How a hacking campaign helped shut down an award-winning news site

By Nex, @botherder

It is a cloudy and rather cold day of October in a city that shall remain unnamed. I am meeting with Hisham Almiraat, a well-respected democracy, human rights, and digital rights activist from Morocco. This is the story of how a campaign of digital surveillance and computer attacks helped shut down Mamfakinch, an award-winning independent Moroccan news website.

Hisham is an old acquaintance of mine, and while the occasions to meet in person have always been rare, our paths first crossed in unfortunate circumstances several years ago.

It was the summer of 2012 - the height of the popular uprisings in the region - when Hisham and his colleagues at citizen media outfit, Mamfakinch (Moroccan expression meaning “We won’t give up”), were targeted with a powerful spy software intent on compromising their communications. Hisham and his colleagues knew enough to detect that something was wrong when they received strange emails with empty attachments, and they reported the incident to Citizen Lab at the University of Toronto. 

The discovery of the attack against Mamfakinch was significant. The spyware that targeted them was called “Remote Control System” and it was developed by the now infamous Italian company, Hacking Team. This was one of the very first documented cases of computer attacks using European-made technology to repress and target human rights activists and journalists.

Four years later and we sit down in a crowded, candle-lit pub to talk. I know all the ins and outs of the computer attack he and his colleagues suffered, but I want to learn more about what led to it and what happened afterwards. What inspired his activism against surveillance, a fight that eventually forced him into exile, and a fight that has brought us both here, to this table, on this cold autumn night?

 

It's 2009. You guys realize it was necessary for a citizen media outlet to exist, and decide to create Mamfakinch. Do you remember when and how you and your colleagues come to that realization?

It was the first instance I can recall when a community of progressive-minded bloggers took action and, pretty spontaneously, turned the nascent power of social media to their advantage. If I was to give a metaphor, it's like sitting in the dark, knowing there are other people in the room -- you can hear them breathe, you can hear them move and talk but you can't quite identify them. All of a sudden someone strikes a match and for a little while, while that flame is still going you get to see everybody's faces.

It was that kind of a revealing moment. And it was a coming of age of a generation of bloggers who, frustrated as they were, by the systematic subjugation of the press, took it upon themselves to challenge, criticize and scrutinize power.

What role did Mamfakinch play as the 2011 protests gained prominence in Morocco?

Our aim was to circumvent the Moroccan media blackout over protests and to offer a platform for dissident voices that were totally sidelined by state-owned media. Our ambition was also to do investigative work. And while we never claimed to be objective (we were clearly on the side of the pro-reform, pro-democracy movement) we tried to abide by a set of self-imposed ethical rules.

At its early stage, the project was run by a dozen individuals. The early success of Mamfakinch (over a million unique visitors during the first weeks after launch) led to an influx of contributors. At some point we were about 30 individuals running the project as a collective with no hierarchy to speak of, and a very fluid publishing process.

In 2012, Mamfakinch was attacked with Hacking Team spyware. Before that incident, did you and your team perceive surveillance as a threat? 

It turned out we were up against a highly sophisticated kind of a threat. We knew as early as 2011 that Morocco was up to something when it was revealed the government spent €2 million in taxpayers´ money to purchase a mass surveillance system from French company Amesys. But even then we were not particularly alarmed -- and maybe we should have been.

Why do you think Mamfakinch was targeted and why at that particular moment?

We were attacked a couple of days after the website was awarded the Google-Global Voices Breaking Borders award. The award was a recognition of our efforts to use the Internet as a way of promoting public debate and democratic values.

But it was probably also the moment when we became too visible for the regime's taste. During that summer of 2012, Mamfakinch broke a series of stories pertaining to police brutality against protesters and exposed a high profile corruption and nepotism case against a minister in the government. In other words, Mamfakinch was becoming a serious thorn on the side of the regime that they needed to do away with.

Do you remember the day you were attacked? Can you describe what happened?

I remember it was early in the morning. I opened my email as I would every day. And there was this one email that stood out. It claimed to be from a whistleblower - someone who claimed (judging from the subject line) to send us a scoop they wanted published. I guess I was lucky that morning because I was late for work so I never opened it myself. Later in the day I learned that all the co-editors received the same email. Most of them opened it. The file was empty. We didn't make much of it that day.

It was a few days later that our tech guy raised the issue again. We learned that during that same week other activists in the region, especially in Bahrain, were hacked via infected emails. He suggested almost jokingly that maybe we should look into that empty file. We did. It so happens that we knew just the right people. Citizen Lab in Toronto were doing similar research work for activists in other parts of the world so we decided to approach them. And indeed, after a couple days, the diagnostic came back. It was a virus -- and not just any virus for that matter.

