The government of Uganda has vociferously denied hacking claims that have swelled in the recent past. The latest claim has seen Mr Yusuf Sewanyana, the director of the Uganda Police ’s ICT Directorate, tell the Uganda Radio Network that while the technology in question was procured; it’s not currently in use.
The Opposition, human rights organisations’ employees, diplomats and journalists in the crosshairs of the government continue to face the threat of relentless hacking targeting their cellphones and laptops.
Earlier this month, Israeli cyber company, Cellebrite, sold technology for hacking into cell phones to the Uganda Police Force, which has been accused of violations and egregious human rights abuses.
Cellebrite, which specialises in developing tools for digital forensic investigations, has not denied the sale but claims it is scrupulous about legal and ethical use of its products, according to Haaretz, an Israeli newspaper which first reported the story.
Cellebrite’s flagship product is a technology called UFED. The technology enables enforcement authorities to hack into password-protected cell phones and download the information stored on them.
In a letter sent by Mr Eitay Mack, an Israeli human rights lawyer, to Israel’s Defence ministry and Cellebrite, a number of human rights activists are calling for cessation of sales of the technology and support services to the Ugandan government.
Cellebrite, which is headed by its chief executive, Yossi Carmil, claims its tools are sold only to Uganda police and security organisations for the purpose of fighting serious crime and terrorism. As has been reported in Haaretz, however, its customers have included repressive, sanctioned regimes, among them Belarus, China, Venezuela, Indonesia, Russia, the Philippines and Bangladesh.
According to open-source information on the Internet and investigative reports by Mr Mack, the tools have made their way into the hands of organisations repressing human rights activists, minorities and the LGBTQ community.
Mr Mack also lists murders, abductions and torture of the same groups by the Uganda police in his letter.
In one investigation, the newspaper reported that the Uganda Police Force has used the system for hacking into mobile phones since 2017.
Although the use of Cellebrite in Uganda had been secret until now, “a local company in Uganda made public that it supplies to the Uganda police the UFED system capable of hacking through protection of mobile devices, gathering information from them and restoring information that has been deleted,” Mr Mack wrote in his letter to the ministry.
On the website of Preg-Tech Communications Ltd, a representative and supplier of Cellebrite and other companies in East Africa, under the heading “June 2017 Provision and Installation of Digital Forensics Systems and Software Updates”, the company detailed the deal to install the Cellebrite hacking tools, software packages and servers for the Uganda Police Force.
The items indicate that possibly the use had begun earlier, as there is also a list of upgrades of old tools. The document is no longer available on the company’s website, but can be viewed using the Internet Archive.
The regional supplier of Cellebrite’s website reveals the sale of UFED systems to the Ugandan police.
The local supplier also revealed that the Uganda Police Force uses UFED-Cloud Analyzer, enabling extraction of a detainee’s data from online storage services such as Dropbox, Google Drive, OneDrive and Apple’s iCloud.
Though Cellebrite publications explain that remote access is possible only if the suspect provides the password, in actuality the user of the system is able to extract the data from all the cloud services installed on the hacked phone.