According to the report, Radi's phone was targeted multiple times using a new method that can silently install NSO's Pegasus software onto a device. One of the attacks reportedly occurred just days after NSO pledged to stop its products from being used in human rights abuses.NSO says that its technology has helped avert numerous terrorist attacks by ISIS and others worldwide as well as help combat drug rings and pornography.
In October of last year, Amnesty reported that Moroccan human rights activists Maati Monjib and Abdessadak El Bouchattaoui were targeted using technology produced by NSO. The surveillance of Radi was found as part of an investigation by Amnesty into a crackdown on Moroccans who criticize their government.
Radi was arrested in December 2019 after he posted a tweet criticizing the judicial system for upholding a verdict against protesters from a 2017 protest movement in northern Morocco. The journalist and activist has investigated corruption and other human rights abuses in the coastal northwest African country.
In a forensic analysis of Radi's phone, Amnesty International's Security Lab found indications that he was subjected to the same attacks that targeted Monjib, as the domain of the same exploitation site used in the attack on Monjib was found in Radi's phone. Their investigation found that Radi's phone was targeted and put under surveillance around the same time that he was prosecuted.
While customers of NSO originally used SMS and WhatsApp messages to trick targets into opening a malicious link, Amnesty found last October that attackers were using "network injections" to install spyware without needing any interaction from the target.
Network injections allow for the automatic and invisible redirection of targets' browsers and apps to malicious sites. The attack can be carried out either by deploying a device commonly referred to as a "rogue cell tower," "IMSI catcher" or "stingray," or by using access to the mobile operator's internal infrastructure.
THE NSO Group has reportedly developed a rogue cell tower device, according to Amnesty. Such devices impersonate legitimate cell towers to trick cell phones into connecting to them, allowing attackers to manipulate intercepted mobile traffic.
On October 2, 2019, Amnesty provided NSO with an advanced copy of the report on the targeting of Moroccan human rights activists released later that month, to give them an opportunity to respond. The infrastructure used by the attackers was shut down within just a few days, after nearly uninterrupted operation since its first appearance a year earlier, according to data collected by the Internet survey service Censys.io.
Despite the shutting down of the attackers' infrastructure, continued attacks were detected on Radi's phone as recently as January 29, 2020, from a new domain which was registered several weeks after the October report. Amnesty stated that this showed that, despite knowing of the Moroccan government's human rights violations, NSO continued to fulfill its contract with it.
"NSO Group clearly cannot be trusted. While it was undertaking a PR offensive to whitewash its image, its tools were enabling the unlawful surveillance of Omar Radi, an award-winning journalist and activist,” said Danna Ingleton, deputy director of Amnesty Tech.
“Even after being presented with chilling evidence of its spyware being used to track activists in Morocco, it appears that NSO chose to keep the Moroccan government on as a customer. If NSO won’t stop its technology from being used in abuses, then it should be banned from selling it to governments who are likely to use it for human rights abuses.”
The NSO Group could neither confirm nor deny whether Moroccan authorities use their technology, according to Amnesty. The company stated that they are "deeply troubled" by the allegations and will immediately review the information provided by Amnesty and initiate an investigation if warranted. NSO has made similar statements in relation to similar allegations in the past.Amnesty filed a lawsuit against the Defense Ministry with the Tel Aviv District Court to try to revoke the NSO's export license due to the allegations of human rights violations. The ministry succeeded in delaying the lawsuit for several months, as well as closing the proceedings to the public. The success of the ministry (which had over a dozen experts and lawyers present to testify and argue on behalf of NSO) in convincing the court to close the proceedings suggests that the court will likely deny the request.NSO SOURCES have told The Jerusalem Post that its activities are profoundly helpful to both Israeli government, national security and diplomatic goals.It is widely known that part of what has brought Israel and various moderate Sunni Arab countries closer together has been different avenues for Israel providing them with new technologies.Facebook also filed a lawsuit against NSO for allegedly hacking around 1,400 accounts of its WhatsApp users and has given detailed proof of the company acting within the US for the first time. In April, NSO denied the allegations – denied that it operates in the US in any fashion and claimed that its counter-terror work for European and other governments should grant it derivative sovereign immunity from being sued.Amnesty claims that the NSO's Pegasus software has been used to attack journalists, parliamentarians and activists in Mexico, Saudi Arabia and the UAE. The software was also allegedly used to track Washington Post contributing columnist Jamal Khashoggi, before he was assassinated in October 2018. NSO sources have repeatedly denied the claims to the Post.In January, the Kingdom of Saudi Arabia was accused of using the Pegasus software in 2018 to target Amazon CEO and Washington Post owner Jeff Bezos, months before Khashoggi's assassination. The United Nations Human Rights Office of the High Commissioner (UNHROC) called for an investigation into the matter.There are also competitors of NSO which have similar abilities; there have been media reports about Gulf countries and others abusing some of the technologies provided by these competitors.“The legal battles against NSO Group continue because the company refuses to accept responsibility for its role in human rights abuses. The new evidence is the latest red flag as to why NSO should be blocked from selling its surveillance technology, including to tackle the COVID-19 pandemic,” said Ingleton.NSO RESPONDED to a Post inquiry: “NSO is deeply troubled by the allegations in the Amnesty International letter. We are reviewing the information therein and will initiate an investigation if warranted.“NSO is the first company of its kind to implement a Human Rights Program for the implementation of the UN Guiding Principles on Business and Human Rights (UNGPs) and is committed to full compliance to this program," the company said. "Consistent with our Human Rights Policy, NSO Group takes seriously our responsibility to respect human rights. We are strongly committed to avoiding causing, contributing to, or being directly linked to negative human rights impacts."The statement continued that, “The Amnesty International letter also poses several questions regarding any relationship NSO Group might have with Moroccan authorities – and the actions we undertook following a report by Amnesty International into alleged misuse of NSO’s products by those authorities. NSO seeks to be as transparent as feasible in response to allegations that its products have been misused. But [this is] as we develop and license technologies to assist in combating terrorism, serious crimes and threats to national security to states and state agencies," the company said.“However, the attached correspondence with UN Special Rapporteur David Kaye contains a fulsome description of how NSO addresses our implementation of our Human Rights Program," it concluded. "It includes the investigatory steps taken when we receive allegations of potential misuse and a range of responses when misuse is identified. NSO can assure you that we followed this approach with respect to Amnesty's previous report – though due to the aforementioned confidentiality constraints, we are unable to provide further details."
Yonah Jeremy Bob contributed to this report.