Skip to main content

NSO has carried out 'unlawful' surveillance to target Amnesty staff members, HRDs


Counterview Desk
Following the exposure that Israeli spyware Pegasus, manufactured by NSO Group, has been used as a surveillance tool on smartphones used by about 1,500 human rights defenders (HRDs), journalists and activists, including in India, the top rights body, Amnesty International India, has appealed to those who have received a notification immediately to get in touch with Amnesty Tech at share@amnesty.tech for support.
An Amnesty release on November 2 said that the rights body could also be contacted “on Signal or WhatsApp at +44 7492 882216”, adding, “We would be keen to provide support to HRDs, who have been targeted, to ensure they take defensive security measures immediately, as well as to understand more about the attacks and investigate possible infections.”
Meanwhile, Amnesty has put out questions and answers for HRDs, activist, or journalist based in India to understand NSO Group’s spyware Pegasus especially the WhatsApp targeting.

Text:

Q: What do we know about the NSO Group and its ‘Pegasus’ Spyware?
A: ‘NSO Group’ is an Israeli spyware manufacturer that claims to sell its surveillance tools – the most well-known being its Pegasus spyware – exclusively to governments and government agencies ‘to combat terror and crime’.
Its products have been misused multiple times to conduct unlawful surveillance against human rights defenders. In the past, it has been used to target an Amnesty International staff member, HRDs, activists, and journalists from Saudi Arabia, UAE, Mexico, Morocco, and Rwanda.
Q: How does Pegasus work?
A: If infected by the Pegasus spyware, the user’s Smartphone is compromised. It can track keystrokes, take control of the phone’s camera and microphone, and access contact lists and encrypted messages.
Until now, Pegasus is known to be delivered through SMS messages carrying malicious links and through exploiting a zero-day vulnerability on WhatsApp. In the latter, intrusive spyware could be delivered on to the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp.
In addition to this, Amnesty International has also found evidence of network injection attacks that could also be attributed to NSO Group. Network injection attacks are generally called “man-in-the-middle” attacks. Through this, an attacker with access to a target’s mobile network connection can monitor and opportunistically hijack web traffic and silently re-route the web browser to malicious exploit pages.
Q: How did the targeting via WhatsApp work?
A: NSO Group exploited a security vulnerability in WhatsApp until May 2019. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device. Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls. Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs. Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
Q: If I didn’t receive a notification from WhatsApp, does this mean I wasn’t targeted by NSO Group’s tools?
A: NSO Group’s Pegasus tool is used for targeted attacks and by design, is not meant for mass surveillance. This means that only select individuals would have been targeted. However, if you are a high risk user, i.e., an activist, journalist, or HRD involved in politically sensitive activism, you cannot presume that you have not been targeted simply because you haven’t received a notification from WhatsApp.
The attack was delivered by exploiting a vulnerability in WhatsApp. However, NSO Pegasus infections can also be delivered through other means. Based on information revealed by our own investigations, an Amnesty International staffer was targeted using SMS messages. One HRD in Morocco was targeted both before and after the attacks using the WhatsApp exploit, but not with the WhatsApp exploit itself. Both of them were targeted using SMS messages containing malicious links and network injection attacks that could also be attributed to NSO Group’s tools. This indicates that NSO Group has the documented capability to deliver infections through means other than WhatsApp.
Q: If WhatsApp was targeted, can’t I just switch to another encrypted platform?
A: No. A vulnerability in the WhatsApp software was exploited to deliver the spyware. All complex software can have these types of vulnerabilities. This vulnerability was not a flaw in WhatsApp’s end-to-end encryption protocol.
This also does not mean that only the Whatsapp data of the target was compromised. If the attack attempt was successful, the spyware would gain full access to the device. Any other data on the device including encrypted platforms such as Signal or Telegram could then also have been accessed.
Q: Can Pegasus plant data into my devices?
A: Based on publicly available information, planting data is not a feature of NSO Group’s Pegasus spyware.
Q: What steps can I take to protect myself?
A: None of the security best practices offer complete and foolproof protection. However, it is a good practice to install the latest software updates of operating systems and encrypted messaging applications on your mobile device.
Pegasus remains a relatively uncommon threat and standard digital hygiene steps are still important. Keep your devices software up-to-date. Use a unique password for each service that you use and store these passwords in a secure password manager. Enable two-factor authentication on all accounts where it is available.

Comments

TRENDING

'Enough evidence' in Indian tradition to support legal basis for same-sex marriage

By Iyce Malhotra, Joseph Mathai, Sandeep Chachra*  The ongoing hearing in the Supreme Court on same-sex marriage provides space for much-needed conversations on issues that have hitherto remained “invisible” or engaged with patriarchal locker room humour. We must recognize that people with diverse sexualities and complex gender identities have faced discrimination, stigma and decades of oppression. Their issues have mainly remained buried in dominant social discourse, and many view them with deep insecurities.

