Press releases
Amnesty staff targeted with malicious spyware over 'Washington Saudi protest'
Attack seems to be part of a surveillance campaign used to spy on human rights defenders worldwide and prevent their vital work
“We believe that this was a deliberate attempt to infiltrate Amnesty by a government hostile to our human rights work” - Joshua Franco
An Amnesty International staff member has been targeted by a sophisticated surveillance campaign, in what the organisation suspects was a deliberate attempt to spy on its staff by a government hostile to its work.
In early June this year, an Amnesty employee received a suspicious WhatsApp message in Arabic. The text contained details about an alleged protest outside the Saudi embassy in Washington DC, followed by a link to a website. Investigations by Amnesty’s technology team revealed that clicking the link would have installed “Pegasus”, a sophisticated surveillance tool developed by the Israel-based company NSO Group.
Joshua Franco, Amnesty International’s Head of Technology and Human Rights, said:
“NSO Group is known to only sell its spyware to governments. We therefore believe that this was a deliberate attempt to infiltrate Amnesty by a government hostile to our human rights work.
“The potent state hacking tools manufactured by NSO Group allow for an extraordinarily invasive form of surveillance. A smartphone infected with Pegasus is essentially controlled by the attacker – it can relay phone calls, photos, messages and more, directly to the operator. This chilling attack on Amnesty highlights the grave risk posed to activists around the world by this kind of surveillance technology.”
In a statement to Amnesty, NSO Group said that their product “is intended to be used exclusively for the investigation and prevention of crime and terrorism” and that any other use violate their policies and contracts.
Alleged Saudi protest used as bait
The WhatsApp message was sent to Amnesty as the organisation was campaigning for the release of six women’s rights activists detained in Saudi Arabia.
The message, carefully analysed by Amnesty’s technology experts, read: “Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington. My brother was detained in Ramadan and I am on a scholarship here so please do not link me to this. [LINK]. Cover the protest now it will start in less than an hour. We need your support please.”
The link, if clicked, would have allowed the Pegasus software to infect the user’s smartphone, tracking keystrokes, taking control of the phone’s cameras and microphone and accessing contact lists.
Amnesty’s investigation also discovered that another Saudi Arabia rights activist received a similar malicious message.
Connection to NSO Group and 600 suspicious websites
Further investigations by Amnesty revealed that the domain link in the message belongs to a large infrastructure of more than 600 suspicious websites which had been previously connected to NSO Group. Amnesty is concerned that these could be used to bait and spy on activists in countries including Kenya, Democratic Republic of Congo and Hungary, in addition to countries in the Gulf.
Last year Toronto-based research group Citizen Lab uncovered NSO Group’s involvement in a similar spyware scheme in Mexico. Human rights defenders, journalists and opposition party leaders were targeted by false messages containing Pegasus software in an attempt to silence government opposition. Pegasus was also used to target the Emirati award-winning human rights defender Ahmed Mansoor, who has been in prison in the United Arab Emirates since March last year.
Joshua Franco, continued:
“The message sent to us seems to be part of a much broader surveillance campaign, which we suspect is being used to spy on human rights defenders worldwide and prevent their vital work.
“Defending human rights is not a crime, and we refuse to be intimidated by this attack. Attempts to spy on us will never prevent Amnesty from speaking up for truth, justice and equality. We are working with human rights defenders to help them protect themselves against similar cowardly attacks, and ensure that abusive governments cannot use technology to silence them.”
Corporate responsibility
While law enforcement agencies in many countries have used secret surveillance in relation to national security objectives, Amnesty is concerned that in many cases surveillance is being carried out in a manner contrary to international human rights law. Tools like Pegasus are especially problematic from a human rights law perspective as they are so deeply invasive.
As laid out in the UN Guiding Principles on Business and Human Rights, companies also have a responsibility to respect human rights wherever they operate in the world.
NSO Group response
In a written response, NSO Group said: “NSO Group develops cyber technology to allow government agencies to identify and disrupt terrorist and criminal plots. Our product is intended to be used exclusively for the investigation and prevention of crime and terrorism. Any use of our technology that is counter to that purpose is a violation of our policies, legal contracts, and the values that we stand for as a company.
"If an allegation arises concerning a violation of our contract or inappropriate use of our technology, as Amnesty has offered, we investigate the issue and take appropriate action based on those findings. We welcome any specific information that can assist us in further investigating of the matter.”