Tag Archive for: Cybersecurity

Uganda, Ethiopia, Egypt… the hidden cost of internet blackouts

/0 Comments/in , , , /by

African Report | Communication technology is a double-edged sword. It can empower people to access and share information globally, or be used as an instrument of political and economic control. While hopes were raised by the Arab Spring a decade ago, the years since have seen multiple internet blackouts in many African countries.

In the past ten years, the practice of jamming cyber communication has become a new tool by certain nations and governments.

Perhaps the most famous example of all is Egypt during the Arab Spring in 2011. For five days, the Egyptian government shut down all internet communication, to disrupt the 2011 protests.

Eventually, this cost the Egyptian economy $90m, according to the Organisation for Economic Co-operation and Development (OECD). Had the blackout gone for a whole year, it would have put a dent in Egypt’s GDP of around 3-4%.

“Most of the blackouts were across the entire [country] so it affected every person, business, and organisation. They were not targeted on particular institutions but affected everyone in that place,” says Darrell M. West, the vice president and director of governance studies at the Brookings Institute.

Mohamed Basiouny, an owner of a cyber cafe confirms what West says, adding that the shutdown did trickle down to impact everyone: “Cyber cafes [were] playing a central role at the time so, it was not just kids fooling around on the internet. ” Like many others, Basiouny’s business relied on internet communications. “No internet, no money – it’s as simple as that,” he adds.

Ethiopia’s blackout history

In the same vein, the Ethiopian government cut off internet across most of the country after the fatal shooting of musician and activist Hachalu Hundessa.

The singer is affiliated with the Oromo movement that took down the previous prime minister.

The blackout took place on 30 June 2020 and went on for 23 straight days, interfering with Ethiopians’ rights to access information and muzzling any vestige of freedom of expression.

As for the country’s economy, NetBlocks estimated the losses to surpass Br3bn ($102m). Later in the year, the northern region of Tigray witnessed another blackout as Ethiopia’s prime minister and Nobel peace prize laureate Abiy Ahmed announced a “red line” had been crossed by the TPLF leadership.

The ensuing internet blockage curtailed media coverage of the Tigray region that saw thousands killed or displaced. Businesses largely reliant on internet connections and communication also suffered the financial consequences of being shutdown during the conflict.

“These shutdowns are not, and will never be, haphazard. They are well planned and specifically targeting the people in question. In this instance, it is the people of Tigray and their businesses,” says IT consultant and former employee at the Ethiopian Chamber of Commerce and Sectorial Associations (ECCSA), Samuel Maasho*.

According to Maasho, Abiy was intentionally targeting the region’s gold producer and a huge textile factory, both of which funnel funds to the Tigray People’s Liberation Front. “This alone can paralyse a whole country, let alone a region like Tigray,” he says.

New tactical response

The scale of such practices is a much bigger problem today than it was a few years ago says West. According to his research in 2016: “Many of the shutdowns are occurring on a nationwide level as opposed to what used to be in local communities. Shutdowns are being put in place to quell political protests, stop coverage of human rights abuses, and to limit some economic activities.”

Similarly, Ramy Raoof, a privacy and digital security researcher and tactical technologist at Amnesty International, sees internet shutdowns more as a tactical response, than a tool itself, to have instant control-impact.

“Internet shutdowns are by design unsustainable, technically speaking, and it’s meant as a temporary response with either gradual shutdown or gradual restoration. And even during blackouts the states sometimes only apply 80-90 % of shutdowns because they might want to keep national institutions online to avoid financial disasters,” he tells The Africa Report.

Alternatives for businesses?

Beyond building a reliable system based on offline practices or returning to old habits from phone calls to fax machines, one has to wonder, is there a more sustainable alternative?

“All the tips and approaches the activists would engage with, such as international sim cards, satellite phones and connections, are highly dependent on the context,” says Raoof. “The telecommunication infrastructure works differently [de]pending on the ownership. So infrastructure ownership determines how surveillance and controls take place. In many scenarios these tips are valid momentarily for a limited amount of time until those frequencies are also targeted/shutdown.” He points to the example of Egypt in 2011 when the internet crackdown targeted different parts of the communications infrastructure at different times.

