Tag Archives: FinFisher

Ethiopia: full online powers

The Information Network Security Agency (INSA)

Created in 2011 with “Secured Cyber for Peace Development and Democracy” as its official motto and revamped in 2013, the INSA is at the forefront of the Ethiopian government’s Internet control and censorship strategy. Billed as the ultimate rampart against external attacks on Ethiopia’s national security, in practice it uses aggressive spyware to monitor news sites and dissident sites, suppress independent reporting and impose the regime’s monolithic views.

INSA – NSA copycat

The INSA is an independent government agency that was created by the Ethiopian parliament in 2011 and revamped in 2013 by means of a legislative proclamation. Its mandate is to protect the country’s vital transport, energy, aviation, communication and critical infrastructures from electronic attacks aimed at disabling and/or disrupting or destroying them. Its expanded duties since December 2013 include developing offensive capabilities, launching counter-attacks if and when needed in self-defence, and developing information communication technology tools for the government to systematize and standardize information documentation as well as cater to other ICT needs.

In practice, the INSA has extensive access to the country’s computer and information network infrastructure. Thanks to the 2013 proclamation, it is empowered to investigate computers, networks, the Internet, radio and television, and social media (such as Facebook) for possible “damage to the country’s social, economic, political and psychological well-being.” The justification given for these enhanced powers is that most infrastructures are now subject to computerized control and therefore social media, outlets, blogs and other Internet media are potentially able to instigate conflicts or war. In fact, the INSA also uses its mandate to monitor and control dissent online and on phone networks, in violation of users’ privacy.

Its controlling capabilities are facilitated by the very low level of connectivity in Ethiopia. Although the government has undertaken major infrastructural initiatives in many areas, Ethiopia remains one of the least connected countries in Africa, with only 1% of Ethiopians having access to the Internet. This seems largely due to the monopoly position of the state-owned telephone and Internet service provider, Ethio Telecomm. Because of its monopoly, Internet access is costly, very slow and unreliable, and there is limited coverage outside of the capital, Addis Ababa.

Intruding with complete impunity

As well as de facto absolute technical control, the INSA’s work is facilitated by the overall political climate and an array of controlling legislation.

While the Ethiopian authorities claim that they practice no more than “limited online surveillance,” the total lack of checks and balances in the Ethiopian governmental system undermines the credibility of this claim. The government clearly sees the Internet as a powerful tool that should be kept under control and, thanks to the INSA’s broad mandate, it can engage in intrusive actions that violate privacy laws and free speech with complete impunity.

On the legislative front, the INSA is buttressed by the July 2012 Proclamation on Telecom Fraud Offences (article 6), which extended the very controversial 2009 Anti-Terrorism Proclamation and the Criminal Code to include electronic communication. Officially aimed at protecting the state’s monopoly of telecommunications and safeguarding national security, it violates international standards on the right to freedom of expression and information, especially as it does not define the “national security” it is supposed to protect. This proclamation is also worrying for its lack of clarity on the range of offences that are criminalized. Its criminalization of unofficial VoIP communications caused so much concern that the government was forced to issue a statement promising that Skype would not fall under its purview and that it would not be used to prosecute anyone using free Internet software to make and receive calls. Nevertheless
the threat remains as the proclamation was signed into law without a written amendment.

China to the rescue

The INSA is known to use spyware and other kinds of software to monitor and censor the online activities of Ethiopian citizens, whether social activists, opposition members or journalists. At one point, the Ethiopian government considered putting network security and content surveillance out to bid, but finally decided to let the INSA handle all of these duties using Chinese technology. To this end, the government signed an 800-million US dollar contract in August 2013 with ZTE, a Chinese telecom giant that is banned in the United States for alleged hacking of Internet systems and theft of intellectual property. It has also been banned from public bidding in Australia and its contracts have come under scrutiny in Britain.

There have been many credible reports, notably from academic research centres, that the INSA has for several years been using Deep Packet Inspection (DPI), an advanced network filtering method, to selectively target data traffic. In May 2012, it blocked access to the ToR browser, which is used to access sites anonymously. The INSA has proved to have a significant technical arsenal for targeting and swiftly removing specific, politically-sensitive websites and web pages, censoring content deemed hostile to the regime and intercepting Internet-based voice communication.

According to Freedom House, Gamma International provided Ethio Telecom with its commercial spyware toolkit FinFisher from April to July 2012. FinFisher can be used to secretly monitor computers, turn on webcams, record everything a user types with a key logger and intercept Skype calls. According to Citizen Lab, FinFisher was used in March 2013 against suspected government opponents, ensnaring them by means of fake Facebook accounts or pictures of Ginbot 7, a persecuted political opposition group.

According to industry sources contacted by Freedom House, INSA technicians have used software that masks the user’s identity to gather personal passwords and usernames.

Although there seem to be no hard and fast rules as to which websites should be blocked or allowed, the common denominator seems to be the expression of any kind of political dissent or criticism of the regime. The most obvious censorship method is “untransparent” blocking, in which a requested a web page appears as “Not Available” instead of saying it has been blocked.

Tapped, read, convicted

Many journalists and dissidents claim to have had their phones intercepted and their emails read. They have no hard evidence but their claims are supported by the evidence presented in the trials of several journalists in 2012.

Telephone conversation intercepts and illegally obtained emails were used, for example, in the trial of Feteh columnist Reeyot Alemu, who was sentenced to 14 years in prison. Information posted and intercepted online was also used as grounds for sentencing two exile journalists, Mesfin Negash and Abiye Teklemariam, to eight years in prison in absentia in connection with the information they posted on their website, Addis Neger Online, about the US-based opposition group Ginbot 7.

Three other exile journalists were convicted in absentia in connection with their work for Ethiopian Satellite Television Service (ESAT), an independent satellite TV, radio and Internet news service run by Ethiopian diaspora members from headquarters in the Netherlands. Often critical of the Ethiopian authorities, ESAT is regarded by the government at “the mouthpiece of the terrorist organization Ginbot 7.” Fasil Yenealem was sentenced to life imprisonment while Abebe Gellaw of US-based Addis Voice and Abebe Belew of the US-based Internet radio Addis Dimts were each sentenced to 15 years in prison.

Already jammed from within Ethiopia several times in the past few years, ESAT was hacked three times in the space of two hours on 20 December 2013 with sophisticated computer spyware that targeted two ESAT employees. Designed to steal files and passwords, and intercept Skype calls and instant messages, the spyware used an IP address belonging to Ariave Satcom, a satellite provider that services Africa, Europe and Asia. In each case, the spyware appeared to be Remote Control System (RCS), which is sold exclusively to governments by Milan-based Hacking Team. Reporters Without Borders named Milan Hacking Team as one of the corporate “Enemies of the Internet” in its 2013 report.