Posts Tagged ‘spyware’

NSO accused of largest attack on civil society through its spyware

October 30, 2019

I blogged about the spyware firm NSO before [see e.g. https://humanrightsdefenders.blog/2019/09/17/has-nso-really-changed-its-attitude-with-regard-to-spyware/], but now WhatsApp has joined the critics with a lawsuit.

On May 13th, WhatsApp announced that it had discovered the vulnerability. In a statement, the company said that the spyware appeared to be the work of a commercial entity, but it did not identify the perpetrator by name. WhatsApp patched the vulnerability and, as part of its investigation, identified more than fourteen hundred phone numbers that the malware had targeted. In most cases, WhatsApp had no idea whom the numbers belonged to, because of the company’s privacy and data-retention rules. So WhatsApp gave the list of phone numbers to the Citizen Lab, a research laboratory at the University of Toronto’s Munk School of Global Affairs, where a team of cyber experts tried to determine whether any of the numbers belonged to civil-society members.

On Tuesday 29 October 2019, WhatsApp took the extraordinary step of announcing that it had traced the malware back to NSO Group, a spyware-maker based in Israel, and filed a lawsuit against the company—and also its parent, Q Cyber Technologies—in a Northern California court, accusing it of “unlawful access and use” of WhatsApp computers. According to the lawsuit, NSO Group developed the malware in order to access messages and other communications after they were decrypted on targeted devices, allowing intruders to bypass WhatsApp’s encryption.

NSO Group said in a statement in response to the lawsuit, “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists.” In September, NSO Group announced the appointment of new, high-profile advisers, including Tom Ridge, the first U.S. Secretary of Homeland Security, in an effort to improve its global image.

In a statement to its users on Tuesday, WhatsApp said, “There must be strong legal oversight of cyber weapons like the one used in this attack to ensure they are not used to violate individual rights and freedoms people deserve wherever they are in the world. Human rights groups have documented a disturbing trend that such tools have been used to attack journalists and human rights defenders.”

John Scott-Railton, a senior researcher at the Citizen Lab, said, “It is the largest attack on civil society that we know of using this kind of vulnerability.”

https://www.newyorker.com/news/news-desk/whatsapp-sues-an-israeli-tech-firm-whose-spyware-targeted-human-rights-activists-and-journalists

https://uk.finance.yahoo.com/news/whatsapp-blames-sues-mobile-spyware-192135400.html

Has NSO really changed its attitude with regard to spyware?

September 17, 2019

Cyber-intelligence firm NSO Group has introduced a new Human Rights Policy and a supporting governance framework in an apparent attempt to boost its reputation and comply with the United Nations’ Guiding Principles for Business and Human Rights. This follows recent criticism that its technology was being used to violate the rights of journalist and human rights defenders. A recent investigation found the company’s Pegasus spyware was used against a member of non-profit Amnesty International. [see: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

The NSO’s new human rights policy aims to identify, prevent and mitigate the risks of adverse human rights impact. It also includes a thorough evaluation of the company’s sales process for the potential of adverse human rights impacts coming from the misuse of NSO products. As well as this, it introduces contractual agreements for NSO customers that will require them to limit the use of the company’s products to the prevention and investigation of serious crimes. There will be specific attention to protect individuals or groups that could be at risk of arbitrary digital surveillance and communication interceptions due to race, colour, sex, language, religion, political or other opinions, national or social origin, property, birth or other status, or their exercise or defence of human rights. Rules have been set out to protect whistle-blowers who wish to report concerns about misuse of NSO technology.

Amnesty International is supporting current legal actions being taken against the Israeli Ministry of Defence, demanding that it revoke NSO Group’s export licence.

Danna Ingleton, Deputy Program Director for Amnesty Tech, said: “While on the surface it appears a step forward, NSO has a track record of refusing to take responsibility. The firm has sold invasive digital surveillance to governments who have used these products to track, intimidate and silence activists, journalists and critics.”

CEO and co-founder Shalev Hulio, counters: “NSO has always taken governance and its ethical responsibilities seriously as demonstrated by our existing best-in-class customer vetting and business decision process. With this new Human Rights Policy and governance framework, we are proud to further enhance our compliance system to such a degree that we will become the first company in the cyber industry to be aligned with the Guiding Principles.

https://www.verdict.co.uk/nso-group-new-human-rights-policy/

Controversial spyware company promises to respect human rights…in the future

June 19, 2019

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

Newspapers report that controversial Israeli spyware developer NSO Group will in the coming months move towards greater transparency and align itself fully with the UN Guiding Principles on Business and Human Rights, the company’s owners said over the weekend. [see also: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

Private equity firm Novalpina, which acquired a majority stake in NSO Group in February, said that within 90 days it would “establish at NSO a new benchmark for transparency and respect for human rights.” It said it sought “a significant enhancement of respect for human rights to be built into NSO’s governance policies and operating procedures and into the products sold under licence to intelligence and law enforcement agencies.

