Security Market Segment LS
Wednesday, 01 August 2018 11:30

Powerful mobile malware used to target Amnesty staffer

Powerful mobile malware used to target Amnesty staffer Pixabay

The human rights group Amnesty International says one of its staff has been targeted with powerful smartphone malware known as Pegasus which is sold by an Israel-based company NSO Group.

Amnesty said in a statement that its investigations showed that the malware had connections with more than 600 domain names, all of which had been previously identified as part of Pegasus.

The staffer in question, who is based in Saudi Arabia, received a suspicious WhatsApp message in June which included a malicious link.

The sender's number was that of a commercial provider which enables the sending of bulk SMS messages.

Amnesty said it had later identified another human rights defender in Saudi Arabia who had also received similar messages.

"These messages carried links to domains which we identified as part of that same network infrastructure used by NSO Group or its customers to deliver exploits and malware designed to silently harvest data from the victims’ phones," Amnesty said.

"This malware would allow an attacker complete access to the target’s phone or computer, essentially turning the device into a sophisticated eavesdropping and tracking tool to be used against them."

Amnesty found documentation on the NSO Group's site that described the kind of SMS messages its staffer had received as an "enhanced social engineering message".

Had the staffer clicked on the link in the SMS, he would have been connected through a network of anonymising nodes provided by NSO Group, which are designed to anonymise the final location of the Pegasus servers in a way that conceals the customer’s identity or origin.

Finally, the victim would end up at a server which would try to exploit his device and install the Pegasus malware.

Amnesty said it had identified two other characteristics that connected the message to the NSO Group. "One is evidence that connects the malicious links we received and collected with NSO Group network infrastructure that was previously discovered and publicly reported on by Citizen Lab.

"And, though more speculative, the second is a domain registration pattern showing that most of the domains in the NSO Group infrastructure were registered during Israeli working days and hours (where NSO is based)."

The rights organisation contacted NSO Group who said their product was meant to be used only for the investigation and prevention of crime and terrorism.

Amnesty said what it was doing — protecting human rights — was not a crime. "While law enforcement institutions in many countries have used secret surveillance in relation to national security objectives, Amnesty International as well as numerous other human rights organisations have documented cases where surveillance has been and continues to be carried out in a manner contrary to international human rights law - an important example being when people are targeted for surveillance based only on the exercise of their human rights," it said.

"In these cases, surveillance would amount to an 'arbitrary or unlawful' attack on their privacy or otherwise violate other human rights. Surveillance through the use of state-hacking tools such as those that NSO group provides is an extraordinarily invasive form of surveillance, and thus an especially problematic one under international human rights law and standards."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments