Skip to main content

NSO has carried out 'unlawful' surveillance to target Amnesty staff members, HRDs


Counterview Desk
Following the exposure that Israeli spyware Pegasus, manufactured by NSO Group, has been used as a surveillance tool on smartphones used by about 1,500 human rights defenders (HRDs), journalists and activists, including in India, the top rights body, Amnesty International India, has appealed to those who have received a notification immediately to get in touch with Amnesty Tech at share@amnesty.tech for support.
An Amnesty release on November 2 said that the rights body could also be contacted “on Signal or WhatsApp at +44 7492 882216”, adding, “We would be keen to provide support to HRDs, who have been targeted, to ensure they take defensive security measures immediately, as well as to understand more about the attacks and investigate possible infections.”
Meanwhile, Amnesty has put out questions and answers for HRDs, activist, or journalist based in India to understand NSO Group’s spyware Pegasus especially the WhatsApp targeting.

Text:

Q: What do we know about the NSO Group and its ‘Pegasus’ Spyware?
A: ‘NSO Group’ is an Israeli spyware manufacturer that claims to sell its surveillance tools – the most well-known being its Pegasus spyware – exclusively to governments and government agencies ‘to combat terror and crime’.
Its products have been misused multiple times to conduct unlawful surveillance against human rights defenders. In the past, it has been used to target an Amnesty International staff member, HRDs, activists, and journalists from Saudi Arabia, UAE, Mexico, Morocco, and Rwanda.
Q: How does Pegasus work?
A: If infected by the Pegasus spyware, the user’s Smartphone is compromised. It can track keystrokes, take control of the phone’s camera and microphone, and access contact lists and encrypted messages.
Until now, Pegasus is known to be delivered through SMS messages carrying malicious links and through exploiting a zero-day vulnerability on WhatsApp. In the latter, intrusive spyware could be delivered on to the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp.
In addition to this, Amnesty International has also found evidence of network injection attacks that could also be attributed to NSO Group. Network injection attacks are generally called “man-in-the-middle” attacks. Through this, an attacker with access to a target’s mobile network connection can monitor and opportunistically hijack web traffic and silently re-route the web browser to malicious exploit pages.
Q: How did the targeting via WhatsApp work?
A: NSO Group exploited a security vulnerability in WhatsApp until May 2019. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device. Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls. Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs. Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
Q: If I didn’t receive a notification from WhatsApp, does this mean I wasn’t targeted by NSO Group’s tools?
A: NSO Group’s Pegasus tool is used for targeted attacks and by design, is not meant for mass surveillance. This means that only select individuals would have been targeted. However, if you are a high risk user, i.e., an activist, journalist, or HRD involved in politically sensitive activism, you cannot presume that you have not been targeted simply because you haven’t received a notification from WhatsApp.
The attack was delivered by exploiting a vulnerability in WhatsApp. However, NSO Pegasus infections can also be delivered through other means. Based on information revealed by our own investigations, an Amnesty International staffer was targeted using SMS messages. One HRD in Morocco was targeted both before and after the attacks using the WhatsApp exploit, but not with the WhatsApp exploit itself. Both of them were targeted using SMS messages containing malicious links and network injection attacks that could also be attributed to NSO Group’s tools. This indicates that NSO Group has the documented capability to deliver infections through means other than WhatsApp.
Q: If WhatsApp was targeted, can’t I just switch to another encrypted platform?
A: No. A vulnerability in the WhatsApp software was exploited to deliver the spyware. All complex software can have these types of vulnerabilities. This vulnerability was not a flaw in WhatsApp’s end-to-end encryption protocol.
This also does not mean that only the Whatsapp data of the target was compromised. If the attack attempt was successful, the spyware would gain full access to the device. Any other data on the device including encrypted platforms such as Signal or Telegram could then also have been accessed.
Q: Can Pegasus plant data into my devices?
A: Based on publicly available information, planting data is not a feature of NSO Group’s Pegasus spyware.
Q: What steps can I take to protect myself?
A: None of the security best practices offer complete and foolproof protection. However, it is a good practice to install the latest software updates of operating systems and encrypted messaging applications on your mobile device.
Pegasus remains a relatively uncommon threat and standard digital hygiene steps are still important. Keep your devices software up-to-date. Use a unique password for each service that you use and store these passwords in a secure password manager. Enable two-factor authentication on all accounts where it is available.

