Amnesty: «Israeli» NSO Spyware Used to Monitor Human Rights Activists in Morocco

By Staff, Agencies

“Israeli” NSO spying tools have been used to track down two Moroccan human rights activists who are being chased by state authorities – a widespread investigation by Amnesty International has revealed.

Maati Monjib, an academic and human rights activist, and Abdessadak El Bouchattaoui, a human rights lawyer who has represented protesters from the Hirak El-Rif social justice movement, have been targeted repeatedly since 2017.

According to an Amnesty report released on Thursday, both received SMS messages containing malicious links that if clicked would secretly install Pegasus software, allowing the sender to obtain near-total control of the phone. The same technology was used to target an Amnesty staff member and a Saudi Arabian human rights activist in June 2018.

The damage can give the attacker full access to all information on the device, transfer real-time actions and calls through it, and allow remote operation of the microphone and camera to spy on the victim and his environment.

In addition to this attack, Amnesty identified another hacking operation, carried out through the cellular network itself, in order to take control of one of the activists' device. Amnesty suspects that NSO is also linked to this attack.

“Amnesty International’s research has uncovered chilling new evidence that further illustrates how NSO Group’s malicious spyware is enabling state-sponsored repression of human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty Tech.

She went on to say, “Subjecting peaceful critics and activists who speak out about Morocco’s human rights records to harassment or intimidation through invasive digital surveillance is an appalling violation of their rights to privacy and freedom of expression.”

The two activists have previously faced persecution by the government in Morocco for their activities in the field. According to Amnesty, in recent years Morocco has increased the use of problematic clauses designed to transform illegal and illegitimate human rights activities, and harass activists seeking to maintain freedom of expression and protest through harassment, threats and imprisonment.

Amnesty said the links in the text message led to the same Internet infrastructure that had previously been linked to the NSO, specifically in the case of an Amnesty investigator in Saudi Arabia.

"Two addresses, st *** ms.biz and inf *** ress.com [addresses censored so as not to jeopardize users -] were previously identified by Amnesty as part of NSO's infrastructure. In addition, we are a new domain, h *** at.co, which is impersonating an online commerce site from Morocco called Hmizate. An SMS message with a link to this site included features that characterize Pegasus SMS. Another address, re ***** ion-news.co, was previously linked to NSO by the Citizen Love Research Institute. "

At the same time, Amnesty found evidence of hacking or exploitation of the cellular network itself with a view to introducing device damage. "While analyzing browsing history in Browser S.Pari On the Meti Monjab iPhone, we found suspicious links that did not originate from text messages or whatsapps, "it says." Safari records all browsing history in the repository stored on the device. The repository stores not only the links the user has accessed, but also the source of each visit. "

Amnesty notes that at this stage they do not have sufficient information to link NSO to the attack over the cellular network. "However," they add, "given the technical similarity to other Pegasus infections, the fact that Monjab was already a target for NSO software and the fact that NSO publishes the kind of capabilities used in this attack, there is reason to believe that NSO tools are used in this case as well".

NSO group claims that its technology is only used for lawful purposes such as counterterrorism and fighting crime. The company has recently released a human rights policy and claims to have human rights diligence mechanisms in place to investigate and prevent abuse by governments. However, the lack of transparency over investigations into misuse of its technology raises serious questions about these claims.

Under the UN Guiding Principles on Business and Human Rights, NSO Group and their primary investor, the UK-based private equity firm Novalpina Capital, have a clear obligation to take urgent steps to ensure that they are not causing or contributing to human rights abuses worldwide.