Amnesty International targeted in spyware hacking attempt

Bogus Saudi protest email used to lure human rights charity personnel to download covert surveillance tool.

James Hayes | 6th Aug 18
Image shows Amnesty International protest. A bogus WhatsApp message sent to a Amnesty International employee was used in an attempt to covertly install spyware on the target's smartphone and steal sensitive data, the charity said.

Amnesty International has confirmed that it was among the targets of a cyber-surveillance campaign, in what the charity suspects was a deliberate attempt to spy on its staff by a government hostile to its work.

Last June an Amnesty International employee received a suspicious WhatsApp message in Arabic. The text contained details about an alleged protest outside the Saudi embassy in Washington DC, followed by a link to a website.

The WhatsApp message was sent to Amnesty International as the organisation was campaigning for the release of six women’s rights activists detained in Saudi Arabia. The message, analysed by the charity’s technology experts, read: “Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington. My brother was detained in Ramadan and I am on a scholarship here so please do not link me to this. [LINK]. Cover the protest now it will start in less than an hour. We need your support please.”

The investigation by Amnesty International’s technology team revealed that clicking the link would have installed ‘Pegasus’, surveillance software tool developed by the company NSO Group, which is reportedly headquartered in Israel.

In a statement to and published by Amnesty International, NSO Group said that their product is intended to be used exclusively for the investigation and prevention of crime and terrorism’ and that any other use violate their policies and contracts.

“We believe that this was a deliberate attempt to infiltrate Amnesty by a government hostile to our human rights work,” said Joshua Franco, Amnesty International’s Head of Technology and Human Rights. “The potent state hacking tools manufactured by NSO Group allow for an extraordinarily invasive form of surveillance. A smartphone infected with Pegasus is essentially controlled by the attacker – it can relay phone calls, photos, messages and more, directly to the operator. This chilling attack highlights the grave risk posed to activists around the world by this kind of surveillance technology.”

Amnesty International’s investigation also discovered that another Saudi Arabia rights activist received a similar malicious message, the charity said.