CyberWarfare, Uncategorized

Cyber Warfare tools in the hands of Biya, activists, journalists targeted?

This is a developing story which we will update if new information becomes available

Unconfirmed reports tell us that the Cameroon regime led by President Paul Biya is using Cyber security tools like FinFisher’s FinSpy to target civilians who are having a critical position against the Francophone regime and / or support the secession of the Anglophone provinces.

As much as there is no proof yet to such allegations, it is publicly known neighbouring countries Gabon and Nigeria did in the past acquire such tools and currently have them available. [1].There is no technical reason as to why Gabon for instance could not share the toolkit with its neighbouring country

FF
Citizen Lab in 2015 did an extensive search on servers where FinFisher could be linked to, and came back with these verified results.

The functionality of the FinSpy suite includes the collection of address book information, calendar and phone call records; collection of files, screen captures, and photos, monitoring geolocation, surreptitious eavesdropping through enabling the victim’s microphone or placing hidden calls; as well as collecting communications and media, files from messenger apps like Line, WhatsApp, Viber, Telegram, Skype, Facebook, Messenger, Kakao, and WeChat[2]

Gamma International / Lench IT, the company behind FinFisher says in a product brochure on FinSpy, published in 2014 the following: [3]

FinSpy has been proven successful in operations around the world since many years and valuable intelligence has been acquired about Target Individuals and Organizations.
When FinSpy is installed on a computer system or mobile phone it can beremotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the Target System is based.

Usage Example 1: Intelligence Agency

FinSpy was installed on several computer systems inside Internet Café’s in critical areas in order to monitor them for suspicious activity, especially Skype communication to foreign individuals. Using the Webcam, pictures of the Targets were done while they were using the system.

Usage Example 2: Organized Crime

FinSpy was covertly deployed on the mobile phones of several members of an Organized Crime Group. Using the GPS trackingdata and silent calls, essential information could be gathered from every meeting that was done by this group.
As many of us could argue such tools can be useful in the hands of legitimate and democratic governments to assure the safety of their citizens and protect them against organised crime or terrorism, this argument becomes harder to defend if these tools enter the hands of dictators who most surely will primarily use them against political opponents without any democratic or legal oversight.
Even more worryingly is a statement in this same brochure claiming that as of 2014, a new feature is capable of stealing the private PGP key of breached individuals rendering anonymous communication of activists and Journalists impossible.
Of course this would greatly play in the cards of the users of such spyware because international media depend on reliable sources on the ground for their reporting.
With respect to this, an apparent statement from Peter Essoka on July 12th, who is in charge of Camerouns Conseil National de la Communication (CNC) the overseeing body of all media outlets and Journalists active in Cameroon, according to certain news sites, being cited as stating:
Screen Shot 2018-07-19 at 12.17.31
This is a rather open threat to Journalists reporting on atrocities committed by the military of Cameroon.
Another toolset made available to customers is FinSpy Mobile, with interesting features as well according to their brochure:
FinSpy Mobile has been giving successful results to Government Agencies who gather information remotely from Target Mobile Phones.
When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located.

Usage Example 1: Intelligence Agency

FinSpy Mobile was deployed on BlackBerry mobile phones of several Targets to monitor all communications, including SMS/MMS, Email and BlackBerry Messenger.

Usage Example 2: Organized Crime

FinSpy Mobile was covertly deployed on the mobile phones of several members of an Organized Crime Group(OCG). Using the GPS tracking data and silent calls, essential information could be gathered from every meeting that was heldby this group.
With such a toolset, which we know is available to two neighbouring countries namely Gabon and Nigeria, it would be very easy for any individual of an oppressive regime to target any (suspected) opposition member or, in case of unregistered SIM, simply knowing the (rough) location of a person or group of persons. This could explain the setting ablaze of houses and areas as recently seen.

Another pointer towards the Cameroon government at least being very aware of the possibilities of tracking user behaviour is the fact that they are already  since at least 2013 in possession of BlueCoat devices on their public network, as discovered byCitizenLab[4]

While these BlueCoat appliances themselves are designed to do Deep Packet Inspection if traffic over the net, to quickly see who is using which application and mainly used to enforce company policy rules on web-access, the use by oppressive governments to cut certain areas off Internet and check who uses which application for what without democratic oversight is a different issue.
It would be a very positive move if the international community would put pressure on Gamma International / Lench IT to stop providing these tools and / or support to dubious regimes which could use it to oppress its own people.

[1] https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/

[2] https://www.accessnow.org/cms/assets/uploads/2018/05/FinFisher-changes-tactics-to-hook-critics-AN.pdf

[3]https://wikileaks.org/spyfiles4/database.html#product_1[3]https://wikileaks.org/spyfiles4/database.html#product_1

[4]https://citizenlab.ca/storage/bluecoat/CitLab-PlanetBlueCoatRedux-FINAL.pdf