 

©Daniel Moßbrucker 

How did you feel both as you realized that Mamfakinch was indeed the bullseye of the government?

The first feeling is one of angst. You fear for the people who trusted you with their personal information and whose careers, and maybe even lives, you might have now put in harm's way. But then this feeling is quickly overcome with anger because you know that this unique project that you've invested so much in and that you built on trust, has received a deadly blow. There was little chance that we could come out of this unscathed.

What do you think was the real objective of the attack? Was it to identify your sources? Was it to instigate fear?

The initial objective of the government was, I think, to surreptitiously identify the people behind the project. Once identified it would be easy to intimidate them or attack them and discredit them. They were unlucky because we were able to seek help and identify the attack. But then again, the harm was done. Whether the regime was able to identify our members or not was no longer relevant. What lingered in everybody's mind was that they were capable of doing it. And that possibility in and of itself is a victory for the government because the fear of being surveilled torpedoed the trust in the project, and effectively put an end to it. That's how harmful this kind of technology is: it poisons the well.

What happened after the attack? Did Mamfakinch survive?

Once we discovered the attack we became acutely aware of the urgency of implementing digital security measures. But again, the harm was done. It didn't matter whether our machines were clean or not, or whether we used encryption or not. They proved they could do it once. It means they can do it again. That put off a lot of people who volunteered contribution to the website. After a couple of months we went down from a team of about 30 regular contributors and co-editors into 3 people struggling to keep the website alive.

After a while it was clear the project could not survive. There was just not enough people willing to come forward. We had to close.

With your experience, how effective do you think that digital surveillance can be to curb citizen journalism and protest movements?

In the mid-2000, when blogging and social media peaked as a means of citizen journalism and activism, governments were still playing catch-up. They first tried to apply to the Internet what they were used to do offline: in other words, they tried to block websites and content they didn't like. But that didn't work as people always found a way to circumvent censorship.

But then, especially after the Arab spring, autocratic governments - realizing the disruptive power of the Internet - decided they needed to control it. Surveillance was the perfect answer for those regimes: if you know you can be watched you tend to self-censor and suppress your own expression.

That's how you turn the Internet, thought-of initially as an inherently democratic tool, into an Orwellian mass surveillance nightmare.

A couple of years later, you and some colleagues start a digital rights organization in Morocco called Association des Droits Numériques (ADN). To what extent was this a response to your personal experience of being subject to digital surveillance?

The fact I was a target certainly played a role. Most importantly though, was the realization that without a political front, the battle for the Internet was going to be lost. It is important to protect personal information using technical fixes like encryption. But it's also important to challenge power and to speak to power, to inform users, to challenge privacy violations in court and build a platform for civil society to express its concerns when it comes to Internet-related legislation and governance issues.

At some point, the Moroccan government cracks down on ADN, and you are charged with destabilization of state security. Why are you being prosecuted?

What happened was that, in partnership with the UK-based Privacy International, we published a report in 2015, documenting multiple cases of unlawful electronic surveillance conducted against Moroccan academics, journalists and human rights activists. Three days after the report was published, the government opened a criminal investigation against me and ADN's vice-president on charges of "slanderous denunciation” against a government body and of "falsely reporting” an offense and “offending” public officials. Those charges carry penalties of up to 5 years in jail.

Another criminal investigation was later launched against me and some of my closest collaborators on a project called StoryMaker - a mobile app developed by a Dutch NGO, Free Press Unlimited, to help journalists and activists publish newsworthy stories. I was coordinating the training on the app and facilitating digital security training for vulnerable journalists and activists whom we taught how to use tactics like encryption.

Because of my involvement in that project I was later charged with "threatening internal state security", a charge punishable by an additional 5 years.

 

This prosecution against Hicham Mansouri and his six co-defendants has been going on for over a year. Hearings have been repeatedly postponed, with the next hearing slated for 25 January 2017. Amnesty International has been calling on Morocco’s authorities to drop all charges against the seven journalists and activists.

The organization is also deeply concerned about the investigation opened against Hicham Mansouri and his colleague from ADN over a year ago, following the publication of a Privacy International report, on charges of “slanderous denunciation” against a government body, “falsely reporting” an offense and “offending” public officials which the Amnesty International has repeatedly denounced as breaching freedom of expression. The organization has documented unfair trials against journalists critical of the Moroccan authorities, and has recommended that the government amends legislation that restricts freedom of expression in the country in the context of ongoing judicial reforms.

Follow Nex @botherder