U.S. Corporation Sues Angola for Hacking Into Attorney Emails
A Complaint filed by Africa Growth Corporation (AFGC) against the Republic of Angola in Federal Court starts with the following:
This case concerns an egregious series of computer hacking activities committed by Angola over an eighteen-month period, resulting in the interception and conversion of AFGC’s attorney-client communications from AFGC’s computer server located in the United States. The misconduct was conceived and designed to illegally intercept and convert AFGC’s attorney-client communications in connection with efforts by AFGC and Angola (collectively, the “Parties”) to mediate and settle a legal dispute between the Parties and the subsequent litigation following Angola’s breach of the agreement to resolve the litigation.
This lawsuit demonstrates how Angola has engaged in a pattern of intentional and malicious behavior aimed at AFGC, which was an optimistic foreign investor in Angola. Angola’s misconduct shows how Angola has mocked its own laws, the laws of the United States, and the U.S. judicial system.
This reads like a fictional novel, and was probably done so intentionally. The backstory is even more riveting.
Investments in Angola
According to the Complaint, AFGC is a foreign investor in Angola. AFGC owned four commercial properties in Angola along with bank accounts and other property. Allegedly, Angola transferred full title and ownership of AFGC’s Angolan Assets, (worth at least $55 million) to a senior member of the Angolan Ministry of Justice for $0. AFGC claims that this seizure took the form of a violent armed expropriation of assets and real property.
One imagines Angolan forces with AK-47s raiding these properties.
Actually, that is what happened. In an earlier lawsuit filed by AFGC against Angola in the District of Columbia, it describes that an Angolan General and his son, a Captain, with their “heavily-armed security detail,” seized and occupied the properties. (Africa Growth Corporation v. Republic of Angola et al, United States District Court for the District of Columbia, Case Number 2017-cv-02469.)
To resolve the dispute, AFGC entered into an agreement with Angola in Lisbon, Portugal on February 12, 2019, to settle all claims between the Parties. As part of the settlement, Angola agreed to pay AFGC $47.5 million by wire transfer into the bank account of AFGC’s law firm.
Guess what happened next?
Angola never paid!
The Cyber Attack
After the February meeting in Portugal, AFGC learned of suspicious activity when an IT technician running routine server maintenance noticed anomalies in AFGC’s server. The IT technician discovered hidden procedures in place that were forwarding all attorney-client privileged information, in addition to other sensitive information, externally from the AFGC network.
AFGC engaged a cybersecurity team to undertake a detailed inventory of access breaches and a technical architecture survey. The results of this study traced the cyber actors responsible for the hidden procedures to the Angolan Government. It appears that the cybersecurity team confirmed that a member of the Angolan Ministry of Interior was involved.
AFGC's cyber engineering team uncovered that the hackers were using very sophisticated techniques and created a false email account deep within AFGC’s system in the United States. The hackers manipulated AFGC’s systems to forward all attorney-client privileged information.
In the current Complaint, AFGC asks the US court to find that Angola breached the Federal Computer Fraud and Abuse Act, Federal Stored Communications Act, and the Federal Wiretap Act, and the Agreement in which Angola agreed to pay $ 47.5 million. AFGC also seeks a return of all electronic information hacked and improperly obtained by Angola.
What to Expect
It is possible that Angola will ignore this lawsuit and AFGC will obtain a default judgment. But, how does AFGC (an American corporation) enforce the default judgment against another country?
AFGC cannot stroll into Angola, knock on the Government's door and expect redress. Perhaps, if Angola has any assets in the U.S., a Court could order all of those U.S. assets, up to $47.5 million, be turned over to AFGC. Unfortunately, this does not help AFGC with respect to the data that Angola extracted from AFGC’s servers. This data is probably resting in a server outside of the U.S. beyond a U.S. Court's jurisdiction.
I'm curious to know what type of information did Angola learn from the attorney-client communications that convinced government officials to renege on the $47 million deal.
This case is cited as: Africa Growth Corporation v. Republic of Angola, in the United District Court of the Southern District of Florida, Case Number 1:20-cv-23081-CMA.
~ Florida Cyber Lawyer, Robert Stines, Esq., CIPP