Two prominent Moroccan human rights activists have been targeted with sophisticated spyware built by NSO Group at least since 2017, according to Amnesty International.
âThese were carried out through SMS messages carrying malicious links that, if clicked, would attempt to exploit the mobile device of the victim and install NSO Groupâs Pegasus spyware,â the British human rights non-governmental organization said.
The report found activist MaĂąti Monjib and human rights lawyer Abdessadak El Bouchattaoui at the receiving end of a targeted surveillance campaign by hackers with possible ties to the Moroccan government in the wake of Hirak Rif protests in 2016 â a mass movement thatâs been met with violent repression and a crackdown on free speech.
In addition to delivering malware via booby-trapped messages containing URLs previously tied to NSO Group, the hack â dubbed network injection attack â intercepted the targetâs unencrypted web traffic to redirect visits to legitimate websites with pernicious substitutes that infected the devices with spyware.
The đ of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
One way this kind of redirection can occur is by employing âa rogue cellular tower placed in the proximity of the target, or other core network infrastructure the mobile operator might have been requested to reconfigure to enable this type of attack,â Amnesty International said.
The Israeli company NSO Group is known to sell spyware and hacking tools to governments across the world. The spyware, named Pegasus, features advanced capabilities to jailbreak or root the infected mobile device, and turn on the phoneâs microphone and camera, scan emails and messages, and collect all sorts of sensitive information.
Back in July, it emerged that the tool had âevolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a targetâs location data, archived messages or photo.â
In May, the FT reported a vulnerability in WhatsAppâs audio call feature that allowed attackers to inject iPhones and Android phones with Pegasus surreptitiously. This prompted the Facebook-owned messaging service to issue a server-side update to patch the exploit.
Then last week, Googleâs Project Zero uncovered evidence of an actively exploited privilege escalation Android zero-day â allegedly said to have been used or sold by the NSO Group â that gave attackers the ability to compromise millions of devices. Itâs not fully clear who the targets were in either of those attacks.
Although NSO group has maintained that its software is only sold to responsible governments to help foil terrorist attacks and crimes, the latest incident is a reminder that Pegasus has been repeatedly misused to track human rights activists and journalists around the world.
âSubjecting peaceful critics and activists who speak out about Moroccoâs human rights records to harassment or intimidation through invasive digital surveillance is an appalling violation of their rights to privacy and freedom of expression,â Amnesty International added.
NSO Group, for its part, put out a human rights policy in September that aims to âidentify, prevent and mitigate the risks of adverse human rights impact.â It also said the tools are not meant to âsurveil dissidents or human rights activistsâ â
As per our policy, we investigate reports of alleged misuse of our products. If an investigation identifies actual or potential adverse impacts on human rights, we are proactive and quick to take the appropriate action to address them. This may include suspending or immediately terminating a customerâs use of the product, as we have done in the past.
At this point, the events directly connecting the man-in-the-middle attack to NSO Group are circumstantial at best. But the findings are indicative of sustained attempts by governments and bad actors to spy on activists and journalists.
âInstead of attempting to whitewash human rights violations associated with NSO products, the company must urgently put in place more effective due diligence processes to stop its spyware being abused,â the NGO concluded.
Get the TNW newsletter
Get the most important tech news in your inbox each week.