Independence buys freedom

Botswana media hit by Israeli spyware

2 April 2024

Two prominent local weeklies, Mmegi and Botswana Guardian newspapers have
been targeted by a sophisticated Israeli mercenary spyware Predator, raising fresh
concerns about media infiltration, privacy, and security ahead of Botswana’s
upcoming watershed election in October.

Justice Kavahematui

Two prominent local weeklies, Mmegi and Botswana Guardian newspapers have
been targeted by a sophisticated Israeli mercenary spyware Predator, raising fresh
concerns about media infiltration, privacy, and security ahead of Botswana’s
upcoming watershed election in October.

The Washington Post – which has carried extensive expose into the Predator spyware –
define Predator is a powerful and hard-to-detect surveillance program that can turn on
the microphones and cameras of Apple iPhones and devices running on Google’s
Android software, retrieve all files and read private messages, even when they are
end-to-end encrypted.
Predator is distributed by an evolving network that includes the Greek firm, Intellexa
and a related firm, Cytrox. Both firms were placed under US sanction two weeks ago
for “their role in developing, operating, and distributing commercial spyware
technology used to target Americans, including U.S. government officials, journalists,
and policy experts,” according to US Department of Treasury.
While marketed as counterterrorism and law enforcement digital equipment, it
frequently serves as a cyberweapon in the hands of authoritarian regimes. Functioning
as a digital backdoor, Predator has the capability to transform any device into a potent
spying tool, targeting civil society members, journalists, specific politicians, and
activists. Cytrox and Intellexa belong to US-sanctioned former Israeli intelligence
officer, Tal Dilian.
A report by the US-based online investigative agency, Recorded Future, conducted by
their research team, has revealed that Predator is operational in at least eleven
countries, including Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan,
Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. Of
significance, this marks the first identification of Predator customers in Botswana and
the Philippines. Specifically, regarding Botswana, Recorded Future’s research team,
the Insikt Group, uncovered that Predator maintains at least two websites that pose as
news outlets for Mmegi and Botswana Guardian.
The research highlighted suspicious activity involving website domains that mimic
two well-known news sources. For instance, as outlined in the Insikt Group report, the
domain mmegi[.]co appears to be impersonating the legitimate website for “Mmegi
Online.” Likewise, bw-guardian[.]com seems to be emulating the online edition of
“Botswana Guardian and The Midweek Sun,” prominent newspapers in the country.
The report said it is concerning that the spoofed domains are using the “.bw” top-level
domain, which is specific to Botswana.

The report also highlights that similar tactics were deployed in domain associated
with Predator operations in Trinidad and Tobago using the “.tt” top-level domain to
mimic a local newspaper’s website there.
While there have been discussions about surveillance technology being used in
Botswana, this is the first time that individuals using Predator in Botswana have been
identified. This suggests potential cyber threats or malicious activities targeting users
in Botswana and caution should be exercised when encountering unfamiliar or
suspicious online content, cybersecurity experts have warned.
The Botswana Guardian is yet to identify the local security organisation that acquired
Predator. However, Botswana’s intelligence community, including the police and the
Directorate on Intelligence Services (DIS), have a history of demonstrating an
insatiable appetite for using mercenary spyware. They deploy such technology with
impunity, particularly targeting journalists and opposition politicians.
Botswana Guardian is working on establishing whether its editorial team’s mobile
phones have been compromised by Predator.
There has been notable increases in digital espionage operations targeting civil society
and journalists since April 2008 when president Ian Khama took office. The trend
continued under the current president, Mokgweetsi Masisi. For example, in mid-2021,
reports surfaced indicating that the Botswana Police had employed the Universal
Forensic Extraction Device, manufactured by Cellebrite, a phone hacking technology
vendor. According to information provided to the New York-based Committee to
Protect Journalists (CPJ), this technology was used to extract data from the phone of
Mmegi journalist Tsaone Basimanebothe. Additionally, the Committee reported that
the Botswana Police also deployed the same technology to search a phone belonging
to one Oratile Dikologang, who had been charged in 2020 over vague Facebook posts.
Cyber psychologist and cybersecurity expert David Moepeng said the deployment of
spyware against journalists can constitute a direct assault on press freedom. The fear
of surveillance may result in self-censorship, as journalists may refrain from reporting
on certain topics or delving into sensitive issues to mitigate the risk of being targeted.
Moepeng offered advice to journalists, recommending a variety of strategies and
practices to enhance digital security. One such suggestion is to configure a firewall
that effectively blocks unauthorised intrusions.
“Enable two-factor verification on all services and platforms that offer it such as
emails, social media and cloud storage platforms,” Moeng, a former journalist
advised.
Using Virtual Private Networks can also enhance online security as they encrypt
internet traffic, especially when using public WiFi which is more vulnerable to
interception. He advises media organization to conduct regular and continuous
training for journalists and staff on digital security, so they can recognise phishing
attempts, and adopt safe online practices.
“Consider using tools like VeraCrypt for encrypting drives and containers, and Pretty
Good Privacy for email encryption,” the expert said.
Speaking on the issue, investigative data journalist Joel Konopo said that Predator and

other modern intrusion gadgets leverage advanced machine learning software capable
of circumventing encryption on many trusted communication platforms, including
Signal and WhatsApp. Konopo argued that the logical solution lies in implementing
credible oversight on intelligence organisations. He stressed that establishing a system
of checks and balances against the often-unchecked power within the intelligence
community should not be viewed as divulging secrets.
“Surely DIS should not be expected to tell us about everything they are doing,” said
the journalist.
“But there has to be enough oversight to a point that the public believe what the DIS
and police are doing is acceptable.”
The current oversight of the DIS is a sham in a country that prides itself as a model of
democracy, observed Konopo.
“Forced transparency would necessitate that the intelligence community justifies its
actions to the public,” Konopo remarked. He emphasised that Predator or Cellebrite
software deployment should be confined to counterterrorism scenarios in an
environment that advocates for accountability and transparency. Konopo highlighted
that intelligence organisations in other jurisdictions are subject to some form of
oversight, whereas in Botswana, they are only accountable to themselves.
Predator spyware is viewed by many as a threat to journalism. Amnesty International
reported last October that shocking spyware attacks have been attempted against civil
society, journalists, politicians, and academics in the European Union (EU), USA and
Asia.
Amnesty International’s Security Lab which investigated the use of the powerful and
highly invasive spyware revealed that among the targets of Predator spyware are
United Nations (UN) officials, a Senator, and Congressman in the USA and even the
Presidents of the European Parliament and Taiwan.  
Insikt Group further highlighted that the domestic use of mercenary spyware such as
Predator, beyond legitimate applications in serious crime and counterterrorism law
enforcement scenarios, continues to present significant privacy, legal, or physical
safety risks to the individuals targeted, their employers and the entities conducting
such activities.


Join the Conversation