How Government-Grade Spy Tech Used A Fake Scandal To Dupe Journalists

The Citizen's Guide to the Future
Aug. 20 2012 9:00 AM

How Government-Grade Spy Tech Used A Fake Scandal To Dupe Journalists

149095066
Pro-democracy demonstrators in Morocco

Photo by FADEL SENNA/AFP/GettyImages

An email claiming to reveal a political scandal will grab the attention of almost any journalist. But what if the email was just a ruse to make you download government-grade spyware designed to take total control of your computer? It could happen—as a team of award-winning Moroccan reporters recently found out.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

Mamfakinch.com is a citizen media project that grew out of the Arab Spring in early 2011. The popular website is critical of Morocco’s frequently draconian government, and last month won an award from Google and the website Global Voices for its efforts “to defend and promote freedom of speech rights on the internet.” Eleven days after that recognition, however, Mamfakinch’s journalists received an email that was not exactly designed to congratulate them for their work.

Advertisement

The email, sent via the contact form on Mamfakinch.com, was titled “Dénonciation” (denunciation). It contained a link to what appeared to be a Microsoft Word document labeled “scandale (2).doc” alongside a single line of text in French, which translates as: “Please do not mention my name or anything else, I don't want any problems.” Some members of the website’s team, presumably thinking they’d just been sent a major scoop, tried to open the file. After they did so, however, they suspected their computers had become infected with something nasty. Mamfakinch co-founder Hisham Almiraat told me that they had to take “drastic measures” to clean their computers, before they passed on the file to security experts to analyze.

What the experts believe they found was, they said, “very advanced”—something out of the ordinary. The scandale (2).doc file was a fake, disguising a separate, hidden file that was designed to download a Trojan that could secretly take screenshots, intercept e-mail, record Skype chats, and covertly capture data using a computer’s microphone and webcam, all while bypassing virus detection. Christened a variety of names by researchers, like “Crisis,” and “Morcut,” the spy tool would first detect which operating system the targeted computer was running, before attempting to infect it with either a Mac or Windows version.

Once installed, the Trojan tried to connect to an IP address that was traced to a U.S. hosting company, Linode, which provides “virtual private servers” that host files but help mask their origin. Linode says using its servers for such purposes violate its terms of service, and confirmed the IP address in question was no longer active. The use of Linode was a clear attempt to make the Trojan hard to track, according to Lysa Myers, a malware researcher who analyzed it.

But there were a couple of clues. The Trojan’s code repeatedly referenced the acronym “RCS” alongside occasional mentions of the Italian name “Guido.” This pointed straight to an Italian company called Hacking Team, one of the leading providers of spyware-style tools to governments and law enforcement agencies worldwide.

Hacking Team’s flagship product is called “Remote Control Systems,” a Trojan it describes as “eavesdropping software which hides itself inside the target devices.” RCS can spy on Skype chats, log keystrokes, take webcam snapshots—identical to the Trojan used to target the Moroccans. It can also be tailored to infect a computer via “opening a document file,” according to marketing materials, and “can monitor from a few and up to hundreds of thousands of targets.”

Hacking Team did not respond to repeated requests by phone and email for comment. Notably, however, during an interview last October the company’s co-founder David Vincenzetti told me that RCS had since 2004 been sold “to approximately 50 clients in 30 countries on all five continents.” (Most people today consider there to be seven continents—Africa, Antarctica, Asia, Australia/Oceania, Europe, North America, and South America—but in parts of Europe it used to be taught that there were only five: Africa, America, Asia, Australia, and Europe.) So while it’s not possible to say for sure whether Moroccan authorities are using RCS, it’s certainly being deployed by countries in that region of the world, by Vincenzetti’s own admission.

The Moroccan case is not isolated, and it’s likely we’ll hear more about such attacks in the future. Last month, as I reported for Future Tense, a number of Bahraini activists were targeted with a Trojan tool purportedly designed by a British spy tech company, Gamma Group, which is one of Hacking Team’s main competitors. Human rights organizations have been concerned for some time about Western companies selling high-tech surveillance equipment to countries in which it may be abused. Ever mounting evidence of the equipment being used to target pro-democracy activists and journalists could have repercussions for the companies involved and is likely to strengthen the case for stricter export controls.

Thanks to Jean-Marc Manach for help with the French translation.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Medical Examiner

The Most Terrifying Thing About Ebola 

The disease threatens humanity by preying on humanity.

I Bought the Huge iPhone. I’m Already Thinking of Returning It.

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Students Aren’t Going to College Football Games as Much Anymore

And schools are getting worried.

Two Damn Good, Very Different Movies About Soldiers Returning From War

The XX Factor

Lifetime Didn’t Think the Steubenville Rape Case Was Dramatic Enough

So they added a little self-immolation.

Politics

Blacks Don’t Have a Corporal Punishment Problem

Americans do. But when blacks exhibit the same behaviors as others, it becomes part of a greater black pathology. 

Why a Sketch of Chelsea Manning Is Stirring Up Controversy

How Worried Should Poland, the Baltic States, and Georgia Be About a Russian Invasion?

Trending News Channel
Sept. 19 2014 1:11 PM Watch Flashes of Lightning Created in a Lab  
  News & Politics
Weigel
Sept. 20 2014 11:13 AM -30-
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Slate Picks
Sept. 19 2014 12:00 PM What Happened at Slate This Week? The Slatest editor tells us to read well-informed skepticism, media criticism, and more.
  Arts
Brow Beat
Sept. 20 2014 3:21 PM “The More You Know (About Black People)” Uses Very Funny PSAs to Condemn Black Stereotypes
  Technology
Future Tense
Sept. 19 2014 6:31 PM The One Big Problem With the Enormous New iPhone
  Health & Science
Bad Astronomy
Sept. 21 2014 8:00 AM An Astronaut’s Guided Video Tour of Earth
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.