On Tuesday, Amnesty International announced one of its staff members and a Saudi Rights activist have been the target of an attempted spyware attack by a "government hostile” to the organization’s work. The spyware in question, according to Amnesty, is a trojan horse developed and marketed by Israeli cyber surveillance company NSO Group. Called Pegasus, it gives operators access to calls and messages, and remote control of the mobile device on which it is covertly installed.
For daily updates, subscribe to our newsletter by clicking here.
Founded in 2010, NSO develops and sells cyber attack tools for mobile phones and other devices. The company's clients include governments and law enforcement agencies, but its technology has been implicated in alleged human rights violations a few times in the past. In July, Israeli court partially lifted a gag order on an indictment filed against a former NSO employee who was accused of stealing Pegasus' code and data. The employee attempted to sell the stolen information on the dark web for crypto coins worth $50 million, according to documents filed to an Israeli court.
In early July, according to Amnesty's report, their staff member received a text message asking him to cover an alleged protest that was due to start in front of the Saudi Embassy in Washington, D.C. The text contained a link that, if clicked, would have installed the software on the device.
Amnesty researchers connected the link's domain to an infrastructure of "more than 600 suspicious websites which had been previously connected to NSO Group," and also uncovered a similar message sent to a Saudi Arabia rights activist.
Citizen Lab, a digital and human rights research group under the University of Toronto, has been tracking the use of NSO's spyware for the past two years and has connected the spyware to several incidents. In 2016 it reported that the software was used by a customer to target human rights activist Ahmed Mansoor in the United Arab Emirates. In 2017 the lab said Pegasus was used to target activists, journalists and political opposition in Mexico. In June 2017, Univision News revealed court documents that showed Panama's ex-president Ricardo Martinelli was accused of using the software to illegally spy on around 150 individuals between 2012 and 2014. He was extradited by the U.S. to Panama in June to face the charges.
Amnesty reached out to Citizen Lab to independently corroborate the findings.
In its report published Tuesday, Citizen Lab said the messages passed by Amnesty seem to be a part of "NSO Group infrastructure websites that have a Saudi Arabian focus."
A spokeswoman for NSO said that the company's product is intended to be used exclusively for the investigation and prevention of crime and terrorism.
“Any use of our technology that is counter to that purpose is a violation of our policies, legal contracts, and the values that we stand for as a company," according to a statement the company released.
The company investigates allegations of inappropriate use of its technology and takes appropriate action accordingly, and welcomes information that can assist those investigations, she added.
In a December Hebrew-language interview NSO co-founder Omri Lavie said the company sells only to “governmental bodies that are defined as legitimate by the majority of the world.” In the same interview, he said that once a sale is made, NSO has no way to know what the purchasing party does with the system and that the company does not "want to be an intelligence partner." The interview was featured on a podcast published by a Microsoft startup accelerator operating in Israel called Microsoft Accelerator TLV.
In 2017, Calcalist reported that private equity firm Blackstone Group negotiated the acquisition of a 40% stake at NSO. Following the report, Citizen Lab published an online petition calling Blackstone to back out of the deal, which later fell through.
In May, the Wall Street Journal first reported that Verint and NSO were negotiating a $1 billion stock and cash merger. Calcalist reported that NSO co-founders and co-managers Shalev Hulio and Lavie killed the talks in late July.