Skip to main content

NSO has carried out 'unlawful' surveillance to target Amnesty staff members, HRDs


Counterview Desk
Following the exposure that Israeli spyware Pegasus, manufactured by NSO Group, has been used as a surveillance tool on smartphones used by about 1,500 human rights defenders (HRDs), journalists and activists, including in India, the top rights body, Amnesty International India, has appealed to those who have received a notification immediately to get in touch with Amnesty Tech at share@amnesty.tech for support.
An Amnesty release on November 2 said that the rights body could also be contacted “on Signal or WhatsApp at +44 7492 882216”, adding, “We would be keen to provide support to HRDs, who have been targeted, to ensure they take defensive security measures immediately, as well as to understand more about the attacks and investigate possible infections.”
Meanwhile, Amnesty has put out questions and answers for HRDs, activist, or journalist based in India to understand NSO Group’s spyware Pegasus especially the WhatsApp targeting.

Text:

Q: What do we know about the NSO Group and its ‘Pegasus’ Spyware?
A: ‘NSO Group’ is an Israeli spyware manufacturer that claims to sell its surveillance tools – the most well-known being its Pegasus spyware – exclusively to governments and government agencies ‘to combat terror and crime’.
Its products have been misused multiple times to conduct unlawful surveillance against human rights defenders. In the past, it has been used to target an Amnesty International staff member, HRDs, activists, and journalists from Saudi Arabia, UAE, Mexico, Morocco, and Rwanda.
Q: How does Pegasus work?
A: If infected by the Pegasus spyware, the user’s Smartphone is compromised. It can track keystrokes, take control of the phone’s camera and microphone, and access contact lists and encrypted messages.
Until now, Pegasus is known to be delivered through SMS messages carrying malicious links and through exploiting a zero-day vulnerability on WhatsApp. In the latter, intrusive spyware could be delivered on to the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp.
In addition to this, Amnesty International has also found evidence of network injection attacks that could also be attributed to NSO Group. Network injection attacks are generally called “man-in-the-middle” attacks. Through this, an attacker with access to a target’s mobile network connection can monitor and opportunistically hijack web traffic and silently re-route the web browser to malicious exploit pages.
Q: How did the targeting via WhatsApp work?
A: NSO Group exploited a security vulnerability in WhatsApp until May 2019. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device. Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls. Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs. Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
Q: If I didn’t receive a notification from WhatsApp, does this mean I wasn’t targeted by NSO Group’s tools?
A: NSO Group’s Pegasus tool is used for targeted attacks and by design, is not meant for mass surveillance. This means that only select individuals would have been targeted. However, if you are a high risk user, i.e., an activist, journalist, or HRD involved in politically sensitive activism, you cannot presume that you have not been targeted simply because you haven’t received a notification from WhatsApp.
The attack was delivered by exploiting a vulnerability in WhatsApp. However, NSO Pegasus infections can also be delivered through other means. Based on information revealed by our own investigations, an Amnesty International staffer was targeted using SMS messages. One HRD in Morocco was targeted both before and after the attacks using the WhatsApp exploit, but not with the WhatsApp exploit itself. Both of them were targeted using SMS messages containing malicious links and network injection attacks that could also be attributed to NSO Group’s tools. This indicates that NSO Group has the documented capability to deliver infections through means other than WhatsApp.
Q: If WhatsApp was targeted, can’t I just switch to another encrypted platform?
A: No. A vulnerability in the WhatsApp software was exploited to deliver the spyware. All complex software can have these types of vulnerabilities. This vulnerability was not a flaw in WhatsApp’s end-to-end encryption protocol.
This also does not mean that only the Whatsapp data of the target was compromised. If the attack attempt was successful, the spyware would gain full access to the device. Any other data on the device including encrypted platforms such as Signal or Telegram could then also have been accessed.
Q: Can Pegasus plant data into my devices?
A: Based on publicly available information, planting data is not a feature of NSO Group’s Pegasus spyware.
Q: What steps can I take to protect myself?
A: None of the security best practices offer complete and foolproof protection. However, it is a good practice to install the latest software updates of operating systems and encrypted messaging applications on your mobile device.
Pegasus remains a relatively uncommon threat and standard digital hygiene steps are still important. Keep your devices software up-to-date. Use a unique password for each service that you use and store these passwords in a secure password manager. Enable two-factor authentication on all accounts where it is available.

Comments

TRENDING

Nobel laureates join international figures, seek release of Bhima Koregaon accused activists

Nobel laureates Olga Tokarczuk,  Wole Soyinka Counterview Desk  As many as 57 top international personalities, including Nobel laureates, academics, human rights defenders, lawyers cultural personalities, and members of Parliament of European countries, have urged the Prime Minister and the Chief Justice of India to ensure immediate release of human rights defenders in India “into safe conditions”.

