spyware | Hans Thoolen on Human Rights Defenders and their awards

Posts Tagged ‘spyware’

Alex, a Romanian activist, works at the intersection of human rights, technology and public policy.

January 24, 2024

On 22 January 2024, Amnesty International published an interesting piece by Alex, a 31-year-old Romanian activist working at the intersection of human rights, technology and public policy.

Seeking to use her experience and knowledge of tech for political change, Alex applied and was accepted onto the Digital Forensics Fellowship led by the Security Lab at Amnesty Tech. The Digital Forensics Fellowship (DFF) is an opportunity for human rights defenders (HRDs) working at the nexus of human rights and technology and expand their learning.

Here, Alex shares her activism journey and insight into how like-minded human rights defenders can join the fight against spyware:

In the summer of 2022, I watched a recording of Claudio Guarnieri, former Head of the Amnesty Tech Security Lab, presenting about Security Without Borders at the 2016 Chaos Communication Congress. After following the investigations of the Pegasus Project and other projects centring on spyware being used on journalists and human rights defenders, his call to action at the end — “Find a cause and assist others” — resonated with me long after I watched the talk.

Becoming a tech activist

A few days later, Amnesty Tech announced the launch of the Digital Forensics Fellowship (DFF). It was serendipity, and I didn’t question it. At that point, I had already pushed myself to seek out a more political, more involved way to share my knowledge. Not tech for the sake of tech, but tech activism to ensure political change.

Alex is a 31-year-old Romanian activist, working at the intersection of human rights, technology and public policy.

I followed an atypical path for a technologist. Prior to university, I dreamt of being a published fiction author, only to switch to studying industrial automation in college. I spent five years as a developer in the IT industry and two as Chief Technology Officer for an NGO, where I finally found myself using my tech knowledge to support journalists and activists.

My approach to technology, like my approach to art, is informed by political struggles, as well as the questioning of how one can lead a good life. My advocacy for digital rights follows this thread. For me, technology is merely one of many tools at the disposal of humanity, and it should never be a barrier to decent living, nor an oppressive tool for anyone.

Technology is merely one of many tools at the disposal of humanity. It should never be a barrier to decent living, nor an oppressive tool for anyone.

The opportunity offered by the DFF matched my interests and the direction I wanted to take my activism. During the year-long training programme from 2022-2023, the things I learned turned out to be valuable for my advocacy work.

In 2022, the Child Sexual Abuse Regulation was proposed in the EU. I focused on conducting advocacy to make it as clear as possible that losing encrypted communication would make life decidedly worse for everyone in the EU. We ran a campaign to raise awareness of the importance of end-to-end encryption for journalists, activists and people in general. Our communication unfolded under the banner of “you don’t realize how precious encryption is until you’ve lost it”. Apti.ro, the Romanian non-profit organisation that I work with, also participated in the EU-wide campaign, as part of the EDRi coalition. To add fuel to the fire, spyware scandals erupted across the EU. My home country, Romania, borders countries where spyware has been proven to have been used to invade the personal lives of journalists, political opponents of the government and human rights defenders.

The meaning of being a Fellow

The Security Lab provided us with theoretical and practical sessions on digital forensics, while the cohort was a safe, vibrant space to discuss challenges we were facing. We debugged together and discussed awful surveillance technology at length, contributing our own local perspective.

The importance of building cross-border networks of cooperation and solidarity became clear to me during the DFF. I heard stories of struggles from people involved in large and small organizations alike. I am convinced our struggles are intertwined, and we should join forces whenever possible.

Now when I’m working with other activists, I try not to talk of “forensics”. Instead, I talk about keeping ourselves safe, and our conversations private. Often, discussions we have as activists are about caring for a particular part of our lives – our safety when protesting, our confidentiality when organizing, our privacy when convening online. Our devices and data are part of this process, as is our physical body. At the end of the day, digital forensics are just another form of caring for ourselves.

I try to shape discussions about people’s devices similarly to how doctors discuss the symptoms of an illness. The person whose device is at the centre of the discussion is the best judge of the symptoms, and it’s important to never minimize their apprehension. It’s also important to go through the steps of the forensics in a way that allows them to understand what is happening and what the purpose of the procedure is.

I never use a one-size-fits-all approach because the situation of the person who owns a device informs the ways it might be targeted or infected.

The human approach to technology

My work is human-centred and technology-focused and requires care and concentration to achieve meaningful results. For activists interested in working on digital forensics, start by digging deep into the threats you see in your local context. If numerous phishing campaigns are unfolding, dig into network forensics and map out the owners of the domains and the infrastructure.

Secondly, get to know the person you are working with. If they are interested in secure communications, help them gain a better understanding of mobile network-based attacks, as well as suggesting instant messaging apps that preserve the privacy and the security of their users. In time, they will be able to spot “empty words” used to market messaging apps that are not end-to-end encrypted.

