U.S. citizen opposed to Ethiopian regime hacked by the country’s spies
Nonprofit // United States
An American originally from Ethiopia alleges foreign government agents infected his computer with “FinSpy” data-slurping software to snoop on his private communications.
Forensics experts found evidence the spyware had accessed his Skype calls, e-mails and Web browsing history in violation of U.S. wiretapping laws.
“The case is the latest sign that the government of Ethiopia, an American ally with a history of repressing political opponents, journalists and human rights activists, has used sophisticated Internet technology to monitor its perceived enemies, even when they are in other countries,” the Post reports.
The accuser is suing. But the lawsuit does not identify the plaintiff, who alleges in an affidavit that revealing his identity would endanger him, his children and members of his family still in Ethiopia.
The man arrived in America 22 years ago, won political asylum and now is a U.S. citizen living in Silver Spring, Md. He provides “technical and administrative support” to an Ethiopian opposition group, Ginbot 7, but is not a formal member of that group, the affidavit says.
Forensics analysts determined the hack began in October 2012, when he downloaded what appeared to be a Microsoft Word file attached to an e-mail. The document, written in Ethiopia’s Amharic language, contained a desperate plea from another Ethiopian expatriate requesting his help in protecting a relative in danger. The download also contained FinSpy, which gradually seeped through his computer.
More than four months later, in March 2013, researchers published a report detailing evidence that Ethiopia was using FinSpy. That report fingered a server at Ethiopia’s state-owned telecommunications company as the spyware’s controller.
Five days after the report came out, the server went offline. The hackers who had taken control of the plaintiff’s computer attempted to remove all traces of FinSpy from his machine.
But the removal was not completed, leaving behind hidden files that forensics researchers eventually found.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.