Over four months, our undercover reporter posed as a buyer for clients from countries like Iran and South Sudan.
The government of Ethiopia has “apparently” employed spyware purchased from an Israeli defence contractor to spy on independent journalists and dissidents living outside of the country, a recent report has revealed.
Israel’s CyberBit Solutions Ltd sold spyware to Ethiopia, which used the technology “to target activists and journalists, even PhD students and lawyers”, explained Bill Marczak, a researcher at the University of Toronto’s Citizen Lab, which wrote the report.
CyberBit, a cybersecurity company headquartered in Tel Aviv, is a subsidiary of Elbit Systems, an Israeli defence contractor with ties to the Israeli military.
Marczak told Al Jazeera at least 43 people in 20 different countries – including the US, UK, Canada, Germany, and Eritrea – were infected over the course of about a year with the CyberBit spyware, known as the PC Surveillance System (PSS).
The attacks were “apparently carried out by Ethiopia from 2016 until the present”, the report found.
“The pattern that we’ve seen is over the years the Ethiopian government [is] buying and acquiring this commercial spyware from pretty much all the companies it can … and employing that to essentially spy on the [Ethiopian] diaspora,” said Marczak, who coauthored the Citizen Lab report.
To infect the targeted computers, the operator of the spyware first sent an email asking activists and journalists to view a video on a website designed to impersonate popular Ethiopian and Eritrean video-sharing websites, Marczak explained.
Once someone clicked on the link, however, a message popped up saying their computer’s Flash Player was out of date.
A second link then would invite the user to download an updated version of the application, but used a fictitious application called “Adobe PdfWriter”. That’s when the spyware would be downloaded onto the victim’s computer.
The operator could then see every keystroke; take and save passwords; take over email accounts to target friends; view screens; turn on the computer’s microphone and webcam; and install or remove programmes, Marczak said.
Essentially, he noted, the operator would have “the same sort of level of control that you’d have as someone physically using the computer”.
Jawar Mohammed, an Ethiopian journalist based in the US state of Minnesota, told Al Jazeera he received an email that appeared strange.
He didn’t click on the link, but instead forwarded the email on to the IT department at his media group, which also said it was “suspicious”. Mohammed then contacted the Citizen Lab and they collaborated on the report into the spyware.
“I was not surprised that they would go after us, but I was surprised that the companies that produce this spyware … are willing to sell it to dictators that will use it against activists,” he said.
Mohammed is the executive director of the Oromia Media Network, a non-profit that reports on issues that matter to the Oromo people, an ethnic group that lives primarily in Ethiopia’s Oromia region.
The Oromo, who number approximately 35 million and constitute Ethiopia’s largest ethnic group, have staged widespread protests since late 2015.
While the protests originally stemmed from their opposition to a development project that would have expanded the boundaries of the capital, Addis Ababa, it grew into a demand for equal rights and an end to systemic discrimination.
Hundreds of thousands of Oromo protested throughout Oromia and “state security forces in Ethiopia have used excessive and lethal force against largely peaceful protests”, according to Amnesty International.
At least 800 people were killed in the government crackdown, Human Rights Watch has estimated, while thousands more have been injured, arbitrarily arrested, and detained without charge or trial.
If the attempt to spy on his communications had been successful, Mohammed said his reporters and sources in Ethiopia could have become targets of government persecution.
The attack, he said, “is a continuation of the government’s effort to silence and shut down the Oromo voice, the Oromo people’s fight for justice and equality”.
“These companies [that produce and sell the spyware] need to ensure that governments that have a bad reputation for spying on individuals, do not get ahold of this kind of software,” Mohammed continued.
“They are endangering a large number of people who have committed no crime except speaking up against human rights violations. All these companies need to be held accountable.”
Cyberbit “makes counter-surveillance and internet monitoring technology”, according to Privacy International, a UK-based group that defends the right to privacy.
A spokesperson for the company said its products are regulated by the Israeli Ministry of Defense in accordance with the Israeli Defense Export Control Law and international treaties.
“State entities that purchase these products are obligated to use them in accordance with the applicable law. Cyberbit Solutions does not operate the products,” Hila Gabay told Al Jazeera in an email.
“Cyberbit Solutions is subject to confidentiality obligations towards its customers and is not permitted to discuss any specific transaction or customer.”
On its website, Cyberbit lists Israeli bank Leumi, Samsung SDS (a Samsung subsidiary), Hewlett Packard Enterprise (which split off from Hewlett Packard in 2015), German science-and-technology firm IABG, and Regent University in the US state of Virginia among its “strategic partners and customers”.
Israel is home to the headquarters of 27 surveillance companies, making it among the top five countries worldwide alongside the United States, United Kingdom, France and Germany, according to a 2016 Privacy International report.
But Israel has the highest concentration of surveillance companies per capita, with 0.33 companies per 100,000 people, compared with 0.04 in the US and 0.16 in the UK, the report found.
Privacy International investigations have revealed that Israeli companies sold telephone and internet-monitoring technology to secret police in Uzbekistan and Kazakhstan, and to security forces in Colombia, Uganda and Trinidad and Tobago.
“It is unclear how high a priority is placed on the consideration of human rights within decision-making in Israel’s government when it comes to licensing exports of strategic goods. A recent amendment to export licensing rules that would have put the consideration of human rights records into law was rejected by the foreign ministry,” the group noted.
In a letter to the Citizen Lab, Adobe – whose PDF editing software was imitated in the spyware emails – said it has “taken steps to swiftly address this issue, including but not limited to contacting Cyberbit and other relevant service providers”.
The company called the issues raised by the research “troubling” and said it works “to try to protect our users from the misuse and misrepresentation of our brands – especially where used to deceive others in downloading malicious software”.
However, according to Marczak, the problem with the commercial spyware industry is it is “not very well regulated” in terms of export controls, or ways to hold companies accountable for a range of actions, “whether it’s targeting people in an abusive way or … designing products to impersonate brands”.
Spyware is becoming increasingly widespread, he added, and companies are showcasing their products at arms fairs and surveillance industry conventions around the world, among other places.
Marczak said he hoped bringing attention to how these surveillance technologies are being used will apply pressure on companies.
“Certainly bringing this issue to the public attention over and over will hopefully push regulatory agencies to take a closer look here [and] push lawmakers to take a closer look here,” he said.
Al Jazeera’s request for comment from Ethiopia’s Government Communication Affairs Office was not immediately answered on Monday.