Skip to main content

NSO has carried out 'unlawful' surveillance to target Amnesty staff members, HRDs


Counterview Desk
Following the exposure that Israeli spyware Pegasus, manufactured by NSO Group, has been used as a surveillance tool on smartphones used by about 1,500 human rights defenders (HRDs), journalists and activists, including in India, the top rights body, Amnesty International India, has appealed to those who have received a notification immediately to get in touch with Amnesty Tech at share@amnesty.tech for support.
An Amnesty release on November 2 said that the rights body could also be contacted “on Signal or WhatsApp at +44 7492 882216”, adding, “We would be keen to provide support to HRDs, who have been targeted, to ensure they take defensive security measures immediately, as well as to understand more about the attacks and investigate possible infections.”
Meanwhile, Amnesty has put out questions and answers for HRDs, activist, or journalist based in India to understand NSO Group’s spyware Pegasus especially the WhatsApp targeting.

Text:

Q: What do we know about the NSO Group and its ‘Pegasus’ Spyware?
A: ‘NSO Group’ is an Israeli spyware manufacturer that claims to sell its surveillance tools – the most well-known being its Pegasus spyware – exclusively to governments and government agencies ‘to combat terror and crime’.
Its products have been misused multiple times to conduct unlawful surveillance against human rights defenders. In the past, it has been used to target an Amnesty International staff member, HRDs, activists, and journalists from Saudi Arabia, UAE, Mexico, Morocco, and Rwanda.
Q: How does Pegasus work?
A: If infected by the Pegasus spyware, the user’s Smartphone is compromised. It can track keystrokes, take control of the phone’s camera and microphone, and access contact lists and encrypted messages.
Until now, Pegasus is known to be delivered through SMS messages carrying malicious links and through exploiting a zero-day vulnerability on WhatsApp. In the latter, intrusive spyware could be delivered on to the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp.
In addition to this, Amnesty International has also found evidence of network injection attacks that could also be attributed to NSO Group. Network injection attacks are generally called “man-in-the-middle” attacks. Through this, an attacker with access to a target’s mobile network connection can monitor and opportunistically hijack web traffic and silently re-route the web browser to malicious exploit pages.
Q: How did the targeting via WhatsApp work?
A: NSO Group exploited a security vulnerability in WhatsApp until May 2019. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device. Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls. Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs. Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
Q: If I didn’t receive a notification from WhatsApp, does this mean I wasn’t targeted by NSO Group’s tools?
A: NSO Group’s Pegasus tool is used for targeted attacks and by design, is not meant for mass surveillance. This means that only select individuals would have been targeted. However, if you are a high risk user, i.e., an activist, journalist, or HRD involved in politically sensitive activism, you cannot presume that you have not been targeted simply because you haven’t received a notification from WhatsApp.
The attack was delivered by exploiting a vulnerability in WhatsApp. However, NSO Pegasus infections can also be delivered through other means. Based on information revealed by our own investigations, an Amnesty International staffer was targeted using SMS messages. One HRD in Morocco was targeted both before and after the attacks using the WhatsApp exploit, but not with the WhatsApp exploit itself. Both of them were targeted using SMS messages containing malicious links and network injection attacks that could also be attributed to NSO Group’s tools. This indicates that NSO Group has the documented capability to deliver infections through means other than WhatsApp.
Q: If WhatsApp was targeted, can’t I just switch to another encrypted platform?
A: No. A vulnerability in the WhatsApp software was exploited to deliver the spyware. All complex software can have these types of vulnerabilities. This vulnerability was not a flaw in WhatsApp’s end-to-end encryption protocol.
This also does not mean that only the Whatsapp data of the target was compromised. If the attack attempt was successful, the spyware would gain full access to the device. Any other data on the device including encrypted platforms such as Signal or Telegram could then also have been accessed.
Q: Can Pegasus plant data into my devices?
A: Based on publicly available information, planting data is not a feature of NSO Group’s Pegasus spyware.
Q: What steps can I take to protect myself?
A: None of the security best practices offer complete and foolproof protection. However, it is a good practice to install the latest software updates of operating systems and encrypted messaging applications on your mobile device.
Pegasus remains a relatively uncommon threat and standard digital hygiene steps are still important. Keep your devices software up-to-date. Use a unique password for each service that you use and store these passwords in a secure password manager. Enable two-factor authentication on all accounts where it is available.

