Posted by admin|December 7, 2017|Comments Off on Exposed: Ethiopia’s nefarious, comically bungled spyware campaign (Ars Technica)
Publicly traded company helps country spy on critics, no questions asked.
Researchers have uncovered a nefarious but comically incompetent spyware campaign that’s targeting Ethiopian dissidents in the US, UK, and other countries.
A by the University of Toronto’s Citizen Lab said the campaign, which has operated for at least 14 months, is carried out using hacking tools sold by Cyberbit, a wholly owned subsidiary of , an Israeli company whose . Log files left unprotected on the Internet showed people inside Ethiopia using the spyware in an attempt to surreptitiously surveil journalists, researchers, and activists in 20 countries.
The report is the latest to expose the shady world of commercial spyware, which often sells potent hacking tools to countries with known human rights abuses. Previous companies caught selling surveillance wares to rogue nations include , , and . Use of Elbit-owned Cyberbit tools to spy on Ethiopian dissidents all but confirms the Israeli company does the same thing.
In Wednesday’s report, Citizen Lab researchers wrote:
As a provider of powerful surveillance technology, Cyberbit has the responsibility under both Israel’s export control regime as well as the to concern itself with the potential for human rights abuses facilitated through use of its product. The fact that PSS wound up in the hands of Ethiopian government agencies, which for many years have demonstrably misused spyware to target civil society, raises urgent questions around Cyberbit’s corporate social responsibility and due diligence efforts, and the effectiveness of Israel’s export controls in preventing human rights abuses.
Confidential video made public
In October 2016, Ethiopian activist Jawar Mohammed received an email asking for comment on a video posted to a page that impersonated a legitimate video website in Eritrea, a country that borders Ethiopia. Code hosted on the page checked to see if Windows computers used an outdated version of Adobe’s Flash Player. If it did, the page redirected the browser to a page on getadobeplayer[.]com, which offered a genuine Flash update that was bundled with spyware called PC Surveillance System from Cyberbit. Mohammed forwarded the email to Citizen Lab, which has monitored the campaign for more than a year. Other targets included a US-based media outlet that serves , a PhD student and a lawyer who have both worked on Oromo issues, and Citizen Lab Research Fellow Bill Marczak.
As Citizen Lab began to investigate the campaign, researchers soon discovered that servers used to communicate with machines infected with PC Surveillance System hosted publicly readable log files that detailed the activity of both operators and targets. The logs showed that the people operating the malware used IP addresses local to Ethiopia and that targets included various Eritrean companies and government agencies. The publicly accessible files also tracked Cyberbit employees as they traveled throughout the world with infected demonstration PCs. IP addresses showed the demo PCs connecting from countries with authoritarian records, including Nigeria, Rwanda, Uzbekistan, Zambia, and the Philippines.
This is not the first time the Ethiopian government has been accused of using spyware to surveil critics. In 2015, Citizen Lab . Two years earlier, Citizen Lab reported .
Not our job
In a , an unnamed Cyberbit official defended the company, in part by saying it operates within the “strict regulations” of Israeli law.
“Cyberbit Solutions offers its products only to sovereign governmental authorities and law enforcement agencies,” the letter, headed “Re: Your Letter Dated November 29, 2017,” stated. “Such governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions. Cyberbit Solutions products greatly contribute to national security and law enforcement where its products are used.”
A Wednesday op-ed in Wired, written by Citizen Lab Director Ron Deibert and headlined “” called for “legal and policy efforts across multiple jurisdictions to combat the runaway problem. Regulation is almost always an imperfect remedy, but given the no-questions-asked approach of Cyberbit and many of its competitors, it’s arguably better than what we have now.”
