Hired Surveillance: Sierra Leone officials pay cyber intel groups to target journalists, political opponents

By Matthew Anderson, Nik Harris, and Mark Feldman

An investigation by Africanist Press has uncovered that Sierra Leonean officials paid at least US$5 million to cyber intelligence groups, including the Israeli-based Cognyte Technologies Limited for cyber intelligence services and tools that were mostly used to target political opponents of the Maada Bio administration.

Africanist Press discovered that funds were directly transferred by the Bank of Sierra Leone (BSL) between July 2021 and October 2022 to the Israel-based Cognyte Technologies Limited and North Star Enterprise as payments for cyber intelligence solutions and for the supply of public order equipment to security agencies in Sierra Leone. Evidence shows that Sierra Leonean security agencies, including the Office of National Security (ONS) and Sierra Leone Police, employed the procured cyber services and public order equipment in cyber surveillance activities and other intelligence operations targeting journalists and a few leading opposition politicians in the country. The targeted groups included journalists of the Africanist Press and a few leading opposition politicians in Sierra Leone.

Cognyte was among seven cyber intelligence companies accused by Meta for selling software and services that were used to spy on journalists, human rights activists, and politicians in more than 100 countries. Cognyte’s customers are believed to have targeted numerous journalists and politicians in countries with dubious records on human rights such as Colombia, Kenya, Mexico, Thailand, and Indonesia.

Our investigation discovered that Sierra Leonean officials processed the first payments amounting to nearly US$1 million to  Cognyte Technologies on 7th July 2021; at least two weeks after Sierra Leone’s Parliament enacted a new law on cyber security in June 2021.  The legislation was introduced in Sierra Leone by the Maada Bio administration and enacted by Parliament to supposedly protect critical national information infrastructure, promote cybersecurity, and protect computer programs. The law also authorizes security agencies to collect electronic evidence from cellphones, computers, and other electronic equipment for investigation and prosecution in cybercrime proceedings.

Africanist Press identified 19 fund transfers processed by the Bank of Sierra Leone (BSL) between 7th July 2021 and 18th July 2022 in the name of Cognyte Technologies Israel Limited and North Star Enterprise as payment for cyber intelligence solutions and public order equipment. Africanist Press found that eight of these transactions totaling US$2,081,999.80 were processed on several dates between 7th July 2021 and 18th July 2022 as direct payments to Cognyte Technologies for the purchase of cyber intelligence services and solutions for national security. We discovered five specific transactions amounting to US$831,999.80 that were paid directly to Cognyte on 7th July 2021 in various amounts ranging from US$84,316.00 to US$155,000.00 and US$218,841.82 to US$310,000.00. The payments were ordered by the Office of the President and authorized by Ministry of Finance officials after the enactment of the new cyber security legislation.  In addition to the July 2021 payments, two further payments in separate amounts of US$310,000 and another amount of US$630,000 were also processed and transferred to Cognyte Technologies on 1st October 2021 and 10th May 2022 respectively. In total, Africanist Press found that the Central Bank of Sierra Leone transferred over US$2 million to Cognyte Technologies during the first 12 months following the new law on cyber security.

BSL financial records show that payments to Cognyte were all transferred to the Israeli-based cyber intelligence company through Standard Chartered Bank-South Africa (SCB/SAF) and listed as payments for cyber intelligence services and solutions for national security on behalf of the government of Sierra Leone.

In addition to the Cognyte transactions, Africanist Press also found that a total of US$2,211,025.72 was simultaneously paid to another company listed as North Star Enterprise to supply special public order equipment to the Sierra Leone Police. Our investigation found that these payments were also processed between 11th January 2022 and 18th July 2022 in multiple amounts ranging from US$184,252.14 to US$210,573.88. The payments were processed in 11 different transactions by banking officials in Sierra Leone, and transferred directly to the United States in the name of North Star Enterprise through the Federal Reserve Bank (FRB) in New York.

In contrast to Cognyte, Africanist Press could not find any additional details on North Star Enterprises and the contractual relationship with Sierra Leonean officials even though BSL’s financial records show continuous transfer of funds to North Star Enterprise for security related purchases.

An investigation by Africanist Press later uncovered that Sierra Leonean officials paid at least US$5 million to cyber intelligence groups, including the Israeli-based Cognyte Technologies Limited, for cyber intelligence services and tools that were mostly used to target political opponents of the Bio administration.

Cognyte, on the other hand, described itself as a leading marketer of investigative analytics software that empowers governments and enterprises with actionable intelligence. Operating out of Israel with offices in Europe, China, and Mexico, Cognyte says its mission is to help organizations accelerate investigations, connect dots, and prevent threats before they unfold.

“Over 1,000 government and enterprise customers in more than 100 countries rely on our solutions to accelerate investigations and successfully identify, neutralize, and prevent threats to national security, business continuity and cyber security,” Cognyte stated in its marketing materials, whilst adding that Cognyte’s global offices employ about 2000 employees that support the company’s global customers.

“Our open analytics software fuses, analyzes, and visualizes disparate data sets at scale to help organizations find the needles in the haystacks and transform data into insights they can act upon,” it stated.

However, while Cognyte claims their services and software are meant to help governments and law enforcement agencies deal with cybercrimes and terrorism, the company has been listed among several cyber surveillance outfits hired by various authoritarian regimes around the world to target opponents.