“The whole point of internet shutdowns by governments is to keep individuals and organisations from communicating,” says West. He echos Raoof’s concerns, adding such alternative tools would need to be available to all, otherwise they would be futile.

One example to spark answers are how bigger companies can manage to avoid the worst of the crackdowns.

“We were never impacted,” says *Ahmed Bayoumi, operations manager at one of Egypt’s towering outsourcing call centres, in reference to the internet blackout in 2011. “The government cut off the internet for networks and domestic internet providers. But big corporations like ours that are based on leased lines or direct cables were not impacted,” recalls Byoumi.

Following from that experience, one of the projects he set up in 2015 involves using a microwave tower that is fed directly from the mother source. “This tower is linked to a Synchronous Transport Module 1 (STM1),” he explains. It allows companies to remain connected despite any government-imposed blockage, but it comes with a price tag. STM1 is a network transmission of around 155.5Mbit/s and costs about LE12m ($768,296).

For those companies that cannot afford such access, it’s a lose-lose situation: “It’s very costly for small enterprises. Imagine paying for a marketing campaign via Facebook. And suddenly the internet stops. You can’t possibly retrieve that money,” he adds.

In Ethiopia’s digital battle over the Tigray region, facts are casualties

/1 Comment/in , , , /by

The Washingtonpost | Alexi Drew and Claire Wilmot | Claims about disinformation may be undermining online activism.

Nearly three months have passed since the conflict between the Ethiopian government and the Tigray People’s Liberation Front (TPLF) began. Despite Prime Minister Abiy Ahmed’s assurance that the military operation ended in late November, the conflict in Tigray is far from over. U.N. officials this week cited reports that Ethiopian troops may not have the region under their command, and warned of grave food shortages, calling for the government to allow aid workers to enter the region.

On social media, pro- and anti-government groups continue to vie for control of the conflict narrative. Abiy released a statement on Feb. 2 encouraging Ethiopians to launch an offensive against the TPLF’s distortions and “lies” in the international arena. Our analysis of over 500,000 tweets related to Tigray helps explain the intensifying information conflict.

We collected and analyzed tweets between Nov. 4 and Jan. 20 to try to understand the kinds of information being circulated, and the effects of different messaging campaigns. We found that both sides are quick to accuse the other of spreading intentionally false information — though actual disinformation accounts for a surprisingly small proportion of tweets about the conflict.

Ethiopia’s conflict continues online

Knowing what’s really going on in Tigray’s conflict is difficult, given a communications blackout in much of the region. The government has also not allowed humanitarian access to areas that reportedly have experienced atrocities or are in urgent need of assistance. It is in this opaque information environment that people have taken to Twitter.

Pro-Tigray activism online

#StandWithTigray is a central source of activism for pro-Tigray campaigns. Its website shares instructions for using Twitter, along with pre-written content for followers to share. Their online presence can broadly be divided into three categories: “old” and “new” activist accounts; and accounts with opaque credentials.

“Old” activist accounts are largely based in Ethiopia, Europe and North America. Although their activism does not necessarily predate the conflict, their Twitter accounts often do. They demonstrate a high degree of digital literacy, posting lots of original content and engaging with other users.

“New” activist accounts were created throughout the conflict. We found over 3,000 such accounts between November and the end of January. These accounts demonstrate a low level of digital literacy, few followers and short-term engagement.

Accounts with opaque credentials claim expertise or positions aimed at boosting their credibility. They claim to be academics or aid workers but have little or no online presence beyond Twitter, making their credentials difficult to verify. These accounts may be problematic because they can obtain significant “reach” based on unsubstantiated claims.

Do these tweets contain disinformation and misinformation?

Our analysis showed that the majority of content produced by the #StandWithTigray campaign is digital activism, which seeks to raise international awareness about the conflict. The #StandwithTigray campaign is organized similarly to many other social justice campaigns on social media. Pre-written tweets build momentum around hashtags and connect to potential influencers like foreign officials, U.N. agencies or foreign ministries. This is a standard approach for activists, who usually don’t have the resources to employ the kinds of PR firms that many governments rely on to manage information (and disinformation) strategies.

