By Abdi Ali
Published December 7, 2017
Ethiopian authorities are abusing commercial spyware to monitor government critics both at home and abroad.
A rights body, Human Rights Watch (HRW) calls upon Ethiopia to “cease digital attacks on activists and independent voices.”
“The Ethiopian government has doubled down on its efforts to spy on its critics, no matter where they are in the world,” says Cynthia Wong, senior internet researcher at HRW. “These attacks threaten freedom of expression and the privacy and the digital security of the people targeted.”
HRW quotes Citizen Lab, an independent research group operating out of Toronto in Canada, as having published a technical analysis On December 6, 2017 showing renewed government malware campaign aimed at activists and political opponents.
Starting in 2016, the Citizen Lab report identified several targets who received phishing emails. Identified targets were commentators on Ethiopian affairs, who received emails that were tailored to their interests. The emails invited the targets to download and install a software update, which contained malware, to view the content. The phishing attacks, if successful, would have infected their personal computers with spyware. The Citizen Lab report also uncovered dozens of successfully infected devices belonging to other targets in 20 countries, including in the US, UK, Eritrea, Canada, and Germany.
Citizen Lab’s analysis of the attacks and log files, HRW says, places the operator inside Ethiopia and links the software to Cyberbit, an Israel-based cybersecurity company. The company is a wholly owned subsidiary of Elbit Systems, an Israel-based defense company. The analysis suggests that the spyware in use is Cyberbit’s PC Surveillance System (PSS), which the company may have recently rebranded as PC 360.
Cyberbit’s marketing materials describes PSS as a “comprehensive solution for monitoring and extracting information from remote [personal computers].”
Once a computer is infected, HRW says, the spyware’s operator would gain access to virtually any information available on the device, including files, browsing history, passwords, emails, and what the target types into the computer. The spyware can also take screen shots and activate a computer’s microphone and camera for live surveillance. The marketing materials indicate that PSS was created for law enforcement and intelligence agencies to “reduce crime” and “prevent terrorism.”
Citizen Lab’s report also identifies potential Cyberbit product demonstrations to possible clients in several other countries, including Kazakhstan, Nigeria, the Philippines, Rwanda, Serbia, Thailand, Uzbekistan, Vietnam, and Zambia.
This is the third known spyware vendor that the Ethiopian government has engaged since 2013, HRW says.
HRW previously reported about Ethiopia’s use of malware sold by UK/Germany-based Gamma International (reorganized as FinFisher) and Italy-based Hacking Team to target journalists and activists in the Ethiopian Diaspora. Authorities continued to misuse Hacking Team’s product through at least 2015, when a widely covered breach of the company’s corporate data confirmed its business in the country.
Spyware companies often market their products to government agencies tasked with fighting crime or preventing terrorism. However, the Ethiopian government has a documented history of abusing its counterterrorism laws to target journalists, bloggers, protesters, and government critics.
HRW appeals to Cyberbit to “immediately investigate misuse of its products by Ethiopian authorities, publicly disclose its findings, and end any plans for future sales and any ongoing support it may be providing.”
Saying “Spyware should be kept far from known human rights abusers,” Wong argues that “It is troubling if Israeli authorities allowed the sale of Cyberbit’s spyware to Ethiopian security agencies, given their established record of using malware to violate rights.”