Read time: 3 minutes

UK criminal complaint over alleged Ethiopian digital spying

By , Editor, ITWeb Africa
Africa , 20 Feb 2014

UK criminal complaint over alleged Ethiopian digital spying

Watchdog group Privacy International has filed a criminal complaint in the UK alleging that Ethiopia has been spying on a political refugee’s digital communications.

Tadesse Kersmo, who is part of Ethiopian opposition group Ginbot 7, fled with his wife from Ethiopia to the UK in 2009 where they were granted asylum.

Kersmo left Ethiopia because of what Privacy International says was “constant surveillance and harassment” under the governing party rule of the Ethiopian People's Revolutionary Democratic Front (EPRDF).

But Ethiopia’s surveillance of Kersmo has allegedly crossed borders, says Privacy International.

Privacy International has made a criminal complaint to the UK’s National Cyber Crime Unit of the National Crime Agency urging them to investigate potentially unlawful interception.

After Kersmo became aware in April 2013 of a report published by Canada-based researchers Citizen Lab on a spyware campaign targeting Ginbot7 members via surveillance software FinSpy, Privacy International says that Kersmo then had his personal laptop analysed.

“A subsequent analysis by Privacy International and Bill Marczak, a research fellow at the Citizen Lab, of Mr Kersmo’s computer suggests that in June 2012, three years after escaping persecution, his computer appears to have been infected with the commercial surveillance spyware FinSpy,” says Privacy International in a statement released earlier this week.

Promotional material for FinFisher, also dubbed FinSpy, illustrates how it allows full access to a target’s infected device and everything within it.

The software is made by UK and German firm Gamma International and is further billed as being a governmental IT intrusion and remote monitoring solution.

And a Citizen Lab report, titled “You Only Click Twice: FinFisher’s Global Proliferation”, describes how pictures of Ginbot 7 members included in an email were used as bait to infect computers with FinSpy.

One of those pictures included in the email was that of Kersmo.

“This complaint, on behalf of a refugee alleging that he has been spied on in the UK using a FinFisher product, is the first of its kind, but builds on previous calls for investigations related to the alleged export of FinFisher to repressive regimes like that in Ethiopia,” says Privacy International.

A Citizen Lab report released in March last year pointed to how it found command and control servers for FinSpy backdoors in a total of 25 countries: Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.

However, in a Citizen Lab report released in April 2013 dubbed ‘For their Eyes Only: The Commercialisation of Digital Spying’, the research group identified FinFisher command and control servers in 11 additional countries: Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria and Austria.

In South Africa, two IP addresses belonging to the ADSL range registered by fixed line telecoms firm Telkom were found to host FinFisher command and control servers.

In May 2013, Telkom; though, told ITWeb Africa that “the IP addresses in question are part of a general dynamic pool of addresses and are not statically locked to a specific customer.”

“These IP addresses are randomly assigned when ADSL users initiate an internet session. The ADSL customers need not be direct customers of Telkom either, they could be accessing the internet via ADSL services acquired through other licensed operators that retail ADSL,” Pynee Chetty, Telkom’s senior media relations specialist, told ITWeb Africa in an emailed response at the time.

Daily newsletter