Ethiopia: The cyber attack that probably never was

Thwarting an attack 

Every year Information Network Security Agency (INSA) comes up with reports of cyber attack attempts on the nation’s infrastructures. Last year it claimed to have foiled forty. This year, according to the report presented to the Parliament,165 attacks have been intercepted. Good for them!

online-mediaProblem is INSA is short on specifics. It never says which organization was the target and who the hackers were. And nobody in the Parliament dares to inquire. On a second thought, the director, Major General Tekleberhan Woldearegay could have put the figures at a thousand, who would challenge him anyway?

The facts on the ground, though, tell a different story. In recent years scores of Ethiopian websites have been hacked; their pages vandalized and defaced:The Auditor General,Ethiopian News Agency,the Ministry of Defense,the Red Cross Society and surprise, surprise, the sole Internet service provider of the country Ethio Telecom, to name but a few. It’s anybody’s guess what the Agency has been up to. Recently the National Higher Education Entrance Exam was stolen and posted on social media which prompted the Ministry of Education to postpone the exam for a later date. Is that outside of INSA’s scope of activities? Just wondering!

Snoopy!
But when it comes to keeping tabs on dissidents, it leaves no stones unturned. Leaked reports show that the security outfit does whatever it takes just to snoop on the computers of what it calls “high value targets.” A transaction receipt of one million dollar was released on the social media for everybody to see. That is hardly defending the local cyber infrastructure!

Speaking of defense, INSA has achieved infamy by its foreign clients for mediocrity than proficiency. An official of the Hacking Team, the Italian company that provided service, wrote in internal memo: “The issue is their incompetent use of [HackingTeam] tools”.

Rather than securing the cyber space, INSA is engaged in blocking websites and tracking alternative voices on social media. Yonatan Tesfaye, a rising activist, is one such example. He has been in detention since December 2015 for his Facebook posts, despite countless claims by officials including the prime minister that no body is jailed for writing.

Like its industrial counterpart the Metals and Engineering Corporation(METEC),INSA is chewing more than it can swallow. Both are rooted in the military and led almost exclusively by Tigray People Liberation Front(TPLF) top guns.Freight tracking,installing security cameras,mapping,digitization of broadcasting system,policing telecom fraud,installing anti virus softwares; simply INSA is stretching its tentacles in every direction, making a number of public companies look redundant in its wake.

Hacking INSA
Last year when the Italian surveillance technology provider Hacking Team was itself hacked and all its documents dumped on Wikileaks, we were in for a little surprise. It is not that the Ethiopian government blocks websites or jams electronic media that do not necessarily ascribe to its ideology. That is a decade old experience people learned to grapple with. But here the details are startling how the Agency walks the extra mile to intrude into the devices of individuals who didn’t shy away from expressing their disdain for the government. We don’t know whether the expenses are worth the information sought. These are some of those correspondences with the vendors:

Hacking Team’s complaint
There is an issue with our customer in Addis Abeba. Although the customer obtained several results with our system, and despite the initial difficulties to control the behaviour of the target while trying to infect him from remote, it seems that they are still looking at us like the ones who can magically solve every issue.

An email for a transaction which later was paid
As you know, as per your request, we originally issued an invoice for the whole amount due ($1,000,000 Invoice n. 056/2011). The items included all our deliveries: hardware,software licence and professional services. That invoice was presented to the bank for the first payment but till today we didn’t get any feedback.

Major Biniam Tewolde’s frantic plea
Dear HT[Hacking Team],We cannot afford to lose our targets. this is not totally a possibility.You have to find a solution not to lose our targets. Even we can arrange our own anonymizers, but we do not lose any target.
Since we cannot update the scout in about 6 of our targets , our operation is highly negatively affected.

When materials linking Hacking Team to selling of spying tools to repressive regimes started to appear on the media, the Milan based company wants some issues to be straightened out and Major Biniam responds:
Greetings Mr. Biniam,would you please give a detailed explanation regarding the following allegations? https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware http://www.hrw.org/news/2015/03/08/ethiopia-digital-attacks-intensify
The targets we tried to exploit are members of a terrorist organization called Ginbot7 based on our parliament declaration. Ginbot7 is a terrorist organization, based on the parliament declaration, trying to terrorize the country , destabilize the country and destroy the constitution of the country. Neamin Zeleke is one of the top leaders of Ginbot7. We targeted him as top leader of Ginbot7 , not as top leader of media organization called ESAT. For us , Neamin Zeleke is one of the top leaders of a terrorist organization , not a journalist.

One email congratulates the Major
Dear Biniam,we are very happy you were successful in getting a high value target!

Players
While we haven’t yet learned what INSA had foiled so far or what information collected, we were however able to establish the following:

The people who actually were trained by the Hacking Team in Milan to do the nitty gritty of spying on their own citizens or Ethiopian born foreign residents are:
Berhanu Girmay Desta
Godif Nigus Tesfau
Seblewoin Tsegaye Demessie, who did her Masters in computer science in Hunan University, China, specializing in concealing secret information in images and videos (the technical term is steganography). She can be reached at: woints@yahoo.com
The mastermind and the chief architect of all this is Major Biniam Tewolde. Biniam has since become deputy director and vice board chairman of Ethio Telecom. In one post he is introduced as “responsible for the cyber security for Ethiopia government [sic]” He can be reached at biniamtewolde@yahoo.com

House keeping
Another startling finding from the trove of materials on Wikileaks is that INSA employees use their personal email accounts to conduct government business. The agency may only have a fraction of the correspondences with the Italian company for which it wasted over a million dollar tax payers’ money as emails were exchanged through personal accounts. In more sane situations this should have brought a criminal investigation tantamount to stealing state secrets.While presenting his report to the parliament the other week, the director general was criticizing other government offices for lack of cyber awareness. Let’s not forget that they have a 30-minute weekly radio program on ruling party owned Fana FM where they preach the gospel of cyber.

If the man “responsible for the cyber security for Ethiopia government” cannot secure his own communication, it’s baffling to think how the Agency can be entrusted with a nation’s infrastructure.Housekeeping is clearly in order.
Check the Wikileaks pages using these links:
https://wikileaks.org/hackingteam/emails/?q=Ethiopia&count=1000&sort=0
https://mobile.twitter.com/z_dawit/status/618009271154966528

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: