Tuesday’s suit, filed in U.S. District Court for the District of Columbia, takes the unusual step of not naming the plaintiff, who alleges in an affidavit that revealing his identity would endanger him, his children and members of his family still in Ethiopia.
The man first came to the United States 22 years ago, won political asylum and now is a U.S. citizen living in Silver Spring, Md. He provides “technical and administrative support” to an Ethiopian opposition group, Ginbot 7, but is not a formal member of that group, the affidavit says. The suit uses a pseudonym, Kidane, which is a common name in Ethiopia. A judge must permit the use of a pseudonym in the suit.
“I would be extremely hesitant to continue to seek legal redress in this case should I be denied this request to proceed pseudonymously, as I fear the litigation would put my life and the lives of my family at substantial risk,” Kidane wrote in the affidavit.
Computer researchers tracking the spread of spyware have named Ethiopia among a list of dozens of countries that use such products. They typically can read e-mails, snatch documents and contact lists, record video chats, and remotely activate cameras and microphones, making a computer capable of spying on targets in their homes or work places. The market for spyware operates with few international restrictions, though using it can violate a range of laws.
Hidden files discovered by forensics experts show the hacking of Kidane’s computer began in October 2012, when he downloaded what appeared to be a Microsoft Word file attached to an e-mail, the suit alleges. The document, in Ethiopia’s Amharic language, contained a desperate plea from another Ethiopian expatriate requesting Kidane’s help in protecting a relative in danger. It also contained FinSpy, which gradually took hold of Kidane’s computer.
More than four months later, in March 2013, an independent research group published areport detailing evidence that Ethiopia was using FinSpy, produced by Gamma Group, a spyware maker based in Britain and Germany. That report, by Citizen Lab at University of Toronto’s Munk School of Global Affairs, singled out a server based at Ethiopia’s state-owned telecommunications company as controlling the spyware.
Five days after that report was issued — prompting widespread news coverage — the server in Ethiopia went offline and the hackers who had taken control of Kidane’s computer attempted to remove all traces of FinSpy from his machine, the lawsuit alleges.
But the attempted removal was incomplete, leaving behind the hidden files that forensics researchers for the Electronic Frontier Foundation eventually found.
Gamma Group did not immediately respond to a request for comment filed through its Web site, which describes the company as an “international manufacturer of surveillance & monitoring systems with technical and sales offices in Europe, Asia, the Middle East and Africa.”
The lawsuit, prepared in conjunction with private firm Robins, Kaplan, Miller and Ciresi, seeks a court declaration that the Ethiopian government was behind the hacking of Kidane’s computer, as well as attorney’s fees and $10,000 in damages, the maximum allowed under the U.S. Wiretap Act.
Privacy International, an advocacy group based in Britain, filed a criminal complaint there Monday urging investigation of the alleged use of FinSpy against an Ethiopian political refugee based in the United Kingdom. Last week, Citizen Lab issued a report detailing evidence that the Ethiopian government had used a different brand of spyware, produced by an Italian company called Hacking Team, against journalists working for Ethiopian Satellite Television, a news service with offices in the Washington area.