Amnesty International blames ‘hostile government’ after Israeli-made spyware targets staff

The organisation was targeted by a ‘sophisticated campaign’ that has seen 175 attacks around the world since 2016

Amnesty International has disclosed how its staff were targeted in a spyware attack launched by what it believes to be "a government hostile to its work".

Alarms sounded in June after an Amnesty researcher received a suspicious WhatsApp message with details of an alleged protest outside the Saudi embassy in Washington DC, along with a link to a website.

An investigation by the charity's technology team revealed clicking this would have installed a surveillance tool called "Pegasus", developed by Israeli-based company NSO Group. The software enables an "extraordinarily invasive form of surveillance" and allows a malicious actor to intercept phone calls, and messages received on the handset, the charity claims.

"NSO Group is known to only sell its spyware to governments. We therefore believe that this was a deliberate attempt to infiltrate Amnesty International by a government hostile to our human rights work," said Amnesty International's head of technology and human rights Joshua Franco.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"This chilling attack on Amnesty International highlights the grave risk posed to activists around the world by this kind of surveillance technology."

Researchers from the University of Toronto's Citizen Lab, which investigates digital espionage among other subjects, corroborated Amnesty's assessment, suggesting the SMS messages Amnesty received contain domain names pointing to websites that appear to be part of NSO Group's Pegasus infrastructure.

Citizen Lab's researchers found the domains social-life.info and akhbar-arabia.com, which appeared on the WhatsApp messages, were consistent with the Pegasus infrastructure they had been tracking since 2016.

The organisation suggest the contents of the WhatsApp message were connected with the organisation's campaigning that week for the release of six women's rights activists being detained in Saudi Arabia. The organisation learned a Saudi Arabian rights activist received a similar message shortly afterwards.

"Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington," the message read. "My brother was detained in Ramadan and I am on a scholarship here so please do not link me to this. [LINK]. Cover the protest now it will start in less than an hour. We need your support please."

Citizen Lab has identified 175 reported such instances of surveillance with ties to NSO in its experience, with up to 150 incidents in Panama alone, as well as reports from the United Arab Emirates, Mexico and Saudi Arabia.

Advertisement - Article continues below

The institution's researchers identified the links as matching websites appearing as part of NSO's new infrastructure that retains a Saudi-focus. They concluded the messages appear to represent attempts to infect the Amnesty researcher and the Saudi activist based abroad with NSO Group's Pegasus spyware.

"NSO Group develops cyber technology to allow government agencies to identify and disrupt terrorist and criminal plots," the Israeli-based company said.

"Our product is intended to be used exclusively for the investigation and prevention of crime and terrorism. Any use of our technology that is counter to that purpose is a violation of our policies, legal contracts, and the values that we stand for as a company.

"If an allegation arises concerning a violation of our contract or inappropriate use of our technology, as Amnesty has offered, we investigate the issue and take appropriate action based on those findings. We welcome any specific information that can assist us in further investigating of the matter."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

20 Sep 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020