Skip to main content

NSO has carried out 'unlawful' surveillance to target Amnesty staff members, HRDs


Counterview Desk
Following the exposure that Israeli spyware Pegasus, manufactured by NSO Group, has been used as a surveillance tool on smartphones used by about 1,500 human rights defenders (HRDs), journalists and activists, including in India, the top rights body, Amnesty International India, has appealed to those who have received a notification immediately to get in touch with Amnesty Tech at share@amnesty.tech for support.
An Amnesty release on November 2 said that the rights body could also be contacted “on Signal or WhatsApp at +44 7492 882216”, adding, “We would be keen to provide support to HRDs, who have been targeted, to ensure they take defensive security measures immediately, as well as to understand more about the attacks and investigate possible infections.”
Meanwhile, Amnesty has put out questions and answers for HRDs, activist, or journalist based in India to understand NSO Group’s spyware Pegasus especially the WhatsApp targeting.

Text:

Q: What do we know about the NSO Group and its ‘Pegasus’ Spyware?
A: ‘NSO Group’ is an Israeli spyware manufacturer that claims to sell its surveillance tools – the most well-known being its Pegasus spyware – exclusively to governments and government agencies ‘to combat terror and crime’.
Its products have been misused multiple times to conduct unlawful surveillance against human rights defenders. In the past, it has been used to target an Amnesty International staff member, HRDs, activists, and journalists from Saudi Arabia, UAE, Mexico, Morocco, and Rwanda.
Q: How does Pegasus work?
A: If infected by the Pegasus spyware, the user’s Smartphone is compromised. It can track keystrokes, take control of the phone’s camera and microphone, and access contact lists and encrypted messages.
Until now, Pegasus is known to be delivered through SMS messages carrying malicious links and through exploiting a zero-day vulnerability on WhatsApp. In the latter, intrusive spyware could be delivered on to the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp.
In addition to this, Amnesty International has also found evidence of network injection attacks that could also be attributed to NSO Group. Network injection attacks are generally called “man-in-the-middle” attacks. Through this, an attacker with access to a target’s mobile network connection can monitor and opportunistically hijack web traffic and silently re-route the web browser to malicious exploit pages.
Q: How did the targeting via WhatsApp work?
A: NSO Group exploited a security vulnerability in WhatsApp until May 2019. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device. Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls. Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs. Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
Q: If I didn’t receive a notification from WhatsApp, does this mean I wasn’t targeted by NSO Group’s tools?
A: NSO Group’s Pegasus tool is used for targeted attacks and by design, is not meant for mass surveillance. This means that only select individuals would have been targeted. However, if you are a high risk user, i.e., an activist, journalist, or HRD involved in politically sensitive activism, you cannot presume that you have not been targeted simply because you haven’t received a notification from WhatsApp.
The attack was delivered by exploiting a vulnerability in WhatsApp. However, NSO Pegasus infections can also be delivered through other means. Based on information revealed by our own investigations, an Amnesty International staffer was targeted using SMS messages. One HRD in Morocco was targeted both before and after the attacks using the WhatsApp exploit, but not with the WhatsApp exploit itself. Both of them were targeted using SMS messages containing malicious links and network injection attacks that could also be attributed to NSO Group’s tools. This indicates that NSO Group has the documented capability to deliver infections through means other than WhatsApp.
Q: If WhatsApp was targeted, can’t I just switch to another encrypted platform?
A: No. A vulnerability in the WhatsApp software was exploited to deliver the spyware. All complex software can have these types of vulnerabilities. This vulnerability was not a flaw in WhatsApp’s end-to-end encryption protocol.
This also does not mean that only the Whatsapp data of the target was compromised. If the attack attempt was successful, the spyware would gain full access to the device. Any other data on the device including encrypted platforms such as Signal or Telegram could then also have been accessed.
Q: Can Pegasus plant data into my devices?
A: Based on publicly available information, planting data is not a feature of NSO Group’s Pegasus spyware.
Q: What steps can I take to protect myself?
A: None of the security best practices offer complete and foolproof protection. However, it is a good practice to install the latest software updates of operating systems and encrypted messaging applications on your mobile device.
Pegasus remains a relatively uncommon threat and standard digital hygiene steps are still important. Keep your devices software up-to-date. Use a unique password for each service that you use and store these passwords in a secure password manager. Enable two-factor authentication on all accounts where it is available.

