Amnesty International is taking legal advice in order to revoke the export licence of Israeli-based NSO Group, after it was revealed the cyber firm’s spyware had been used in an attempt to spy on an Amnesty staff member.

A recent investigation by Haaretz newspaper uncovered the firm’s sophisticated surveillance tool “Pegasus” was offered to authorities in Saudi Arabia last year.

Two weeks ago, Amnesty International Israel submitted an urgent request to the Israeli Ministry of Defence, demanding that NSO Group's defence export licence be revoked in light of an attempted cyber attack on an Amnesty staff member via NSO's spyware.

The mountain of evidence and reports on NSO Group and the sale of its spyware to human rights-violating regimes is substantial proof that NSO has gone rogue Molly Malekar, Programs Director of Amnesty International Israel.

But this week, the Israeli Defence Ministry refused to revoke the firm’s licence, causing Amnesty International to consider seeking legal action.

“We thoroughly reject this inadequate response. The mountain of evidence and reports on NSO Group and the sale of its spyware to human rights-violating regimes is substantial proof that NSO has gone rogue”, said Molly Malekar, Programs Director of Amnesty International Israel.

“The Ministry of Defence must answer for their failure to properly regulate NSO Group as they are in charge of controlling Israeli Defence Export.

“By continuing to approve of NSO Group, the Ministry of Defence is practically admitting to knowingly cooperating with NSO Group as their software is used to commit human rights abuses.”

Amnesty International will not stand idly by as companies such as NSO Group profit from selling their invasive Pegasus software to repressive states around the world Danna Ingleton, Deputy Director of Amnesty International Tech

In June this year, an Amnesty International staff member was targeted by a sophisticated surveillance campaign, in what the organization suspects was a deliberate attempt to spy on its staff by a government hostile to its work.

“Amnesty International will not stand idly by as companies such as NSO Group profit from selling their invasive Pegasus software to repressive states around the world”, said Danna Ingleton, Deputy Director of Amnesty International Tech.

”NSO Group’s software has been used to attack Amnesty staff and fellow human rights defenders globally. As the Israeli Ministry of Defence refused our request to revoke the export licence, it is clear that we now need to take additional legal steps to expose the truth and seek accountability for the attack against us.”

This work aligns with Amnesty Tech’s Surveillance Strategic Litigation initiative, a project in partnership with New York University (NYU) School of Law’s Bernstein Institute for Human Rights and Global Justice Clinic that seeks justice for human rights defenders targeted with malicious software.

Amnesty International urges anyone who thinks they have been victim of an attack to contact tech.reports@amnesty.org, or @aitechreports through the end-to-end encrypted platform Wire.

Targeting of Amnesty International staff

In June this year, an Amnesty International staff member received a suspicious WhatsApp message in Arabic. The text contained details about an alleged protest outside the Saudi embassy in Washington D.C., followed by a link to a website. Investigations by Amnesty International’s technology team revealed that clicking the link would have installed “Pegasus”, a sophisticated surveillance tool developed by the Israel-based company NSO Group.

NSO Group’s software has been used to attack Amnesty staff and fellow human rights defenders globally Danna Ingleton

The WhatsApp message was sent to Amnesty International in a week when the organization was campaigning for the release of six women’s rights activists detained in Saudi Arabia. The link, if clicked, would have allowed the Pegasus software to infect the user’s smartphone, tracking keystrokes, taking control of the phone’s cameras and microphone and accessing contact lists.

Amnesty International’s investigation also discovered that another Saudi Arabia rights activist, who later publicly identified himself as Yahya Asiri, received a similar malicious message.

In a statement to Amnesty International, NSO Group said that their product “is intended to be used exclusively for the investigation and prevention of crime and terrorism” and that any other use violate their policies and contracts.

Connection to NSO Group and suspicious websites

Further investigations by Amnesty International revealed that the domain link in the message belongs to a large infrastructure of more than 600 malicious domains, some of which had been previously connected to NSO Group. Amnesty International is concerned that these could be used to bait and spy on activists in countries including Kenya, Democratic Republic of Congo and Hungary, in addition to the Gulf.

Pegasus was also used to target the Emirati award-winning human rights defender Ahmed Mansoor, who has been in prison in the United Arab Emirates since March 2017.

Background

While law enforcement agencies in many countries have used secret surveillance in relation to national security objectives, Amnesty International is concerned that in many cases surveillance is being carried out in a manner contrary to international human rights law. Tools like Pegasus are especially problematic from a human rights law perspective as they are so deeply invasive.

As laid out in the UN Guiding Principles on Business and Human Rights (UNGPs), companies also have a responsibility to respect human rights wherever they operate in the world.