Finally, to stay true to the part of me that loves a well-told story, read not only reports of ongoing spyware campaigns, but narrative explorations from people involved. “Pegasus: The Story of the World’s Most Dangerous Spyware” by Laurent Richard and Sandrine Rigaud is a good example that documents both the human and the technical aspects. The Shoot the Messenger podcast, by PRX and Exile Content Studio, is also great as it focuses on Pegasus, starting from the brutal murder of Jamal Khashoggi to the recent infection of the device of journalist and founder of Meduza, Galina Timchenko.

We must continue to do this research, however difficult it may be, and to tell the stories of those impacted by these invasive espionage tactics. Without this work we wouldn’t be making the political progress we’ve seen to stem the development and use of this atrocious technology.

https://www.amnesty.org/en/search/Alex/

Posted in AI, Amnesty international, human rights, Human Rights Defenders | Leave a Comment »
Tags: Alex, Amnesty International, cybersecurity, Digital Forensics Fellowship (DFF), Information and Communication Technology, Pegasus, profile, security, spyware, tech, technology

Pegasus spyware now turned on Indian media

January 3, 2024

Voice of America on 28 December, 2023 reported that the founding editor of one of India’s largest news websites is among the journalists to be targeted by the Pegasus spyware. A joint investigation by the rights group Amnesty International and The Washington Post, published Thursday, found evidence that the invasive spyware is being used again to target media in India.

Made and marketed by Israeli company the NSO Group, the spyware can be used to access a phone’s messages and emails, peruse photos, eavesdrop on calls, track locations and even film the owner with the camera. [see also: https://humanrightsdefenders.blog/tag/pegasus/]

In the latest research, forensic investigations found evidence of the spyware on the iPhones of Siddharth Varadarajan of the news website The Wire, and Anand Mangnale of The Organized Crime and Corruption Reporting Project, or OCCRP.

“Increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression, including imprisonment under draconian laws, smear campaigns, harassment, and intimidation,” Donncha Ó Cearbhaill, who heads Amnesty International’s Security Lab, said in a statement.

Amnesty reported that it first suspected renewed Pegasus activity during regular monitoring by its researchers in June. It investigated further after Apple sent notifications to iPhone users in October warning they had been targeted by “state sponsored attackers.” Around 20 politicians and journalists in India received the notifications. Amnesty then carried out a forensic analysis for individuals who received the warnings.

Around that time, the OCCRP had been investigating an Indian tycoon, Gautam Adani, who is an ally of Prime Minister Narendra Modi and founder of the multinational conglomerate known as the Adani Group.

Mangnale told the French news agency AFP he was targeted “within hours” of sending questions to the Adani Group on behalf of the OCCRP.

Varadarajan told the Post he believes the attempted hacking may be related to opposition to the detention of a prominent news publisher in New Delhi.

In a statement, Amnesty’s Ó Cearbhaill highlighted the chilling effect spyware has on media freedom.

“Targeting journalists solely for doing their work amounts to an unlawful attack on their privacy and violates their right to freedom of expression,” Ó Cearbhaill said.

In 2021, New Delhi was accused of using Pegasus to surveil journalists, opposition politicians and activists, with leaked documents showing the spyware had been used against more than 1,000 Indian phone numbers. Prime Minister Modi’s main rival, Rahul Gandhi, was among those targeted.

The government denied conducting “illegal surveillance” but refused to cooperate with a Supreme Court probe into the allegations, the findings of which have not been made public.

Following the October notifications sent by Apple, Indian authorities were reported to be investigating whether opposition politicians were targeted.

Ashwini Vaishnaw, the information and technology minister, said the government was “concerned” by the complaints.

The Washington Post reported that one day after Apple sent the notifications, government officials in India announced they would investigate the security of Apple devices.

——

The Washington Post (WP) reported Wednesday that following Apple’s October alert about alleged government hacking attempts on iPhones of independent Indian journalists and opposition politicians, Indian government officials swiftly retaliated against Apple.

It is reported that officials of the Bharatiya Janta Party (BJP), the ruling party, hurried to contain the fallout after journalists and politicians shared Apple’s warnings. The government administration pressured Apple to retract warnings, leading to a heated discussion. Under government pressure, Apple India acknowledged potential mistakes in threat detection and sought to downplay warnings globally. However, during a November meeting, Apple defended its stance against Indian officials’ scrutiny.

India’s opposition leaders and journalists received Apple alerts, warning of potential state-sponsored i

https://www.voanews.com/a/journalists-government-critics-in-india-targeted-with-pegasus-spyware/7416268.html

https://www.jurist.org/news/2023/12/wp-india-government-retaliated-against-apple-after-government-phone-hacking-claims/

Posted in human rights | Leave a Comment »
Tags: Amnesty International, Apple, India, NSO Group, Pegasus, Siddharth Varadarajan, spyware, surveillance technology, Voice of America

No end to NSO’s Pegasus trouble

April 5, 2022

TechCrunch of 5 April 2022 reports that Investigators say they have found evidence that a Jordanian journalist and human rights defender’s iPhone was hacked with the Pegasus spyware just weeks after Apple sued the spyware’s maker NSO Group to stop it from targeting Apple’s customers.