Comments

TRENDING

Mystery around Gujarat PSU 'transfer' of Rs 250 crore to Canadian firm Karnalyte

By AK Luke, IAS (Retd)*
While returning from a Board meeting of the Oil India Limited (OIL) in Ahmedabad some time in 2012, two officers of the Gujarat State Fertilizers and Chemicals Ltd (GSFC), Nanavaty and Patel,  saw me off at the airport. They said they were proceeding to Canada in connection with a project GSFC had entered into with a company there. As we were running late, I hastily wished them the best.

Savarkar in Ahmedabad 'declared' two-nation theory in 1937, Jinnah followed 3 years later

By Our Representative
One of the top freedom fighters whom BJP and Prime Minister Narendra Modi revere the most, Vinayak Damodar Savarkar, was also a great supporter of the two nation theory for India, one for Hindus another for Muslims, claims a new expose on the man who is also known to be the original proponent of the concept of Hindutva.

Indians have made 119 nations their ‘karma bhumi’: US-based Hindu NGO tells Rupani

Counterview Desk
In a stinging letter to Gujarat chief minister Vijay Rupani, the US-based Hindus for Human Rights (HfHR), referring to the report citing his justification for the Citizenship Amendment Act (CAA) – that “while Muslims can choose any one of the 150 Islamic countries in the world (for residence), India is the only country for Hindus" – has said, he should remember, Hindus have made several countries, including USA, their home.

J&K continues to be haunted, as parts of India 'degenerate' into quasi-Kashmir situation

By Rajendran Narayanan*, Sandeep Pandey**
“Jab har saans mein bandook dikhe toh baccha kaise bekhauf rahe?” (How can a child be fearless when she sees a gun in every breath?) remarked Anwar, a gardener from Srinagar, when asked about the situation in Kashmir. On November 30, 2019, a walk through an iron gate in a quiet neighbourhood of Srinagar took us inside a public school. It was 11 am when typically every school is abuzz with activity. Not here though.

Tata Mundra's possible closure? Power ministry's 'pressure tactic' on consumer states

By Bharat Patel*
Tata power has announced to the Union Ministry of Power that Tata Power may be forced to stop operating  its imported coal-based Mundra Ultra-Mega Power Project (UMPP) after February, 2020. It is not only unfortunate but also criminal that irreversible damage has been caused to the fragile ecosystem of Mundra coast for a project that will have a running life of only seven years.

What about religious persecution of Dalits, Adivasis, asks anti-CAA meet off Ahmedabad

By Rajiv Shah
A well-attended Dalit rights meet under the banner “14 Pe Charcha” (discussion on Article 14 of the Indian Constitution), alluding to Prime Minister Narendra Modi well-known campaign phrase of the 2014 Parliamentary elections, “chai pe charcha” (discussion over cup of tea), organized off Ahmedabad, has resolved on Wednesday to hold a 14 kilometres-long rally on April 14 to oppose the controversial Citizenship Amendment Act (CAA), enacted on December 10-11.

Upendra Baxi on foolish excellence, Indian judges and Consitutional cockroaches

By Rajiv Shah
In a controversial assertion, top legal expert Upendra Baxi has sought to question India's Constitution makers for neglecting human rights and social justice. Addressing an elite audience in Ahmedabad, Prof Baxi said, the constitutional idea of India enunciated by the Constituent Assembly tried to resolve four key conflicting concepts: governance, development, rights and justice.

Population control? 10% Indian couples want to delay next pregnancy, but fail

Counterview Desk
Shireen Jejeebhoy, director at Aksha Centre for Equity and Wellbeing, previously senior associate at the Population Council, India, argues that the debate on the country's population was fuelled by Prime Minister Narendra Modi’s Independence Day address to the nation, where he drew attention to “concern” about the challenges posed by this ‘exploding’ population growth, needs to centre around the promotion of rights and education, instead of the language of explosion and the threat of coercion that this term implies.

Kerala governor turned History Congress into political arena, 'insulted' Prof Irfan Habib

Counterview Desk
In a signed statement, office bearers of the Aligarh Society of History and Archaeology (ASHA), Prof Syed Ali Nadeem Rezavi (president), Prof Jabir Raza (vice-president), Prof Manvendra Kumar Pundhir (secretary) and Prof Farhat Hasan (joint secretary), have said that Kerala governor Arif Mohammad Khan had sought to insult veteran historian Prof Irfan Habib, 88, at the 80th session of the Indian History Congress, even as turning it into his “political arena”.