Amnesty International claims that Israeli firm NSO Group’s spyware was used in a sustained campaign by Morocco’s government to spy on Moroccan journalist Omar Radi, with one attack occurring days after NSO pledged to prevent its technology from being used in human rights abuses.
A forensic analysis of Radi’s phone by Amnesty allegedly revealed it was subject to a number of ‘network injection’ attacks involving an advanced new technique that silently installed NSO Group’s Pegasus spyware. The attacks allegedly took place during a period in which Radi faced sustained harassment from the Moroccan authorities, up until January 2020.
Network injections allow the attacker to monitor, intercept and manipulate the internet traffic on a target’s phone. The phone’s browser can then be redirected to a malicious website that silently installs Pegasus software onto the phone. The attacker needs to be physically close to the target to launch the attack, or have access over mobile networks in the country – which only a government would be able to authorise.
Radi is a target for the government due to his journalism and activism, which critiques the government’s human rights record and involvement in corruption. On 17 March, he received a four-month suspended prison sentence for a tweet he posted decrying the unfair trial of a group of activists.
A report by Amnesty last year provided evidence for other allegedly unlawful hacking attacks in Morocco that used NSO’s technology.
In September 2019, after NSO Group was acquired by the UK-based private equity fund Novalpina Capital, it announced a new human rights policy and governance framework that would bring the company into alignment with the UN Guiding Principles on Business and Human Rights, “cementing the company’s existing industry-leading ethical business practices”.
“While [NSO Group] was undertaking a PR offensive to whitewash its image, its tools were enabling the unlawful surveillance of Omar Radi, an award-winning journalist and activist,” said Danna Ingleton, deputy director of Amnesty Tech.
“Even after being presented with chilling evidence of its spyware being used to track activists in Morocco, it appears that NSO chose to keep the Moroccan government on as a customer. If NSO won’t stop its technology from being used in abuses, then it should be banned from selling it to governments who are likely to use it for human rights abuses.”
Amnesty says that despite the attacks themselves being allegedly orchestrated by the Moroccan government, NSO was complicit by keeping the government on as an active customer until January.
“The Moroccan authorities are increasingly using digital surveillance to crack down on dissent. This unlawful spying, and the wider pattern of harassment of activists and journalists must stop,” said Danna Ingleton.
In response to Amnesty’s report, an NSO spokesperson said that the group “take[s] any any claim of misuse seriously”: “We responded directly to Amnesty International after learning of their allegations in accordance with NSO’s industry-leading human rights policies and we shall immediately review the information provided and initiate an investigation if warranted.”
However the spokesperson said that, “while we seek to be as transparent as feasible in response to allegations that our products have been misused”, the group had to “respect state confidentiality concerns” with regards its customers, and wouldn’t be able to disclose their identities.
Amnesty International and other groups such as research body The Citizen Lab claim that NSO’s spyware has been used in attacks on journalists and parliamentarians in Mexico, on Saudi activists Omar Abdulaziz, Yahya Assiri, Ghanem Al-Masarir, Emirati human rights campaigner Ahmed Mansoor, an Amnesty International staff member, and allegedly in connection with murdered Saudi dissident Jamal Khashoggi.
Sign up to Emerging Threats, our weekly cyber security newsletter
At present, NSO Group is involved in three court cases. Amnesty is supporting a case being brought in Israel that calls on the Israeli Ministry of Defence to revoke NSO Group’s export license, arguing that the government agency is putting human rights at risk by allowing NSO to continue to export its spyware.
In a separate case, Whatsapp is suing the company for allegedly hacking more than 1,400 of the messaging service’s users. NSO denies the claims, but maintains that even if its spyware was used, it would’ve been governments operating it, and therefore the company should not be held directly culpable.