By Haggai Matsiko
A spying operation by Uganda’s top security agencies that has since 2011 targeted and aimed to crush opponents of President Yoweri Museveni, a new report has claimed.
The operation codenamed ‘Fungua Macho’ loosely translated as ‘open your eyes’ has involved planting surveillance tools in top hotels and residences in order to “spy on the enemy, collect data, intrude enemy systems, intercept enemy communication and also manipulate transmissions”.
Funga Macho has targeted opposition politicians, local and international journalists, all legislators amongst other high profile people with intentions of crushing them.
“given the caliber of our negative minded politicians, we stand a very high chance of easily crushing them by being a step ahead,” notes Michael Bbosa, then Director of Technical Intelligence of UPDF in a brief to the president in 2012 about the operation.
The brief is one of the documents, Privacy International, a U.K non-governmental organization that defends the right to privacy cites in its report titled For God and My President: Surveillance in Uganda, which has exposed the operation.
Government has denied knowledge and existence of the operation.
But the report notes that the Chieftance of Military Intelligence (CMI) procured the surveillance tools and together with the Uganda Police and other intelligence agencies, are the master minders of the operation that included bugging some 21 high end hotels including; Serena, Speke Resort Munyonyo, Imperial Royale, Emin Pasha, Fairway, among others.
Apparently, the operation also involved planting the spying tools in high end residencies like Lubowa, Kololo, Munyonyo and Kesington apartments.
Critics say the expose shades light on how the Uganda Police working with other spy agencies have been able to suppress activities of opposition politicians.
The opposition, specifically Forum for Democratic Change (FDC) members like party flagbearer Kizza Besigye, other opposition politicians, legislators and journalists have been targets.
The technology helped security operatives crack down on walk to work protests according to a brief Michael Bossa, then Director of Technical Intelligence of UPDF wrote to the president in 2012.
“People deemed dangerous to state security like government officials and opposition politicians are being surveilled”, wrote Bbosa. He said that “all MPs and influential people involved in the Walk-to-Work Demos” had been targeted.
According to the report, it all started in December 2011. This was after the opposition pressure group—Activists for Change (A4C) had launched a second round of walk-to-work protests. The first round of protests caught the security forces off-guard. In an attempt to contain them, security forces, in the first month alone killed at least nine unarmed People, injured over 100 were injured. Besigye, who inspired the protests was brutally dragged from his vehicle and pepper sprayed in the face, sustaining serious injuries forcing him to seek medical attention for a while.
Over all, some 600 people were arrested and detained without charge. Legislators were arrested, manhandled and placed under 24-hour surveillance and preventative detention.
With this crisis not showing signs of going away, on Dec.5, Bossa, the Directorate of Technical Intelligence of the UPDF, the report shows, purchased a powerful surveillance tool that they would use to illegally spy on protest organisers, government officials, media houses, intelligence insiders, and private citizens.
The Chieftaincy of Military Intelligence (CMI) purchased the surveillance technology in question called FinFisher, from Gamma International GmbH, which is headquartered in the UK.
The purchase came after four Ugandan officials travelled as guests to Gamma’s Munich offices, where they were invited to witness demonstrations of the several products. Police Director of ICT, Amos Ngabirano, Bbosa, a one Oluka Charles, Rwantare Nelson are the officials that travelled.
FinFisher, the report shows, has been used by some of the most repressive states globally to intimidate, harass and blackmail.
Indeed, in his brief, Bbosa assured President Museveni that Kenya, Nigeria, Rwanda, Senegal and Zimbabwe – governments “facing civil disobedience” – were users of FinFisher. All these governments in all these countries have been accused of massive human rights violations.
In a bid to impress the President more, Bbosa made a further boastful claim that Syria is also a FinFisher user.
In the brief, the CMI complained about the “meagre funds” available to “bribe more collaborators especially from the inside circles of opposition members” who would make their targets’ devices accessible for direct infection.
FinFisher was installed in the buildings of the ISO, ESO, Parliament and also the two main agencies responsible for the operation – the UPF and CMI. Fungua Macho also targeted people in their own homes.
FinFisher fake access points were created in the Munyonyo and Kololo neighbourhoods in central Kampala, as well as upmarket Lubowa and Kensington housing estates, Bossa’s brief shows.
Apart from this, Bossa revealed that 21 mostly high-end hotels in Kampala, Entebbe and Masaka were compromised as part of the spying operation.
These hotels were specifically selected because they were known to be meeting points for politicians and journalists as well as hosting political events.
Opposition political parties and civil society hold most of their events, which range from press conferences, closed-door meetings, among others.
FinFisher access points were installed on the Wi-Fi networks and/or business centres of these hotels.
Private International reveals that security around the business centres is lax. The organisation visited all 21 hotels in 2015 and found that computers in two-thirds did not protect administrator privileges, meaning that covert installation of a program onto the desktop computers would have been a simple task.
“Due to leakages from within the state apparatus, activity-spyware and gadgets targeting specific people have been deployed in the following institutions: CMI, ISO, ESO, Uganda Police and Parliament,” Bossa’s brief adds, “We are also looking for people to use from within their own circles so as to access their gadgets.”
Privacy International also reveals that at least one of the Parliamentary office buildings currently appears to have a system that monitors telecommunications signals inside the building and is capable of capturing phone identifying information.
Bossa also revealed that the management of a number of these hotels were aware of the installation.
The potential collaboration of hotels with security services has serious implications because, Privacy International explains, Guests and visitors pay expensive rates for physical security, comfort and privacy that these largely high-end establishments claim to offer.
“Many hotels have collaborated either consciously (overt penetration) or unconsciously (covert penetration) … we have made tremendous success and a lot of data is streaming in.”
The revelations come two months after another set of documents revealed that State House and the Uganda Police were in the final stages of acquiring hacking software from an Italian company called Hacking Team at a staggering Shs. 10 billion.