It’s important to distinguish between disinformation, which is the intentional spread of false or misleading information, and misinformation, which is unintentional. When false claims could be read as intentional — like when TPLF leader Debretsion Gebremichael reported that Ethiopian forces had bombed the Tekeze dam — it’s often tough to verify information because of communications blackouts or limited physical access. Most who go on to spread that information have no means of verifying what they are sharing. Combating the spread of false information would require opening access to all areas of Tigray.

Pro-government information campaigns

The government has the advantage of being able to channel strategic messages through high-profile or official government accounts with very large followings. This means they are able to spread information widely without relying heavily on new accounts or copy-and-paste campaigns.

Pro-government online activism tends to be more responsive than proactive. The #UnityForEthiopia website, which appeared in response to #StandWithTigray, similarly includes instructions for creating Twitter accounts and has a repository of pre-written tweets. We found that new accounts created between November and January were responsible for 30 percent of all #UnityForEthiopia tweets during the two most active days of the campaign — Jan. 1 and Jan. 6.

A blurry information environment

By blocking communications and access to Tigray, the government helped create conditions where disinformation and misinformation can thrive. At the start of the military incursion into Tigray, pro-government accounts and government officials warned of a “Digital Woyane,” a TPLF-funded effort to undermine government actions in the region. In December, Ethiopia’s Information Network Security Agency claimed that the TPLF was producing over 20,000 tweets containing disinformation daily — a finding that is not supported by our data set. This narrative gained significant traction, with pro-government activists labeling almost all tweets about potential government wrongdoing as TPLF-funded disinformation.

The government’s State of Emergency Fact Check account, for example, responded to examples of misinformation spread by pro-Tigray accounts by issuing corrective statements, co-opting the work of independent fact-checkers. The government’s strategy seems to be to aimed at undermining the credibility of its critics, while sometimes combating pro-Tigray campaigns with their own campaigns.

What’s really happening in Tigray?

People come to digital activism with a wide range of interests and objectives — many want to raise awareness and advocate for solutions, while others may be trying to mislead or pursue political agendas. It’s clear that both sides in the Tigray conflict are using social media to sway global public opinion about the situation in the region, but very little independent information is emerging from Tigray at present. Currently, pro-Tigray campaigners have started spreading the hashtag #AllowAccessToTigray.

Our data so far does not support government claims that pro-Tigray Twitter campaigns are spreading significant amounts of disinformation, at least not on Twitter, the focus of our study. Pro-Tigray campaigns do produce higher volumes of tweets, which helps compete with the legitimacy and reach of government accounts. Government accounts, with their higher reach, can reframe tweets containing misinformation as intentional disinformation, undermining pro-Tigray campaigns.

Like everyone else, the government has the right to contest inaccurate claims, and may have reason to fear the spread of false information in this conflict. However, curtailing access to Tigray means that reliable evidence is scarce.

Increasingly troubling reports of humanitarian emergencies and international law violations are emerging from Tigray. As both sides seek to amplify their narratives, the importance of access and independent verification increases.

Dr. Alexi Drew is a research associate at the Policy Institute at Kings College London, an associate fellow at the Global Network on Extremism and Technology (GNET), and an executive manager at the European Cyber Conflict Research Initiative. Follow her on Twitter @CyberAlexi.

Claire Wilmot is a PhD candidate at the London School of Economics and a research officer at the UK Research and Innovation’s GCRF Gender, Justice and Security Hub. Follow her on Twitter @claireLwilmot.

Suspected Chinese hackers stole camera footage from African Union

/0 Comments/in , , /by

Source: Reuters | Raphael Satter

WASHINGTON (Reuters) – As diplomats gathered at the African Union’s headquarters earlier this year to prepare for its annual leaders’ summit, employees of the international organization made a disturbing discovery.

Someone was stealing footage from their own security cameras.

