» Gulf

Amnesty, Saudi Activists Targets to Spyware Program Developed by Israeli Company (Citizen Lab, Amnesty)

2018-08-03 - 6:32 p

Bahrain Mirror: Amnesty International and Citizen Lab issued two reports revealing the targeting of Amnesty by a spyware program developed by the Israeli NSO Group.

In June 2018, an Amnesty International staff member received a malicious WhatsApp message with Saudi Arabia-related bait content and carrying links Amnesty International believed are used to distribute and deploy sophisticated mobile spyware, Amnesty said in its report.

Through the course of the organization's subsequent investigation, it discovered that a Saudi activist based abroad had also received similar malicious messages. In its analysis of these messages, Amnesty International found connections with a network of over 600 domain names. Not only are these domain names suspicious, but they also overlap with infrastructure that had previously been identified as part of Pegasus, a sophisticated commercial exploitation and spyware platform sold by the Israel surveillance vendor, NSO Group. Citizen Lab website stressed these information in its report that was published coinciding with the Amnesty's.

In the report published on its website, Citizen Lab, at the University of Toronto's Munk School of Global Affairs, said that "Pegasus spyware allows an operator to snoop on activity in the vicinity of an infected device by turning on the device's webcam and microphone, to record calls and log messages in mobile chat apps, and to track the device's movements."  

Amnesty stated "The message was clearly an attempt to trick our colleague into clicking on the link, which pointed to a domain name akhbar-arabia.com."

The organization could identify one other human rights defender from Saudi Arabia, who also received malicious SMS messages. These messages carried links to domains which it identified as part of that same network infrastructure used by NSO Group or its customers to deliver exploits and malware designed to silently harvest data from the victims' phones.

In late May, the activist received a message from an unknown number. Amnesty also identified this domain to be connected to that same NSO Group's infrastructure. In a report coordinated with this publication, Citizen Lab notes that the same domain social-life[.]info has in fact been sent through very similar SMS messages to other people in the Gulf region.

Shortly after, the activist received yet another suspicious message from an unknown number mentioning specifically the driving ban on women in Saudi Arabia. Interestingly, the text of the message is verbatim the title of Amnesty International's press release, issued ahead of the decision to lift the ban entering into force.

Unfortunately, because the bit.ly link had been disabled or deleted before we obtained copies of the message, we have not been able to confirm whether this was also carrying a link connected to known NSO Group's infrastructure.

Amnesty International contacted NSO Group with its findings, and they provided the following statement on (July 31, 2018) "NSO Group develops cyber technology to allow government agencies to identify and disrupt terrorist and criminal plots. [...] If an allegation arises concerning a violation of our contract or inappropriate use of our technology, as Amnesty has offered, we investigate the issue and take appropriate action based on those findings. We welcome any specific information that can assist us in further investigating of the matter."

In this context, Amnesty International as well as numerous other human rights organizations have documented cases where surveillance has been and continues to be carried out in a manner contrary to international human rights law, noting that surveillance through the use of state-hacking tools such as those that NSO group provides is an extraordinarily invasive form of surveillance, and thus an especially problematic one under international human rights law and standards.

Citizen Lab report indicated that since its first publication in 2016 that included case of Emirati human rights defender Ahmed Mansoor, who was targeted by Pegasus related to NSO, it revealed the abusive misuse of NSO Group's spyware.

The website said that "at the time of writing, various reports indicate that up to 175 individuals may have been inappropriately targeted with NSO Group's spyware in violation of their internationally-recognized human rights."

Arabic Version


comments powered by Disqus