Comments

TRENDING

ISKCON UK 'clarifies' after virus infects devotees, 5 die due to big temple meet

By Rajiv Shah
The International Society for Krishna Consciousness (ISKCON), United Kingdom (UK), has admitted that at least 21 of its devotees were infected because of the spread of the coronavirus amongst the UK devotee community following the March 12 funeral and March 15 memorial of the Bhaktivedanta Manor temple president, in which about 1,000 people participated. Regretting that five of the devotees have passed away, the top Hindu religious in Britain body does not deny more may have been infected.

Mallika Sarabhai releases speech she was 'not allowed' to give at NID Convocation on Feb 7

Counterview Desk
The National Institute of Design (NID) in Ahmedabad, a Ministry of Commerce and Industry body, landed itself in controversy following its decision to put off its 40th convocation ceremony, where noted danseuse Mallika Sarabhai was invited as chief guest. The ceremony was scheduled to be held on February 7.

As corona virus 'travels' to rural areas, NGO begins training tribals, marginalised women

By Souparno Chatterjee*
The World Health Organization (WHO) has declared corona virus a pandemic. Originating from Wuhan in China, it has traversed the entire globe, almost, and claimed more than 16,000 lives already. That’s largely the urban population. In India, despite all the preparedness and war-like promptness to safeguard against the pandemic, several lives have been lost , and hundreds of individuals have tested positive.

Rani Laxmi Bai, Tatya Tope 'martyred' by East India Company, Scindia's forefathers

By Our Representative
In an email alert to Counterview, well-known political scientist Shamsul Islam has said that was “shameful for any political party in democratic India to keep children of Sindhias in their flock” given their role during the First War of Indian Independence (1857). In a direct commentary on Madhya Pradesh Congress leader Jyotiraditya Scindia moving over to BJP, Prof Islam has quote from a British gazetteer to prove his point.

COVID-19: Dalit rights bodies regret, no relief plan yet for SCs, STs, marginalized

By Our Representative
In a letter to Prime Minister Narendra Modi, the National Dalit Watch-National Campaign on Dalit Human Rights, endorsed* by several other Dalit rights organizations, have insisted, the Government of India should particular care of the scheduled castes and tribes, trans folks, persons with disabilities and the women and children from these communities, while fighting against COVID-19 pandemic.

Coronavirus scare ‘pushing’ people from Northeast India into more hardship

By Rishiraj Sinha, Biswanath Sinha*
“No one is born hating another person because of the colour of his skin, or his background or his religion. People learn to hate, and if they can learn to hate, they can be taught to love, for love comes more naturally to the human heart than its opposite.” – Nelson Mandela
***

Modi, Shah 'forget': Gandhi’s first Satyagraha was against citizenship law of South Africa

By Nachiketa Desai*
Hindu fanatic Nathuram Godse assassinated Mahatma Gandhi once on January 30, 1948 but his followers raising the war cry of ‘Jai Sriram’ are killing the Mahatma every day. In his home state of Gujarat, Gandhiji was killed a thousand times in 2002 when over 2,000 Muslims were butchered, their women raped, homes and shops plundered and set on fire and even unborn babies ripped out of the wombs of their mothers.

Gujarat govt plan to 'banish' Gandhian activist anti-democratic, unconstitutional

By Rohit Prajapati*
The current Central and Gujarat governments, and their bureaucracy, have been and are still unable to answer and address the concerns raised, with facts, figures, and constitutional provisions, regarding the terror of tourism in the name of the Statue of Unity and tourism projects surrounding it.

Gujarat construction workers walk home as Rs 2,900 crore welfare fund lies unused

By Our Representative
Situated behind the Gujarat University, some of the families of the migrant construction workers from Dahod and Panchmahals districts of Gujarat, and a few from Rajasthan and Madhya Pradesh, who had stayed put in make-shift shanties in Ahmedabad’s sprawling GMDC Ground, have begun a long journey, by foot, back to their home villages in the eastern tribal belt of Gujarat.