This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia that may have been used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam.
Posts tagged “Ethiopia”
Ethiopia remains a dangerous country in which to express dissent online. The recent conviction of a number of bloggers and journalists, combined with the country’s history of filtering critical political content online, demonstrates the restrictive nature of the country’s information environment. This blog post describes recent developments in the country and reports on the results of ONI testing conducted in September 2012.
This report, written and coordinated by Citizen Lab Technical Advisor Morgan Marquis-Boire, analyzes several samples we believe to be mobile variants of the FinFisher Spy Kit targeting iPhone, Android, Blackberry, Windows Mobile and Symbian platforms. It is a follow-on to a previous research brief, From Bahrain with Love: FinFisher's Spy Kit Exposed?, that analyzed several pieces of malware targeting Bahraini dissidents.
“An unknown group has cut off the fiber optics Internet lines that connect the Addis Ababa regime with the military and its spy agencies in eastern Ethiopia up to Jijiga.
There are very few government agents supervised Internet Cafe services in Ethiopia. The Internet Cafes rent a very poor connection lines like EVDO 3G (mobile broadband), but the military, the regime’s spy agencies and businesses that are affiliated with the ruling elites enjoy fiber optics based broadband.”
For full original article, see here
“For the past decade, those who used the Internet to report the news might have assumed that the technological edge was in their favor. But online journalists now face more than just the standard risks to those working in dangerous conditions. They find themselves victims of new attacks unique to the new medium.
Ronald Deibert and Nart Villeneuve of the University of Toronto’s Citizen Lab, in partnership with computer security consultants at the SecDev Group, have conducted some of the most detailed postmortems of online attacks on the press, including the malware sent to Chinese foreign correspondents, and a forthcoming examination of Burma’s DDOS incidents. Their academic work firmly states that they cannot connect such events directly to the Chinese or Burmese states. Deibert says the evidence they have collected does show, however, that both attacks utilized techniques and strategies common to petty cyber-criminals, including individual “hackers” who work simply for the thrill of bringing down a highly visible, but vulnerable target.”