The Ethiopian government targeted dissidents around the world with spyware developed by the Israeli firm Cyberbit, according to the Toronto-based research institute The Citizen Lab.
Dissidents in the United States, United Kingdom and approximately 20 total countries were targeted with phishing emails containing spyware pretending to be Adobe Flash updates and PDF plugins. Targets included Ethiopian media, a lawyer and a PhD student.
A Citizen Lab researcher, Bill Marczak, was also targeted during the course of the investigation.
Cyberbit, a subsidiary of the publicly traded company Elbit Systems, markets their wares at all the major offensive hacking industry conferences including ISS World and Milipol. Researchers found a public log file on the spyware’s infrastructure suggesting the company’s other clients include Thailand, Zambia and the Philippines.
“Our analysis of the spyware indicates it is a product known as PC Surveillance System, a commercial spyware product… offered by Cyberbit — an Israel-based cyber security company that is a wholly-owned subsidiary of Elbit Systems — and marketed to intelligence and law enforcement agencies,” the report said.
According to marketing material, Cyberbit describes its product as “advanced cybersecurity solutions for high-risk, high-value enterprises, critical infrastructure, military and government organizations.” That vague language is typical of companies that engage in offensive surveillance products.
Launched in 2015 by Elbit Systems, one of Cyberbit’s premiere offerings is the PSS Surveillance System. The product is described by Cyberbit as “a comprehensive solution for monitoring and extracting information from remote PCs.” It boasts “covert operation” so it remains undetected.
The company also markets the product as being able to “bypass encryption” due to its ability to gather information off an endpoint. PSS offers “on demand extraction” of any data from a target machine, without needing cooperation from service providers or other governments.
Here’s how Cyberbit markets the product:
“Our analysis also indicates apparent demonstrations of the spyware in several other countries where leaders have exhibited authoritarian tendencies, and/or where there are political corruption and accountability challenges, such as Nigeria, Philippines, Rwanda, Uzbekistan, and Zambia,” Citizen Lab’s report said. “The habitual misuse of spyware by the Ethiopian government against civil society targets is testament to the lack of repercussions for such behavior by states and complicity within the commercial spyware industry that supplies them.”
Human Rights Watch condemned the action, calling on the Ethiopian government to “immediately cease digital attacks on activists and independent voices, while spyware companies should be far more closely regulated.”
The Ethiopian government, in charge of a country where less than five percent of the population has internet access, is a regular customer of the spyware industry. Hacking products by the European company FinFisher and the Italian firm Hacking Team have been used to target dissidents, activists and journalists in the Ethiopian diaspora.
In a letter to Citizen Lab, Cyberbit said the company only “offers its products only to sovereign governmental authorities and law enforcement agencies. Such governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions.”
You can read Cyberbit’s marketing material for PSS below: