By Jim Finkle and Tova Cohen
TORONTO/TEL AVIV (Reuters) – Surveillance software from Israeli defense contractor Elbit Systems Ltd was used in an espionage campaign targeting Ethiopian dissidents living outside the East African nation, a Canadian research institute said on Wednesday.
Citizen Lab at the University of Toronto’s Munk School of Global Affairs said it found evidence Ethiopian dissidents in Britain, the United States and other nations were targeted with emails seeking to infect their computers with surveillance tools from Elbit’s Cyberbit unit.
Elbit shares fell 1 percent in midday Nasdaq trade, compared with a 0.1 percent rise in the Nasdaq Composite Index. They dropped 1.3 percent in Tel Aviv.
Citizen Lab, which helps human rights activists defend themselves against spy software, earlier this year reported on attacks in Mexico using spyware produced by Israel’s NSO Group.] It has also reported on previous campaigns using other surveillance tools to target Ethiopians.
A Cyberbit representative declined to comment on the claims from Citizen Lab.
The company issued a statement saying it only sells surveillance products to law enforcement, defense, intelligence and national security agencies approved by the Israeli government.
“The intelligence and defences agencies that purchase these products are obligated to use them in accordance with the applicable law,” it said.
Ethiopian Communications Minister Negeri Lencho declined comment on the report.
Citizen Lab said the attacks, which began in 2016 and continued through this year, sought to infect computers of Ethiopian dissidents with the PC Surveillance System, or PSS, made by Cyberbit. The system can extract a wide variety of information from computers, including emails, passwords, audio conversations, and screenshots.
The campaign focused on individuals linked to Oromiya, Ethiopia’s largest region by size and population, which has been the subject of a crackdown by the national government since late 2015, according to Citizen Lab.
Tainted emails targeted individuals associated with the U.S.-based Oromia Media Network and a Citizen Lab researcher, Bill Marczak, who has been corresponding by email with one of the targets whose Gmail account had been compromised, according to the report.
The emails included a link to a malicious website impersonating an Eritrean video portal, which asked targets to download an Adobe Flash software update bundled with Cyberbit’s spyware, according to Citizen Lab.
Researchers analyzed logs on servers used to control the operation, which indicate its operators are inside Ethiopia and identified targets as Oromo activists along with Eritrean companies and government agencies, the report said.
Citizen Lab was unable to determine what data, if any, was obtained from individuals targeted in the operation, Marczak said.
Citizen Lab Director Ronald Deibert said in a letter to Cyberbit that the findings raised questions about the company’s human rights due-diligence practices and processes for preventing misuse of its software.
“Companies have an independent responsibility to respect human rights — to avoid causing or contributing to adverse human rights impacts, and to address such impacts when they occur,” Deibert said.
The full report can be viewed at https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/
(Reporting by Jim Finkle in Toronto and Tova Cohen in Tel Aviv; Additional reporting by Steven Scheer in Tel Aviv and Aaron Maasho in Addis Ababa; Editing by Andrew Hay)