When Governments Hack Opponents: A Look at Actors and Technology
Title | When Governments Hack Opponents: A Look at Actors and Technology |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Marczak, B., Scott-Railton J., Marquis-Boire M., & Paxson V. |
Other Numbers | 3690 |
Abstract | Repressive nation-states have long monitored telecommunications to keep tabs on political dissent. The Internet and onlinesocial networks, however, pose novel technical challenges tothis practice, even as they open up new domains for surveillance. We analyze an extensive collection of suspicious filesand links targeting activists, opposition members, and non-governmental organizations in the Middle East over the pastseveral years. We find that these artifacts reflect efforts to attack targets devices for the purposes of eavesdropping, stealinginformation, and/or unmasking anonymous users. We describeattack campaigns we have observed in Bahrain, Syria, and theUnited Arab Emirates, investigating attackers, tools, and techniques. In addition to off-the-shelf remote access trojans andthe use of third-party IP-tracking services, we identify commercial spyware marketed exclusively to governments, includingGammas FinSpy and Hacking Teams Remote Control System (RCS). We describe their use in Bahrain and the UAE, andmap out the potential broader scope of this activity by conducting global scans of the corresponding command-and-control(C&C) servers. Finally, we frame the real-world consequencesof these campaigns via strong circumstantial evidence linkinghacking to arrests, interrogations, and imprisonment. |
Acknowledgment | This work was partially supported by funding provided to ICSI through National Science Foundation grants CNS : 1223717 (Censorship Counterstrike via Measurement, Filtering, Evasion, and Protocol Enhancement) and CNS : 1237265 (``Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives"). Additional funding was provided through a Citizen Lab Fellowship. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation or the Citizen Lab. |
URL | http://www.icir.org/vern/papers/govhack.usesec14.pdf |
Bibliographic Notes | Proceedings of the 23rd USENIX Security Symposium, San Diego, California |
Abbreviated Authors | W. R. Marczak, J. Scott-Railton, M. Marquis-Boire, and V. Paxson |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Article in conference proceedings |