UNDERSTANDING THE DIGITAL SPYWARE USED TO MONITOR ACTIVISTS IN ESWATINI
The eSwatini police have been stealthily intensifying their surveillance strategies since the June 2021 mass protests that nearly ruptured the state and ushered in a revolution.
However, those who are on the receiving end of such surveillance are unaware of the tools the police use to monitor their movements and communications. Some of the police surveillance methods were laid bare mid last year when Constable Lucky Tsabedze, testifying on the case of the two incarcerated MPs, Bacede Mabuza and Mthandeni Dube, explained to the court how the police acquired evidence that Mabuza incited violence. It turned out that police had extracted data from Dube’s cellular phone.
It emerged that a month before the two MPs were arrested, the police had already lost their license of XRY software, which they use to extract deleted data from cell phones of targeted users. This did not deter them. Just over a year ago, the Principal Secretary in the Ministry of Defense and Security, Prince Sicalo, lobbied members of parliament to approve just over E31.44 million in the 2021/22 budget to buy spying equipment.
The pattern of events indicate that police successfully procured the surveillance softwares. The police’s clandestine surveillance tactics were once again brought to public attention when news broke that senior officers within the country’s security cluster had tried to avail digital evidence that would show that the Swaziland Youth Congress (SWAYOCO) President, Sakhile “Awviva” Nxumalo, tried to kill Xolani Maseko, the former Swaziland National Union of Students (SNUS) President now turned into Swaziland News reporter.
It was, until now, unclear what specific spyware the security cluster used to generate the fake messages which they aimed to later rely on as evidence. The spyware is the Israel International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) catcher. The IMEI and the IMSI catcher are able to track a location, intercept and extract data from an individual's phone. Beyond this, the spying paraphernalia is more than capable of manipulating text messages, erasing and creating phone calls that never transpired to appear as if they actually happened.
The IMEI and IMSI catcher have increasingly become popular spywares used by law enforcement and intelligence agencies in other countries. The Rayzone Group, NSO Group and Candiru are some of the Israeli companies linked to the manufacture of the spyware. The IMEI and the IMSI catcher can be the size of a household router and can bug up to 10 000 cell phones at one time. How the spywares work According to the Electronic Frontier Foundation, the IMSI catcher is a device that masquerades as legitimate cell phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.
The Spyware historically required mutual authentication between the mobile user and the spyware handset but due to its recent sophistication, it is no longer the case. The spyware can operate without any mutual authentication and a mobile user can be surveilled without them knowing. The spyware is used to pinpoint the location of the political activists using their phone numbers as it broadcasts a stronger signal with your cell phone establishing a new connection and disconnecting from the service provider that the political activists use.
The IMSI catcher is mostly used in popular locations that are usually busy or central places such as Mbabane where the security forces know that most political activists frequent the location. In a nutshell, this means that if you are intending to embark on a protest and you are carrying your cell phone, the extracted data from your phone can be used against you as evidence of proximity to the alleged occurrence and by default, you have a case to answer either as a witness or perpetrator.
The spyware at play Cebile “CeCe” Shongwe, a former police sergeant who turned activist police officer, shared how they have numbers of all the political activists in Manzini and they are able to surveil them using the spyware. Shongwe recalls during the Police Day celebration in 2022, when a firefighter who is a political activist was sought by the security cluster, who failed to find him at the celebration as the spyware showed that he was at work.
The Electronic Frontier Foundation indicated that the spyware collects personal data of the owner of the cell phone such as the phone calls the user makes, the websites the user accesses, pictures and their messages amongst other information. The spyware is able to eavesdrop on calls. Mbali Dludlu is another activist who has witnessed what spyware can do when she received a call from an unknown person who told her they know the whereabouts of her husband who is a political activist.
Once the person hung up, there was no evidence left behind of the call log. She was perplexed that the call she had just received disappeared in front of her eyes. Another incident was when one of her sisters sent her a “weird” message. When Dludlu enquired about the text message from her sister who was in the same vicinity, even the supposedly sender, her sister, wasn’t aware of ever sending such an SMS.
Dludlu, like the rest of other activists who are continuously on the police’s radar to be framed or watched and listened to, are now more than ever cautious of the conversations they have over the phone.
NB: Magnificent Mndebele is a journalist researching digital surveillance with support from the Media Policy & Democracy Project (MPDP) run by the Department of Communication and Media at the University of Johannesburg.