Award-winning journalist Suhair Jaradat’s phone was hacked with the notorious spyware as recently as December 5, 2021, according to an analysis of her phone by Front Line Defenders and Citizen Lab that was shared with TechCrunch ahead of its publication. Jaradat was sent a WhatsApp message from someone impersonating a popular anti-government critic with links to the Pegasus spyware, compromising her phone. According to the forensic analysis, Jaradat’s iPhone was hacked several times in the preceding months and as far back as February 2021.

Apple had filed a lawsuit against Israeli spyware maker NSO Group in November 2021, seeking a court-issued injunction aimed at banning NSO from using Apple’s products and services to develop and deploy hacks against its customers. See also: https://humanrightsdefenders.blog/2021/07/21/nsos-pegasus-spyware-now-really-in-the-firing-line/…But so far the case has gotten off to a slow start after the first judge assigned to the case recused herself, with no decision on the case likely to be made any time before June.

Jaradat is one of several Jordanians, including human rights defenders, lawyers and fellow journalists whose phones were compromised likely by agencies of the Jordanian government, according to Front Line Defenders and Citizen Lab’s findings out Tuesday.

Among the others targeted include Malik Abu Orabi, a human rights lawyer whose work has included defending the teachers’ union, which in 2019 led the longest public sector strike in the country’s history. Abu Orabi’s phone was targeted as early as August 2019 until June 2021. Also, the phone of Ahmed Al-Neimat, a human rights defender and anti-corruption activist, was targeted by the ForcedEntry exploit in February 2021. The researchers said the hacking of Al-Neimat’s phone is believed to be the earliest suspected use of ForcedEntry.

Another Jordanian journalist and human rights defender’s phone was targeted, according to the researchers, but who asked for her identity not to be disclosed.

—

Meanwhile, on 5 April 2022, AFP reported that Palestinian lawyer Salah Hamouri, who is in Israeli detention, filed a complaint in France Tuesday against surveillance firm NSO Group for having “illegally infiltrated” his mobile phone with the spyware Pegasus.

Hamouri, who also holds French citizenship, is serving a four-month term of administrative detention ordered by an Israeli military court in March on the claim he is a “threat to security”.

He is one of several Palestinian activists whose phones were hacked using the Pegasus malware made by the Israeli company NSO, according to a report in November by human rights groups. See: https://humanrightsdefenders.blog/2021/11/10/palestinian-ngos-dubbed-terrorist-were-hacked-with-pegasus-spyware/

On Tuesday, the International Federation for Human Rights (FIDH), the Human Rights League (LDH) and Hamouri filed a complaint with the Paris prosecutor. It accused NSO of “having illegally infiltrated the telephone of rights defender Salah Hamouri,” they said in a statement sent to the AFP bureau in Jerusalem.

“Obviously, this is an operation that is part of a largely political framework given the harassment Hamouri has been subjected to for years and the attacks on human rights defenders in Israel,” attorney Patrick Baudouin, honorary president of the FIDH, told AFP.

https://www.securityweek.com/palestinian-lawyer-sues-pegasus-spyware-maker-france

https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/

Posted in FIDH, Front Line, Human Rights Defenders | Leave a Comment »
Tags: AFP, FIDH, France, Human Rights Defenders, Israel, Jordan, journalists, NSO, Palestinian, Patrick Baudouin, Pegasus, Salah Hamouri, spyware, Suhair Jaradat

“Advanced persistent threat” group targeted Indian human rights defenders for decade

February 14, 2022

. (“National Flag of India” by Sanyam Bahga is licensed under CC BY-SA 2.0)

Two years ago it was reported that an Indian “hack-for-hire group” had targeted journalists and human rights defenders [see: https://humanrightsdefenders.blog/2020/06/10/after-nso-now-indian-based-hacking-group-targets-ngos/], but on 11 February 2022 Steve Zurier in SC Magazine reported that researchers discovered an advanced persistent threat group that targeted Indian dissidents and remained undetected for a decade or more, starting with simple phishing lures some 10 years ago and then graduating to providing links to files hosted externally in the cloud for manual download and execution by the victims.

In a blog post, SentinelLabs researchers reported on ModifiedElephant, which has been operating since at least 2012. The researchers said the threat group operates through the use of commercially available remote access trojans and has ties to the commercial surveillance industry.

The threat actor uses spearphishing with malicious documents to deliver malware such as NetWire, DarkComet, and simple keyloggers with infrastructure overlaps that helped the researchers connect the dots to previously unattributed malicious activity.

