Turkey in news for using Hacking Team for its cyber espionage campaign EGoManiac
Last five years have proved that Turkey is becoming a major cyber power in Middle East. After being in news for helping Qatar in reversing the infamous QNA hack now it is again gaining limelight again. Recently, SentinelLABS released a research report about a Turkish threat actor EGoManiac, which was operated between 2010 and 2016 and campaign run by Turkish TV journalists at OdaTV for spying Turkish police.
In a detailed research report, Juan Andres Guerrero-Saade, the principal threat researcher at SentinelLABS, and Igor Tsemakhovich said the campaign was known as Octopus Brain and the research showed that it was connected to a toolkit called Rad which had been built in 2010 and used until 2015.
The researchers said there were hardcoded email addresses in some Rad samples to which data from victims’ machines was sent; one address had been mentioned in connection with a case against members of the Turkish National Police and executives of a company known as Datalink Analiz.
On Feb 11, the Turkish National Police (TNP) raided OdaTV’s Istanbul office and the homes of investigative journalist Baris Pehlivan and colleagues and arrested him and six others, based on incriminating documents found on Pehlivan’s work and personal computers.
Documents which were found on their computers were belonged to Ergenekon, an opposition group accused of being a terrorist organization and plotting to overthrow the government. The journalists claimed that the documents were fake and that they had been planted in their computers via e-mail or physical access to their computers by entities that wanted to frame them.
Cyber company researchers re-examined the digital evidence and came across the conclusion that cyber attack tools that were used against the journalist was supplied by the famous Italian spyware manufacturer Hacking Team, which has been accused of selling spyware to governments of Qatar, UAE, Saudi Arabia, Oman, Bahrain for the purpose of espionage against opposition figures.
They had tracked the affairs of Datalink Analiz and this led to suspicion that EGoManiac used Remote Control System (RCS), software from the Italian infosec firm Hacking Team, for hacking purposes even in 2011. Hacking Team receives payment from a company registered in Istanbul: ‘Datalink Analiz LTD’.
Hacking Team spyware was used by UAE in 2012 against its human right activist Ahmed Mansoor. Invoices from 2015 show that the UAE paid the Hacking Team alone more than $634,500 to use the spyware on 1,100 targets.
An officer from the Qatari State Security Bureau was periodically in contact with Hacking team to request training on hacking, and the Qatari state was charged a total of €1,945,140 for 890 targets
Toronto-based research group Citizen Lab have identified a malicious spyware in the Qatif Today (al-Qatif al-Youm) Android app. Saudi Arabia successfully deployed Hacking Team tools in this app. Qatif has been the site of ongoing protests, especially since Saudi Arabia’s intervention in Bahrain in March 2011.
In August 2014 found Bahrain to be using the UK FinFisher spy software (also known as FinSpy) to hack on human rights lawyers, politicians and even members of a government commission investigating human rights abuses.
Turkey emerged as a key player in cyber warfare domain by providing cyber assistance to Qatar. Turkey detains five suspects that are involved in hacking of Qatar News Agency (QNA). There were many bilateral agreements signed between them based on enhancing Qatar cyber capabilities to sustain its developmental position in the region as well. Turkey has proved a very good option for Qatar to boost its cyber capability in order to defend itself in the region.
Turkey wants to strong its foothold in cyber warfare capabilities in the Arab region and makes itself a super power nation in this domain like Israel and Iran.
