What came to be dubbed the “Oromo Protest” over the now scrapped Integrated Master Plan, has had a hold on most of us for the past several weeks. The protest has been remarkable in the recent history of public protest in Ethiopia not only because it apparently impelled the government to retract a huge development plan, but also because it spawned a new form of protest mediated by the Internet – Hacktivism.
Hacktivism is a portmanteau for ‘hacking’ – illegally trespassing into individuals or organisations’ online accounts or websites – and ‘activism’ – individual or collective highlighting of perceived misdeeds or rooting for a given cause. Indeed, hacktivism also involves other forms of cyber operation such as Denial of Service Attacks (DoS) which basically is flooding a website with overwhelming Internet traffic, and spreading or injecting malwares such as viruses and worms into computer networks.
The violent Oromo protests on the streets over the controversial Master Plan had been taken to cyberspace where protesters hacked and defaced websites of a number of Ethiopian government agencies for a brief duration. The initial hacking and defacement incidents had targeted the websites of Dire Dawa University (www.ddu.edu.et) and the Ministry of Defense (www.fdredefenceforce.gov.et). The rather active website of Addis Ababa University (www.aau.edu.et) has been the latest target of the Oromo Protest hacktivism spree.
Hacking and defacement of Ethiopian websites (registered in the names of both the government and non-governmental bodies) are commonplace incidents in Ethiopia. Perhaps, the recent embarrassing hacking and defacement of ethio telecom’s website (www.ethiotelecom.et) by a random Algerian hacker is still fresh in everyone’s memory. The hacking incidents propelled by the Oromo Protest are, however, not common incidents and should not be taken lightly.
For starters, the hackings marked the beginning of a new model of airing dissent in Ethiopia against policies or measures of not just the government, but also other actors. They clearly represent a huge step in Ethiopia’s fast mushrooming web-mediated activism by the citizenry and perhaps beyond.
It is a huge step because hacktivism generally involves elements of criminality as opposed to already existing patchy but still largely innocuous web activism through blogging or social network ‘hashtags’ among Ethiopian digital natives. When it comes to the actual effect of the recent hacking incidents, there is little to be said. Whilst the government unusually recoiled from its major development project under the apparent pressure of the protest, the ‘hacktivism’ that accompanied the bloody street protest came to pass without drawing any significant traction.
It remains doubtful whether the hacking incidents have ticked a signal among government agencies in charge of the Ethiopian cyberspace such as the Information Network Security Agency (INSA) and the Ministry of Communication & Information Technology (MCIT). Ironically, the websites of both INSA (www.insa.gov.et) and MCIT (www.mcit.gov.et) are often offline and – at worst – do not employ basic protocols such as ‘https’ to ensure the security of web content as well as communications.
In the ultimate analysis, the recent series of hacking incidents passed unnoticed but left two crucial points to worry about as we move forward. The incidents hinted at the increasingly flourishing power of the web in Ethiopian public life – in the social, economic and political arena. With increasing access to the Internet at home and vibrant Diaspora netizens, the Internet is set to be a new frontier for political expression in Ethiopia, not to mention the economic and social interactions it facilitates.
This, while desirable, must nevertheless be carefully regulated with soft nudging rules as well as self-regulatory industry practices to ensure rule of law in Ethiopian cyberspace. As the law currently stands, most behaviour and activities in ‘Ethiopian’ cyberspace are largely unregulated except for a few areas such as cybercrimes. The upcoming Mass Media Law, with the required changes in its tone and scope, would perhaps be handy in regulating online media. The recently installed Media Council has regrettably missed a great opportunity to embrace the emerging Ethiopian online media by putting them outside the scope of its self-regulatory Code of Conduct.
And the government now has had enough lessons to fully recognise the imperatives of Internet and information security. This must begin by the rudimentary measure of ensuring the security of its websites. With increasing efforts to digitize government services which rely on citizens’ personal and financial information, the necessity of web security cannot be overemphasised. The likelihood of more serious data breaches would obviously be high. They will compromise individual privacy, business and national security interests, unless robust technological and non-technological security measures are put in place in tandem with government’s digitization efforts.
Indeed, Ethiopia has recently been named in the ‘First Target List’ of Anonymous’ so called ‘Operation Africa’. The list includes eight African countries doomed by the influential hacker group to be subjected to massive coordinated cyber attacks for ‘enabling and perpetuating corruption and Internet censorship’ in Africa.
These chilling developments dictate that Ethiopia must be prepared for the ever growing cyber hostilities not only by self-declared activists, but also by other hostile actors. Recent efforts of Addis Abeba University and ethio telecom to beef up the security of their websites with ‘https’ shall be pursued more vigorously by other governmental organs. Government’s commendable efforts in adopting a workable National Information Security Policy, and drafting modern cybersecurity legislation will also have to be strengthened through tangible legal and technical measures.
Leave a Reply