ModifiedElephant’s activities have been traced to long-standing political tensions in India, which exploded on Jan. 1, 2018, when critics of the government clashed with pro-government supporters near Bhima Koregaon. Later in 2018, raids conducted by police led to several arrests and the seizure of computer systems, which revealed incriminating files that pointed to an alleged plot against Indian Prime Minister Narendra Modi.

Thanks to the public release of digital forensic investigation results by Arsenal Consulting and those detailed in SentinelLabs blog, the researchers allege that ModifiedElephant compromised the computers that were later seized, planting files that were used as evidence to justify the imprisonment of the defendants. Over a decade or more, the group targeted human rights activists, human rights defenders, academics, and lawyers across India with the objective of planting incriminating digital evidence — and they are still operating today.

The case has become part of a larger trend of private and commercial company’s copying government and nation-state methodologies, persistently looking to penetrate into politically involved individuals, said Gadi Naveh, cyber data scientist at Canonic. Naveh said although most of the tools described aren’t top grade, continuous fueling of the attack eventually gets the target and larger funding gets even better tools, as was implied by Amnesty International.

“We assume these tools and methods that move from nation-states to commercial organizations will keep answering the demand and available funds for getting data,” Naveh said. “The move of data to the cloud makes the top-tier actor act there, but as with RATs and keyloggers, we are seeing the same military-grade tools moving after the new data sources in the cloud.”

Daniel Almendros, cyber threat intelligence analyst at Digital Shadows, added that he and his team view ModifiedElephant as a fascinating, albeit dangerous actor. Almendros said ModifiedElephant has a wide range of tools in its arsenal that it uses to target a large number of victims. They use a blend of off-the- shelf tools (NetWire and DarkComet RATs), paired with spearphishing emails related to the sensitive 2018 Bhima Koregaon affair.

“The phishing lures have improved in subtlety as well as boldness, they have shifted from fake double extension file names to commonly used Office filenames,” Almendros said. “In one instance, an assassination attempt story was added to provoke the user to click on the phishing lure. These emails were distributed to many different users. The group likely has a connection with Indian state espionage. Because most APT attention stems from China and Russia-based threats, ModifiedElephant was initially overlooked for years. In addition, the group’s specific targeting and use of commodity malware helped the group evade detection for a prolonged period.”

https://www.scmagazine.com/news/cloud/modifiedelephant-an-indian-apt-group-targeting-dissidents-operated-undetected-for-nearly-10-years

https://indianexpress.com/article/explained/explained-what-we-know-of-hacking-group-modifiedelephant-7770228/

Posted in human rights | Leave a Comment »
Tags: advanced persistent threat group, Arsenal Consulting, false evidence planting, India, malware, ModifiedElephant, SentinelLabs, spyware

It is not just NSO – Loujain Al-Hathloul sues Spyware Maker DarkMatter

December 17, 2021

As announced on 9 December 2021, the Electronic Frontier Foundation (EFF) has filed a lawsuit to on behalf of Saudi human rights defender Loujain Al Hathloul against spying software maker DarkMatter and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.

AlHathloul is among the victims of an illegal spying program created and run by former U.S. intelligence operatives, including the three defendants named in the lawsuit, who worked for a U.S. company hired by United Arab Emirates (UAE) in the wake of the Arab Spring protests to identify and monitor activists, journalists, rival foreign leaders, and perceived political enemies.

Reuters broke the news about the hacking program called Project Raven in 2019, reporting that when UAE transferred the surveillance work to Emirati firm DarkMatter, the U.S. operatives, who learned spycraft working for the National Security Agency and other U.S. intelligence agencies, went along and ran DarkMatter’s hacking program, which targeted human rights activists like AlHathloul, political dissenters, and even Americans residing in the U.S.

DarkMatter executives Marc Baier, Ryan Adams, and Daniel Gericke, working for their client UAE—which was acting on behalf of the Kingdom of Saudi Arabia (KSA)—oversaw the hacking project, which exploited a vulnerability in the iMessage app to locate and monitor targets. Baier, Adams, Gericke, all former members of U.S. intelligence or military agencies, designed and operated the UAE cybersurveillance program, also known as Project DREAD (Development Research Exploitation and Analysis Department), using malicious code purchased from a U.S. company.

Baier, who resides in UAE, Adams, a resident of Oregon, and Gericke, who lives in Singapore, admitted in September to violating the Computer Fraud and Abuse Act (CFAA) and prohibitions on selling sensitive military technology under a non-prosecution agreement with the U.S. Justice Department.

“Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said EFF Civil Liberties Director David Greene. “The harm to Loujain AlHathloul can never be undone. But this lawsuit is a step toward accountability.”

AlHathloul is a leader in the movement to advance the rights of women in Saudi Arabia [see also: https://www.trueheroesfilms.org/thedigest/laureates/1a6d84c0-b494-11ea-b00d-9db077762c6c].

