A report from Citizen Lab, published February 12th, state that numerous journalists working for the Ethiopian Satellite Television Service (ESAT), were targeted by a member of Ethiopia’s internal information security apparatus: the Information Network Security Agency (INSA).
ESAT is a network of independent Ethiopian expat journalists operating out of Alexandria, Virginia.
Both attacks appear to have been carried out using Hacking Team’s Remote Control System (RCS) spyware. According to the Hacking Team product website, this software “is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.”
What is most disturbing is that this sort of abuse should not even be possible using RCS because the Hacking Team’s Customer Policy clearly states that:
“We monitor the international geopolitical situation and we review potential customers before a sale to determine whether or not there is objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations.”
Ethiopia’s government is among the most oppressive political regimes on the African continent, only trailing Eritrea in its population of incarcerated journalists
Computers to be infected:Using RCS, the INSA could, in theory, be used to spy on the activities of ESAT journalists and lead authorities back to the journalist’s local sources. The target’s computer would of course first have to be infected with the RCS spyware. In this case, it came in the form of a bogus Word attachment sent to Managing Director of ESAT, Neamin Zeleke, in December of last year.
Citizen Lab’s report suggests that not only did Hacking Team not suspend its service to Ethiopia’s government following a similar attack back in 2013. The Italian firm may have even provided the INSA with software updates in the year since. This despite published accusations against the government agency by targeted journalists and the government’s long history of political repression. That’s a clear violation of the company’s internal policing policy.
This latest attack against US-based journalists might lead to some meaningful changes in the Italian company’s policy, but it remains to be seen.