Last week, WhatsApp from Facebook whispered a warning to update the mobile messaging app after learning that it had a vulnerability that really deserved to be shouted from the rooftops: a zero-day vulnerability that hackers silently use government spyware on the phones of victims could have been exploited in the wild.
The zero day meant that with one phone call spies could gain access to your phone and plant spyware – especially the infamous Pegasus software.
Pegasus has been unleashed against Mexican political activists; aimed at the human rights-oriented NGO Amnesty International in a spearphishing attack; and used against Ahmed Mansoor, a prominent human rights activist and political dissident in the United Arab Emirates who was sentenced to 10 years in prison and a fine of 1,000,000 Emirati Dirham (USD $ 272K) after being accused of "insulting the UAE and the symbols "".
WhatsApp has quickly repaired the vulnerability.
Just as quickly, Amnesty International filed a lawsuit aimed at stopping the "web of surveillance" that, according to her, the NSO Group, the Israeli company that makes Pegasus.
Last Monday, Amnesty announced that it will bring the Israeli Ministry of Defense (MoD) to court to force it to withdraw the NSO Group's export license.
Thirty Amnesty International members and supporters Israel and others from the human rights community claim that the NSO group spyware has been used to monitor Amnesty staff and other human rights defenders, endangering human rights.
Referring to the June 2018 Spearphishing attack on an Amnesty employee, Danna Ingleton, deputy director of Amnesty Tech, said in a sworn statement that the attack was "the last straw".
NSO Group sells its products to governments known for scandalous human rights violations, and giving them the means to keep up with activists and critics. The attack on Amnesty International was the straw.
The Israeli Ministry of Defense is increasingly ignoring evidence linking the NSO group to attacks on human rights defenders, and that is why we support this case. As long as products such as Pegasus are marketed without proper control and supervision, the rights and safety of Amnesty International staff and that of other activists, journalists and dissidents around the world are at risk.
How Pegasus flies
As Ingleton has described in the statement, a Pegasus infection can occur in various ways. A target usually clicks on an exploit link, often sent as a text message. This activates the download on a mobile device.
As an alternative, the NSO Group reportedly invented how to infect a device without user interaction. As Motherboard has reported, a phone call to a targeted device is enough to give the attacker full access to the content without the victim having to click on a fake link.
Once installed, Pegasus turns into what Citizen Lab is a & # 39; silent, digital spy & # 39; has named. It can get anywhere – including contacts, photos, call history, and previous text messages – regardless of encryption or other protections. It also gives the operator the ability to remotely control the camera and microphone of a device, allowing remote monitoring of calls and passive or active tracking of the location data of a target.
When the Amnesty technology team analyzed the fake link sent via a WhatsApp message in the June 2018 spearphishing attack, they discovered that it was linked to a domain known to be distributing and distributing Pegasus spyware from the NSO Group. effort. Had the staff member clicked on the link – which was not the case – they would have been taken to a site that would have tried to install the spyware on their device.
In fact, the domain that houses the link is part of a network of more than 600 suspect domains used to activate Pegasus infections, according to the sworn statement.
Although the intended Amnesty employee had not clicked on the booby-trapped link, they were still shocked that they were targeted on the basis of their human rights work, in & # 39; clear violation of the right to freedom of opinion, freedom of expression, and the right to privacy guaranteed under the International Covenant on Civil and Political Rights, "said the sworn statement.
The fear lingers: the employee refused to have his name published in the aftermath. But he or she is just one of many goals: Citizen Lab has traced the use of Pegasus spyware to 45 countries where operators may have used it in surveillance campaigns between August 2016 and August 2018.
Off-label use of government spyware?
The reaction of the NSO Group to incidents of operators who illegally use its software to prosecute dissidents, activists and journalists has been consistent: it repeatedly points out that Pegasus should only be used by governments to enable them criminals and terrorists invisible to follow. From the statement it issued to Amnesty after the spearphishing attack on June 2018:
NSO Group is developing cyber technology to enable government agencies to identify and disrupt terrorist and criminal plots. Our product is intended solely for the investigation and prevention of crime and terrorism. Any use of our technology that conflicts with that goal is a violation of our policies, legal contracts, and the values that we as a company stand for.
In the lawsuit filed last week, Amnesty says the NSO group is ignoring the "foreseeable risk" that governments are abusing its spyware to unlawfully monitor human rights defenders.
There is no evidence that the NSO group refused to sell its products to those governments, found that those governments had proper legal frameworks and monitoring mechanisms for the use of spyware prior to a sale, or withdrew access to its products after evidence emerged came from their abuse.
NSO Group claims that its Business Ethics Committee reviews and approves all transactions and that it conducts investigations into allegations of abuse. But it has not revealed what factors it takes into consideration when choosing who to sell, does not reveal much of anything regarding the results of its misuse investigations, and has not demonstrated what, if any, it will be done to the risk of misuse, says the certified statement.
At least the NSO group could assess the human rights of a prospective client country. It could also follow the use of products after the sale, says Amnesty.
Paralysis of human rights
The legal action is initiated by Amnesty International as part of a joint project with the Bernstein Institute for Human Rights and Global Justice Clinic at the New York University (NYU) School of Law. Faculty Director Margaret Satterthwaite:
Targeting human rights defenders at work, using invasive digital surveillance tools, is not permitted under human rights law. Without stronger legal controls, the spyware industry allows governments to torpedo about the rights to privacy, freedom of opinion and expression.
The Israeli government must revoke the NSO Group's export license and prevent it from benefiting from state-sponsored repression.
. (tagsToTranslate) government security (t) privacy (t) whatsapp (t) amnesty international (t) drive-by download (t) government spyware (t) lawsuit (t) pegasus (t) spearphishing (t) spyware (t) surveillance
