Skip to main content

NSO has carried out 'unlawful' surveillance to target Amnesty staff members, HRDs


Counterview Desk
Following the exposure that Israeli spyware Pegasus, manufactured by NSO Group, has been used as a surveillance tool on smartphones used by about 1,500 human rights defenders (HRDs), journalists and activists, including in India, the top rights body, Amnesty International India, has appealed to those who have received a notification immediately to get in touch with Amnesty Tech at share@amnesty.tech for support.
An Amnesty release on November 2 said that the rights body could also be contacted “on Signal or WhatsApp at +44 7492 882216”, adding, “We would be keen to provide support to HRDs, who have been targeted, to ensure they take defensive security measures immediately, as well as to understand more about the attacks and investigate possible infections.”
Meanwhile, Amnesty has put out questions and answers for HRDs, activist, or journalist based in India to understand NSO Group’s spyware Pegasus especially the WhatsApp targeting.

Text:

Q: What do we know about the NSO Group and its ‘Pegasus’ Spyware?
A: ‘NSO Group’ is an Israeli spyware manufacturer that claims to sell its surveillance tools – the most well-known being its Pegasus spyware – exclusively to governments and government agencies ‘to combat terror and crime’.
Its products have been misused multiple times to conduct unlawful surveillance against human rights defenders. In the past, it has been used to target an Amnesty International staff member, HRDs, activists, and journalists from Saudi Arabia, UAE, Mexico, Morocco, and Rwanda.
Q: How does Pegasus work?
A: If infected by the Pegasus spyware, the user’s Smartphone is compromised. It can track keystrokes, take control of the phone’s camera and microphone, and access contact lists and encrypted messages.
Until now, Pegasus is known to be delivered through SMS messages carrying malicious links and through exploiting a zero-day vulnerability on WhatsApp. In the latter, intrusive spyware could be delivered on to the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp.
In addition to this, Amnesty International has also found evidence of network injection attacks that could also be attributed to NSO Group. Network injection attacks are generally called “man-in-the-middle” attacks. Through this, an attacker with access to a target’s mobile network connection can monitor and opportunistically hijack web traffic and silently re-route the web browser to malicious exploit pages.
Q: How did the targeting via WhatsApp work?
A: NSO Group exploited a security vulnerability in WhatsApp until May 2019. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device. Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls. Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs. Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
Q: If I didn’t receive a notification from WhatsApp, does this mean I wasn’t targeted by NSO Group’s tools?
A: NSO Group’s Pegasus tool is used for targeted attacks and by design, is not meant for mass surveillance. This means that only select individuals would have been targeted. However, if you are a high risk user, i.e., an activist, journalist, or HRD involved in politically sensitive activism, you cannot presume that you have not been targeted simply because you haven’t received a notification from WhatsApp.
The attack was delivered by exploiting a vulnerability in WhatsApp. However, NSO Pegasus infections can also be delivered through other means. Based on information revealed by our own investigations, an Amnesty International staffer was targeted using SMS messages. One HRD in Morocco was targeted both before and after the attacks using the WhatsApp exploit, but not with the WhatsApp exploit itself. Both of them were targeted using SMS messages containing malicious links and network injection attacks that could also be attributed to NSO Group’s tools. This indicates that NSO Group has the documented capability to deliver infections through means other than WhatsApp.
Q: If WhatsApp was targeted, can’t I just switch to another encrypted platform?
A: No. A vulnerability in the WhatsApp software was exploited to deliver the spyware. All complex software can have these types of vulnerabilities. This vulnerability was not a flaw in WhatsApp’s end-to-end encryption protocol.
This also does not mean that only the Whatsapp data of the target was compromised. If the attack attempt was successful, the spyware would gain full access to the device. Any other data on the device including encrypted platforms such as Signal or Telegram could then also have been accessed.
Q: Can Pegasus plant data into my devices?
A: Based on publicly available information, planting data is not a feature of NSO Group’s Pegasus spyware.
Q: What steps can I take to protect myself?
A: None of the security best practices offer complete and foolproof protection. However, it is a good practice to install the latest software updates of operating systems and encrypted messaging applications on your mobile device.
Pegasus remains a relatively uncommon threat and standard digital hygiene steps are still important. Keep your devices software up-to-date. Use a unique password for each service that you use and store these passwords in a secure password manager. Enable two-factor authentication on all accounts where it is available.

Comments

TRENDING

Australia least prepared to fight Hindu 'extremism', admits diaspora NGO group

Tiranga rally in Sydney: Cause of stir among diaspora By Our Representative  The Australian Alliance Against Hate and Violence (AAAHAV) has said that Australia is “least prepared” to counter the allegedly “rising threat of Hindu far right extremism”. Calling upon politicians, federal and state governments to “urgently recognise the threat far-right Hindu extremism”, it asks “to take concrete steps to address this threat.”

