At the headquarters of the African Union (AU), in Addis Ababa, elevators still speak Mandarin and the trunks of the plastic palm trees are branded China Development Bank. New buildings under construction by companies in Beijing or Hong Kong surround the modern glass tower offered in 2012 by China to Africa . This is where should place on Sunday 28 and Monday 29 January, the 30 th summit of the pan-African organization.
The controls are strict to enter this building where ministers and heads of state meet twice a year to discuss the major issues of the continent. There is, however, an invisible security threat ignored by most leaders and diplomats, but one that is of utmost concern to some senior AU officials.
In January 2017, the small computer unit of the AU discovered that its servers were strangely saturated between midnight and 2 am. The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted. Every night, the secrets of this institution, according to several internal sources, found themselves stored more than 8,000 km from Addis Ababa, mysterious servers hosted somewhere in Shanghai, the Chinese megacity.
“Gift of China to friends of Africa”
The new building, “China’s Gift to Friends of Africa” , was donated just six years ago. It has been fully equipped by the Chinese. The computer systems were delivered turnkey. And Chinese engineers have deliberately left two flaws: backdoors, which give discrete access to all internal exchanges and productions of the organization.
According to several sources within the institution, all sensitive content could be spied on by China. A spectacular leak of data, which would have spread from January 2012 to January 2017. Contacted, the Chinese mission to the AU did not follow our requests.
A Addis-Abeba, de nouveaux bâtiments sortent de terre chaque semaine, généralement construits par des Chinois. CRÉDITS : SIMON DAVIS/DEPARTMENT FOR INTERNATIONAL DEVELOPMENT
“It has lasted too long. Following this discovery, we thanked without making scandal, the Chinese engineers present at our headquarters in Addis Ababa to manage our systems, says on condition of anonymity a senior AU. We have taken some steps to strengthen our cybersecurity, a concept that is not yet in the hands of civil servants and heads of state. We remain very exposed . “
Since then, the AU has acquired its own servers and declined China’s offer to configure them . On the ground floor of the glass tower, in a room that goes unnoticed, is a data center that focuses much of the information system of the organization. All electronic communications are now encrypted and no longer pass through Ethio Telecom, the public operator in Ethiopia , a country renowned for its cybersurveillance and electronic espionage capabilities. From now on, the highest officials of the institution have foreign telephone lines and more secure applications.
During the 29 th AU Summit in July 2017, new security measures have been proven. Four specialists from Algeria , one of the institution’s biggest financial contributors, and Ethiopian cybersecurity experts inspected the rooms and flushed out microphones placed under the desks and walls . “Nothing to be listened to by the Chinese, loose the head of diplomacy of a great African power. At least they have never colonized us, supported the struggles of independence on the continent and help us economically today. “
A new computer architecture , independent of the Chinese, has also been deployed. Like this videoconferencing system, developed by the internal IT teams and used by the heads of state, which works by cable and not by Wi-Fi. Thus, the few diplomats and heads of state cautious can continue to use their jammers unhindered waves.
“The Chinese are here 27 hours a day”
The African Union is satisfied with only 10 million dollars (8 million euros) of budget allocated to informatics. With the exception of the World Bank, which paid for part of the new data center, foreign partners are showing little interest in financing a cyber security agency. “It suits all the world be it a colander, says one already present official time of the Organization of African Unity (OAU, 1963-2002). We let ourselves be listened to and we do not say anything. The Chinese are there twenty-seven hours a day, have planted a lot of microphones and cyber espionage tools when they built this building. And they are not alone ! “
Le siège de l’Union africaine à Addis-Abeba en 2017. CRÉDITS : ZACHARIAS ABUBEKER/AFP
According to the documents extracted by Le Monde , in collaboration with the site The Intercept , archives of the former consultant of the US National Security Agency (NSA) Edward Snowden, British intelligence agencies (GCHQ) have not not spared the AU. Between 2009 and 2010, several officials saw their calls and e-mails intercepted, such as Boubou Niang, then special advisor to the UN and AU mediator in Darfur, Sudan .
Some Western powers favor human intelligence at the AU. Like the French intelligence services who, in addition to their technical espionage devices, tried to convince heads of state of the French squares to inform them behind the scenes of these summits. To the point of trying to “recruit” those who have acceded to the rotating presidency of the AU or the head of the Commission, according to many of them, annoyed by this approach deemed “humiliating” .
The Pan-African organization has always been particularly committed to the defense of sovereignty and territorial integrity, two principles that feature in the AU Constitutive Act. However, due to lack of resources and awareness among heads of state and most officials, pan-African digital territories remain at the mercy of foreign spies.
“Here, it’s safe” Inch Allah “! “ Quips a senior official. Attributed to China, the huge operation of infiltration of computer systems, for five long years, has nevertheless reminded some senior officials of the AU that it may be time, while the reform of the institution at this January summit, to secure their cyberspace.