Skip to main content

NSO has carried out 'unlawful' surveillance to target Amnesty staff members, HRDs


Counterview Desk
Following the exposure that Israeli spyware Pegasus, manufactured by NSO Group, has been used as a surveillance tool on smartphones used by about 1,500 human rights defenders (HRDs), journalists and activists, including in India, the top rights body, Amnesty International India, has appealed to those who have received a notification immediately to get in touch with Amnesty Tech at share@amnesty.tech for support.
An Amnesty release on November 2 said that the rights body could also be contacted “on Signal or WhatsApp at +44 7492 882216”, adding, “We would be keen to provide support to HRDs, who have been targeted, to ensure they take defensive security measures immediately, as well as to understand more about the attacks and investigate possible infections.”
Meanwhile, Amnesty has put out questions and answers for HRDs, activist, or journalist based in India to understand NSO Group’s spyware Pegasus especially the WhatsApp targeting.

Text:

Q: What do we know about the NSO Group and its ‘Pegasus’ Spyware?
A: ‘NSO Group’ is an Israeli spyware manufacturer that claims to sell its surveillance tools – the most well-known being its Pegasus spyware – exclusively to governments and government agencies ‘to combat terror and crime’.
Its products have been misused multiple times to conduct unlawful surveillance against human rights defenders. In the past, it has been used to target an Amnesty International staff member, HRDs, activists, and journalists from Saudi Arabia, UAE, Mexico, Morocco, and Rwanda.
Q: How does Pegasus work?
A: If infected by the Pegasus spyware, the user’s Smartphone is compromised. It can track keystrokes, take control of the phone’s camera and microphone, and access contact lists and encrypted messages.
Until now, Pegasus is known to be delivered through SMS messages carrying malicious links and through exploiting a zero-day vulnerability on WhatsApp. In the latter, intrusive spyware could be delivered on to the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp.
In addition to this, Amnesty International has also found evidence of network injection attacks that could also be attributed to NSO Group. Network injection attacks are generally called “man-in-the-middle” attacks. Through this, an attacker with access to a target’s mobile network connection can monitor and opportunistically hijack web traffic and silently re-route the web browser to malicious exploit pages.
Q: How did the targeting via WhatsApp work?
A: NSO Group exploited a security vulnerability in WhatsApp until May 2019. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device. Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls. Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs. Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
Q: If I didn’t receive a notification from WhatsApp, does this mean I wasn’t targeted by NSO Group’s tools?
A: NSO Group’s Pegasus tool is used for targeted attacks and by design, is not meant for mass surveillance. This means that only select individuals would have been targeted. However, if you are a high risk user, i.e., an activist, journalist, or HRD involved in politically sensitive activism, you cannot presume that you have not been targeted simply because you haven’t received a notification from WhatsApp.
The attack was delivered by exploiting a vulnerability in WhatsApp. However, NSO Pegasus infections can also be delivered through other means. Based on information revealed by our own investigations, an Amnesty International staffer was targeted using SMS messages. One HRD in Morocco was targeted both before and after the attacks using the WhatsApp exploit, but not with the WhatsApp exploit itself. Both of them were targeted using SMS messages containing malicious links and network injection attacks that could also be attributed to NSO Group’s tools. This indicates that NSO Group has the documented capability to deliver infections through means other than WhatsApp.
Q: If WhatsApp was targeted, can’t I just switch to another encrypted platform?
A: No. A vulnerability in the WhatsApp software was exploited to deliver the spyware. All complex software can have these types of vulnerabilities. This vulnerability was not a flaw in WhatsApp’s end-to-end encryption protocol.
This also does not mean that only the Whatsapp data of the target was compromised. If the attack attempt was successful, the spyware would gain full access to the device. Any other data on the device including encrypted platforms such as Signal or Telegram could then also have been accessed.
Q: Can Pegasus plant data into my devices?
A: Based on publicly available information, planting data is not a feature of NSO Group’s Pegasus spyware.
Q: What steps can I take to protect myself?
A: None of the security best practices offer complete and foolproof protection. However, it is a good practice to install the latest software updates of operating systems and encrypted messaging applications on your mobile device.
Pegasus remains a relatively uncommon threat and standard digital hygiene steps are still important. Keep your devices software up-to-date. Use a unique password for each service that you use and store these passwords in a secure password manager. Enable two-factor authentication on all accounts where it is available.

