UAE Government Accused Of Using Java Flaw To Spy On Activist

The latest Java zero-day saga continues, with a rights group claiming that the UAE government used the vulnerability in an attempt to get spyware onto a machine belonging to an activist.

The flaw emerged last week and various hacked websites were seen serving up exploits. Oracle released an out-of-band update over the weekend and urged the users to immediately patch their software.

Many remain concerned about who has taken advantage of the vulnerability, and to what ends.

Bahrain Watch said it had dissected an email sent to an activist, which contained a link to a video purportedly involving Dubai’s chief of police.  After inspecting the HTML code on the linked page, the organisation claimed to have discovered a Java applet serving up an exploit via the vulnerability.

UAE government implicated

The campaign group believes the UAE government is behind this attack, as well as other campaigns against activists based in the country. At the time of publication, the UAE embassy in London had not responded to a request for comment.

The Java vulnerability was unpatched when the activist in the UAE received the email. The spyware examined by Bahrain Watch would be undetectable by the majority of anti-virus software.

“Based on a memory image of an infected computer, the payload appears to be similar to the SpyNet Remote Administration Toolkit, or a piece of spyware derived from the SpyNet source code,” reads the blog from Bahrain Watch.

“SpyNet reportedly offers a full suite of functionality on a victim’s computer to the attacker, including keylogging and password stealing, viewing a victim’s screen, and turning on a victim’s webcam.

“SpyNetCoder – the individual who writes SpyNet – apparently offered to sell a version of his source code for $300.”

The domain name associated with the attackers’ command and control infrastructure “has been used many times over the past three months in attacks on UAE activists”, the group claimed.

“Bahrain Watch believes that the UAE Government is behind ongoing attacks on UAE activists, including this attack.  This is the first instance of a cyberattack against UAE or Bahraini activists that has involved the compromise of a third-party website, as far as Bahrain Watch is aware,” it added.

“Those who operate in a way that is contrary to the government’s political wishes in the UAE and Bahrain are under constant attack from a number of threats, including spyware. Bahrain Watch advises Internet users to avoid clicking on unsolicited links, or opening unsolicited email attachments, even those purportedly from friends.”

This certainly isn’t the first time someone claims that activists in the Middle East have been targeted by spyware. In October, Ahmed Mansoor, a prominent blogger and part of the UAE Five, a group of Emirati activists who were imprisoned from April to November 2011 on charges of insult, was targeted by surveillance malware, according to the Citizen Lab.

Last year, British firm Gamma International was implicated in selling spying kit to a Middle-Eastern government, after researchers found spy malware sent to activists in Bahrain was linked to the firm’s software. Gamma later denied claims it had been selling products to any oppressive regimes.

What do you know about online security? Try our quiz and find out.