What Vietnam Is Doing With Israeli Phone-hacking Tech

Haarets, July 15, 2021

A new investigation reveals that Cellebrite sells its digital forensics tools to a Vietnamese ministry known for persecuting bloggers, journalists and religious and ethnic minorities

Former Israeli President Rivlin with Vietnam’s then-defense minister in 2017Credit: Kobi Gideon, GPO

Oded Yaron

“Cellebrite’s solutions assist millions of investigations into the most serious crimes around the world every year,” the company’s CEO, Yossi Carmil, said recently in an interview with the business daily Globes. “Cellebrite’s tools are very powerful and give law enforcement agencies that protect our children the ability to do good for the world.”

In that same interview, Carmil said the company had developed contractual and technological mechanisms that are supposed to prevent its tools from falling into “the wrong hands.” But a new investigation by attorney Eitay Mack into one of ‘s customers shows that once again, the company itself is the one who put its technology into the wrong hands

Cellebrite CEO Yossi Carmil
Cellebrite CEO Yossi CarmilCredit: Shlomi Yossef

The customer this time is Vietnam, or more accurately its Public Security Ministry (Bo Cong An), which is responsible for the police and internal security. In light of his discoveries, Mack and dozens of human rights activists have to Cellebrite and Defense Ministry Director General Amir Eshel, who is directly responsible for monitoring the export of digital forensic technologies like the one being sold by Cellebrite.

Cellebrite, which announced in April that it , works with law enforcement agencies and has a long list of clients. Cellebrite’s flagship product is the Universal Forensic Extraction Device, or UFED, which enables law enforcement agencies to extract data from locked mobile phones in their possession. The company says it only sells the system to legitimate law enforcement agencies and defense forces, and has boasted that it is used to help with serious crimes like pedophilia and terror. However, investigations by Mack and others have revealed that many of its clients use it for other means, for example or pro-democracy and .
 A USB device is attached to Cellebrite's UFED TOUCH, a device to extract data from a mobile device
A USB device is attached to Cellebrite’s UFED TOUCH, a device to extract data from a mobile device. Signal’s founder revealed he cracked Cellebrite’s software and that it is exposed to manipulationCredit: Issei Kato/ REUTERS

Cellebrite operates with active support from the Israeli government, specifically the Defense Ministry, which supervises both defense exports and dual-use exports, including by cyber and tech companies.

This support is particularly relevant with regard to Vietnam, which not only buys arms and technologies from Israel, but is also licensed to produce Israel’s Tavor and Galil ACE rifles. Mack has detailed a long list of high-level visits and meetings to the country, including by senior Defense Ministry officials, former Prime Minister Benjamin Netanyahu and former President Reuven Rivlin.

Mack’s investigation into Cellebrite’s sales to Vietnam is just the latest of a series of probes in which he has shown that the company’s tools are legally sold to a long list of oppressive regimes and organizations under sanctions. These range from Russian investigative commissions that serve as tools to suppress opposition to President Vladimir Putin to the authorities in Hong Hong or even notorious police units in , Indonesia and other countries. Cellebrite has to China and Hong Kong as well as Russia and Belarus in wake of the revelations.

What’s wrong with Vietnam?

One of possible victims of the internal police’s use of the Israeli phone-hacking tech is not a journalist, or even an activist fighting for human rights. Rather, they are just someone who made a mistake.

To be clear, there’s no proof that Cellebrite’s technology was used to hack the phone of the defendant in this case – unlike other countries, the Vietnamese government doesn’t release information about its use of such tools. But the case does show the practices of one of the Israeli cyber industry’s satisfied customers.

The story begins in June 2018, when Lê Hong V, a Vietnamese citizen who lives near the border with Cambodia, got into an argument related to a cockfighting venue on the Cambodian side. The subject of the argument isn’t exactly clear, but he decided to get revenge on the person he was arguing with by scattering the flag of South Vietnam – that lost the civil war and is banned in the country – along the road to the cockfighting venue. On some of the flags, he also wrote slogans.

He had hoped the security services would respond by increasing their presence along the border and shutting down the business, at least from the Vietnamese side. But his plan failed spectacularly. Instead, he was arrested a few days later.

In November 2018, he was sentenced to five years in prison for having violated Article 117 of the penal code. That article forbids “producing, storing or disseminating information, documents or items intended to promote opposition to the Socialist Republic of Vietnam.” His motorcycle and cellphone were confiscated by the state; the other equipment used in the prank was destroyed.

’Protecting children’?