The company has always stated that it provides its software to governments for the sole purpose of fighting terrorism and crime, but human rights defenders and NGOs have claimed the company’s technology has been used by repressive governments to spy on them. Most notably, the spyware was allegedly used in connection with the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.

Last month London-based Amnesty International, together with other human rights activists, filed a petition to the District Court in Tel Aviv to compel Israel’s Defense Ministry to revoke the export license it granted to the company that Amnesty said has been used “in chilling attacks on human rights defenders around the world.”

On Friday the Guardian reported that Yana Peel, a well-known campaigner for human rights and a prominent figure in London’s art scene, is a co-owner of NSO, as she has a stake in Novalpina, co-founded by her husband Stephen Peel. Peel told the Guardian she has no involvement in the operations or decisions of Novalpina, which is managed by my husband, Stephen Peel, and his partners and added that the Guardian’s view of NSO was “quite misinformed.”

And Citizen Lab is far from re-assured:  https://citizenlab.ca/2019/06/letter-to-novalpina-regarding-statement-on-un-guiding-principles/…

https://www.timesofisrael.com/controversial-nso-group-to-adopt-policy-of-closer-respect-for-human-rights/

https://www.theguardian.com/world/2019/jun/18/whatsapp-spyware-israel-cyber-weapons-company-novalpina-capital-statement

Beyond WhatsApp and NSO – how human rights defenders are targeted by cyberattacks

May 14, 2019

Several reports have shown Israeli technology being used by Gulf states against their own citizens (AFP/File photo)

NSO Group has been under increased scrutiny after a series of reports about the ways in which its spyware programme has been used against prominent human rights activists. Last year, a report by CitizenLab, a group at the University of Toronto, showed that human rights defenders in Saudi Arabia, the United Arab Emirates and Bahrain were targeted with the software.

In October, US whistleblower Edward Snowden said Pegasus had been used by the Saudi authorities to surveil journalist Jamal Khashoggi before his death. “They are the worst of the worst,” Snowden said of the firm. Amnesty International said in August that a staffer’s phone was infected with the Pegasus software via a WhatsApp message.

——-

Friedhelm Weinberg‘s piece of 1 May is almost prescient and contains good, broader advice:

When activists open their inboxes, they find more than the standard spam messages telling them they’ve finally won the lottery. Instead, they receive highly sophisticated emails that look like they are real, purport to be from friends and invite them to meetings that are actually happening. The catch is: at one point the emails will attempt to trick them.

1. Phishing for accounts, not compliments

In 2017, the Citizen Lab at the University of Toronto and the Egyptian Initiative for Personal Rights, documented what they called the “Nile Phish” campaign, a set of emails luring activists into giving access to their most sensitive accounts – email and file-sharing tools in the cloud. The Seoul-based Transitional Justice Working Group recently warned on its Facebook page about a very similar campaign. As attacks like these have mounted in recent years, civil society activists have come together to defend themselves, support each other and document what is happening. The Rarenet is a global group of individuals and organizations that provides emergency support for activists – but together it also works to educate civil society actors to dodge attacks before damage is done. The Internet Freedom Festival is a gathering dedicated to supporting people at risk online, bringing together more than 1,000 people from across the globe. The emails from campaigns like Nile Phish may be cunning and carefully crafted to target individual activists.. – they are not cutting-edge technology. Protection is stunningly simple: do nothing. Simply don’t click the link and enter information – as hard as it is when you are promised something in return.

Often digital security is about being calm and controlled as much as it is about being savvy in the digital sphere. And that is precisely what makes it difficult for passionate and stressed activists!

2. The million-dollar virus

Unfortunately, calm is not always enough. Activists have also been targeted with sophisticated spyware that is incredibly expensive to procure and difficult to spot. Ahmed Mansoor, a human-rights defender from the United Arab Emirates, received messages with malware (commonly known as computer viruses) that cost one million dollars on the grey market, where unethical hackers and spyware firms meet. See also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Rights defender Ahmed Mansoor in Dubai in 2011, a day after he was pardoned following a conviction for insulting UAE leaders. He is now in prison once more.

Rights defender Ahmed Mansoor in Dubai in 2011. Image: Reuters/Nikhil Monteiro

3. Shutting down real news with fake readers

Both phishing and malware are attacks directed against the messengers, but there are also attacks against the message itself. This is typically achieved by directing hordes of fake readers to the real news – that is, by sending so many requests through bot visitors to websites that the servers break down under the load. Commonly referred to as “denial of service” attacks, these bot armies have also earned their own response from civil society. Specialised packages from Virtual Road or Deflect sort fake visitors from real ones to make sure the message stays up.

