Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Facing Dissent From Abroad, Ethiopia Turns to Spyware

As soon as Ethiopian opposition activist Henok Gabisa read the email, he knew something was not right.

With the subject line “Democracy in Ethiopia: Can it be saved?”, the message seemed tailor-made for him.

As soon as Ethiopian opposition activist Henok Gabisa read the email, he knew something was not right.

With the subject line “Democracy in Ethiopia: Can it be saved?”, the message seemed tailor-made for him.

Yet the US-based academic, who teaches law at Washington and Lee University, said it was written vaguely and contained a suspicious hyperlink.

Indeed, the email was an attempt to infect his computer with spyware that secretly gathers information and similar to hundreds sent to Ethiopian dissidents worldwide that were probably ordered by the country’s government, according to a report published last week by the cyber security research group Citizen Lab.

Ethiopia’s government has been increasingly on the defensive since the country’s two largest ethnic groups, the Oromos and Amharas, began protesting in 2015.

Hundreds died in the violence and tens of thousands were rounded up in sweeping arrests, among them opposition political activists and journalists.

But many of Ethiopia’s fiercest critics are outside the country, and thus beyond the immediate reach of its security apparatus, particularly among its diaspora population in the USA.

To counter that, researchers and a lawyer who spoke to AFP say Ethiopia has ramped up the use of computer spyware, as well as employing traditional physical surveillance, going so far as to potentially stalk dissidents on US soil.

‘Endless string of attempts’ 

Neither American law enforcement agencies nor courts have done much to stop it, they say.

“There’s been no other case I can think of where we’ve had such an endless string of attempts,” said Bill Marczak, a senior research fellow with the Canada-based Citizen Lab, of the spyware campaign.

The protests have been cheered on by Ethiopian bloggers, activists and media outlets abroad. Many are among the quarter of a million strong Ethiopian community in the US, believed to be the largest population outside the country.

US-based broadcasters Ethiopian Satellite Television (ESAT) and Oromia Media Network (OMN) make little secret of their opposition to Ethiopia’s government, which has wielded virtually unchecked power in the country since taking power in 1991.

The enmity is mutual, with Ethiopia banning both channels during a 10-month state of emergency declared in October 2016, and filing terrorism charges against OMN’s executive director Jawar Mohammed earlier this year.

Henok believes his work with OMN is why he received two emails last March that offered a phony software update that the report said was actually spyware designed by an Israeli defense contractor.

“I’m just one of the critical Oromos,” said Henok, who did not fall for the attempt and later learned the email was malicious after allowing Citizen Lab to scan his emails.

Many of those targeted by the emails, with subject lines like “Ethiopia struggling with inside challenges!”, were Oromo activists. Jawar received a dozen such emails.

Reacting to the Citizen Lab report, the US embassy in Ethiopia’s capital Addis Ababa said that they were “looking into the matter.”

Two recipients may have had links to Ginbot 7, a group that has called for the violent overthrow of Ethiopia’s government, Marczak said.

Marczak himself received one malicious email, from someone he had previously corresponded with whose account had likely been hacked.

Citizen Lab found evidence linking the spyware to a command server in Ethiopia showing that 43 electronic devices had been successfully infected, several of which they linked to Eritrea, Ethiopia’s one-time territory that is now a bitter enemy.

Ethiopia’s government did not respond to requests for comment, but in the past they have called allegations of spyware usage a smear campaign.

Carte blanche for cyber attacks

Human Rights Watch has accused Ethiopia of using evidence from spyware intercepts against dissidents within the country, in addition to easily intercepted phone calls and text messages sent over the single, government-owned phone company.

In 2014 one US-based dissident whose computer had been infected sued Ethiopia in a Washington federal court, under the pseudonym Kidane.

That case ended earlier this year, when the court ruled Ethiopia wasn’t liable because the hacking took place outside the US.

“Foreign governments have carte blanche to launch cyber attacks against American citizens in their own homes with complete immunity from US courts,” said Nate Cardozo, a lawyer with the Electronic Frontier Foundation, a San Francisco-based digital rights group who supported the case.

Cutting edge spyware isn’t the only tool Ethiopia deploys against opponents in the US, activists believe.

The offices of ESAT near Washington are under constant surveillance, Cardozo says, by people he believes are employed by the government who perch in a van across the street and take photos of people entering and exiting the building.

“As a lawyer, that harassment by an agent of the other side is something I have never experienced in my decade-long career,” Cardozo said, adding that the US Department of Justice took little interest in Kidane’s lawsuit.

The lack of consequences and profusion of spyware manufacturers mean Ethiopia is likely to continue using the tools.

“Ethiopia has been found out many times,” said Eva Galperin, EFF’s director of cyber security. “I think the chances they will stop using surveillance spyware to spy on dissidents is zero.”

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe


Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...