As the conflict between the Ethiopian National Defence Forces and TPLF led Tigray Special Police and Militia broke out on November 4, 2020, there were disruptions with regards to electricity, banking and telecom connectivity for nearly over a month. This made it hard to communicate and widened the information gap in the country. Families were separated, people couldn’t get in touch with one another, there was no banking service. Overall it was a very difficult situation for people who lived in tigray as well as for those who have family and relatives there.
After the ENDF controlled the capital, Mekelle, on 28 November 2020 there have been efforts to restore these basic amenities and the damages on the phone and internet services. In a statement made on 2 December 2020 Ethiotelecom stated that the telecom service had partially resumed in six towns – namely Maykadra, Shiraro, Humera, Dansha, Turkan and Maytsebri. The telecom service providers also added that telecom services were fully resumed in Alamata. Again on 12 December 2020, it was also announced that the country’s sole telecom service provider – Ethiotelecom – had managed to restore mobile voice service in Mekele and Maychew.
At a press conference on 10 December 2020, Frehiwot Tamre (CEO, Ethio telecom), said there has been infrastructural damages on the telecom system and there is evidence regarding the perpetrators of the attack. Frehiwot also added that over 39.8 billion separate cyber attacks – an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks in order to steal, alter, or destroy a specified target by targeting into a susceptible system – were attempted in 14 days from 25 November to 07 December 2020, averaging 2.8 billion attacks everyday. These attacks mainly targeted the assets of the government, the education system, the banking and telecom systems as well as the broadcasting and media infrastructures, according to the Chief Executive Officer of Ethiopia, Frehiwot Tamre.
As mentioned in the press conference the attacks were mainly DDoS attacks (distributed denial of service attack) – a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. These DDoS attacks were over 14 billion in number and in addition to an attempt to get illegal mobile voice service from 20 November – 30 November 2020 in some parts of Mekelle. Those data were discovered from the log file – a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software – located in Mekelle core site where the transmission and the power distributors were shut off.
As Hiskias Dingeto- (Cyber Security expert, P.H.D Dongguk South Korea ) explains the DDoS attacks are not just separate attacks but rather botnets (zombies)- a software application that runs automated tasks over the internet. Typically, these “zombies” perform tasks that are simple and repetitive – requests to create a jam (traffic) to the server because every server has a limited capacity to run in a given time. Ergo, these attacks will send data that is beyond the capacity of the servers affecting the ability of the telecom to provide undisturbed telecom services. However, according to Hiskias, the log is prone to registering these repetitive attacks as separate ones. That is why the number is the billions according to the cyber security expert.
One of the Information System professionals and a Cyber security specialist Addis Zeybe talked to – who choose to remain anonymous – also adds that the DDoS attack may be a redundancy, because such botnets or zombies can be programmed to attack automatically and the attacker may not need to create different kinds of zombies again and again. But labeling it as 14 billion attacks in 14 days is a little shady as the yearly statistics shows, it’s not even close to a billion annually.
Another anonymous Cyber Security expert also said that there is a very big chance these kinds of attacks could happen especially on organizations like Ethio telecom which is system based. He also adds that any person can try to attack whether the internet connection is poor or not but the chance to succeed may be very low. And when the log file registers every attempt and event it also records the severity of the attack, type of the attack, target of the attack and every detail about every attack.
According to an article published on December 14, 2020 by Cyber Security Intelligence (a news website focusing on cyber security and intelligence), a security researcher and a white-hat hacker named Sisay Sorsa has recently found a critical security flaw on Ethiopia’s Ethio Telecom servers that makes it possible for a hacker to control the entire Ethiopian GSM communication system. At the time the Sisay – who is working as a cyber researcher and white hat hacker – told CSI that he was able to access the system of Ethiopia’s sole telecom provider after writing a python program in an effort to demonstrate the flaws in the security system of the telecom service provider. At the time Sisay had expressed intentions to support the Ethiopian Telecommunication Corporation patch up these key vulnerabilities despite not receiving response from the Ethiopian Information Network Security Agency until the date the above article was published by CSI.