'Chilling attack': Amnesty says employee targeted by 'hostile government' using Israeli-made spyware
Amnesty International has said that an employee was targeted by a sophisticated Israeli-made spyware, stressing that it was "a deliberate attempt" to snoop on the group by a government "hostile" to the organization's work.
The incident took place in June this year when an unnamed Amnesty employee received a cryptic message via WhatsApp messenger. It contained a malicious link to a website which installs spyware when visited.
Amnesty said such links are "used to distribute and deploy sophisticated mobile spyware" and are part of the Pegasus spyware platform sold by Israeli surveillance vendor, NSO Group. The spyware is able to "relay phone calls, photos, messages and more," Amnesty added.
NSO Group "is known to only sell its spyware to governments," Joshua Franco, Amnesty International's Head of Technology and Human Rights said. He stressed that the group believes that this was "a deliberate attempt to infiltrate Amnesty International by a government hostile to our human rights work."
A malicious WhatsApp message with #SaudiArabia-related bait content, carrying links we believe are used to infect victims with highly sophisticated mobile spyware, were sent to our staff member. Read our full investigation here. https://t.co/TkzSMp8BXG
— AmnestyInternational (@amnesty) August 1, 2018
"The potent state hacking tools manufactured by NSO Group allow for an extraordinarily invasive form of surveillance," he said, adding that the "chilling attack" on Amnesty International "highlights the grave risk posed to activists around the world by this kind of surveillance technology."
The text of the message, written in Arabic, contained details about an alleged protest near the Saudi embassy in Washington D.C. Notably it was sent almost a week after the group organized campaigns for the release of women's rights activists who were detained in Saudi Arabia.
"Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington. My brother was detained in Ramadan and I am on a scholarship here so please do not link me to this. [LINK to Pegasus]. Cover the protest now it will start in less than an hour. We need your support please," the mysterious message said. The human rights group added screenshots and translation of the text.
Later, Amnesty found that a similar message was also sent to a Saudi Arabian rights activist. According to Franco, the message seems to be a part of a "much broader surveillance campaign" which is suspected to be used to spy on human rights activists worldwide.
Replying to Amnesty's request, NSO Group explained that it develops cyber technology which is solely "intended to be used exclusively for the investigation and prevention of crime and terrorism." It promised to investigate the issue and "take appropriate action based on those findings."
According to a document named "Pegasus – Product Description" discovered in a leak of Hacking Team, an Italian spyware company back in 2015, the spyware "leaves no trace on the device" and is able to retrieve "any file from the device for deeper analysis." The document stresses that the system operator can choose to send a message, "luring the target to open it". "Single click, either planned or unintentional, on the link will result in hidden agent installation," it stresses.
This is not the first time Pegasus was involved in a spying scandal. In 2016, a botched hack attempt using the spyware on the iPhone of an Arab activist triggered Apple to issue an "important" security update for its mobile operating system, iOS. The attackers tried to lure Ahmed Mansoor, a human rights activist based in United Arab Emirates, with text messages containing a suspicious link to "secrets" about detainees tortured in Arab jails.
Think your friends would be interested? Share this story!