Young environmentalist's arrest 'sinister', even parents not told of her whereabouts

By Our Representative  The Coalition for Environmental Justice in India (CEJI), a civil society network, has said that it is “highly disturbing” that Disha Ravi, a young woman climate activist from Bengaluru was “picked up” in what is referred to as a “closely guarded operation” of the Delhi police. Disha, 21, has been remanded to police custody for five days after she was taken from Bengaluru to Delhi.

Mukesh Ambani's earnings during Covid 'can lift' 40% informal workers out of poverty

By Dr Gian Singh*  The Inequality Virus Report released by Oxfam, a non-profit organization, on January 25, 2021 on the growing inequalities in different parts of the world, sheds light on the growing economic, educational, healthcare and gender inequalities in India. The report has revealed that the wealth of billionaires has increased by 35 per cent during the lockdown period in the country.

US forensic revelation enough evidence to release Sudha Bharadwaj, others: Civicus

Counterview Desk  Civicus, a Johannesburg-based global alliance of civil society organisations and activists claiming to have presence in 175 countries with 9,000 members and working for strengthening citizen action, has sought immediate release of Sudha Bharadwaj, arrested in 2018 under the anti-terror Unlawful Activities Prevention Act (UAPA) and accused of having links with the banned Communist Party of India (Maoist).

Swami Vivekananda's views on caste and sexuality were 'painfully' regressive

By Bhaskar Sur* Swami Vivekananda now belongs more to the modern Hindu mythology than reality. It makes a daunting job to discover the real human being who knew unemployment, humiliation of losing a teaching job for 'incompetence', longed in vain for the bliss of a happy conjugal life only to suffer the consequent frustration.

Golwalkar's views on tricolour, martyrs, minorities, caste as per RSS archives

By Shamsul Islam*  First time in the history of independent India, the in-charge minister of the Cultural Ministry in the current Modi government, Prahlad Singh Patel, has glorified MS Golwalkar, second supremo of the RSS and the most prominent ideologue of the RSS till date, on his birth anniversary, February 19. In a tweet he wrote : “Remembering a great thinker, scholar, and remarkable leader #MSGolwalkar on his birth anniversary. His thoughts will remain a source of inspiration & continue to guide generations.”

'Bird, take me flying with you too!' Being Devangana Kalita

By Ashley Tellis*  I first met Devangana Kalita in a first year English Honours classroom in which I entered to teach Charles Dickens’ Hard Times in Miranda House, Delhi University, in 2008. She was one of the smartest students in the class – Devangana smiled the most and had the brightest twinkle in her eyes of the girls in the class. A middle class girl – Kalita comes from a family in upper Assam, the Kalitas along with the Brahmins dominate Assam (the Bamon-Kolita nexus as it is called) – in an elite all women’s institution known for a feminist, rebellious history. Like all institutions, it was repressive; like all all-women institutions, particularly so. But Miranda House had met its match in Devangana. She organised, protested, all within the democratic tradition resisted. The seeds of Pinjra Tod, the group Devangana was to eventually co-found, and which now finds her jailed for as absurd a reason as inciting a ‘riot’ were already sown in that first year. By the third year, they

20% of FIRs against journalists in 2020 alone, targeted attacks in 2021 'too many to count'

Counterview Desk  Condemning what it calls “alarming rise in state repression and clampdown on news outlets and journalists” that “expose” the anti-people nature of the establishment, India's top civil society network, National Alliance of People’s Movements (NAPM) has demanded “immediate release of arrested journalists, withdrawal of arbitrary charges and protection of media persons facing threats.”

Whither right to food? Social security scheme allocation for woman, child 'reduced'

Counterview Desk Pointing out that women and children have been ignored in the Union Budget 2021-22, the advocacy group Right to Food Campaign (RtFC) has said that the Government of India should have taken into account the fact that even after the lockdown was lifted, distress among marginalized communities continues, with people having lower incomes and reduced food consumption.

NAPM extends support to Indian, Aussie citizen groups 'opposing' Adani ventures

#StopAdani action in Australia  Counterview Desk  The civil rights network, National Alliance of People’s Movements (NAPM), extending solidarity to the global campaign by the Youth Action to Stop Adani (YAStA), held in recently in Australia and India, has said that the effort was to bring more attention to the struggle aboriginal, indigenous peoples, farmers, working class and other oppressed communities against allegedly anti-people multinational corporate conglomerates.