DarkMatter intentionally directed the code to Apple servers in the U.S. to reach and place malicious software on AlHathloul’s iPhone, a violation of the CFAA, EFF says in a complaint filed in federal court in Oregon. The phone was initially hacked in 2017, gaining access to her texts, email messages, and real-time location data. Later, AlHathloul was driving on the highway in Abu Dhabi when she was arrested by UAE security services, and forcibly taken by plane to the KSA, where she was imprisoned twice, including at a secret prison where she was subject to electric shocks, flogging, and threats of rape and death.

“Project Raven went beyond even the behavior that we have seen from NSO Group, which has been caught repeatedly having sold software to authoritarian governments who use their tools to spy on journalists, activists, and dissidents,” said EFF Cybersecurity Director Eva Galperin. “Dark Matter didn’t merely provide the tools; they oversaw the surveillance program themselves.“

While EFF has long pressed for the need to reform the CFAA, this case represents a straightforward application of the CFAA to the sort of egregious violation of users’ security that everyone agrees the law was intended to address.

“This is a clear-cut case of device hacking, where DarkMatter operatives broke into AlHathloul’s iPhone without her knowledge to insert malware, with horrific consequences,” said Mukund Rathi, EFF attorney and Stanton Fellow. “This kind of crime is what the CFAA was meant to punish.” In addition to CFAA violations, the complaint alleges that Baier, Adams, and Gericke aided and abetted in crimes against humanity because the hacking of AlHathloul’s phone was part of the UAE’s widespread and systematic attack against human rights defenders, activists, and other perceived critics of the UAE and KSA.

The law firms of Foley Hoag LLP and Boise Matthews LLP are co-counsel with EFF in this matter.

EFF also welcomed the Ninth Circuit Court of Appeals’ recent ruling that spyware vendor NSO Group, as a private company, did not have foreign sovereign immunity from WhatsApp’s lawsuit alleging hacking of the app’s users. Courts should similarly deny immunity to DarkMatter and other surveillance and hacking companies who directly harm Internet users around the world.

For the complaint:
https://www.eff.org/document/alhathloul-v-darkmatter

For more on state-sponsored malware:
https://www.eff.org/issues/state-sponsored-malware Contact: Karen Gullo

https://www.eff.org/press/releases/saudi-human-rights-activist-represented-eff-sues-spyware-maker-darkmatter-violating

https://www.eff.org/deeplinks/2021/12/eff-court-deny-foreign-sovereign-immunity-darkmatter-hacking-journalist

Posted in human rights, Human Rights Defenders | Leave a Comment »
Tags: DarkMatter, David Greene, Electronic Frontier Foundation (EFF), Human rights defender, Loujain al-Hathloul, NSO, Saudi Arabia, spyware, surveillance technology, UAE

NGOs demand EU to impose sanctions on NSO Group

December 7, 2021

Dozens of rights groups are urging the European Union to impose sanctions on the Israeli NSO Group to ban the company’s Pegasus surveillance technology. The letter sent to the EU was signed by 86 rights groups and independent experts, including Reporters Without Borders, Amnesty International, Human Rights Watch, the Electronic Frontier Foundation and Privacy International, among others. A consortium of media revealed that this powerful spyware was used extensively by several governments to spy on lawyers, journalists, political opponents and human rights activists.

Several victims of illegal surveillance have been identified in Hungary, where the government initially denied being a client of NSO Group, before admitting to having purchased the software. See also: https://humanrightsdefenders.blog/2021/11/10/palestinian-ngos-dubbed-terrorist-were-hacked-with-pegasus-spyware/

A good resource is here: https://www.haaretz.com/israel-news/MAGAZINE-nso-pegasus-spyware-file-complete-list-of-individuals-targeted-1.10549510

“There is overwhelming evidence that Pegasus spyware has been repeatedly used by abusive governments to clamp down on peaceful human rights defenders, activists and perceived critics,” Deborah Brown, senior digital rights researcher and advocate at Human Rights Watch, said in a statement. “The EU should immediately sanction NSO Group and ban any use of its technologies.”

The EU’s global human rights sanctions would allow the EU to adopt “ “targeted sanctions against entities deemed responsible for violations or abuses that are “of serious concern as regards the objectives of the common foreign and security policy”, including violations or abuses of freedom of peaceful assembly and of association, or of freedom of opinion and expression,” the letter read.

According to Human Rights Watch, these rights have been “repeatedly violated using NSO technology,” and, as highlighted by the UN Special Rapporteur on freedom of opinion and expression, “the use of spyware by abusive governments can also facilitate extrajudicial, summary or arbitrary executions and killings, or enforced disappearance of persons.” See also: https://humanrightsdefenders.blog/2021/10/04/big-coalition-urges-un-to-denounce-abuses-facilitated-by-spyware-technologies/

NSO Group was blacklisted by the US State Department at the beginning of November, and slapped with a sanction that drastically limited the business relationships the US company had with US customers or suppliers, according to the French newspaper Le Monde. “The EU should unequivocally close its doors to business with NSO Group,” Brown said.