Acting on a tip from Japanese cyber researchers, the African Union’s (AU) technology staffers discovered that a group of suspected Chinese hackers had rigged a cluster of servers in the basement of an administrative annex to quietly siphon surveillance videos from across the AU’s sprawling campus in Addis Ababa, Ethiopia’s capital.

The security breach was carried out by a Chinese hacking group nicknamed “Bronze President,” according to a five-page internal memo reviewed by Reuters. It said the affected cameras covered “AU offices, parking areas, corridors, and meeting rooms.”

“We cannot estimate the quantity and value of the data which have been stolen,” the memo continued, adding that while AU technicians had managed to interrupt the flow of data, the hackers could easily regain the upper hand.

“We are still weak to prevent another attack,” the memo said.

The alert, drafted in late January and circulated to senior officials, provides a glimpse of how world powers are jockeying for influence and visibility at the continent’s paramount pan-African organization. Some American and European officials have voiced concern as Beijing has stepped in to meet the AU’s needs – part of an Africa-wide shift that has seen China become the continent’s top creditor. Chinese workers built the AU’s showpiece new conference center in 2012 and Chinese technicians still help maintain the organization’s digital infrastructure.

The Chinese mission to the AU said in an email that “the AU side has not mentioned being hacked on any occasion” and that Africa and China are “good friends, partners and brothers.”

“We never interfere in Africa’s internal affairs and wouldn’t do anything that harms the interests of the African side,” the email said.

Repeated messages sent to AU spokesperson Ebba Kalondo asking about the January breach were marked as “read” but went unanswered.

Longstanding doubts over Beijing’s role at the AU spilled into the open in 2018, when French newspaper Le Monde reported here that AU employees had found that the servers at the new conference center were sending copies of their contents to Shanghai every night and that the building itself had been honeycombed with listening devices.

Both the AU and the Chinese government vehemently denied the report at the time, but a former AU official told Reuters the article in Le Monde was accurate and had put officials there on high alert over cyberespionage.

The former official said the latest breach was discovered following a tip from Japan’s Computer Emergency Response Team (CERT), which in a Jan. 17 email alerted AU officials to unusual traffic between the international organization’s network and a domain associated with Bronze President.

Koichiro Komiyama, who directs the global coordination division of Japan’s CERT, confirmed to Reuters that he sent the warning after a fellow researcher discovered the malicious traffic while picking through the hacking group’s old infrastructure.

The AU memo said that, within days of Komiyama’s email, the AU’s information technology team had traced the suspicious traffic to a set of servers in the basement of the organization’s Building C – part of an older complex across the road from the new conference center.

The memo said the hackers were able to siphon off “a huge volume of traffic” from the servers by hiding it in the regular flow of data leaving the AU’s network during business hours, even pausing their data theft during lunch.

Secureworks, an arm of Dell Technologies Inc which has been tracking Bronze President since 2018, confirmed that the malicious domain identified by Japan’s CERT was linked to the hackers.

Secureworks researcher Mark Osborn said his company had seen strong evidence that Bronze President operated from China, adding that it had been detected in several espionage campaigns targeting China’s neighbors, including Mongolia and India.

Any official protest over the spying is unlikely, according to the former AU official. He said China plays a critical role in keeping the organization running, including during an incident in June when part of the AU’s network was knocked out by a power failure and Chinese technicians swiftly repaired the damage.

For that reason, the former official expects that the surveillance camera incident – like the listening devices reported in 2018 – would be swept under the rug.

“Attacking the Chinese, for us, it’s a very bad idea,” he said.

 

Reporting by Raphael Satter; editing by Jonathan Weber and Edward Tobin

China Has Been Spying on the African Union Headquarters

/0 Comments/in , , /by

Beijing has gone out of its way to gain information on African leaders in order to compel and coerce them into supporting China’s international goals.

Source: National Interest | Joshua Meservey

Last week, a report emerged that hackers, probably from China, had been filching security camera footage from inside the African Union headquarters building in Ethiopia. Several years ago, AU technicians discovered that the building’s Huawei-provided servers were daily exporting their data to Shanghai, and that the walls of the Chinese-built headquarters were peppered with listening devices.

