Ethiopia: Hacking Team irked by INSA’s ‘reckless and clumsy usage’

The Italian firm “Hacking Team” described Ethiopia’s INSA as “reckless and clumsy” in an internal memo.

The revelations came after anonymous hackers got hold of the firm’s servers, last weekend, and released over 400 gigabytes of its internal e-mails, invoices, and source codes via Bit Torrent.Photo - Addis Ababa road

Hacking Team is a major supplier surveillance tools to governments across the world.

According to the latest revelations, Ethiopia, Sudan, Egypt, Morocco and Nigeria are among the African customers of Hacking Team.

The firm’s Operations Chief described Information Network Security Agency (INSA) as “reckless and clumsy” after Citizen-Lab’s researchers repeatedly caught its tools being used by Ethiopia to target ESAT‘s journalists – a television and radio service with close ties to Ginbot 7.

Following the latest report of Ethiopia’s use of the tools, Hacking Team‘s officials were so incensed to exchange emails pondering on terminating their services.

An email written by a senior official of Hacking Team, David Vincenzetti, said:

“[Citizen Lab] found the source of the attack because these geniuses (meaning INSA) used the same email address they had used in the previous attack to send the doc with the exploit”.

He also ordered a temporarily suspension of the license provided for INSA.

In subsequent emails, INSA’s officers explained their targets were deemed terrorists not journalists. And, Hacking Team‘s officers conceded that “[it] seems that from a legal point of view [INSA’s officers] are compliant with [Ethiopian] own law.”

Nevertheless, one Hacking Team‘s official argued that:

“the issue is their incompetent use of [our] tools. They can argue about whether their target was a justified target or not, but their use of the tool several times from the same email address, and in repeatedly targeting and failing to get access is what caused the exposure of our technology.”

Yet, another official of Hacking Team said, referring to the money Ethiopia paid:

“[INSA’s] reckless and clumsy usage of our solution caused us enough damage. But I know that 700k is a relevant sum.”

Hacking Team’s executives eventually decided to reinstate INSA’s license based on new contract that includes “more on-the-ground training and supervision” as well as “additional services” that cost Ethiopia tax payers additional hundreds of thousands of euros – according to the leaked emails reviewed by The Intercept.

INSA is believed to be in charge of massive internet surveillance – the reach and procedures of which remains largely outside the wider public’s view, thereby giving INSA a god-like status in Ethiopia’s quarter of the world wide web.

Sources intimate with INSA’s modus operandi claim that the entire nation’s internet data is forced to pass through a handful firewalls for the sake of monitoring, thereby resulting in a sluggish connectivity.

INSA was formally established in 2011 and accountable to the Prime Minister. Though, its inception can be traced back to the Ministry of Defense. Its budget for the fiscal year just-ending was about 350 million birr.

Horn Affairs will try to present INSA’s explanations on Hacking Team’s remarks and on the surveillance issues in general.

***********

Corrections:
* An earlier version of this news incorrectly claimed INSA is under the Information Communication Technology Development Ministry. That phrase was removed. We regret the error.
* The sentences regarding INSA’s mandate have been edited as they might impress upon the reader that there is no oversight. Indeed, INSA, like any other government agency, is under the supervision of the Prime Minister, the Cabinet, and relevant Parliamentary Committees, among others.

 

Daniel Berhane

more recommended stories