“Targeted sanctions are necessary to that end, and to add to growing international pressure against the company and the out-of-control spyware industry.”

In Europe, several investigations are ongoing, but no sanctions have been formally imposed on the company. In addition to Hungary, several other countries are, or have been, customers of NSO Group – although this does not mean that all these countries have made illegal use of Pegasus.

In addition to Germany, several EU countries have purchased access to the software, according to Le Monde.

https://slate.com/technology/2021/12/apple-lawsuit-nso-group-q-cyber-pegasus.html

https://www.euronews.com/next/2021/12/03/pegasus-spyware-ngos-urge-the-eu-to-sanction-israeli-group-nso

And the latest: https://marketresearchtelecast.com/spyware-sale-at-nso-group-the-end-of-pegasus/226205/

as well as

https://www.irishtimes.com/news/ireland/irish-news/concern-activist-s-phone-infected-with-spyware-during-dublin-conference-1.4778962

in 2022 the following items can be added:

https://www.hrw.org/news/2022/01/26/human-rights-watch-among-pegasus-spyware-targets

https://thewire.in/tech/nso-chairman-quits-says-departure-unrelated-to-recent-scandals

Posted in Amnesty international, EU, HRW, Human Rights Defenders | Leave a Comment »
Tags: AI, Electronic Frontier Foundation (EFF), EU, hacking, HRW, Hungary, NSO Group, Pegasus, Reporters without Borders, spyware, surveillance technology

US Court says Facebook can pursue lawsuit against NSO Group

November 10, 2021

On 8 November 2021 media (here Reuters) reported that a U.S. appeals court said Facebook can pursue a lawsuit accusing Israel’s NSO Group of exploiting a bug in its WhatsApp messaging app to install malware allowing the surveillance of 1,400 people, including journalists, human rights activists and dissidents. In a 3-0 decision on Monday, the 9th U.S. Circuit Court of Appeals in San Francisco rejected privately owned NSO’s claim it was immune from being sued because it had acted as a foreign government agent. See also: https://humanrightsdefenders.blog/2021/10/04/big-coalition-urges-un-to-denounce-abuses-facilitated-by-spyware-technologies/

Facebook, now known as Meta Platforms Inc, sued NSO for an injunction and damages in October 2019, accusing it of accessing WhatsApp servers without permission six months earlier to install its Pegasus malware on victims’ mobile devices. NSO has argued that Pegasus helps law enforcement and intelligence agencies fight crime and protect national security.

It was appealing a trial judge’s July 2020 refusal to award it “conduct-based immunity,” a common law doctrine protecting foreign officials acting in their official capacity. Upholding that ruling, Circuit Judge Danielle Forrest said it was an “easy case” because NSO’s mere licensing of Pegasus and offering technical support did not shield it from liability under federal law, which took precedence over common law.

“Whatever NSO’s government customers do with its technology and services does not render NSO an ‘agency or instrumentality of a foreign state,'” Forrest wrote. “Thus, NSO is not entitled to the protection of foreign sovereign immunity.”

The case will return to U.S. District Judge Phyllis Hamilton in Oakland, California.

Asked for comment on the decision, NSO said in an email that its technology helps defend the public against serious crime and terrorism, and that it “stands undeterred in its mission.”

WhatsApp spokesman Joshua Breckman in an email called the decision “an important step in holding NSO accountable for its attacks against journalists, human rights defenders and government leaders.”

Facebook’s case drew support from Microsoft Corp (MSFT.O), Alphabet Inc’s (GOOGL.O) Google and Cisco Systems Corp (CSCO.O), which in a court filing called surveillance technology such as Pegasus “powerful, and dangerous.”

On Nov. 3, the U.S. government blacklisted NSO and Israel’s Candiru for allegedly providing spyware to governments that used it to “maliciously target” journalists, activists and others. See also: https://humanrightsdefenders.blog/2021/11/10/palestinian-ngos-dubbed-terrorist-were-hacked-with-pegasus-spyware/.

https://www.reuters.com/technology/facebook-can-pursue-malware-lawsuit-against-israels-nso-group-us-appeals-court-2021-11-08/

https://gadgets.ndtv.com/apps/news/facebook-meta-pegasus-nso-group-lawsuit-whatsapp-hack-spyware-us-appeals-court-2604175

Posted in Human Rights Defenders | Leave a Comment »
Tags: court, facebook, foreign sovereign immunity, hacking, malware, NSO Group, Pegasus, spyware, WhatsApp

Palestinian NGOs dubbed terrorist were hacked with Pegasus spyware

November 10, 2021

Investigation by Front Line Defenders finds NGO employees’ phones were infiltrated months before Israel designated them as ‘terrorist organisations’

Phones of Palestinians working for human rights organisations recently designated by Israel as “terrorist organisations” [see: https://humanrightsdefenders.blog/2021/10/23/assault-by-israel-on-palestinian-human-rights-ngos/] were hacked using the Israeli-made spyware at the heart of a global surveillance scandal. [see: https://humanrightsdefenders.blog/2021/07/21/nsos-pegasus-spyware-now-really-in-the-firing-line/]

Dublin-based Front Line Defenders (FDL) examined 75 phones belonging to Palestinian human rights workers and detected that six were infected with Pegasus spyware between July 2020 and April 202. Four out of the six phones belong to staff members at NGOs that were blacklisted last month for alleged ties to a group labelled by some states as a “terrorist organisation”, a move that has sparked international condemnation.

