On 10 July 2015, the National Intelligence Secretariat (Senain) warned the public through a statement that it “reserves the legal right to act in defense of national security and the Ecuadorian government’s prestige” in response to information regarding the alleged links of this State entity with Italian company Hacking Team, accused of selling cyber espionage software to the governments of several countries.
In the statement, which has already been removed from Senain’s portal, the entity denied any contractual relationship with the company Hacking Team and said that “it is completely false that any contract entered into by SENAIN has been used to attack digital media or other political objectives, as has been unscrupulously claimed. That said, the National Intelligence Secretariat reserves the legal right to act in defense of national security and the Ecuadorian government’s prestige”, reads the document.
Despite Senain’s denial, news portal LaRepública.ec published it has been the victim of attacks involving the installation of malicious software with the advice of Hacking Team, according to emails released by Wikileaks in recent days and after the company suffered, on 8 July, an intrusion through which its technology was stolen and thousands of its messages made public.
According to LaRepúlica.ec, on 20 November 2014 a person operating under the name elmarcopoloh using a Yahoo email address, requested technical support from Hacking Team to conduct two types of attacks on the news portal. “First they planned an attack that would use as a hook the news articled published on our site on 20 November 2014 under the title ‘Ecuador massive union protests against government labor reform’ to silently install malicious malware on the computers of people we have not been able to identify. Similar requests were made in those days against the newspapers El Universo and Hoy”, published the oulet.
The portal also stated that documentation found, dated 10 November 2014, revealed that the email account [email protected]ahoo.com was used by a person who calls himself Luis Solís, who says he works at the SIN and who also uses the email address [email protected], to request help from the Italian company to “carry out a zero-day attack, whose objective is to make use of the system’s vulnerability to execute malicious code without the user noticing and controlling in this way some device so that it may carry out a certain action in the future, which could include espionage or remote control of the equipment, among others”. In those documents, a Hacking Team collaborator confirmed that SIN and SENAIN are the same institution and that the use of the email domains sin.gob.ec and senain.gob.ec made no difference.
On another topic, the Digital Users organization informed through Twitter that since 11 July different people have reported that they have received emails from accounts infected with spyware. Fundamedios confirmed that since that date, some journalists, public figures and citizens have been victims of hacking and hacking attempts by software pirates through deceptive emails that refer the readers to files with java extensions or malicious links.
The latest of this kind to circulate have been emails on the subject of: “Correa’s Espionage”; “Those who are under surveillance by SENAIN” and “In the list of those under surveillance by Hacking Team”, which have been sent through well-known accounts, as is the case with journalist Jeanette Hinostroza. This email stated that the journalist was sharing a supposed analysis related to the Hacking Team scandal, or a supposed statement by journalists who reject espionage. All those emails have a Word or Java attachment that when downloaded, also download the malware that, in some cases is used to to send screenshots of what the user is doing or capture passwords, among other actions.
The Accessnow Organization, an expert on digital rights and computer security, confirmed to Fundamedios that this is a phishing message and recommended refraining from opening any files or attached links and reporting the message for identity theft, as well as notifying and alerting one’s contacts about these practices.
In February this year Fundamedios had already warned the public about these deceptive emails that attempt to take control of computers, or even worse, take over email accounts, data clouds and all the information stored there.