large Israeli defense contractor Elbit Systems. The surveillance software is called PC 360, but was formerly known as PC Surveillance System. Once it infects a system it can harvest VOIP calls, files, emails and log keystrokes on a computer, among other invasive functions.
PSS software control panel, as displayed in Cyberbit’s marketing materials.
社交工程诈骗是斗智斗勇的博弈,道高一尽,魔高一丈,要不断跟踪新的诈骗手法,不断加强对用户安全防范意识的教育才行。
Citizen Lab questioned whether Israeli authorities property scrutinized Cyberbit’s supply of the tool to Ethiopia, given the country’s history of using spyware against activists.
“The fact that a sale must have taken place in spite of this reality raises a number of concerns regarding Cyberbit’s due diligence practices and any assessment of human rights impact undertaken during the export licensing process,” the researchers write.
Cyberbit: We’re Just A Vendor
Citizen Lab notified Cyberbit of its findings last month in a letter. In response, the company did not confirm that the Ethiopian government was a client and also attempted to distance itself from the findings. Cyberbit says that it “is a vendor and it does not operate any of its products.”
Cyberbit’s letter in response, published by Citizen Lab, continues: “The activity of such law enforcement and intelligence agencies is a matter of national security in any country and as a foreign vendor Cyberbit is not exposed to their operational activity.”
Officials from Cyberbit and Elbit did not immediately respond to requests for comment from Information Security Media Group.
Ronald Deibert, director of Citizen Lab, writing in Wired, says that Israel does regulate the sale of commercial spyware but apparently not from a human rights perspective.
“Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation,” Deibert writes. “They can simply buy it off the shelf from a company like Cyberbit.”
Poor OpSec
Source: Citizen Lab
Poor operational security practices on the part of Ethiopia helped Citizen Lab’s investigation, researchers say. They found public log files for command-and-control servers that showed activity both by the controller of the spyware and victims. They monitored the log files for more than a year, which provided strong circumstantial evidence of activity linked to Cyberbit’s infrastructure.
Through those logs, the researchers identified other victims that helped build a fuller picture of how attacks were executed. Unlike other commercial spying suites, the attacks using PSS relied entirely on socially engineering victims by trying to trick them into clicking on links and installing bogus software updates.
Some attacks relied on spoofed domains that appeared at first glance to be associated with legitimate websites as well as Adobe Systems. One target, researchers say, was Jawar Mohammed, the executive director of U.S.-based Oromia Media Network, which covers Ethiopian issues. He received an email with a link to getadobeplayer[.]com, which offered a supposed Flash update. Unbeknownst to victims, however, this update was bundled with spyware.
Adobe Fights ‘Miscreants’
Citizen Lab wrote to Adobe on Dec. 1, alerting the company that its trademark was being abused as part of targeted spyware attacks. In response, Adobe thanked Citizen Lab, saying in part that “only through such partnerships can we hope to fight these miscreants.”
Adobe adds: “We have taken steps to swiftly address this issue, including but not limited to contacting Cyberbit and other relevant service providers and filing the appropriate dispute regarding the registration and use of domain name at issue.”
数据库注入攻击是让人头痛的事,目前尚无成熟的第三方技术来有效防范,重点在程序员的安全意识。

猜您喜欢

扬州举行软件和信息服务外包大会 探讨互联网产业发展
安全月员工安全意识教育宣传活动需要有新的故事
Cyber Security Law 网络安全法宣传视频系列001
章子怡一弯腰暴露好身材 开怀大笑无巨星包袱
COMMERCIALUAVS LAKEWOODLANDSSURGICAL
如何防范垃圾短信、骚扰电话、电话诈骗

6 Personality Profiles of White-Hat Hackers

6 Personality Profiles of White-Hat Hackers From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking – most just like the challenge. 1 of 7
客户担心快递实名制会导致隐私外泄,“实名制”寄快件需要寄件人出示身份证、登记个人信息,然后快递业务员将寄件人身份证号码和手机号录入电脑中一个公安部门安装的特殊软件。
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
Image Source: napocska, via Shutterstock
When the general public thinks of “hackers,” top-of-mind thoughts include cybercriminals breaking into large retail stores like Target or Home Depot or state-sponsored hackers from adversary nations such as China, Russia, Iran, and North Korea. The bug bounty movement has been working hard over the past several years to raise the profile and improve the perception of white-hat hackers. While white-hat hackers have been around for a couple of decades, new bug bounty companies such as Bugcrowd and Hacker One have legitimized the work of white-hat hackers. The US Department of Defense has even bought in during the past year by starting a bug bounty program of its own.
Already, Bugcrowd customers have paid out more than $10 million in bounties and Hacker One has topped $20 million.
“While someone living in New York or San Francisco would have to earn at least $100,000 to do bug hunting full-time, for people in places like the Philippines, something like $300 a month can be enough to survive on,” said Sam Houston, senior community manager at Bugcrowd. “The vast majority of Bugcrowd users are based in the United States and India, but more and more we are getting people from around the world from places like Egypt, Morocco and Turkey.”

According to a recent Bugcrowd report, Inside the Mind of a Hacker 2.0, the company lays out five profiles of white-hat hackers. The categories range from people who are attracted to hunting bug bounties to make the Internet safe to those who do hacking full-time as a vocation. Hacker One, which added a sixth trait, reports in The Hacker-Powered Security Report 2017 that the average bounty paid to hackers for finding a vulnerability reached $1,923 in 2017, up 15% from $1,631 in 2015.
Based on interviews with Bugcrowd’s Houston and Michiel Prins, co-founder of Hacker One, we developed a list of six traits of hackers that we think our readers will find familiar. 
网络银行盗窃软件日益复杂,新代码或导致账户失窃金额大幅增加,并促使银行和犯罪集团之间多年来的“军备竞赛”升级。东欧黑客集团发明的这种攻击工具将带来银行盗窃的新时代。

猜您喜欢

能源局:2017年3月12398能源监管热线投诉举报处理情况通报
信息安全第一课——丢弃毁坏的U盘
网络安全法普法宣传 004《网络安全法》的突出亮点
互联网大佬的雷人装扮,最后一张颠覆三观
DEVRYJOAOPESSOA FILTHYCUTEONLINE
安全沟通门户建设