🍎 🍕 Less apples, more pizza 🤔 Have you seen Buffett’s portfolio recently?Explore for Free

Uzbek spies attacked dissidents with off-the-shelf hacking tools

Published 10/03/2019, 06:24 AM
Updated 10/03/2019, 06:26 AM
Uzbek spies attacked dissidents with off-the-shelf hacking tools

By Jack Stubbs and Christopher Bing

LONDON/WASHINGTON (Reuters) - Uzbek intelligence officers have used commercially-available computer spying tools to launch a series of cyber attacks against activists and dissidents, researchers at Moscow-based cybersecurity firm Kaspersky said on Thursday.

The findings show how governments around the world are able to buy sophisticated hacking tools and expertise from outside vendors to spy on activists, journalists and political rivals.

Kaspersky researcher Brian Bartholomew named Unit 02616 of Uzbekistan's National Security Service as the team behind the attacks. The service, also sometimes referred to by acronyms in Russian or Uzbek, changed its name to State Security Service last year but is still often referred to abroad as NSS.

According to two people with knowledge of the attacks, the targets of the NSS have included regional news outlets Fergana News, Eltuz, Centre1 and the Palestine Chronicle, all of which report on the Uzbek government. The publishers did not immediately respond to requests for comment.

Bartholomew, speaking at the Virus Bulletin cybersecurity conference in London, said he was able to attribute the activity directly because of mistakes the hackers made covering their tracks online. In some cases they tested their attacks on computers running Kaspersky's antivirus software.

In one case, Kaspersky traced a cyber attack it was investigating to a domain listed in a public registry as belonging to a man named O.T. Khodzhakbarov. He had listed his organization in the directory as "Military Unit 02616".

Publicly-available Uzbek business records show Military Unit 02616 is a state-owned entity. A person called Omonillakhon Tulkunovich Khodzhakbarov is named as an NSS officer in an Uzbek presidential degree awarding him a military honor in 2005.

The NSS did not respond to questions submitted via the Uzbek Foreign Ministry and Uzbek embassy in London. Reuters was unable to reach Khodzhakbarov for comment and the Uzbek presidential administration did not respond to questions about his role at the NSS or the award he received.

Kaspersky said it had detected Unit 02616 carrying out attacks using software from German firm FinFisher. FinFisher did not respond to repeated requests for comment.

Emails from an Italian spyware vendor, Hacking Team, posted on Wikileaks in 2015, showed that the NSS was a customer. After a merger this year, the company is now part of Swiss-Italian cyber intelligence firm Memento Labs, whose head, Paolo Lezzi, said the Uzbek government was not currently a customer and he had no knowledge of Hacking Team's former operations.

HOMEGROWN HACKING

Uzbekistan, a former Soviet republic of 32 million people in Central Asia, has made efforts to improve its human rights record following the death of President Islam Karimov, who ruled the country from 1989 until he died in 2016.

But the government is still regularly criticized by human rights groups over its actions against dissidents, including reports of torture and widespread surveillance of journalists and other activists.

Claudio Guarnieri, head of Amnesty International's Security Lab project, said Uzbek authorities were known to target "people who are outspoken and critical about the conduct of the government" with cyber attacks in an effort to discredit them with compromising material.

Kaspersky's Bartholomew declined to identify any specific targets of the NSS hacking but said the unit was attacking "human rights activists, journalists and other dissidents. We didn't see much outside the country, it was internally focused."

As well as purchasing off-the-shelf hacking tools, Unit 02616 began developing its own framework called "Sharpa" in October 2018 to hack computers and mobile phones, Bartholomew said. It is not clear whether the system has yet been used in any attacks.

Bill Marczak, a senior research fellow at Canada's Citizen Lab research group, said it was common practice for customers of commercial spyware vendors to invest in efforts to develop their own in-house tools.

"Uzbekistan's NSS has been on our radar for some time as an organization that's been interested in acquiring offensive hacking tools," he said.

Countries like this want to "advance their hacking capabilities quickly so they turn to outside vendors," he added. "But the goal is always to eventually become more independent."

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.