Despite the case cited above, most of the people prosecuted according to Article 117 and other similar provisions are bloggers, journalists, human rights activists, ethnic and religious minorities and farmers moved off their land to make way for development. The ministry responsible for enforcing all the provisions in question is the Public Security Ministry.

In his letter, Mack provided a great deal of evidence showing that several of Cellebrite’s UFED products have been sold to the Public Security Ministry and various police and investigative units subject to it ever since 2014.

He also discovered a company called HTI Group that provides technological tools and services to Vietnamese security agencies. This company is Cellebrite’s representative in Vietnam, and among the products and services it provides are Cellebrite tools, support for these tools and training in their use.

HTI Group is Cellebrite’s representative in Vietnam, and among the products and services it provides are Cellebrite tools, support for these tools and training in their use
HTI Group is Cellebrite’s representative in Vietnam, and among the products and services it provides are Cellebrite tools, support for these tools and training in their use

HTI Group also offers a service called UFED Premium, which is Cellebrite’s most advanced product. It’s a software service that allows users to hack even the newest devices, and it often makes use of zero-day exploits. These are exploits that haven’t yet been discovered by security researchers and smartphone developers, so there’s no defense at all against them.

This service can be combined with physical tools such as UFED Touch2 or UFED 4PC, a version of the software meant to be installed on computers.

So what’s the problem?

According to the World Bank, the economic and political reforms Vietnam carried out in the 1980s allowed it to grow by leaps and bounds over the past three decades. More than 45 million Vietnamese have risen above the poverty line during this time. From 2002 to 2018, its gross domestic product grew by a factor of 2.7. The country hasn’t even done badly against the severe blow of the coronavirus.

But while economic growth surged, the political reforms didn’t really improve the country’s human rights situation or relax repression by the ruling Communist Party. The aforementioned ministry and the police and investigative agencies it oversees are key tools in this repression. And, like every other repressive regime these days, Vietnam has also enthusiastically embraced advanced technology.

Unlike, say, China, Vietnam hasn’t kept technology giants like Facebook and Google out of the country. But various reports over the years have shown that these platforms have accommodated the government’s demands. Last December, Amnesty International leveled harsh criticism at Facebook and Google (which runs YouTube) over their policies in Vietnam.

Cellebrite video claiming it works 'for the victims'
Cellebrite video claiming it works ‘for the victims’ Credit: Screen capture

In recent years, several reports have been published about OceanLotus, a group of hackers connected to the Vietnamese government that operates against targets both within the country and outside it. In 2018, the Vietnamese army also set up a new unit called Force 47, whose roughly 10,000 members are responsible for the online battle over hearts and minds. This includes identifying people who criticize the country and promoting the “correct” opinions as defined by the party.

Even former U.S. President Barack Obama’s decision to ease the sanctions America had imposed on Vietnam since the Vietnam War, and then to remove the sanctions entirely in 2016, didn’t curtail political repression.

“The Obama administration’s optimism didn’t prove justified,” Mack wrote. “Given the continued deterioration of the human rights situation in Vietnam, bills have advanced in both the U.S. House of Representatives and the Senate since early 2019 denouncing the dictatorship and imposing new sanctions on it. The latest congressional proposal, from May 2021, includes a ban on doing business with the Public Security Ministry because of its involvement in surveillance and hacking.”

According to reports by the EU, the U.S. and international organizations like Amnesty and Human Rights Watch, the situation has only gotten worse since 2015. New laws, including Article 117 of the penal code, have further restricted freedom in Vietnam.

“The human rights situation here is very serious,” Vu Quoc Ngu, president of an organization called Defend the Defenders, told Haaretz. “Vietnam is signed on to a number of international agreements regarding human rights, but they are not respected. The regime jails activists that try to defend their rights and at least 260 people are currently under arrest – most of them are held only because of opinions or posts they wrote,” he said.

Several people who spoke with Haaretz said the regime has been targeting minorities like the Hmong and the mountain tribes known as Montagnards.

“Dictators don’t want people to trust each other,” Nguyen Dinh Thang, the executive director of the Boat People SOS aid and advocacy organization, said in a telephone conversation with Haaretz. “They don’t want connections. They don’t want organizations they don’t control.”

Mack’s letter listed some of the activists who have been arrested, harassed, tortured and jailed in Vietnam because they criticized bureaucrats, exposed corruption or sought to protect the environment. Among them was Can Thi Theu, who was sentenced in May to eight years in jail together with one of her sons, Trinh Ba T. Another son, Trinh Ba Phoung, is still on trial.