The Israeli-based Cognyte was among seven cyber intelligence companies accused by Meta for selling software and services that were used to spy on journalists, human rights activists, and politicians in more than 100 countries. Cognyte’s customers are believed to have targeted numerous journalists and politicians in countries with dubious records on human rights such as Colombia, Kenya, Mexico, Thailand, and Indonesia. A December 2021 report released by Meta’s cybersecurity team revealed that Cognyte abused Meta’s Facebook and Instagram platforms by targeting people to collect intelligence, manipulate and compromise their devices and accounts across the internet. Tactics reportedly employed by Cognyte included creating fake accounts to search and view people’s social media profiles and their list of friends, engaging with people using fictitious identities, and tricking users into giving away their account information by getting them to click on malicious links. In addition to collecting intelligence through user dubbing, Cogynte is also accused of breaking into computers and cellphones by manipulating the download of malware into them. Cognyte reportedly achieves this by using a variety of human manipulations without contact and with sophisticated technological tools.

These attacks were escalated in early June 2022, extensively targeting telephone communication of Africanist Press publisher, Chernoh Bah. Dozens of malware and spyware messages were sent randomly to Bah’s cellphone showing attempted interference with his private communication. The malicious messages continued into early September 2022 and stopped only after Apple technicians in Illinois installed lockdown applications on Bah’s communication equipment.

“They can compromise the targeted device despite a victim’s good security hygiene and practices. The program can implant backdoors directly without forced consent,” Meta stated in its December 2021 report announcing a ban against Cognyte.

International concerns over the ongoing use of spyware and other cyber spy tools by authoritarian regimes to target opponents have increased in the last two years after the Pegasus Project highlighted global abuse of cyber-surveillance weapons by authoritarian regimes in ways that compromised the safety and rights of journalists, human rights activists, and politicians.

In early March 2022, the European Parliament instituted a committee to investigate the increased sale, transfer, and use of surveillance technologies in authoritarian environments targeting journalists and political activists.  European Union countries and the United States were concerned that spyware technologies were increasingly used by authoritarian regimes against opponents to influence elections and also transfer cash to foreign destinations.

While concerns over spyware technology increased in Europe and United States, our investigation discovered that government officials in Sierra Leone had already transferred millions of United States dollars in payments to Cognyte and were using cyber intelligence solutions to target political opponents.  We discovered, in particular, that cyber surveillance operations had been initiated at least in April 2022 against Africanist Press and continued into late September 2022. The operations targeted mostly telephone communication, websites, and social media pages of the press organization and its journalists.

We discovered, in particular, that cyber surveillance operations had been initiated at least in April 2022 against Africanist Press and continued into late September 2022. The operations targeted mostly telephone communication, websites, and social media pages of the press organization and its journalists. Our investigation identified patterns showing that security agencies potentially used Cognyte technology in these surveillance operations against Africanist Press.

Our investigation identified patterns showing that security agencies potentially used Cognyte technology in these surveillance operations against Africanist Press. Identified patterns included repeated malicious attacks on the Africanist Press website that were mostly initiated from likely locations in central and western Freetown, and through proxy locations in eastern Europe. These attacks were escalated in early June 2022, extensively targeting telephone communication of Africanist Press publisher, Chernoh Bah. Dozens of malware and spyware messages were sent randomly to Bah’s cellphone showing attempted interference with his private communication. The malicious messages continued into early September 2022 and stopped only after Apple technicians in Illinois installed lockdown applications on Bah’s communication equipment. Apple’s technical intervention followed coordinated attacks on social media pages associated with the Africanist Press, including its Twitter account and Bah’s Facebook pages. The attempted login into Bah’s Facebook and email accounts occurred on 11th September 2022; all traced to potential locations in Freetown and coordinated through proxy IP addresses traced to Prague, in the Czech Republic.

The attempted login into Bah’s Facebook and email accounts occurred on 11th September 2022; all traced to potential locations in Freetown and coordinated through proxy IP addresses traced to Prague, in the Czech Republic.

In the course of our investigation, we also discovered that similar cyber intelligence and surveillance operations were potentially used to intercept communication of leading opposition politicians in Sierra Leone and their close associates. We discovered, in particular, that security agencies likely initiated cyber surveillance activities targeting a few opposition politicians between April 2022 and August 2022. Our investigation found that a few former ministers in Koroma’s government and leading Members of Parliament (MPs) were also aware that cyber surveillance operations that targeted certain opposition politicians and journalists were being used by security agencies in Sierra Leone but they never publicly spoke about it.

Although criticism has followed Sierra Leone’s use of its new cyber security legislation to curb free speech, there is hardly any public awareness on how the law may have authorized politicians and security agencies to hire cyber surveillance agencies to target politicians, activists, and journalists. In early June 2022, at the height of global concerns over the proliferating sale of spyware technology to authoritarian regimes, Sierra Leone’s MPs commenced debates on a new national security and central intelligence law with provisions  that also violate citizens privacy rights. The new law, unanimously voted into law in late November 2022, gave sweeping powers to security agencies, authorizing security officers to carry out sting operations without warrant, and to search homes and seize any electronic equipment in the guise of national security.

Several attempts made by Africanist Press to contact Cognyte representatives in Israel for an interview were unsuccessful. Security officers at Cognyte‘s head office in Israel could not forward  numerous telephone calls from Africanist Press to any of the company’s management officials. Africanist Press could also not reach Sierra Leone’s National Security Coordinator, Abdulai Caulker for comments as calls to his cell phone went unanswered.

You can download document showing evidence of the various transfers to Cognyte and North Star Enterprise mentioned in this report.

Leave a Comment

Your email address will not be published. Required fields are marked *