Amnesty International said Sunday its security team found evidence of abuse on a Moroccan journalist’s cell phone that can be tied back to spyware developed by NSO Group.
The journalist, Omar Radi, was targeted by surveillance software capable of tracking texts, calls, emails, camera, and more — just days after NSO Group, the Israeli surveillance software company, announced it would stop its products from being used to perpetuate human rights abuses, according to Amnesty International.
Although the attackers behind the targeting are unconfirmed, Amnesty says evidence indicates the Moroccan government is behind the surveillance. NSO Group has repeatedly said it only sells its technology to governments.
The targeting of Radi came at a time when he was being repeatedly harassed by the Moroccan government between January 2019 and January 2020.
Radi was targeted by a series of network injection attacks, which allowed attackers to intercept and manipulate targets’ internet traffic, Amnesty International said. This particular attack method requires no interaction from the victim, and simply reroutes the target browser to a malicious website that can allegedly install Pegasus spyware on the victim’s device.
“For network injections, the attacker requires either physical proximity to the targets or access over mobile networks in the country which only a government could authorize, a further indication that the Moroccan authorities were responsible for the attack against Omar Radi,” Amnesty said in a blog.
“NSO Group clearly cannot be trusted. While it was undertaking a PR offensive to whitewash its image, its tools were enabling the unlawful surveillance of Omar Radi, an award-winning journalist and activist,” Amnesty Tech Deputy Director Danna Ingleton said in a statement. “This investigation … demonstrates NSO Group’s continued failure to conduct adequate human rights due diligence and the inefficacy of its own human rights policy.”
NSO Group’s spyware has previously been detected in surveillance targeting Moroccans, including one other journalist and an activist that has protested the government’s security forces, according to Amnesty.
The scheme shows that those using NSO Group software are becoming increasingly brazen in going after their targets — the malicious browser exploit used to target Radi was also used on another journalist, according to Amnesty.
An NSO Group spokesperson said in a statement, “we shall immediately review the information provided and initiate an investigation if warranted,” adding that the nature of its business with governments may prevent it from sharing information about its customers’ identities.
“While we seek to be as transparent as feasible in response to allegations that our products have
been misused, because we develop and license to States and State agencies technologies to assist in combatting terrorism, serious crimes, and threats to national security, we are obligated to respect state confidentiality concerns and cannot disclose the identities of customers.”
The Moroccan government did not immediately return request for comment.
Ingleton says that if NSO Group won’t stop its technology from being used to violate people’s human rights, then they should be barred from selling them to governments “likely to use it for human rights abuses.”
“Even after being presented with chilling evidence of its spyware being used to track activists in Morocco, it appears that NSO chose to keep the Moroccan government on as a customer,” Ingleton said. “The Moroccan authorities are increasingly using digital surveillance to crack down on dissent. This unlawful spying, and the wider pattern of harassment of activists and journalists must stop.”
NSO Group’s head of compliance has requested that Amnesty share information with NSO about the journalist allegedly targeted by its spyware, such as phone number, and the name of the individual, to investigate further, according to a letter obtained by CyberScoop.
Amnesty is currently embroiled in a legal battle with NSO Group in Israeli court in an effort to convince the Israeli Ministry of Defense to rescind NSO Group’s export license. NSO Group is also facing a lawsuit from Facebook WhatsApp, which alleges the company has violated a federal anti-hacking law.