Jim Finkle, Tova Cohen
TORONTO/TEL AVIV (Reuters) – Surveillance software from Israeli defence contractor Elbit Systems Ltd was used in an espionage campaign targeting Ethiopian dissidents living outside the East African nation, a Canadian research institute said on Wednesday.
Citizen Lab at the University of Toronto’s Munk School of Global Affairs said it found evidence Ethiopian dissidents in Britain, the United States and other nations were targeted with emails seeking to infect their computers with surveillance tools that Elbit sells to law enforcement and intelligence agencies.
Elbit shares fell 1 percent in early Nasdaq trade, compared with a 0.1 percent rise in the Nasdaq Composite Index. They dropped 1.3 percent in Tel Aviv.
Citizen Lab, which helps human rights activists defend themselves against spy software, earlier this year reported on attacks in Mexico using spyware produced by Israel’s NSO Group.
An Elbit representative had no immediate comment on the group’s latest report. Ethiopian Communications Minister Negeri Lencho declined comment on the report.
Citizen Lab said the attacks, which began in 2016 and continued through this year, sought to infect computers of Ethiopian dissidents with the PC Surveillance System, or PSS, made by Elbit’s Cyberbit unit. The system can extract a wide variety of information from computers, including emails, passwords, audio conversations, and screenshots.
The campaign focused on individuals linked to Oromiya, Ethiopia’s largest region by size and population, which has been the subject of a crackdown by the national government since late 2015, according to Citizen Lab.
Tainted emails targeted individuals associated with the U.S.-based Oromia Media Network and a Citizen Lab researcher, Bill Marczak, who has been corresponding by email with one of the targets whose Gmail account had been compromised, according to the report.
The emails included a link to a malicious website impersonating an Eritrean video portal, which asked targets to download an Adobe Flash software update bundled with Cyberbit’s spyware, according to Citizen Lab.
Researchers analysed logs on servers used to control the operation, which indicate its operators are inside Ethiopia and identified targets as Oromo activists along with Eritrean companies and government agencies, the report said.
Citizen Lab was unable to determine what data, if any, was obtained from individuals targeted in the operation, Marczak said.
Citizen Lab Director Ronald Diebert said in a letter to Cyberbit that the findings raised questions about the company’s human rights due-diligence practices and processes for preventing misuse of its software.
“Companies have an independent responsibility to respect human rights — to avoid causing or contributing to adverse human rights impacts, and to address such impacts when they occur,” Diebert said.