Researchers from the University of Toronto’s amazing Citizen Lab (previously) have published a new report detailing the latest tactics from the autocratic government of Ethiopia, “the world’s first turnkey surveillance state”
whose human rights abuses have been entirely enabled with software and
expertise purchased on the open market, largely from companies in
western countries like Finfisher and Hacking Team.
In Champing at the Cyberbit,
Citizen Lab researchers Bill Marczak, Geoffrey Alexander, Sarah McKune,
John Scott-Railton, and Ron Deibert disclose how malware developed and
sold by the Israeli company Cyberbit (a subsidiary of Elbit) was used to
attack members of the Ethiopian opposition, including political exiles
in the USA and elsewhere who were forced to leave Ethiopia in fear of
their lives.
Citizen Lab also determined that the malware servers used to effect
these attacks were actively operated and managed by Cyberbit – in other
words, they actively colluded in the use of their products to attack
journalists and peaceful democratic opposition figures on behalf of a
tyrannical regime.
Cyberbit also targeted Citizen Lab researcher Bill Marczak.
Citizen Lab was able to assemble a complete picture of the illegal
surveillance that Cyberbit effected on behalf of Ethiopia because
Cyberbit failed to secure its servers; once Citizen Lab discovered them,
they were able to browse all the surveillance data that Cyberbit’s
malware had extracted from its victims.
Citizen Lab also used Cyberbit’s publicly readable data to track where
the company had demonstrated its products and determined that the
company was making sales calls in many failed and autocratic states,
including Rwanda, Nigeria, Zambia, Vietnam, Thailand, Uzbekistan,
Kazakhstan, and The Philippines.