Ethiopia: Intel Agency using Sophisticated surveillance tools

Washington (HAN) March 9, 2015 – Public Diplomacy and Expert Analysis, Your Power & Regional Influence Magazine. opinion By Andrea Peterson. She  covers technology policy for The Washington Post, with an emphasis on cyber-security, consumer privacy, transparency, surveillance and open government.
The Ethiopian government appears again to be using Internet spying tools to attempt to eavesdrop on journalists based in suburban Washington, said security researchers who call such high-tech intrusions a serious threat to human rights and press freedoms worldwide.

The journalists, who work for Ethiopian Satellite Television in Alexandria, Va., provide one of the few independent news sources to their homeland through regular television and radio feeds — to the irritation of the government there, which has accused journalists of “terrorism” and repeatedly jammed the signals of foreign broadcasters.

The struggle increasingly has stretched into cyberspace, where malicious software sold to governments for law enforcement purposes has been observed targeting the journalists, researchers said. The most recent documented case, from December, came several months after The Washington Post first detailed the government’s apparent deployment of the Internet spying tools, which though far cruder, offer some of the same snooping capabilities enjoyed by the National Security Agency and the intelligence services of other advanced nations.

“This is the second round of coordinated attempts at installing spyware so they can monitor our systems and uncover who our sources are inside of the Ethiopia,” said Neamin Zeleke, the managing director of Ethiopian Satellite Television, which is commonly known as ESAT. “This is a really tenacious attempt to crack down on freedom of expression.”

Zeleke became suspicious when a message arrived in his inbox in December with an attachment claiming to have information about upcoming elections. Normally, that’s the sort of information ESAT is eager to get its hands on: Ethiopia is ruled by a government notoriously unfriendly to the press — leaving much of the independent journalism on local affairs to outfits such as ESAT that operate outside of the country but rely on sources from inside Ethiopia.

But editors and reporters at ESAT have become wary of e-mails from unknown senders in recent years — and for good reason.

In 2013, the computer of one of Zeleke’s colleagues was infected with malware after the colleague opened what appeared to be a Microsoft Word file. They later learned that it was probably a commercial spying tool sold to governments around the world by the Italy-based vendor Hacking Team, according to researchers at Citizen Lab at the University of Toronto’s Munk School of Global Affairs.

So after receiving the recent suspicious e-mail, Zeleke said he forwarded it to the Citizen Lab researchers instead of opening the attachment.

The e-mail, along with other messages to Ethiopian journalists, show that Ethiopia appears to be continuing to wage a digital campaign against independent journalists — including some based within the United States — with the help of updated versions of Hacking Team software, according to the report’s authors Bill Marczak, John Scott-Railton and Sarah McCune.
Sophisticated surveillance tools on a budget

While the debate over cyberattacks has been dominated by disclosure about National Security Agency capabilities and alleged cyberespionage campaigns of Chinese and Russian hackers, a booming commercial spyware market has put high-tech surveillance tools within the reach of governments worldwide. In the hands of repressive regimes, this can mean a wave of cyberattacks on journalists, human rights workers and political activists.

The Internet, instead of being a tool for organizing and spreading information about government abuse, can become a tool for oppression able to even reach those who have fled the physical borders of a country.

And the latest Citizen Lab report suggests that Hacking Team may continue to support its software to nations even after abuse was identified.

Hacking Team declined to comment on whether it sells its services to Ethiopia. “We do not disclose the identities of clients nor their locations as a matter of policy,” company spokesperson Eric Rabe told The Post. “Obviously, clients demand confidentiality and require it in order to conduct legitimate legal surveillance of suspects in cases of crime, terrorism or other wrongdoing.”

The Ethiopian government also did not directly answer questions about whether it uses Hacking Team’s products. “Ethiopia acts in compliance with its own laws and with the laws of nations,” Tesfaye Wolde of the Ethiopian Embassy in Washington said in a statement.

Hacking Team investigates allegations of abuse, Rabe said. “In cases where we find that an agency is misusing our technology, we can take a variety of actions up to and including suspending support for the system.”
He did not say, though, whether those investigations have ever resulted in a country being cut off. “It can be quite difficult to determine facts, particularly since we do not operate surveillance systems in the field for our clients,” Rabe said. “Assertions that may seem perfectly obvious to some can be extremely difficult to actually prove.”

And activists are skeptical. “Hacking Team is one of the go-to companies of authoritarian regimes who absolutely need spying capabilities and don’t want to develop them on their own,” said Christopher Soghoian, a principal technologist at the American Civil Liberties Union.

The company’s signature product is its Remote Control System (RCS), which allows governments to hack into the computers of targets and gain almost complete control. “For a few hundred thousand dollars, they will give you the software you need to take over someone’s webcams, microphones, and access other sensitive information,” Soghoian said.

It’s this RCS malware that Citizen Lab says attackers appear to have tried to use against ESAT. “In this case, what we have is the same entity who attacked ESAT in 2013 attacking them in December of 2014 using Hacking Team’s software again,” Marczak, one of researchers, said. The malware linked back to the same sort of control infrastructure as the previous version, and researchers uncovered other evidence, including an encryption certificate, that tie it back to Hacking Team, according to Citizen Lab.

The malware was modified from the version used against ESAT journalists reported in February 2014 to avoid tools developed to help activists and journalists detect whether they had been infected by commercial spyware, Citizen Lab said. The modifications to the malware indicate that Hacking Team continued to provide support to the Ethiopian government even after The Post reported on the issue last year.

Rabe of Hacking Team said the company’s software is regularly updated for customers who are not in violation of its customer policy, which says the company will stop providing support to a client if it believes their software has been used to “facilitate gross human rights abuses.”
The use of Hacking Team software is a strong sign that the Ethiopian government was behind the attack, Marczak said.

“The software is sold exclusively to governments — and in the case of ESAT, it doesn’t seem like there’s anyone else who would be interested in targeting them beyond Ethiopia,” he said.

But there are other signs that point to Ethiopia — including Internet addresses used by the attacker that were linked to an Ethiopian telecom provider, researchers said, as well as links uncovered between the attacker and a computer that calls itself “INSA-PC,” a possible reference to the Ethiopian Information Network Security Agency, or INSA. Continue Part 2…..


The Geeska Afrika Online is Free government-funded. HAN (Horn of Africa newsline) shapes its editorial policy free from political and commercial influence.

Geeska Afrika Online (1985 -2015) – The International Gateway news and views about the Horn of Africa (Ethiopia, Eritrea, Somalia, Somaliland, Sudan, South Sudan, Djibouti, Kenya and Uganda), the best IGAD news and information Online Site for the last 30 Years.

HAN & Geeska Afrika Online (1985-2015), the oldest free independent Free Press in the region, brings together top journalists from across the Horn of Africa. Including Ethiopia, Somalia, Eritrea, Sudan, Djibouti, South Sudan, Uganda, Kenya, Oromo, Amhara, Somali, Afar and Harari. Plus, we have daily translations from 150 major news organizations in the Middle East and East African regions. Contact at