Amnesty is suing the creator of Pegasus, the spyware that WhatsApp never let in

Last week, WhatsApp from Facebook whispered a warning to update the mobile messaging app after learning that it had a vulnerability that really deserved to be shouted from the rooftops: a zero-day vulnerability that hackers silently use government spyware on the phones of victims could have been exploited in the wild.

The zero day meant that with one phone call spies could gain access to your phone and plant spyware – especially the infamous Pegasus software.

Pegasus has been unleashed against Mexican political activists; aimed at the human rights-oriented NGO Amnesty International in a spearphishing attack; and used against Ahmed Mansoor, a prominent human rights activist and political dissident in the United Arab Emirates who was sentenced to 10 years in prison and a fine of 1,000,000 Emirati Dirham (USD $ 272K) after being accused of "insulting the UAE and the symbols "".

WhatsApp has quickly repaired the vulnerability.

Just as quickly, Amnesty International filed a lawsuit aimed at stopping the "web of surveillance" that, according to her, the NSO Group, the Israeli company that makes Pegasus.

Last Monday, Amnesty announced that it will bring the Israeli Ministry of Defense (MoD) to court to force it to withdraw the NSO Group's export license.

Thirty Amnesty International members and supporters Israel and others from the human rights community claim that the NSO group spyware has been used to monitor Amnesty staff and other human rights defenders, endangering human rights.

Referring to the June 2018 Spearphishing attack on an Amnesty employee, Danna Ingleton, deputy director of Amnesty Tech, said in a sworn statement that the attack was "the last straw".

NSO Group sells its products to governments known for scandalous human rights violations, and giving them the means to keep up with activists and critics. The attack on Amnesty International was the straw.

The Israeli Ministry of Defense is increasingly ignoring evidence linking the NSO group to attacks on human rights defenders, and that is why we support this case. As long as products such as Pegasus are marketed without proper control and supervision, the rights and safety of Amnesty International staff and that of other activists, journalists and dissidents around the world are at risk.

How Pegasus flies

As Ingleton has described in the statement, a Pegasus infection can occur in various ways. A target usually clicks on an exploit link, often sent as a text message. This activates the download on a mobile device.

As an alternative, the NSO Group reportedly invented how to infect a device without user interaction. As Motherboard has reported, a phone call to a targeted device is enough to give the attacker full access to the content without the victim having to click on a fake link.

Once installed, Pegasus turns into what Citizen Lab is a & # 39; silent, digital spy & # 39; has named. It can get anywhere – including contacts, photos, call history, and previous text messages – regardless of encryption or other protections. It also gives the operator the ability to remotely control the camera and microphone of a device, allowing remote monitoring of calls and passive or active tracking of the location data of a target.

When the Amnesty technology team analyzed the fake link sent via a WhatsApp message in the June 2018 spearphishing attack, they discovered that it was linked to a domain known to be distributing and distributing Pegasus spyware from the NSO Group. effort. Had the staff member clicked on the link – which was not the case – they would have been taken to a site that would have tried to install the spyware on their device.