Cybersecurity

Court: U.S. resident can't sue after foreign hack

Shutterstock image. Copyright  enzozo. 

The U.S. Court of Appeals for the District of Columbia Circuit told an Ethiopian-born U.S. citizen that he couldn't pursue legal action against the Ethiopian government for a malware attack.

According to the Electronic Frontier Foundation, the ruling is "extremely dangerous" for cybersecurity. In a March 14 statement, EFF said its client, identified only as "Mr. Kidane," a 30-year resident of the U.S., was targeted by a malware attack sponsored by the Ethiopian government between 2012 and 2013.

The privacy group said Kidane's home computer in Maryland was infected with keystroke-logging malware that captured his activity as well as Skype calls, sending the data back to a server controlled by the Ethiopian government.

Kidane, said EFF, was likely targeted because of his support for democratic reforms in Ethiopia.

According to the court ruling, Kidane sought asylum in the U.S. in the early 1990s. He has remained active in the Ethiopian community and maintained contacts among human-rights activists.

Traces of malware called FinSpy were found on Kidane's computer. The malware, according to EFF and the ruling, is a sophisticated spyware product that its maker claims is sold exclusively to governments and law enforcement.

The D.C. Circuit court's "stunningly dangerous decision," said EFF, said Kidane had no legal recourse because the plan to tap his computer was composed in Ethiopia, not in the U.S. the U.S. Foreign Services Immunities Act, said the court, would not let U.S. courts hear the case.

The court ruling said the Ethiopian government hasn't disputed the computer malware injection, but it has contested the jurisdiction of U.S. courts under the FSIA. It also said the individual who actually sent the malware was most likely in London.

Since the malware and the plan to implant it on Kidane's computer both lay outside U.S. borders, the court said it has no jurisdiction.

"The decision is extremely dangerous for cybersecurity," EFF said. "Under it, you have no recourse under law if a foreign government that hacks into your car and drives it off the road, targets you for a drone strike, or even sends a virus to your pacemaker, as long as the government planned the attack on foreign soil."

EFF said it is evaluating its options to challenge the ruling.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


The Fed 100

Read the profiles of all this year's winners.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group