Those alleged to have been hacked include US citizen Ubai al-Aboudi, who heads the Bisan Center for Research and Development, and French national Salah Hammouri, a researcher at Addameer.

At a press conference in Ramallah on Monday, representatives of the six organisations called for the international community to take action. “We call on the United Nations to launch an investigation to disclose the party that stood behind using this programme on the phones of human rights activists, a move that put their lives at risk,” Tahseen Elayyan, a legal researcher with Al-Haq, told Reuters.

FDL’s findings, which were reviewed and confirmed by Citizen Lab and Amnesty International Security Lab, will raise further concerns about Pegasus, the controversial spyware alleged to have been used to hack heads of state, journalists and activists in a series of explosive stories published this summer.

NSO Group, the Israeli-based tech firm behind Pegasus, only licences the product to sovereign states or the law enforcement or intelligence agencies of those states.

Haaretz reported on Monday that the export licence issued by the Israeli defence ministry to NSO Group only permits Israeli security services to monitor Israeli phone numbers.

An FDL spokesperson told Middle East Eye on Monday that the organisation does not know which state was behind the hacking it uncovered, but believes that the timeline of events over the past month may be critical in answering that question.

On 16 October, three days before the organisations were designated, Al-Haq approached FDL, suspecting that a staff member’s phone had been hacked. The same day, an FDL investigator found initial traces of Pegasus on the phone.

The following day, on 17 October, FDL said it held a meeting with all six organisations to inform them of the initial findings and see if others would want their phones investigated. NSO Group: US blacklists Israeli firms for harming ‘national security interests’.

On 18 October, Israel’s interior ministry notified Hammouri of its decision to revoke his permanent residency in Jerusalem and deport him on the basis of his alleged “breach of allegiance to the State of Israel”.

Then on 19 October, Israeli Defence Minister Benny Gantz designated all six organisations which had gathered with FDL as “terrorist organisations.”

At this point, the organisations were reportedly only considered “terrorist” groups in Israel. But on 3 November – just ahead of the release of FDL’s findings – Israel’s commander-in-chief of the Central Command issued an order to outlaw the organisations in the West Bank.

“It seems to us that [Israeli officials] were slow to react to what was transpiring and they were unprepared,” FDL spokesperson Adam Shapiro told MEE. “It suggests we caught them doing something they didn’t want us to.”

However, Shapiro emphasised that FDL could not say definitively what state was behind the hacking, a comment echoed by Addameer’s director, Sahar Francis.

“We don’t have evidence. We can’t accuse a certain party since we don’t have yet enough information about who carried out that action,” she told Reuters, calling on the UN to launch an investigation.

Israeli officials have not made a public statement yet about FDL’s findings. NSO Group told Reuters the company “does not operate the products itself … and we are not privy to the details of individuals monitored”.

The US government last week blacklisted the NSO Group and a second Israeli spyware firm, Candiru, saying their activities are contrary to US foreign policy and national security interests.

https://www.middleeasteye.net/news/israel-spyware-pegasus-used-hack-palestinian-rights-activists-phones

https://www.theguardian.com/world/2021/nov/08/hacking-activists-latest-long-line-cyber-attacks-palestinians-nso-group-pegasus-spyware

https://www.occrp.org/en/daily/15450-experts-pegasus-spyware-found-i n-phones-of-palestinian-activists

https://www.timesofisrael.com/report-palestinian-activists-phones-hacked-with-controversial-n so-group-tech/

Posted in Amnesty international, Front Line, human rights, Human Rights Defenders | 5 Comments »
Tags: anti-terrorist laws, Front Line (NGO), Israel, NGOs, NSO Group, Palestine, Pegasus, phone hacking, spyware

Big Coalition urges UN to denounce abuses facilitated by spyware technologies

October 4, 2021

During the 28th U.N. Human Rights Council (HRC) Access Now joined 94 other civil society organizations and independent experts in urging member states to denounce abuses facilitated by spyware technologies.

