In July 2012, one year after the Arab Spring shook Arab regimes around the world, an email appeared in the inbox of Mamfakinch, a Moroccan online publication critical of the government.
Under the subject line “dénonciation” — French for “denunciation” — was a single sentence. “Please don’t use my name or anything else, I don’t want any trouble.” And under that, a link to what appeared to be a Word document with the name “scandale(2).doc.”
But instead of insider information about corrupt government officials, the file turned out to be malware, as the Canadian NGO Citizen Lab later determinedafter Mamfakinch’s staff got suspicious and and contacted experts.
Reverse-engineering the malware, Citizen Lab concluded that Mamfakinch had fallen victim to a sophisticated cyber attack, likely at the hands of Morocco’s intelligence service.
A year later in December 2013, a similar attack targeted the Ethiopian Satellite Television Service, an opposition media network based in the United States. Two journalists were contacted via Skype from the account of a former collaborator. The sender tried to get the reporters to download malware disguised as a Word file.
The software would have allowed the attacker to completely take over any compromised computer.
Even more aggressive was the strategy of the Ugandan police and secret service during the run-up to and aftermath of the presidential elections 2011. Privacy International, a human rights organization, detailed in a report how the agencies created fake wireless networks in parliament and hotels frequented by the opposition and used blackmail and bribery to install malware on smartphone and computers.