AP investigation finds Hacking Team tailor-made attackware for Ecuador’s spy agency

Aug. 7, 2015

By FRANK BAJAK and RAPHAEL SATTER

Associated Press

LIMA, Peru (AP) — Ecuadorean opposition activist Dr. Carlos Figueroa was being pursued by the state when his email and Facebook accounts were hacked. Several dozen of his colleagues have similarly had their digital lives violated. All blamed President Rafael Correa’s government, but no one had proof.

The Associated Press has found compelling evidence that Figueroa was indeed hacked by Ecuador’s domestic intelligence agency, with software tailor-made by an Italy-based company called Hacking Team that outfits governments with digital break-in tools.

That would tag Figueroa as the first publicly identified target from a catalog of more than 1 million company emails stolen by an unknown hacker and leaked online last month.

AP’s finding also casts doubt both on Hacking Team’s claims that its intrusion tools, which intercept phone calls, collect emails and record keystrokes, are for use against serious criminals, not dissidents, and on assertions by Ecuadorean officials that they do not spy on domestic opponents.

The purloined Hacking Team emails have thrown back the curtain on state-sponsored hacking across the world, drawing outrage in South Korea — where a spy caught up in the scandal killed himself — and Cyprus, whose intelligence chief resigned following the disclosures.

They were gathered and made easily searchable online by WikiLeaks, the secret-spilling website whose founder Julian Assange has been holed up in Ecuador’s London embassy since 2012.

MORE

South America hacker team targets dissidents, journalists







By FRANK BAJAK

LIMA, Peru (AP) — A shadowy cyber-espionage group that sent malware to the prosecutor whose mysterious death transfixed Argentina early this year has been hitting targets in left-leaning nations across South America, the Internet watchdog group Citizen Lab reported Wednesday.

The breadth and brazenness of the hackers’ activity bear the hallmarks of state sponsorship. So do its targets.

The group has been attacking opposition figures and independent journalists in Ecuador with spyware. It also ran dummy websites. The most elaborate, geared toward Venezuela, is a constantly updated news site featuring dubiously sourced “scoops” on purported corruption among the ruling socialists. In Ecuador, a similarly faux site seemed tailored to attract disgruntled police officers.

The researchers launched the three-month probe after determining that spyware found on the smartphone of Argentine prosecutor Alberto Nisman was written to send pilfered data to the same command-and-control structure as malware sent to targets infected in Ecuador. They said the hackers had a “keen and systematic interest in the political opposition and the independent press” in the three nations, all run by allied left-wing governments. That suggests it may have operated on behalf of one or more of those governments, the 60-page report said.

In September, the hackers threatened a Citizen Lab researcher as he poked around in a U.S.-based machine the group had infected.

“We’re going to analyze your brain with a bullet — and your family’s, too,” read a message that popped up on his computer screen. “You like playing the spy and going where you shouldn’t, well you should know that it has a cost — your life!”

That’s rare behavior among professional hackers, perhaps indicating little fear of criminal prosecution, said Morgan Marquis-Boire, one of the researchers.

In November, the group attempted to infect the computer of an Associated Press reporter, who was also investigating it, with a phishing attack aimed at stealing his Google password.

READ FULL STORY