Comments

TRENDING

Savarkar 'criminally betrayed' Netaji and his INA by siding with the British rulers

By Shamsul Islam*
RSS-BJP rulers of India have been trying to show off as great fans of Netaji. But Indians must know what role ideological parents of today's RSS/BJP played against Netaji and Indian National Army (INA). The Hindu Mahasabha and RSS which always had prominent lawyers on their rolls made no attempt to defend the INA accused at Red Fort trials.

RSS supremo Deoras 'supported' Emergency, but Indira, Sanjay Gandhi 'didn't respond'

By Shamsul Islam*
National Emergency was imposed on the country by then Prime Minister Indira Gandhi on June 25-26, 1975, and it lasted for 19 months. This period is considered as ''dark times' for Indian democratic polity. Indira Gandhi claimed that due to Jaiprakash Narayan's call to the armed forces to disobey the 'illegal' orders of Congress rulers had created a situation of anarchy and there was danger to the existence of Indian Republic so there was no alternative but to impose Emergency under article 352 of the Constitution.

Letter to friends, mentors: Coming together of class, communal, corona viruses 'scary'

By Prof (Dr) Mansee Bal Bhargava*
COVID greetings from Ahmedabad to dear mentors and friends from around the world…
I hope you are keeping well and taking care of yourself besides caring for the people around you. I’m writing to learn how is the science and the society coping with the prevention and cure of the pandemic. I’m also writing to share the state of the corona virus that is further complicated with the long-standing class and communal viruses.

Hurried nod to Western Ghat projects: 16 lakh Goans' water security 'jeopardised'

Counterview Desk
Taking strong exception to "virtual clearances" to eco-sensitive projects in the Western Ghats, the National Alliance of People’s Movements (NAPM) in a statement has said urged for a review of the four-lane highway, 400 KV transmission line and double tracking of the railway line through the Bhagwan Mahavir Wildlife Sanctuary and Mollem National Park in Goa.

Disturbing signal? Reliance 'shifting focus' away from Indian petrochemical sector

By NS Venkataraman*
Reliance Industries Ltd (RIL), a large Indian company, has expanded and grown in a spectacular manner during the last few decades, like of which no industrial group in India has performed before. RIL is now involved in multi various activities relating to petroleum refineries, petrochemicals, oil and gas exploration, coal bed methane, life sciences, retail business, communication network, (Jio platform) media/entertainment etc.

India under Modi among top 10 autocratizing nations, on verge of 'losing' democracy status

By Rajiv Shah
A new report, prepared by a top Swedish institute studying liberal democracy, has observed that there has been a sharp “dive in press freedom along with increasing repression of civil society in India associated with the current Hindu-nationalist regime of Prime Minister Narendra Modi.” The report places India among the top 10 countries that “have autocratized the most”. Other countries that have been identified for rolling towards autocracy are -- Hungary, Turkey, Poland, Serbia, Brazil, Mali, Thailand, Nicaragua and Zambia.

Case for nationalising India's healthcare system amidst 'strong' private control

Counterview Desk
A draft discussion note, prepared by Dr Maya Valecha, a Gujarat-based gynecologist and activist, sent to the People's Union for Civil Liberties (PUCL) as also a large number of activists, academics and professionals as an email alert, is all set to create a flutter among policy experts for its strong insistence on nationalizing India’s healthcare system.

Oxfam on WB project: ICT 'ineffective', privatised learning to worsen gender divide

By Rajiv Shah 
A top multinational NGO, with presence in several developed and developing countries, has taken strong exception to the World Bank part-funding Strengthening Teaching-Learning and Results for States (STARS) project in six Indian states – Himachal Pradesh, Kerala, Rajasthan, Madhya Pradesh, Maharashtra and Odisha – for its emphasis on information and communication technology (ICT)-enabled approaches for teacher development, student assessment and digital platform for early childhood education.

Coal blocks for tycoons: Rinchi village tribals may be declared forest land encroachers

By Gladson Dungdung*
On June 18, 2020, the Government of India initiated the process for auctioning 41 coal blocks for commercialisation. These coal blocks are located in different states within India and most of them fall under Fifth Schedule areas. The Indian government claims that their decision to auction these coal areas is a big step towards making the country Atmanirbhar Bharat (self-reliant) in the energy sector.