February 20, 2014 | Privacy International | By Alinda Vermeer
After suffering years of persistent harassment, violence, and surveillance at the hands of his oppressive government, Tadesse Kersmo had enough. Tired of living under constant monitoring, Tadesse and his wife escaped Ethiopia, where they had been politically active for years, and were granted asylum in the United Kingdom in 2009.
It was only a few years later that they discovered that this escape was an illusion, and that they had been followed from Ethiopia to England. He may have left his country, but Tadesse was still a target.
He wasn’t followed physically, however – the surveillance was much more clandestine. Tadesse appears to have been tracked through his computer via a Trojan that is part of a commercial intrusion kit called FinFisher
Examinations undertaken by Privacy International in collaboration with a research fellow of the Citizen Lab suggest that Tadesse’s computer, which was the main way he remained in touch with his friends and family back home, and continued to advocate for democracy back in Ethiopia, was totally taken over. With his chats and Skype calls logged, his contacts accessed, and his video and microphone remotely switched on, it was not only Tadesse that was being threatened, but also every single person who was part of the movement.
What is frightening is that even if one manages to flee from oppression, when it comes to this type of technology, there are no borders.
Years of surveillance and harassment
Surveillance is not new to Tadesse. Up to 2009 he had been living in Addis Ababa where he and his wife were already politically active before the May 2005 elections. During these elections his wife, then a member of the opposition party Coalition for Unity and Democracy (CUD), was elected to the Addis Ababa city council. The elections however ended in protests because of alleged rigging of the elections by the ruling party, and the demonstrations were broken up with considerable violence. Scores of people died and opposition supporters were arrested
throughout the country on charges of seeking to overthrow the government
Under pressure from the authorities, Tadesse’s wife gave up her seat and years of harassment by those in power followed. Both Tadesse and his wife continuously received warnings, were being monitored, and repeatedly jailed without being charged and then released after a few days. Over the course of 2006 and 2007 Kersmo was beaten up three times. An employee of state-owned telecommunications company Ethio Telecom informed Tadesse that the phones of opposition members, including his phone, were being tapped.
FinSpy and the targeting of Ethiopian opposition
After coming to the UK in 2009, they enjoyed the freedom to be politically active in the Ginbot 7 Movement for Justice Freedom and Democracy (Ginbot 7), an Ethiopian opposition party in exile that has been labelled as a terrorist organisation by the Ethiopian government as part of their crackdown on political opposition. The use of the overbroad and vague anti-terrorism laws to crack down on peaceful critics
, journalists and political opposition in Ethiopia has been roundly condemned by Human Rights Watch.
Citizen Lab previously had reported
that a FinSpy command and control server, which is indispensable for the use of FinSpy, was located in Ethiopia. Another Citizen Lab report revealed that Ginbot 7 members in particular were the targets of malware attacks that used pictures of senior members of Ginbot 7 as bait to download what was actually a Trojan called FinSpy.
When Tadesse recognized himself in one of the pictures used as bait presumably to target people interested in Ginbot 7, he contacted Privacy International with a request to scan his computers for the presence of malware. With the help of Bill Marczak of Citizen Lab, an examination of Tadesse’s computer by Privacy International suggested that FinSpy had been active on Kersmo’s computer in June 2012, which means that this intrusive form of surveillance may have been used to monitor Tadesse after arriving in the UK.
Once downloaded onto a target’s computer, FinSpy allows the operator of the Trojan to have total access to the computer
. This means that it was possible to read Tadesse’s email correspondence, even when encrypted, search the documents on his computer, monitor his web surfing, listen in on Skype calls he had with other members of Ginbot 7’s executive committee, follow chat conversations, and even to remotely switch on the computer’s webcam and microphone to extend surveillance beyond the computer to what was happening around it in the privacy of Tadesse’s home.
The effect of surveillance
Speaking with Privacy International, Tadesse said that being spied on via his computer made him feel insecure and very uncomfortable, as if he was constantly being watched. He hopes that sharing his experience will make other vulnerable groups such as human rights activists and journalists aware of the risk that their computers may be compromised without them knowing as well.
As FinSpy is designed not to be noticed by the target or his anti-virus software, Tadesse had never noticed that a Trojan had been active on his computer. He had not only used his computer in his work as a university lecturer and for personal communications, but also for his political activities.
Intrusive surveillance of these activities is not only a grave violation of Tadesse’s privacy, but also of the privacy, freedom of expression and political rights of both him and fellow Ginbot 7 members he has been in contact with in the course of his political work. The internet is crucial for the Ethiopian diaspora to freely exercise their political rights and as such they are especially vulnerable to becoming targets of surveillance. No one should have to live under this constant threat, and authorities here must investigate any illegal surveillance that may have taken place.