Here we go again with TPLF's paranoia extending thousands of miles away as if what's doing isn't enough at home which it is good at it; SPYING. TPLF-led rulers of Ethiopia are spending billions of Tax payers' and donors' money in a country which has the lowest internet penetration (1%) even in Sub-Saharan African standards, on digital censorship and spying on everybody they deem to be their perceived or/and virtual enemy. At this moment, Ethiopians are suffering from lack of basic services (water, fuel, power, including internet networking) while TPLF and co are on this ridiculous project which should have been directed to improve the lives of millions of citizens. The following detailed research was made by foreign nationals who have no business or other interests as far as Ethiopia concerned; they are concerned international citizens who are trying to show their solidarity to Ethiopian people whose voice is being muffled and silenced by the regime alarmingly.
Mesay
Mekonnen was at his desk, at a news service based in Northern
Virginia, when gibberish suddenly exploded across his computer screen
one day in December. A sophisticated cyberattack was underway.
But
this wasn’t the Chinese army or the Russian mafia at work.
Instead,
a nonprofit research lab has fingered government hackers in a much
less technically advanced nation, Ethiopia, as the likely culprits,
saying they apparently used commercial spyware, essentially bought
off the shelf. This burgeoning
industry is making surveillance capabilities that once were the
exclusive province of the most elite spy agencies, such as National
Security Agency, available to governments worldwide.
The
targets of such attacks often are political activists, human rights
workers and journalists, who have learned that the Internet allows
authoritarian governments to surveil and intimidate them even after
they have fled to supposed safety.
That
includes the United States, where laws prohibit unauthorized hacking
but rarely succeed in stopping intrusions. The trade in spyware
itself is almost entirely unregulated, to the great frustration of
critics.
“We’re
finding this in repressive countries, and we’re finding that it’s
being abused,” said Bill Marczak, a research fellow for Citizen Lab
at the University of Toronto’s Munk School of Global Affairs, which
released a report Wednesday. “This spyware has proliferated around
the world . . . without any debate.”
Citizen
Lab says the spyware used against Mekonnen and one other
Ethiopian journalist appears to have been made by Hacking Team, an
Italian company with a regional sales office in Annapolis. Its
products are capable of stealing documents from hard drives, snooping
on video chats, reading e-mails, snatching contact lists, and
remotely flipping on cameras and microphones so that they can quietly
spy on a computer’s unwitting user.
Some
of the targets of recent cyberattacks are U.S. citizens, say
officials at Ethiopia Satellite Television’s office in Alexandria,
where Mekonnen works. Others have lived in the United States or other
Western countries for years.
“To
invade the privacy of American citizens and legal residents,
violating the sovereignty of the United States and European
countries, is mind-boggling,” said Neamin Zeleke, managing director
for the news service, which beams reports to Ethiopia, providing a
rare alternative to official information sources there.
Citizen
Lab researchers say they have found evidence of Hacking Team
software, which the company says it sells only to governments, being
used in a dozen countries, including Uzbekistan, Kazakhstan, Sudan,
Saudi Arabia and Azerbaijan.
The
Ethiopian government, commenting through a spokesman at the embassy
in Washington, denied using spyware. “The Ethiopian government did
not use and has no reason at all to use any spyware or other products
provided by Hacking Team or any other vendor inside or outside of
Ethiopia,” Wahide Baley, head of public policy and communications,
said in a statement e-mailed to The Washington Post.
Hacking
Team declined to comment on whether Ethiopia was a customer, saying
it never publicly confirms or denies whether a country is a client
because that information could jeopardize legitimate investigations.
The company also said it does not sell its products to countries that
have been blacklisted by the United States, the United Nations and
some other international groups.
 |
| Neamin Zeleke, Managing director-ESAT |
“You’ve
necessarily got a conflict between the issues around law enforcement
and the issues around privacy. Reasonable people come down on both
sides of that,” said Eric Rabe, a U.S.-based senior counsel to
Hacking Team. “There is a serious risk if you could not provide the
tools that HT provides.”
The
FBI, which investigates computer crimes, declined to comment on the
Citizen Lab report.
Allegations
of abuse
Technology
developed in the aftermath of the Sept. 11, 2001, terrorist attacks
has provided the foundation for a multibillion-dollar industry with
its own annual conferences, where firms based in the most developed
countries offer surveillance products to governments that don’t yet
have the ability to produce their own.
Hacking
Team, which Reporters Without Borders has named on its list of
“Corporate Enemies” of a free press, touted on its Web site that
its “Remote Control System” spyware allows users to “take
control of your targets and monitor them regardless of encryption and
mobility. It doesn’t matter if you are after an Android phone or a
Windows computer: you can monitor all the devices.”
Hacking
Team software has been used against Mamfakinch,
an award-winning Moroccan news organization, and Ahmed
Mansoor, a human rights activist in the United Arab Emirates who
was imprisoned after signing an online political petition, Citizen
Lab reported. Another research group, Arsenal Consulting, has said
Hacking
Team software was used against an American woman who was critical
of a secretive Turkish organization that is building schools in the
United States.
Such
discoveries have sparked calls for international regulation of
Hacking Team and other makers of spyware, which typically costs in
the hundreds of thousands of dollars, according to experts.
By
selling spyware, “they are participating in human rights
violations,” said Eva
Galperin, who tracks spyware use for the Electronic Frontier
Foundation, a civil liberties group based in San Francisco. “By
dictator standards, this is pretty cheap. This is pocket change.”
Rabe,
the Hacking Team official, said that the company does not itself
deploy spyware against targets and that, when it learns of
allegations of human rights abuses by its customers, it investigates
those cases and sometimes withdraws licenses. He declined to describe
any such cases or name the countries involved.
Ethiopian
Satellite Television, typically known by the acronym ESAT, started in
2010 and operates on donations from members of the expatriate
community. The news service mainly employs journalists who left
Ethiopia in the face of government harassment, torture or criminal
charges. Though avowedly independent, ESAT is viewed as close to
Ethiopia’s opposition forces, which have few other ways of reaching
potential supporters.
Despite
the nation’s close relationship with the U.S. government —
especially in dealing with unrest and Islamist extremism in
neighboring Somalia — the State Department has repeatedly detailed
human rights abuses by the Ethiopian government against political
activists and journalists. There has been little improvement,
observers say, since the 2012 death of the nation’s longtime ruler,
Meles
Zenawi.
“The
media environment in Ethiopia is one of the most repressive in
Africa,” said Felix Horne, a researcher for Human Rights Watch.
“There are frequent cases of people who have spoken to journalists
being arrested. There’s very little in the way of free flow of
information in the country. The repressive anti-terrorism law is used
to stifle dissent. There are a number of journalists in prison for
long terms for doing nothing but practicing what journalists do.”
Taking
the bait
Mekonnen
was wary as soon as he received a document, through a Skype chat with
a person he did not know, on Dec. 20. But the file bore the familiar
icon of a Microsoft Word file and carried a name, in Ethiopia’s
Amharic language, suggesting that it was a text about the ambitions
of a well-known political group there. The sender even used the ESAT
logo as his profile image, suggesting the communication was from a
friend, or at least a fan.
When
the screen filled with a chaotic series of characters, Mekonnen knew
he had been fooled — in hacker jargon, he had taken “the bait”
— yet it wasn’t clear what exactly was happening to his computer,
or why.
That
same day, an ESAT employee in Belgium also had received mysterious
documents over Skype chats. Noticing that the files were of an
unusual type, he chose not to open them on his work computer.
Instead, the ESAT employee uploaded one of the files to a Web site,
VirusTotal, that scans suspicious software for signs of their origins
and capabilities.
That
Web site also has a system to alert researchers when certain types of
malicious software are discovered. Marczak, the Citizen Lab
researcher, who had been tracking the spread of spyware from Hacking
Team and other manufacturers, soon got an e-mail from VirusTotal
reporting that a suspicious file had been found, carrying telltale
coding.
Marczak,
a doctoral student in computer science at the University of
California at Berkeley, had worked with members of the Ethiopian
community before, during an attempted hacking incident last April.
When he received the alert from VirusTotal, he got in touch with
ESAT’s offices in Alexandria and began looking for signs of Hacking
Team software on the news service’s computers. He was eventually
joined in the detective work by three other researchers affiliated
with Citizen Lab, Claudio Guarnieri, Morgan Marquis-Boire and John
Scott-Railton. They did not detect an active version of the spyware
on Mekonnen’s computer, suggesting it had failed to activate
properly or was removed by the hackers who deployed it. But when
Citizen Lab analyzed the file itself — still embedded in Mekonnen’s
Skype account — its coding tracked closely to other Hacking Team
spyware, Marczak said.
The
Citizen Lab team found that the spyware was designed to connect to a
remote server that used an encryption certificate issued by a group
listed as “HT srl,” an apparent reference to Hacking Team. The
certificate also mentioned “RCS,” which fits the acronym for the
company’s “Remote Control System” spyware.
The
researchers discovered a similar encryption certificate used by a
server whose IP address was registered to Giancarlo Russo, who is
Hacking Team’s chief operating officer. The phone number and
mailing address associated with that server’s IP address matched
the company’s headquarters in Milan, Citizen Lab said.
The
evidence of Ethiopia’s involvement was less definitive — as is
common when analysts attempt to learn the origin of a cyberattack —
though the Citizen Lab researchers express little doubt about who was
behind the attack. The document that Mekonnen downloaded, they noted,
had a title in Amharic that referred to Ethiopian politics, making
clear that the attackers had deep knowledge of that country.
In
addition, few governments have enough interest in Ethiopian politics
to deploy a sophisticated spyware attack against journalists covering
the country, Marczak said. “I can’t really think of any other
government that would like to spy on ESAT.”
The
biggest fear among journalists is that spies have accessed sensitive
contact lists on ESAT computers, which could help the government
track their sources back in Ehiopia
“This
is a really great danger for them,” Mekonnen said.
Source: The Washington Post
No comments:
Post a Comment