Can Thi Theu (R) with her son Trinh Ba T
Can Thi Theu (R) with her son Trinh Ba TCredit: Amnesty International

Can and her son were also convicted of violating Article 117, but their case is utterly different from that of the man who merely sought revenge as part of the cockfight dispute. In 2007, the government expropriated Can’s family farm, as well as the lands of many other residents of Dong Tam, a village west of Hanoi. As is true in many similar cases, the family and their neighbors received negligible compensation, and all their protests, petitions and demonstrations were to no avail.

Ever since, Can and her sons have been managing and documenting similar struggles elsewhere in Vietnam.

The case is chilling not only because Can, her family and other residents of the village were arrested due to Facebook posts, but also because of the original reason for their dispossession. Anyone who does a Google search for Dong Tam won’t find anything about the activists’ struggle or the village’s history on the first page, but mainly links to real estate developers promising luxury villas at a convenient distance from commercial centers and a huge mall.

One company even raffled off 20 new Mercedes cars to people who purchased its villas.

Many of those arrested and possibly targeted by the Israeli tech were thrown of their land in Vietnam for development purposes
Many of those arrested and possibly targeted by the Israeli tech were thrown of their land in Vietnam for development purposes Credit: Screen capture

The missing link

Unlike Russia or Indonesia, in the case of Vietnam no direct evidence was found for the use of Cellebrite devices against human rights activists, and it should be noted that it was not the only technology that Vietnam acquired for this purpose. This, however, does not change the fact that the organizations that purchased the technology serve as an arm of repression of the regime.

It is interesting to note that one of the reasons that it’s impossible to know whether Cellebrite’s devices were used in such investigations is that Vietnam’s Public Security Ministry operates in violation of local laws that requires the presence of the interrogatee and an additional witness, or at the very least two witnesses, when phones are broken into. That did not happen in any of these cases, and all of the activists who spoke with Haaretz reported similar interrogation techniques.

When interrogatees refuse to unlock their phones and computers themselves, their devices are seized. In some cases they are taken to a different room where they are broken into, and only afterward do the police offer to return them. According to Vu of Defend the Defenders, even in many of these cases the police refuse to return the devices until the interrogatees provide the password, in an attempt to conceal the practice. In other cases, as one of the researchers who worked on last year’s Amnesty report told Haaretz, the police officers simply refuse to return the devices.

Smartphones and computers have become a major target for ministry and the police units that are subordinate to it. “In recent years we have noticed a rise in the confiscation of cellphones, laptops and iPads by the police,” BPSOS head Nguyen said. “Without any warrant. They simply come and take.

“In other cases they summon someone to the police station on some pretext, such as ‘There was an accident, and the license number of the vehicle that was involved is similar to yours.’ When they arrive at the police station, they are taken in for interrogation and simply have their phone taken from them for a relatively brief period, and after the interrogation it is returned as if nothing happened,” Nguyen said. “In other cases they give the interrogatee a ride home, invite themselves in and confiscate additional cellphones, so the interrogatee doesn’t have a chance to hide the equipment or warn family members.”

Nguyen added that BPSOS assists local communities of ethnic minorities and religious communities to organize seminars on topics such as Vietnamese law – nothing that is meant to break the law, he stresses: “The courses are completely legitimate,” he said. In fact, the goal is to provide information that will help these communities to better deal with the legal system.

A digital forensic report, as seen on the website for Vietnam's Public Security Ministry
A digital forensic report, as seen on the website for Vietnam’s Public Security Ministry Credit: Screen capture

“We began to see how entire groups were leaving the courses, and we tried to find out why,” he said. “We discovered that one of the participants was interrogated, and his phone was taken. Afterward, people were interrogated one after another. In the end, no one was left,” Nguyen said. He added that the regime uses the information gathered from the phones to sow distrust and suspicion among communities of religious minorities, such as in churches or Buddhist sects that are not approved by the party, in ethnic minorities and even between friends.

Thus it is perhaps not surprising that this is what Can Thi Theu said in a video interview with The 88 Project in September 2019: https://youtu.be/4y6zslhq8pQ “What I’d like to see is everybody standing up together whenever the regime increases the pressure through arrests, oppression and arrests in order to rob the people of their means of livelihood, their rights. I’d like to see citizens unite to display our strength. That will speed up the changes, forcing the dictator to give back our rights.”

Cellebrite declined to comment for this article.
In a statement to Mack, the Defense Ministry said that it does not provide details about specific licenses, for security, political and strategic reasons. “As we have told you, the Defense Ministry reviews its policy periodically or in accordance with events, and applies its authority in accordance with need.”