It is a strange way for Beijing to treat a continent whose rulers have emerged as key backers of its international agenda. Yet the Chinese government’s spying, which almost certainly extends far beyond the African Union headquarters, may in fact be one of the reasons why African rulers are willing to defend Beijing’s increasingly indefensible actions.

Beijing’s opportunities for eavesdropping in Africa are vast. Chinese companies—many of which are state-owned, all of which are legally obliged to cooperate with the Chinese Communist Party on intelligence matters—have built at least 186 government buildings in Africa, including presidential residences, ministries of foreign affairs, and parliament buildings. Huawei has built more than 70 percent of the continent’s 4G networks and at least fourteen intra-governmental ICT networks, including a data center in Zambia that houses the entirety of the government’s records.

The report—now confirmed by two other media outlets—that broke the original story of the Chinese government’s AU spying demonstrates what Beijing can do with a structure one of its company builds. The AU’s compromised ICT system was also provided by Huawei, whose equipment is often swiss chees-ed with security vulnerabilities that make them easily exploitable. Given Huawei’s links to China’s Ministry of State Security, it beggars belief that Beijing lacks anything less than an excellent idea of how to access those backdoors.

Beijing has many reasons to take advantage of the spying opportunities its companies’ activities in Africa provides. It can eavesdrop on the sensitive conversations they have with their non-African counterparts, and the Chinese government might be able to gather useful economic information it can pass to its many companies operating on the continent.

Yet as the Chinese government becomes more aggressive internationally, it likely increasingly values the information it gathers in Africa for its use in maintaining and expanding African decisionmakers’ support for Beijing’s global agenda. African states are consistent apologists for the Chinese regime’s oppression of its ethnic and religious minorities, vote frequently with Beijing at the United Nations (often in opposition to the United States), and usually back Chinese candidates vying for leadership of important international agencies.

Recent bombshell revelations demonstrate Beijing’s commitment to influencing foreign leaders. A Chinese spy named Christine Fang spent years developing personal ties with local politicians primarily from California. Fang arranged donations for, and even managed to place at least one intern with, U.S. Rep. Eric Swalwell, who is now a current member of the sensitive House Intelligence Committee (Swalwell cut ties with Fang after receiving an FBI briefing about her spying).

In early December, Director of National Intelligence John Ratcliffe wrote of a Chinese influence campaign aimed at “several dozen“ Congressmen and Congressional aides. China, in fact, targets Congress six times more frequently than does Russia, according to Ratcliffe. Meanwhile, a branch of the Chinese Communist Party known as the International Department, which is responsible for cultivating sympathy for the CCP with foreign politicians, claims to have ties with over 600 political groups in more than 160 countries.

African leaders, of course, do not need to be persuaded to accommodate China on certain issues. Many of their countries face a massive infrastructure gap, and Beijing is often happy to open its wallet for infrastructure projects. Affordable Chinese products, especially tech such as smartphones, are popular on the continent as well.

Yet the Chinese government spends a lot of time and energy trying to influence African leaders to support Beijing’s agenda at a level beyond what simple concern for their countries’ national interests would prompt. These charm campaigns include everything from bribery to throwing up flashy infrastructure projects during election times to lavishing “no-strings-attached” aid on rulers to feed their patronage networks.

The information that Beijing appears to be hoovering up daily is of obvious use for those kinds of influence operations. It could offer insights into an official’s habits, personality, and proclivities that would help Beijing effectively cajole or coerce him or her. A key element of Christina Fang’s approach was to get as close as possible to her targets; electronic surveillance access to a target’s most sensitive haunts would offer the sort of extensive surveillance a human spy could only dream of.

China has built access to African leaders that will be impossible to roll back in the immediate term. Washington, however, can begin building a response that is as patient and far-seeing as China’s strategy has been. One element of that must be complicating what is currently Beijing’s almost unfettered surveillance access to Africa.

Joshua Meservey is a Senior Policy Analyst specializing in Africa and the Middle East at The Heritage Foundation.