
A nefarious but incompetent spyware campaign targeting Ethiopian dissidents - dberhane
https://arstechnica.com/tech-policy/2017/12/exposed-ethiopias-nefarious-comically-bungled-spyware-campaign/
======
sillysaurus3
_" Cyberbit Solutions offers its products only to sovereign governmental
authorities and law enforcement agencies," the letter, headed "Re: Your Letter
Dated November 29, 2017," stated. "Such governmental authorities and law
enforcement agencies are responsible to ensure that they are legally
authorized to use the products in their jurisdictions. Cyberbit Solutions
products greatly contribute to national security and law enforcement where its
products are used."_

How much tech originating from universities / OSS projects are in those
products?

An interesting moral dilemma.

~~~
boomboomsubban
What is an interesting moral dilemma? A bad actor benefits from free software
made to benefit everyone? The bad actors would still exist in a proprietary
only environment, just need to buy more licenses.

------
anomie31
Why isn't this considered criminal negligence?

~~~
goatsi
The Foreign Sovereign Immunities Act.

>A court has ruled (PDF) that an American citizen born in Ethiopia can’t sue
his birth country for hacking his computer and monitoring him with spyware.

..

>Kidane sued the Ethiopian government for the FinSpy infection, for allegedly
wiretapping his private Skype calls, and for allegedly monitoring his entire
family’s use of the computer over the course of months.

..

>The US Court of Appeals for the District of Columbia Circuit on Tuesday ruled
that foreign states are immune from lawsuits in a US court unless an exception
to the Foreign Sovereign Immunities Act (FSIA) applies.

>Kidane had alleged that the wrongdoing was transnational. The court rejected
that as an exception to the FSIA, saying that Ethiopia would still have
immunity unless the wrongful act – the “tort” – took place entirely in the US.

>From the ruling:

>"Ethiopia’s placement of the FinSpy virus on Kidane’s computer, although
completed in the United States when Kidane opened the infected e-mail
attachment, began outside the United States. It thus cannot be said that the
entire tort occurred in the United States."

>The EFF says it’s mulling a challenge to the ruling. But as it now stands, US
citizens have no legal recourse if foreign states hack their devices remotely,
as long as they do most of that hacking abroad instead of on US soil.

[https://nakedsecurity.sophos.com/2017/03/16/court-blocks-
ame...](https://nakedsecurity.sophos.com/2017/03/16/court-blocks-american-
from-suing-ethiopia-over-alleged-hacking/)

~~~
mcny
>Kidane had alleged that the wrongdoing was transnational. The court rejected
that as an exception to the FSIA, saying that Ethiopia would still have
immunity unless the wrongful act – the “tort” – took place entirely in the US.

So you can commit "wrongful acts" if you make sure you commit at least a part
of the act outside US soil?

~~~
function_seven
> So you can commit "wrongful acts" if you make sure you commit at least a
> part of the act outside US soil?

Yeah, as long as you're a sovereign state. You or I couldn't travel to another
country, commit the wrongful act, then claim protection under FSIA.

~~~
icebraining
Now I'm wondering if you or I could use a small and corrupt country to act as
a front for hacking.

