Amnesty International says one of its employees was targeted with Israeli-made surveillance software using Saudi protest bait, in what is believed to be part of a deliberate attempt to spy on the rights group.
In a 20-page report released on Wednesday, Amnesty said one of its staff members in early June received a suspicious WhatsApp message in Arabic, containing details about an alleged protest outside the Saudi embassy in Washington, D.C., followed by a link to a website.
"Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington,” read the message. “My brother was detained in Ramadan and I am on a scholarship here so please do not link me to this. [LINK]. Cover the protest now it will start in less than an hour. We need your support please."
Investigations by Amnesty’s technology team revealed that clicking the link would have installed “Pegasus,” a sophisticated surveillance tool developed by the Israel-based company NSO Group.
Pegasus infects the user's smartphone and steals all its information, including contacts, messages, and everything from Skype, WhatsApp, Viber, WeChat and Telegram.
“NSO Group is known to only sell its spyware to governments. We therefore believe that this was a deliberate attempt to infiltrate Amnesty International by a government hostile to our human rights work,” said Joshua Franco, Amnesty International’s Head of Technology and Human Rights.
“The potent state hacking tools manufactured by NSO Group allow for an extraordinarily invasive form of surveillance. A smartphone infected with Pegasus is essentially controlled by the attacker – it can relay phone calls, photos, messages and more directly to the operator. This chilling attack on Amnesty International highlights the grave risk posed to activists around the world by this kind of surveillance technology.”
Read more:
According to Amnesty, the domain link in the message belongs to a large infrastructure of more than 600 suspicious websites which had been previously connected to NSO Group. Amnesty International’s investigation discovered that another Saudi rights activist also received a similar malicious message.
In a statement to Amnesty International, NSO Group said that their product was “intended to be used exclusively for the investigation and prevention of crime and terrorism" and that any other use would violate their policies and contracts. It also said that allegations of wrongdoing would be investigated.
NSO has been implicated in a series of digital break-in attempts, including against activists, journalists and opposition party leaders looking into murders and corruption in Mexico.
Pegasus was also used to target the Emirati award-winning human rights defender Ahmed Mansoor, one of the few openly critical voices in the UAE who has been in prison in the United Arab Emirates since March 2017.