 

A chart showing how distributed denial of service (DDoS) attacks have grown over time.

How distributed denial of service (DDoS) attacks have grown. Image: Kinsta.com; data from EasyDNS

Recently, these companies also started investigating who is behind these attacks– a notoriously difficult task, because it is so easy to hide traces online. Interestingly, whenever Virtual Road were so confident in their findings that they publicly named attackers, the attacks stopped. Immediately. Online, as offline, one of the most effective ways to ensure that attacks end is to name the offenders, whether they are cocky kids or governments seeking to stiffle dissent. But more important than shaming attackers is supporting civil society’s resilience and capacity to weather the storms. For this, digital leadership, trusted networks and creative collaborations between technologists and governments will pave the way to an internet where the vulnerable are protected and spaces for activism are thriving.

——–

Novalpina urged to come clean about targeting human rights defenders

February 19, 2019

In an open letter released today, 18 February 2019, Amnesty International, Human Rights Watch and five other NGOs urged Novalpina to publicly commit to accountability for NSO Group’s past spyware abuses, including the targeting of an Amnesty International employee and the alleged targeting of Jamal Khashoggi. [see also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Danna Ingleton, Deputy Director of Amnesty Tech, said: “Novalpina’s executives have serious questions to answer about their involvement with a company which has become the go-to surveillance tool for abusive governments. This sale comes in the wake of reports that NSO paid private operatives to physically intimidate individuals trying to investigate its role in attacks on human rights defenders – further proof that NSO is an extremely dangerous entity.

We are calling on Novalpina to confirm an immediate end to the sale or further maintenance of NSO products to governments which have been accused of using surveillance to violate human rights. It must also be completely transparent about its plans to prevent further abuses.

This could be an opportunity to finally hold NSO Group to account. Novalpina must commit to fully engaging with investigations into past abuses of NSO’s spyware, and ensure that neither NSO Group nor its previous owners, Francisco Partners, are let off the hook.”

The signatories to the letter are:

  • Amnesty International
  • R3D: Red en Defensa de los Derechos Digitales
  • Privacy International
  • Access Now
  • Human Rights Watch
  • Reporters Without Borders
  • Robert L. Bernstein Institute for Human Rights, NYU School of Law and Global Justice Clinic, NYU School of Law

https://www.amnesty.org/en/latest/news/2019/02/spyware-firm-buyout-reaffirms-urgent-need-for-justice-for-targeted-activists/

https://www.amnesty.org/en/latest/research/2019/02/open-letter-to-novalpina-capital-nso-group-and-francisco-partners/

Human rights defenders in Pakistan in targeted campaign of digital attacks

May 17, 2018

Activists in Pakistan are under threat from a targeted campaign of digital attacks, which has seen social media accounts hacked and computers and mobile phones infected with spyware, a four-month investigation by Amnesty International reveals.

In a report titled ‘Human Rights Under Surveillance: Digital Threats against Human Rights Defenders in Pakistan’, released on Tuesday, 15 May 2018, Amnesty reveals how attackers are using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cyber crime.

We uncovered an elaborate network of attackers who are using sophisticated and sinister methods to target human rights activists. Attackers use cleverly designed fake profiles to lure activists and then attack their electronic devices with spyware, exposing them to surveillance and fraud and even compromising their physical safety, Sherif Elsayed-Ali, Director of Global Issues at Amnesty International, said. “Our investigation shows how attackers have used fake Facebook and Google login pages to trick their victims into revealing their passwords. It is already extremely dangerous to be a human rights defender in Pakistan and it is alarming to see how attacks on their work are moving online,” he said.

https://dailytimes.com.pk/240689/investigation-uncovers-sinister-hacking-campaign-targeting-activists-in-pakistan/

https://reliefweb.int/report/pakistan/pakistan-human-rights-under-surveillance

 

For some of my other posts on Pakistan see: https://humanrightsdefenders.blog/tag/pakistan/

Commercial spyware out of control and becoming threat to human rights defenders

December 6, 2017

Read the rest of this entry »

Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html

Amnesty’s Detekt: a new tool against government spying launched today

November 20, 2014

Screen Shot 2014-11-20 at 10.24.35

On 20 November 2014 Amnesty International launched a new tool that human rights defenders can use in their struggle against surveillance. It is calledDETEKT. As I have often expressed concern about digital security in this blog (see: https://thoolen.wordpress.com/tag/digital-security/\) here ARE major excerpts from the Questions and Answers that were provided in the press release:

What is Detekt and how does it work?

Detekt is a free tool that scans your computer for traces of known surveillance spyware used by governments to target and monitor human rights defenders and journalists around the world. By alerting them to the fact that they are being spied on, they will have the opportunity to take precautions.

