Ethiopia Allegedly Used Spyware Against US-Based Journalists (Again)
by Lorenzo Franceschi-Bicchierai (Vice News)
Timeline of attacks against ESAT journalists
Early last year, a group of cybersleuths accused the Ethiopian government of using malware sold by an Italian surveillance company to spy on Ethiopian journalists based in the US.
But rather than cease their activities, the Ethiopian government is believed to have targeted the same journalists again, months later, using spyware from the same company according to a new report by researchers at the Citizen Lab—a digital watchdog group at the University of Toronto’s Munk School of Global Affairs.
These latest attacks came after the Ethiopian government denied having ever used spyware, and after Hacking Team claimed to have a system in place to prevent these abuses—or at least cease to support clients that are found to have carried out abuse.
Hacking Team has never confirmed nor denied that Ethiopia was or still is one of its clients. But researchers at Citizen Lab say the evidence they have proves exactly the opposite—that Ethiopia hasn’t given up on its attempts to intimidate and spy on journalists at the Ethiopian Satellite Television (ESAT), a news organization comprised mostly of expatriates that is often in the crosshairs of the government.
In fact, they believe Hacking Team is still supporting the country’s efforts, providing updated and harder to detect versions of its software—despite the company’s claims that it investigates any allegations of abuse. In its customer policy, Hacking Team says it is willing to take “appropriate action,” including refusal to provide support for its products, in cases of “gross human rights abuses.”
Citizen Lab researchers say these latest attacks suggest that Hacking Team’s software is still being used to target dissidents.
“Ethiopian journalists were targeted yet again with what appears to be Hacking Team’s spyware.”
“Ethiopian journalists were targeted yet again with what appears to be Hacking Team’s spyware—just months ago,” said Bill Marczak, who co-authored the report with John Scott-Railton and Sarah McKune. “Probably most people would look at this and say this is not something you classify as legitimate usage.”
Hacking Team, which Reporters Without Borders labelled as an “Enemy of the Internet,” is part of an ever-growing group of surveillance tech companies that market their products exclusively to governments, police departments, and spy agencies. Other well-known companies that have caught the attention of activists, researchers, and even WikiLeaks, include FinFisher and its parent company Gamma International, which also sell spyware, and VUPEN, which sells intelligence agencies secret software vulnerabilities known as “zero-day” exploits.
However, the company has always denied any accusations that it sells malware to repressive governments—even though Citizen Lab has previously detected what it believes to be Hacking Team software in use against local journalists in Morocco, and by the United Arab Emirates government against a prominent human rights activist.
Hacking Team claims its software, knows as Remote Control System (RCS), is simply a tool to help police forces around the world fight criminals in the digital age. RCS allows its operators to monitor a target’s computer or cellphone; can intercept and exfiltrate data such as passwords, emails, text messages and social media activities; and can surreptitiously enable a target’s microphone to listen in on calls, or turn on the target’s webcam.
But Cynthia Wong, a senior researchers at Human Rights Watch (HRW), said that Citizen Lab’s new report is evidence that Hacking Team “has ignored previous allegations that their product has been abused in Ethiopia.”
“This is not a new thing for Hacking Team,” said Wong, whose organization reached out to Hacking Team demanding explanations in light of the report. “They were notified last year that their product may have been misused. There are some questions they should answer.”
But Hacking Team, for now, is not answering them.
Reached by phone on Friday, company spokesperson Eric Rabe said he didn’t “really have a reaction” to the new report—and went on to dismiss Citizen Lab’s previous investigations.
“We’re aware of their work and have seen some of their past reporting, some of which it seems to be based on some nicely presented suppositions,” Rabe said.
Rabe declined to confirm or deny whether Ethiopia is a Hacking Team customer. Though the company has never disclosed its list of customers, Citizen Lab in another investigation claimed to have identified more than 20 of its clients. They allegedly include countries such as Azerbaijan, Kazakhstan, Saudi Arabia, and Sudan, which have poor human rights records.
“This is not a new thing for Hacking Team […] There are some questions they should answer.”
A report from HRW released in February called Ethiopia, “one of the world’s biggest jailers of journalists,” with 19 currently in prison, and accused the country of systematically assaulting independent voices.
Tesfaye Wolde, a spokesperson for the Ethiopian Embassy in Washington D.C., initially declined to comment. But when Motherboard sent Wolde a previous statement made by another embassy spokesperson last year—stating that Ethiopia “did not use and has no reason at all to use any spyware or other products provided by Hacking Team or any other vendor inside or outside of Ethiopia”—Wolde confirmed the statement was still correct.
“Yes! Sir! I agree with Wahide’s answer,” Wolde wrote in an email last week.
He did not answer further questions, only to say that Ethiopia “acts in compliance with its own laws and with the laws of nations.”