Posts Tagged ‘Pegasus’

Has NSO really changed its attitude with regard to spyware?

September 17, 2019

Cyber-intelligence firm NSO Group has introduced a new Human Rights Policy and a supporting governance framework in an apparent attempt to boost its reputation and comply with the United Nations’ Guiding Principles for Business and Human Rights. This follows recent criticism that its technology was being used to violate the rights of journalist and human rights defenders. A recent investigation found the company’s Pegasus spyware was used against a member of non-profit Amnesty International. [see: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

The NSO’s new human rights policy aims to identify, prevent and mitigate the risks of adverse human rights impact. It also includes a thorough evaluation of the company’s sales process for the potential of adverse human rights impacts coming from the misuse of NSO products. As well as this, it introduces contractual agreements for NSO customers that will require them to limit the use of the company’s products to the prevention and investigation of serious crimes. There will be specific attention to protect individuals or groups that could be at risk of arbitrary digital surveillance and communication interceptions due to race, colour, sex, language, religion, political or other opinions, national or social origin, property, birth or other status, or their exercise or defence of human rights. Rules have been set out to protect whistle-blowers who wish to report concerns about misuse of NSO technology.

Amnesty International is supporting current legal actions being taken against the Israeli Ministry of Defence, demanding that it revoke NSO Group’s export licence.

Danna Ingleton, Deputy Program Director for Amnesty Tech, said: “While on the surface it appears a step forward, NSO has a track record of refusing to take responsibility. The firm has sold invasive digital surveillance to governments who have used these products to track, intimidate and silence activists, journalists and critics.”

CEO and co-founder Shalev Hulio, counters: “NSO has always taken governance and its ethical responsibilities seriously as demonstrated by our existing best-in-class customer vetting and business decision process. With this new Human Rights Policy and governance framework, we are proud to further enhance our compliance system to such a degree that we will become the first company in the cyber industry to be aligned with the Guiding Principles.

https://www.verdict.co.uk/nso-group-new-human-rights-policy/

Beyond WhatsApp and NSO – how human rights defenders are targeted by cyberattacks

May 14, 2019

Several reports have shown Israeli technology being used by Gulf states against their own citizens (AFP/File photo)

NSO Group has been under increased scrutiny after a series of reports about the ways in which its spyware programme has been used against prominent human rights activists. Last year, a report by CitizenLab, a group at the University of Toronto, showed that human rights defenders in Saudi Arabia, the United Arab Emirates and Bahrain were targeted with the software.

In October, US whistleblower Edward Snowden said Pegasus had been used by the Saudi authorities to surveil journalist Jamal Khashoggi before his death. “They are the worst of the worst,” Snowden said of the firm. Amnesty International said in August that a staffer’s phone was infected with the Pegasus software via a WhatsApp message.

——-

Friedhelm Weinberg‘s piece of 1 May is almost prescient and contains good, broader advice:

When activists open their inboxes, they find more than the standard spam messages telling them they’ve finally won the lottery. Instead, they receive highly sophisticated emails that look like they are real, purport to be from friends and invite them to meetings that are actually happening. The catch is: at one point the emails will attempt to trick them.

1. Phishing for accounts, not compliments

In 2017, the Citizen Lab at the University of Toronto and the Egyptian Initiative for Personal Rights, documented what they called the “Nile Phish” campaign, a set of emails luring activists into giving access to their most sensitive accounts – email and file-sharing tools in the cloud. The Seoul-based Transitional Justice Working Group recently warned on its Facebook page about a very similar campaign. As attacks like these have mounted in recent years, civil society activists have come together to defend themselves, support each other and document what is happening. The Rarenet is a global group of individuals and organizations that provides emergency support for activists – but together it also works to educate civil society actors to dodge attacks before damage is done. The Internet Freedom Festival is a gathering dedicated to supporting people at risk online, bringing together more than 1,000 people from across the globe. The emails from campaigns like Nile Phish may be cunning and carefully crafted to target individual activists.. – they are not cutting-edge technology. Protection is stunningly simple: do nothing. Simply don’t click the link and enter information – as hard as it is when you are promised something in return.

Often digital security is about being calm and controlled as much as it is about being savvy in the digital sphere. And that is precisely what makes it difficult for passionate and stressed activists!

2. The million-dollar virus

Unfortunately, calm is not always enough. Activists have also been targeted with sophisticated spyware that is incredibly expensive to procure and difficult to spot. Ahmed Mansoor, a human-rights defender from the United Arab Emirates, received messages with malware (commonly known as computer viruses) that cost one million dollars on the grey market, where unethical hackers and spyware firms meet. See also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Rights defender Ahmed Mansoor in Dubai in 2011, a day after he was pardoned following a conviction for insulting UAE leaders. He is now in prison once more.

Rights defender Ahmed Mansoor in Dubai in 2011. Image: Reuters/Nikhil Monteiro

3. Shutting down real news with fake readers

Both phishing and malware are attacks directed against the messengers, but there are also attacks against the message itself. This is typically achieved by directing hordes of fake readers to the real news – that is, by sending so many requests through bot visitors to websites that the servers break down under the load. Commonly referred to as “denial of service” attacks, these bot armies have also earned their own response from civil society. Specialised packages from Virtual Road or Deflect sort fake visitors from real ones to make sure the message stays up.

 

A chart showing how distributed denial of service (DDoS) attacks have grown over time.

How distributed denial of service (DDoS) attacks have grown. Image: Kinsta.com; data from EasyDNS

Recently, these companies also started investigating who is behind these attacks– a notoriously difficult task, because it is so easy to hide traces online. Interestingly, whenever Virtual Road were so confident in their findings that they publicly named attackers, the attacks stopped. Immediately. Online, as offline, one of the most effective ways to ensure that attacks end is to name the offenders, whether they are cocky kids or governments seeking to stiffle dissent. But more important than shaming attackers is supporting civil society’s resilience and capacity to weather the storms. For this, digital leadership, trusted networks and creative collaborations between technologists and governments will pave the way to an internet where the vulnerable are protected and spaces for activism are thriving.

——–