Swami Vivekananda's views on caste and sexuality were 'painfully' regressive

By Bhaskar Sur* Swami Vivekananda now belongs more to the modern Hindu mythology than reality. It makes a daunting job to discover the real human being who knew unemployment, humiliation of losing a teaching job for 'incompetence', longed in vain for the bliss of a happy conjugal life only to suffer the consequent frustration.

Buddhist shrines massively destroyed by Brahmanical rulers in "pre-Islamic" era: Historian DN Jha's survey

Nalanda mahavihara By Our Representative Prominent historian DN Jha, an expert in India's ancient and medieval past, in his new book , "Against the Grain: Notes on Identity, Intolerance and History", in a sharp critique of "Hindutva ideologues", who look at the ancient period of Indian history as "a golden age marked by social harmony, devoid of any religious violence", has said, "Demolition and desecration of rival religious establishments, and the appropriation of their idols, was not uncommon in India before the advent of Islam".

Top ex-Gujarat babu tells Modi: Not yoga but solar system is our biggest source of energy

By Rajiv Shah  An email alert to Counterview from a top ex-IAS bureaucrat, termed as Gujarat’s turnaround man for revamping loss-making state public sector undertakings (PSUs), has sought to take a dig at Prime Minister Narendra Modi’s remark on the Yoga day – that the ancient Indian exercise provides an “infinite solutions” within ourselves, offering “the biggest source of energy in the universe.”

Hunger, lack of food security behind India's 'slip' in UN's sustainable development rank

By Dr Gian Singh*  According to a report released by the United Nations on June 6, 2021, India's ranking of achieving Sustainable Development based on the 17 Social Development Goals (SDGs) set by the 193 countries in the 2003 agenda, which was 115th last year, has slipped to 117th position this year. India ranks not only the lowest among the BRICS countries -- Brazil, the Russian Federation, India, China, and South Africa but also below the four South Asian countries -- Bhutan, Sri Lanka, Nepal, and Bangladesh.

Collapse of healthcare system? Why 90% of Covid patients treated at home survived

By Bobby Ramakant, Sandeep Pandey* Well known Hindustani classical singer Padma Vibhu shan Channulal Mishra, chosen as one of the proposers of Narendra Modi in Lok Sabha elections, lost his wife and elder daughter to Covid in private hospitals in Varanasi. Younger daughter has accused Medwin Hospital of charging Rs 1.5 lakh for treatement of her sister and not being able to explain the cause of death. Pandit Channulal Mishra has asked for a probe into his daughter’s death from the Chief Minister. The family has also asked for the CCTV footage of the ward where deceased daughter was admitted for a week.

Rooted in mistrust? Covid-19’s march into rural India is a very different ball game

By Sudhir Katiyar* As the Covid-19 virus penetrates rural India, the rural communities are responding very differently from their urban counterparts who rushed to the hospitals. The rural communities are avoiding the public health facilities and any mention of the disease. The note argues that this supposedly irrational response is based on a deep-seated mistrust of the state by the rural communities. It can not be resolved with routine Information, Education and Communication (IEC) measures suggested in the Government of India SOP for tackling Covid-19 in rural areas.

Courageous, in-depth attempt to confirm common spiritual values of Christ, Buddha

By RB Sreekumar, IPS*  All religions, both theistic and atheistic designed conceptual and practical architecture, for holistic and comprehensive elevation and enlightenment of humanity. PK Vijayan, in his novel “Nirvana of Jesus Christ” (Notion Press, 2020) through creative imagination portrayed personality evolution of the two progenitors of God-centric and sagaciously logical major religions – Jesus Christ of Christianity and Gautama Buddha of Buddhism.

Why hasn't Govt of India responded to US critique of freedom of religion under Modi?

By Fr Cedric Prakash SJ* About two weeks ago, on May 12, 2021, the US Secretary of State Antony J Blinken released in Washington the ‘2020 International Religious Freedom Report.’ This official annual report of the US Government details the status of religious freedom in nearly 200 foreign countries and territories and describes US actions to support religious freedom worldwide. Mandated by the International Religious Freedom Act of 1998, this report highlights the fact that ‘religious freedom is both a core American value and a universal human right’.

Covid fear? Cremation rituals gone upside down, Dalits asked to do Brahminical rituals

By Abhay Jain, Sandeep Pandey*  As Covid consumes human life in a very conspicuous way we are confronted with additional problem of disposing of human corpses. Cremation grounds are lit with continuous pyres, graveyards are running out of land and now Ganga has become a mass grave potentially polluting its water.