At Defcon, researchers from the Electronic Frontier Foundation, First Look Media and Amnesty International, revealed their findings on a major phishing attack through which the government of Kazakhstan was able to hack opposition journalists and arrange for an opposition politician's extradition from exile in Italy to Kazakhstan.
Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, had exposed programs of kidnapping and other human rights abuses by the Kazakh government. After their newspaper was shut down by the state, they, and their allies, as well as opposition politicians, received targeted phishing emails that covertly seized control of their computers, installing keyloggers, webcam hijacking tools, and more.
The phishing attacks are suspected as the source of information about the whereabouts of opposition politician Mukhtar Ablyazov and his wife and young child, who had gone into exile in Italy; they were subsequently extradited to Kazakhstan, despite having valid EU residency papers.
The paper fingers the Indian company Appin as the arms-dealer behind the attack, based on its similarity to other Appin-linked attacks against a Norwegian telecom company, Punjabi separatists, and others.
EFF defended Respublika in a US lawsuit that sought to censor the newspaper and force it to reveal its confidential sources.
"The use of malware to spy on and intimidate dissidents beyond their borders is an increasingly common tactic employed by oppressive governments," said Eva Galperin, Global Policy Analyst at EFF and one of the report's authors. "As we have seen in places like Syria and Vietnam, journalists and political opposition leaders are being attacked in both the physical and digital worlds. Regimes are turning to covertly installed malware to track, harass, and silence those who seek to expose corruption and inform the public about human rights abuses—especially targets that have moved beyond the regime's sphere of control. Based on available evidence, we believe this campaign is likely to have been carried out on behalf of the government of Kazakhstan."
EFF researchers, along with technologists at First Look Media and Amnesty International, examined data about suspected espionage groups and found overlaps between Operation Manul and Appin Security Group, an Indian company that has been linked with several other attack campaigns.
I Got a Letter From the
Government the Other Day…
Unveiling a Campaign of Intimidation, Kidnapping, and
Malware in Kazakhstan [Eva Galperin, EFF; Cooper Quintin, EFF; Morgan Marquis-Boire, First Look Media; and Claudio Guarnieri, Amnesty International]