Ethiopian government using commercial spyware to target journalists abroad: Citizen Lab report

Mon, 2015-03-09 20:39

The Ethiopian government has again been caught employing the use of infectious malware as part of its continued attempts to surveil Ethiopian journalists, a new Citizen Lab report finds.

The report, based on research from current Information Controls Fellow Bill Marczak and Citizen Lab colleagues John Scott-Railton and Sarah McKune, shows that Ethiopian Satellite Television Service (ESAT) journalists have been attacked with spyware that would allow Ethiopian authorities to remotely monitor the journalists’ computer online activity. This research documenting how targeted malware is utilized by repressive regimes to silence defenders of free expression is directly supported by the Open Technology Fund’s Information Controls Fellowship Program.

“We have documented a year-long campaign of spyware attacks against journalists at ESAT,” the report states.

The unsuccessful attacks used Remote Control System (RCS) spyware produced by the commercial surveillance software company Hacking Team. Hacking Team appears to have sold their services to the Ethiopian government, who in turn used the RCS malware to target ESAT, “a nonpartisan, independent media outlet established to promote free press, democracy, respect for human rights and the rule of law in Ethiopia.” Citizen Lab has reported extensively on Hacking Team-produced RCS spyware attacks conducted by state actors in the past, including attacks led by the governments of Ethiopia, Turkey, and Egypt.

“This is the second round of coordinated attempts at installing spyware so they can monitor our systems and uncover who our sources are inside…Ethiopia. This is a really tenacious attempt to crack down on freedom of expression,” ESAT managing director Neamin Zeleke told The Washington Post.

ESAT operates in exile, away from the state’s scrutiny and abuse: many ESAT employees have fled Ethiopia “in the face of government harassment, torture or criminal charges.” ESAT journalists believe the government is seeking to monitor their activity in order to learn the identities of ESAT sources inside Ethiopia, with the distinct possibility that they could face harsh retribution.

Citizen Lab’s findings indicate that ESAT journalists have been the targets of ongoing attacks dating back to at least December 2013. The new report focuses specifically on three instances that occurred in November and December 2014, in which ESAT managing director Neamin Zeleke was the recipient of an email-based attack. The perpetrators are believed to be state-sponsored, with the government’s Ethiopian Information Network Security Agency (INSA) particularly culpable.

Check out the full Citizen Lab report.

Coverage from Human Rights WatchMotherboard, and Washington Post.