It was developed by security researchers and has been used to assist in Citizen Lab’s investigations into government use of spyware against human rights defenders, journalists and activists as well as by security trainers to educate on the nature of targeted surveillance. Amnesty International is partnering with Privacy International, Digitale Gesellschaft and the Electronic Frontier Foundation.

Why are you launching Detekt now?

The latest technologies enable governments to track, monitor and spy on people’s activities like never before. Through the use of these technologies, governments can read private correspondence and even turn on the camera and microphone of a computer without its owner knowing it. Our ultimate aim is for human rights defenders, journalists and civil society groups to be able to carry out their legitimate work without fear of surveillance, harassment, intimidation, arrest or torture.

Has anyone used Detekt successfully to know if they were being spied on? 

Detekt was developed by researchers affiliated with the Citizen Lab, who used a preliminary version of the tool during the course of their investigations into the use of unlawful surveillance equipment against human rights defenders in various countries around the world.

For example, according to research carried out by Citizen Lab and information published by Wikileaks, FinSpy – a spyware developed by FinFisher, a German firm that used to be part of UK-based Gamma International– was used to spy on prominent human rights lawyers and activists in Bahrain.

How effective is this tool against technologies developed by powerful companies? 

Detekt is a very useful tool that can uncover the presence of some commonly used spyware on a computer, however it cannot detect all surveillance software. In addition, companies that develop the spyware will probably react fast to update their products to ensure they avoid detection. This is why we are encouraging security researchers in the open-source community to help the organizations behind this project to identify additional spyware or new versions to help Detekt keep up to date.

It is important to underline that if Detekt does not find trace of spyware on a computer, it does not necessarily mean that none is present. Rather than provide a conclusive guarantee to activists that their computer is infected, our hope is that Detekt will help raise awareness of the use of such spyware by governments and will make activists more vigilant to this threat.

In addition, by raising awareness with governments and the public, we will be increasing pressure for more stringent export controls to ensure that such spyware is not sold to governments who are known to use these technologies to commit human rights violations.

How widely do governments use surveillance technology?

Governments are increasingly using surveillance technology, and targeted surveillance in particular, to monitor the legitimate activities of human rights activists and journalists. Powerful software developed by companies allows governments and intelligence agencies to read personal emails, listen-in on Skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it. In many cases, the information they gather through those means is used to detain, imprison and even torture activists into confessing to crimes.

How big is the unregulated trade in surveillance equipment? What are the main companies and countries involved? 

The global surveillance industry is estimated to be worth approximately US$5 billion a year – with profits growing 20 per cent every year. European and American companies have been quietly selling surveillance equipment and software to countries across the world that persistently commit serious human rights violations. Industry self-regulation has failed, and government oversight has now become an urgent necessity.

Privacy International has extensively documented the development, sale and export of surveillance technologies by private companies to regimes around the world. Recipient countries include: Bahrain, Bangladesh, Egypt, Ethiopia, Libya, Morocco, South Africa, Syria and Turkmenistan.

Isn’t publicizing the existence of this tool giving governments a heads up about how they can avoid being caught (by adapting new equipment which avoids detection)?

The technologies that allow governments to efficiently and covertly monitor the digital communications of their citizens are continuously improving. This is happening across the world. The growing trend in indiscriminate mass surveillance on a global scale was laid bare by the Edward Snowden disclosures. In addition to mass surveillance technologies, many governments are using sophisticated tools to target specific human rights defenders and journalists who work to uncover abuses and injustice. The new spyware being developed and used is powerful and dangerous and putting many human rights activists and journalists at risk of abuse.

As surveillance technologies develop in sophistication, it is vital that civil society groups learn how to protect their digital communications. No one tool or intervention will be enough to do this. We hope Detekt will become a new approach for investigating surveillance while sensitizing people to the threats.

However, long term we must also demand that governments live up to their existing commitments to human rights and that they and companies put in place stronger protections to ensure that new technologies are not used to violate human rights.

Surveillance is also used to carry out legitimate criminal investigations, why are you against it? 

Targeted surveillance is only justifiable when it occurs based on reasonable suspicion, in accordance with the law, is strictly necessary to meet a legitimate aim (such as protecting national security or combatting serious crime and is conducted in a manner that is proportionate to that aim and non-discriminatory.

Indiscriminate mass surveillance – the widespread and bulk interception of communication data that is not targeted or based on reasonable suspicion – is never justifiable. It interferes with a range of human rights, particularly the rights to privacy and freedom of expression.

The Detekt tool can be downloaded from: Github page.

http://www.amnesty.org/en/news/detekt-new-tool-against-government-surveillance-questions-and-answers-2014-11-20

 http://gadgets.ndtv.com/internet/news/human-rights-group-amnesty-international-releases-anti-surveillance-tool-623484

Amnestys Detekt tool wants to help you thwart government spying | ZDNet.