Buddhist shrines were 'massively destroyed' by Brahmanical rulers: Historian DN Jha

Nalanda mahavihara By Our Representative Prominent historian DN Jha, an expert in India's ancient and medieval past, in his new book , "Against the Grain: Notes on Identity, Intolerance and History", in a sharp critique of "Hindutva ideologues", who look at the ancient period of Indian history as "a golden age marked by social harmony, devoid of any religious violence", has said, "Demolition and desecration of rival religious establishments, and the appropriation of their idols, was not uncommon in India before the advent of Islam".

Victim of communal violence, Christians in Manipur want Church leadership to speak up

By Fr Cedric Prakash SJ*  The first eleven days of May 2023 have, in many ways, been a defining period of Indian history! Plenty has happened in a rapid-fire stream of events. Ironically, each one of them are indicators of how crimes and the criminalisation of society has become the ‘new norm’; these include, the May Day rallies with a focus on the four labour codes which are patently against the rights of workers; the U S Commission on International Religious Freedom (USCIRF) released its Annual Report on 1 May stating that conditions for religious freedom in India “continued to worsen in 2022”; the continued protest by the Indian women wrestlers at Jantar Mantar for the expulsion of the chief of the Indian Wrestlers Federation on very serious allegations; the Elections in Karnataka on 10 May (with communalism and corruption as the mainstay); the release of the fake, derogative and insensitive film ‘The Kerala Story’; the release of World Free Press Index on 3 May which places India

Swami Vivekananda's views on caste and sexuality were 'painfully' regressive

By Bhaskar Sur* Swami Vivekananda now belongs more to the modern Hindu mythology than reality. It makes a daunting job to discover the real human being who knew unemployment, humiliation of losing a teaching job for 'incompetence', longed in vain for the bliss of a happy conjugal life only to suffer the consequent frustration.

Polygamy in India "down" in 45 yrs: Muslims' from 5.7 to 2.55%, Hindus' 5.8 to 1.77%, "common" in SCs, STs

By Rajiv Shah Amidst All India Muslim Personal Law Board (AIMPLB) justifying polygamy, saying it “meets social and moral needs and the provision for it stems from concern and sympathy for women”, facts suggest the the practice is down from 5.7 per cent of Muslim families in 1961 to 2.55 per cent in 2006.

Modi govt 'wholly untrustworthy' on Covid data, censored criticism on pandemic: Lancet

By Rajiv Shah*   One of the world’s most prestigious health journals, brought out from England, has sharply criticised the Narendra Modi government for being “wholly untrustworthy on Covid-19 health data”, stating, the “official government figures place deaths at more than 530 000, while WHO excess death estimates for 2020 and 2021 are near 4·7 million.”

Undermining law, breastfeeding? Businesses 'using' celebrities to promote baby food

By Rajiv Shah*  A report prepared by the top child welfare NGO, Breastfeeding Promotion Network of India (BPNI), has identified as many as 15 offenders allegedly violating the Indian baby food law, the Infant Milk Substitutes Feeding Bottles, and Infant Foods (Regulation of Production, Supply and Distribution) Act 1992, and Amendment Act 2003 (IMS Act), stating, compliance with the law “seems to be dwindling by the day.”

Delhi demolitions for G-20 summit: Whither sabka saath, sabka vikas?, asks NAPM

By Our Representative  Well-known civil rights network, National Alliance of People's Movements (NAPM), even as expressing solidarity with “thousands of traumatized residents of Tughlakabad and some other bastis in New Delhi whose homes have been demolished and whose lives have been ravaged both prior to as well as in the lead-up to the G-20 Summit”, has said this is in utter disregard to “their minimum well-being and gross violation of their rights.”

'Misleading' Lancet estimates on zero food intake in infants, young children of India

By Srinivas Goli, Shalem Balla, Harchand Ram*  India is one of the world's hotspots for undernourished children, both in terms of prevalence and absolute numbers. Successive rounds of National Family Health Surveys ( NFHS ) have revealed that the progress observed since the early 1990s is far from what is expected when compared to the country's economic growth.

India joining US sponsored trade pillar to hurt Indian farmers, 'promote' GM seeds, food

Counterview Desk  As many as 32 civil society organisations (CSOs), in a letter to Union Commerce Minister Piyush Goyal on the Indo-Pacific Economic Framework (IPEF) and India joining the trade pillar, have said that its provisions will allow the US to ensure a more favourable regulatory regime “for enhancing its exports of genetically modified (GM) seeds and GM food”, underlining, it will “significantly hurt the livelihoods of Indian farmers.”