Comments

TRENDING

Banned? Indian ports 'received' 38 US plastic waste containers reexported from Indonesia

By Rajiv Shah
An Indonesia-based international environmental watchdog group has dug out what it has called “a global pollution shell game”, stating how officials in Indonesia approved re-exports of “illegal” US waste shipments containing plastics mainly to India, as also to other Asian countries -- Thailand, South Korea and Vietnam -- instead of returning them to the US “as promised.”

Gujarat refusal to observe Maulana Azad's birthday as Education Day 'discriminatory'

By Our Representative
The Gujarat government decision not to celebrate the National Education Day on !monday has gone controversial. Civil society organizations have particularly wondered whether the state government is shying away from the occasion, especially against the backdrop of "deteriorating" level of education in Gujarat.

Cops' 'inability' to deliver justice? Model Gujarat ranks 12th among 18 major states

By Rajiv Shah
A Tata Trusts study, released in Delhi on Thursday, has ranked “model” Gujarat 12th out of 18 major states it has analysed across India to “assess” the police's capacity to deliver justice. Several of the advanced states such as Tamil Nadu, Karnataka, Punjab, Haryana, Maharashtra, Andhra Pradesh and Telangana as well as some of the so-called Bimaru states such as Odisha, Jharkhand and Chhattisgarh are found to have ranked better than Gujarat.

People's pressure? GPCB mining cancellation 'notice' to top cement unit in Gujarat

By Sagar Rabari*
Environmental Clearance (EC) was given to Ultratech Cement Co Ltd for limestone mining in villages Talli and Bambhor of Talaja taluka in Bhavnagar district of Gujarat on January 5, 2017. EC was issued ignoring, overriding and undermining opposition from local farmers to mining activity in the area. The mining in these two villages covers an area of 193.3268 hectares (ha), while the entire project is spread over an area of 1,715.1311 ha.

Bullet train acquisition: Land holding worth Rs 1.5 crore, Gujarat govt 'offer' Rs 8 lakh

By RK Misra*
Foundation stones laid by Prime Minister Narendra Modi litter India’s cities, towns and villages, but there are few projects which he has pursued with such perseverance and tenacity as the Ahmedabad-Mumbai bullet train one. However, the overwhelming state power notwithstanding, the farmers, whose lands are being acquired for the Modi government’s dream project, have no plans to give up the fight.

NHRC notice to Gujarat chief secretary following silicosis deaths in Rajkot

By Our Representative
The National Human Rights Commission (NHRC) has asked the Gujarat chief secretary and the district magistrate, Rajkot, to respond to a complaint filed by health rights activist Jagdish Patel of the People's Training and Research Centre (PTRC), Vadodara, regarding the alleged death of Raju Prakash Parihar and two others reportedly because of silicosis, a fatal occupation disease, in Rajkot, one of Gujarat’s top cities.

Violent 'Ajodhya' campaign in 1840s after British captured Kabul, destroyed Jama Masjid

Counterview Desk  Irfan Ahmad, professor at the Max Planck Institute for the Study of Religious and Ethnic Diversity, Göttingen, Germany, and author of “Islamism and Democracy in India” (Princeton University Press, 2009), short-listed for the 2011 International Convention of Asian Scholars Book Prize for the best study in Social Sciences, in his "initial thoughts" on the Supreme Court judgment on the Babri-Jam Janmaboomi dispute has said, while order was “lawful”, it was also “awful.”