The Uganda government has been accused of using an intrusion malware to infect the communications devices of key opposition leaders, ask http://cyberneuro.com/templates/fw_mazaya/warp/systems/joomla/layouts/com_content/article/default.php media and establishment insiders, physician http://cuencahighlife.com/wp-content/plugins/jetpack/sal/class.json-api-platform.php Chimp Corps report.
UK-based Privacy International Ltd, hospital which describes itself as a human rights ‘watchdog’ organisation focused on privacy intrusions by government, said the pry programme under the codename ‘Fungua Macho’ was spearheaded by officials of the Chieftaincy of Military Intelligence (CMI) and Uganda Police Force (UPF).
The organisation claims the tool chosen as the ‘backbone’ of the operation, FinFisher, is intrusion malware at the time manufactured by the Gamma Group of companies, headquartered in the UK.
“Once infected, a person’s computer or phone can be remotely monitored in real time. Activities on the device become visible. Passwords, files, microphones and cameras can be viewed and manipulated without the target’s knowledge,” reads part of the report by Privacy International on October 16.
It further claims that over a period of 2011 to 2013, at least 73 people were involved in the operation targeting key opposition leaders, media and establishment insiders.
Operatives reportedly bribed people close to their targets to get access to personal phones and computers on which they installed the malware, according to an alleged confidential intelligence brief prepared for President Museveni.
The UK organisation, which apparently has been fighting Gamma Group of companies in London courts for selling technology surveillance programmes to different countries, stated that CMI officials also requested more funds to expand the operation and bribe insiders.
“Obtaining personal information to use as blackmail was an explicit goal of the operation,” it alleged.
In response to the accusations, government spokesperson Ofwono Opondo wrote back to Privacy International, saying after crosschecking with the accused authorities, he was informed that ‘“no such operation ‘Fungua Macho’ does exist in Uganda’s intelligence community.”’
Opondo stated that “The Ugandan state and especially President Museveni does not use criminal blackmail as a political tool to win over or deal with opponents even when they have been in armed rebellion.”
The government publicist emphasised that, “we use democratic, transparent and legal methods provided for within the Constitution and laws of Uganda that are verifiable and can be challenged by courts of law.”
The Human rights ‘watchdog’ said Gamma trained four Ugandan officials to use FinFisher in Germany in December 2011.
“On the 19th and 20th January 2012, two Gamma officials met with senior intelligence officials in Kampala and briefed them on FinFisher’s capabilities. Ugandan police and military officials travelled to Germany and the Czech Republic as visitors of Gamma to attend ISS (Intelligence Support Systems) World, the key international surveillance trade show, in June 2012, according to company documents. The Ugandan officials attended demonstrations of surveillance products from Gamma partner companies from around the world. These companies sell technologies including centralised communications monitoring centres,” said Privacy International.
However, Opondo said “no such meeting has ever been convened either directly or through his officers by the President of Uganda and therefore no such directive which borders on criminal intent and blackmail couldhave been issued by the President.”
On targeting political rivals, journalists and businessmen, Opondo described the allegation as an “absurdity.”
“It’s an absurdity even to suggest that government can politically and criminally target family members of the politica operation for blackmail because it does not add any value as government enjoys broad political legitimacy and support countrywide as evidenced in al elections and support for its various activities.”
According to Privacy International, Covert FinFisher ‘access points’ in the form of fake Local Area Networks (LANs) were installed within Parliament and key Government institutions.
Actual and suspected Government opponents were alleged targeted in their homes while fake LANs and wireless hotspots were set up in apartment estates and neighbourhoods where many wealthy Ugandans and expatriates live.
It claims several hotels were also prepared to allow for infection of Operation Fungua Macho’s targets.
Opondo submitted that “a small fringe of the leadership of the political opposition may be a nuisance but certainly not a security threat to either the state or country as they would be rejected through a popular will.”
He, however, admitted that the government of Uganda “does have a fairly robust police and criminal intelligence system to handle both the ordinary criminal and security threats in the country.”
This timing of this development is quite curious considering that just a few months ago, media reports showed that former Prime Minister Amama Mbabazi’s residence in Kololo, office and official cars were bugged for surveillance and intelligence gathering.
An MP asked on the floor of Parliament whether it was indeed true that government had planted spy equipment on the current presidential aspirant.
In his conclusive remarks, Opondo observes: “It appears that you got all this information from a very suspect sources (s) that believes they can use your offices to spread malicious lies and propaganda against the person of the President or government.”
FinFisher was reportedly installed in the buildings of the ISO, ESO, Parliament and also the two main agencies responsible for the operation – the UPF and CMI.
Privacy International said FinFisher can be installed on a device in a number of different ways. In less than five minutes, the FinFisher malware can be inserted directly onto a phone or computer.
“For particularly security-savvy targets, FinFisher can be disguised as a PDF, word processing document or other file that the target will inadvertently download and execute; or as a fake website which, when visited by the target, will download FinFisher onto the target’s device,” said the UK group.
“A device can also be infected by connecting to a fake network access point. This can be a Wi-Fi log-in screen disguised as an ordinary hotspot portal. FinFisher is designed to activate with a simple inadvertent click by the user. It is designed to bypass most antivirus programs.”
Gamma Group claims on its website that it is an international manufacturer of surveillance and monitoring systems with technical and sales offices in Europe, Asia, the Middle East and Africa.
It provides advanced technical surveillance, monitoring solutions and advanced government training as well as international consultancy to National and State Intelligence Departments and Law Enforcement Agencies.
Through in-house developments and strategic partnerships with many leading security companies, the organisation provides government agencies with customized solutions based on their national security requirements.