TechWeek - 30 July 2013
Politically speaking, little has changed in Bahrain, especially when compared to its Middle Eastern neighbours where the Arab Spring brought governments to their knees. Whilst opponents of the Bahrain regime are still very much active, their efforts have brought limited disruption to the rule of the al-Khalifa family.
But for activists in the country, certain things have changed in the last year. For one, they are now being targeted by cruder, but possibly more effective attacks over the Internet. Having been hit by plenty of malware in the past, many are now being targeted by IP trackers, says Bill Marczak, a security expert doing research for Bahrain Watch and Citizen Lab whilst working on his PhD studies at UC Berkeley.
He is currently working on an investigation into IP tracking, and a full report will be delivered later this year. According to Marczak, sites like IPlogger.org are being used, letting the attacker add IP tracking capability to a link. When that seemingly legitimate URL is clicked by the target, their IP address is sent to whoever created that link. Meanwhile, the victim has no idea what has just happened.
It appears the attackers are masquerading as contacts of Bahraini activists, sending them links to get hold of their IP address, Marczak claimed. He has heard that government officials then visit the relevant ISP, hand over the address and the time of the click, and demand the identity of the IP owner.
Twitter the tool to target activists
Twitter is proving a useful attack platform for a number of reasons. First, it’s easy to create a fake account and send links to people. Second, as has been highlighted by recent events, account hijacking is not too tricky to carry out. Third, it’s easy to impersonate people on Twitter.
One handy quirk for those looking to play copycat is that Twitter’s lower case L’s and capital I’s are rendered exactly the same. So to pretend to be anyone with either of those characters is simple and effective. “We have seen cases where accounts look almost exactly like the legitimate people,” Marczak claims.
Sometimes, the accounts of arrested Bahrainis are being used, Marczak says. “I’m not sure how they get their passwords – maybe they confiscate their devices and then get them from there,” he adds.
“People who have clicked on these links have suffered various types of consequences ranging from having their houses raided and being charged for saying insulting things about the king on Twitter, or losing their jobs.
“It looks like, from our investigation so far, in one case, the government did lock up the wrong person. His only crime was running the Internet connection on which the link was clicked.
“Once things like Facebook and Twitter get a significant following from activists, the government will use it to attack them.”
He did not want to reveal the names of those involved, to protect their identity.
The Bahrain government has taken a hard-line on anti-government protesters, who are planning a major demonstration on 14 August. The movement against the monarchy has at times been brutally repressed, most notably Bloody Thursday, when three protesters died following a raid on their encampments in Manama.
Politicians now want to ban any kind of protest in the capital, and to crackdown on “misuse” of social media”, whilst the government has said anyone taking part in the August gatherings will face the ”force of the law”.
The government of Bahrain told TechWeek it was “committed to safeguarding the privacy of its people”.
“We value free speech and this is enshrined in our Constitution. There are established channels for addressing allegations of breach of privacy online or otherwise,” a spokesperson said.
“But the anonymous allegations as presented are too general and vague to permit any sort of investigation and response: there is no date, time, or any sort of identification as to who the perpetrator may be, and further what particular sites and ISP are being referred to in the allegation.”
This IP tracking threat shouldn’t affect those who are savvy about security, those using VPNs or the Tor Browser to hide their IP. But for anti-government activists, or anyone whom the regime dislikes, without adequate protection, IP tracking could cause much grief.
“This demonstrates a disturbing trend, one where repressive regimes are increasingly becoming more technologically sophisticated in how they target those who oppose them,” Eric King, head of research at Privacy International, tells TechWeek.
“Bahrain particularly has been at the forefront of this, using FinFisher and Trovicor [both intelligence gathering software that some have compared to malware], and now this method of IP tracking, to identify, arrest and mistreat those to challenge their authority.”