The Pegasus Project revealed a long list of journalists, activists, human rights defenders, lawyers, world leaders, and civil society actors that were a target of NSO Group’s Pegasus Spyware. The U.N. HRC should mandate comprehensive measures to investigate and prevent further violations linked to the sale, export, and use of Pegasus spyware and cases of targeted surveillance. For earlier post on this hot topic, see: https://humanrightsdefenders.blog/tag/pegasus/

“Member States must urgently act to address the perpetual human rights abuses by States facilitated by NSO Group’s Pegasus spyware,” said Laura O’Brien, UN Advocacy Officer at Access Now. “The clandestine surveillance industry must be held accountable.”

The recent revelations showcased the unprecedented scale of human rights violations by States facilitated by the use of Pegasus with Budapest-based photojournalist Dániel Németh being the latest victim targeted by the spyware.

In the Middle East and North Africa (MENA), governments continue to use digital surveillance tools to target journalists and activists. In 2016, a Citizen Lab investigation revealed that the UAE spied on human rights defender Ahmed Mansoor, who is now serving 10 years in prison under inhumane conditions. The Pegasus Project revealed that friends and family of slain Saudi journalist, Jamal Khashoggi, were also targets of Pegasus spyware with the iPhone of Khashoggi’s Turkish fiancée, Hatice Cengiz, targeted and successfully infected. Last June, Access Now and the Gulf Centre for Human Rights launched the MENA Surveillance Coalition, convening civil society organizations working to defend freedom of expression, privacy, and fundamental rights, to call for an end to the sales of digital surveillance tools to repressive governments in the region.

“Invasive surveillance invades and corrodes the lives and work of human rights defenders, journalists, and activists across the globe,” said Kassem Mnejja, MENA Campaigner at Access Now. “Companies like NSO have been given free rein to proliferate the market with the dangerous Pegasus spyware used to facilitate these dehumanising and unsafe actions — this must end now.”

Despite the mounting evidence of its human rights abuses, the NSO Group continues to repeat its false claim that its spyware is only used for legitimate purposes like investigating crime and terror. This cannot continue.

U.N. human rights experts and civil society groups have previously called on governments to immediately implement a global moratorium on the sale, export, transfer, and use of private surveillance technology. Supporting this call, civil society organizations and independent experts are today requesting member states of the U.N. HRC to urgently denounce and mandate independent investigations into the human rights violations facilitated by this technology.

Read the full letter.

https://www.scoop.co.nz/stories/WO2110/S00016/act-now-against-spyware-coalition-tells-un-human-rights-council.htm

Posted in human rights, Human Rights Defenders | 2 Comments »
Tags: 48th session of the UN Human Rights Council, Access Now, joint statement, Laura O’Brien, Mansoor, NGOs, NSO Group, Pegasus, spyware, surveillance technology

NSO’s Pegasus spyware now really in the firing line

July 21, 2021

Frank Andrews in the Middle East Eye of 20 July 2021 tracks the history of the unhealthy story to which also thsi blog has regularly paid attention: see https://humanrightsdefenders.blog/tag/nso-group/

Claims made this week that the Israeli company’s Pegasus spyware technology has been used to surveil 50,000 phones – belonging to heads of state, journalists, human rights defenders, political opponents and more – may be the highest-profile accusations against the firm, but they are not the first.

Pegasus, which infects phones with spyware through various means, has proven to be a boon to digital authoritarians wanting to track anyone perceived as critical of their rule. It has also been the subject of numerous lawsuits and legal complaints.

It begun in August 2016, when the United Arab Emirates was found to be tracking the iPhone of Emirati human rights activist Ahmed Mansoor using Pegasus spyware, according to a report by Citizen Lab and Lookout Security. [see also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Geneva experts on cybersecurity and digital governance tell Geneva Solutions what citizens must do to stem the erosion of our right to privacy.

U.N. High Commissioner for Human Rights Michelle Bachelet, in a statement, said that the revelations “are extremely alarming, and seem to confirm some of the worst fears about the potential misuse of surveillance technology to illegally undermine people’s human rights.” See statement by @UNHumanRights Chief @mbachelet: https://ohchr.org/EN/NewsEvents/

https://www.middleeasteye.net/news/israel-pegasus-spyware-nso-group-history-accusations-denials

https://www.rawstory.com/as-un-human-rights-chief-urges-stricter-rules-snowden-calls-for-end-to-spyware-trade/https://www.rawstory.com/as-un-human-rights-chief-urges-stricter-rules-snowden-calls-for-end-to-spyware-trade/

https://indianexpress.com/article/explained/the-making-of-pegasus-from-startup-to-spy-tech-leader-israel-invasive-spyware-7414370/

Pegasus Rides Again: The NSO Group, Spyware and Human Rights

https://genevasolutions.news/science-tech/project-pegasus-and-the-right-to-cultivate-one-s-personal-digital-garden?utm_source=newsletter&utm_medium=email

Posted in Human Rights Defenders, OHCHR | 2 Comments »
Tags: Ahmed Mansoor, Israel, mobile phones, NSO Group, Pegasus, spyware, surveillance technology

Hans Thoolen on Human Rights Defenders and their awards