By Frank Bajak and Raphael Satter
Ecuadorian opposition activist Dr. Carlos Figueroa was being pursued by the state when his email and Facebook accounts were hacked. Several dozen of his colleagues have similarly had their digital lives violated. All blamed President Rafael Correa’s government, but no one had proof.
The Associated Press has found compelling evidence that Figueroa was indeed hacked by Ecuador’s domestic intelligence agency, with software tailor-made by an Italy-based company called Hacking Team that outfits governments with digital break-in tools.
That would tag Figueroa as the first publicly identified target from a catalog of more than 1 million company emails stolen by an unknown hacker and leaked online last month.
AP’s finding also casts doubt both on Hacking Team’s claims that its intrusion tools, which intercept phone calls, collect emails and record keystrokes, are for use against serious criminals, not dissidents, and on assertions by Ecuadorean officials that they do not spy on domestic opponents.
The purloined Hacking Team emails have thrown back the curtain on state-sponsored hacking across the world, drawing outrage in South Korea — where a spy caught up in the scandal killed himself — and Cyprus, whose intelligence chief resigned following the disclosures.
They were gathered and made easily searchable online by WikiLeaks, the secret-spilling website whose founder Julian Assange has been holed up in Ecuador’s London embassy since 2012.
Evidence that Ecuador’s spies hacked Figueroa are in a series of emails exchanged between its SENAIN domestic intelligence agency and Hacking Team shortly after Figueroa was convicted of criminal libel in March 2014 and sentenced to six months in prison for allegations he made about Correa’s actions during a 2010 police revolt. Figueroa had skipped the court appearance, considering the verdict a foregone conclusion, and was in hiding.
The emails show that SENAIN employee Luis Solis sent a flurry of requests to Hacking Team for booby-trapped Microsoft Office documents and malicious links — so many that customer support engineer Bruno Muschitiello suggested Solis ease up. “The target may suspect something,” Muschitiello wrote on April 11, 2014.
The target isn’t named explicitly, but Solis dropped hints as he struggled with the digital burglary technology. The biggest clue was a phony invitation to a medical conference that he apparently created. The first 14 characters of the target’s email address are visible in a screenshot he sent to Muschitiello. It reads “dr.carlosfigue.,” a near match for the “dr.carlosfigueroa” address Figueroa was using at the time.
On May 5, Solis sent Muschitiello a screenshot of his control panel displaying 13 infected devices. One is named “MobilFigueroa” — “Figueroa’s cellphone.”
Muschitiello did not return messages sent by the AP, and Solis could not be located. A person who answered the phone at the extension for SENAIN’s communications office, and who would not identify himself, said Solis did not work at the agency.
Figueroa, a gastroenterologist who is a fierce opponent of Correa’s leftist government, said he is not certain he received the bogus email invitation to the medical conference. He said he received many strange emails at the time that he assumed were attackware and quickly deleted — but still got hacked.
“I had four email accounts and problems with all of them,” he said. “I also had problems with Facebook. At one point, it seems like they attacked all my communications on social media.”
“We all just assume our telephones are permanently tapped,” he told the AP.
Figueroa was arrested and emerged from hiding in July 2014 to visit his 75-year-old mother, who died of pancreatic cancer while he served out his prison term.
Credit: U.S. News and World Report, www.usnews.com