Ethiopia continues malware attacks on activists and dissidents, including Eritrea

Report: Ethiopia continues malware attacks on dissidents in other countries

አthiopia has continued its targeted malware attacks on activists and dissidents, including the Oromia Media Network (OMN) in the United States, according to a report released Wednesday by Citizen Lab.

The digital experts at the lab, based at the Munk School of Global Affairs at the University of Toronto, analyzed use of spyware called PC Surveillance System (PSS) or PC 360, a product sold by an Israeli cybersecurity firm to law enforcement and intelligence agencies. Citizen Lab traced the use of PSS originating in Ethiopia to target ISP addresses in some 20 countries, including Eritrea’s government.

“This report describes how Ethiopian dissidents in the US, UK, and other countries were targeted with emails containing sophisticated commercial spyware posing as Adobe Flash updates and PDF plugins,” the Citizen Lab researchers said. “Targets include a US-based Ethiopian diaspora media outlet, the Oromia Media Network (OMN), a PhD student, and a lawyer. During the course of our investigation, one of the authors of this report was also targeted.”

The findings were based on monitoring conducted by the research team for more than a year. Other countries in which Citizen Lab found infected devices included Egypt, Ethiopia itself, Kenya, Rwanda, South Sudan and Uganda. The OMN in the U.S. was targeted as recently as November 22, Citizen Lab said.

Jawar Mohammad, executive director of OMN and a highly visible Oromo activist, was charged in absentia for terrorism-related activity in Ethiopia earlier this year. His case was rolled into that of exiled opposition leader Berhanu Nega and longtime Oromo leader Dr. Merera Gudina, who has remained in prison for more than a year after returning to Ethiopia from Brussels in November 2016.

A U.S. court case, Kidane v. Ethiopia, was based on whether Ethiopia was accountable for illegal spying beginning as early as 2012 that relied on state-sponsored malware to infect the home computer of an Ethiopian American. More information about that case is available from the Electronic Frontier Foundation (EFF). In 2015, Citizen Lab also found that Ethiopian intelligence was targeting Ethiopian Satellite Television Service (ESAT), another US-based media outlet, and Oromo and other dissidents with FinSpy products.

A 2014 Human Rights Watch report documented Ethiopia’s use of surveillance technology, which it attempts to justify as a security or anti-violence measure against its own citizens. The complete HRW “They Know Everything We Do” report is available at this link.