SAN FRANCISCO (Reuters) - Hackers believed to be working on behalf of Kazakhstan government officials tried to infect lawyers and other associates of exiled dissidents and publishers with spyware, according to a report to be presented at this week’s Black Hat security conference in Las Vegas.
The hacking campaign was part of a complicated tale that also involved physical surveillance and threats of violence - a rare instance of cyber attacks coming alongside real-world crimes.
It is also unusual in that the campaign involved an Indian company that was apparently hired by the hackers, and it targeted Western lawyers along with alleged opponents of the Kazakh government.
A spokesman at the Kazakhstan embassy in Washington did not respond to emailed questions.
A research team including two staffers of the Electronic Frontier Foundation (EFF) examined emails sent to a group that included New York human rights lawyer Peter Sahlas; Italian attorney Astolfo Di Amato, who is involved in a legal dispute with Kazakhstan; and exiled Kazakhstan publishers Irina Petrushova and Alexander Petrushov, both of whom fled Kazakhstan years ago.
The emails tried to trick recipients into installing one of two types of commercially available spy software and were likely sent by an Indian company hired for the job. The researchers came to that conclusion based on analysis of the internet addresses and domain names that pointed to how the malware was controlled.
The researchers will name the Indian company on Thursday.
The pair of publishers produce the online newspaper Respublika, which has printed leaked or hacked emails from the government. The government has sued in California to try to unmask the source of those files, with little luck to date; EFF is defending their company in a related case in New York.
Meanwhile, in Italy, hackers targeted Di Amato, who is pursuing legal claims over a 2013 incident in which the wife and child of exiled dissident Mukhtar Ablyazov were arrested in Italy and sent back to Kazakhstan. The authorities there accuse Ablyazov of embezzlement.
Eva Galperin, a policy analyst at EFF, said that some recipients had opened attachments with the malware her team examined but that it was not clear who was infected. The spyware could turn on webcams without the indicator light and record keystrokes.
“This is one of the very few campaigns where there is such a direct link between spying and physical danger,” Galperin said, comparing it to past government-linked spying by Syria.
“EFF’s technical analysis confirmed what I had always suspected,” said Sahlas, who represents Ablyazov’s family and other dissidents and tells hair-raising stories of break-ins and GPS tracking devices and strangers popping up with cameras during public meetings.
“We suspect that the use of malware by governments to spy on political dissidents, especially exiles who live outside of their government’s direct sphere of influence, is increasingly common,” the research team concluded.
(This version of the story corrects to say that the publishers are from Kazakhstan, not ethnic Kazakhs in paragraph 5, and that EFF represents them in New York not California in paragraph 8)
Reporting by Joseph Menn; editing by Jonathan Weber and Bernard Orr