Human rights nonprofit Amnesty International on Tuesday disclosed what it says was a plot likely carried out by a hostile government to infiltrate its network by infecting a member of its staff with sophisticated spyware.
According to Amnesty, an employee received a WhatsApp message in June 2018 containing a link that, had it been clicked, would’ve installed Pegasus, powerful surveillance software developed by Israeli hacking firm NSO Group.
“NSO Group is known to only sell its spyware to governments,” Amnesty’s Joshua Franco, head of technology and human rights, said in a statement. “We therefore believe that this was a deliberate attempt to infiltrate Amnesty International by a government hostile to our human rights work.”
While Amnesty positively identified the malware used in the attack as NSO’s Pegasus, it accused neither the firm nor any specific government actor playing a role in the attempted infiltration.
The Pegasus spyware can be used by attackers to steal photos and messages, monitor calls, track keystrokes, and ever peer through a device’s camera. It is known to have previously been turned on investigators in Mexico looking into the disappearance of 43 students in the city of Iguala.
Amnesty said the message containing the infected link was sent to its staff member as the group campaigning for the release of six women’s rights activists detained in Saudi Arabia.
The message read in full:
“Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington. My brother was detained in Ramadan and I am on a scholarship here so please do not link me to this. [LINK]. Cover the protest now it will start in less than an hour. We need your support please.”
According to Amnesty, a second Saudi Arabia rights activists also received a similar message.
But the trail didn’t end there. An investigation into the website hosting Pegasus belongs, the group said, to an “infrastructure of more than 600 suspicious websites which had been previously connected to NSO Group.”
NSO Group adamantly denied any knowledge of abuse, saying in a statement that its software is meant only for government agencies to identify and disrupt terrorist and criminal plots. “Any use of our technology that is counter to that purpose is a violation of our policies, legal contracts, and the values that we stand for as a company,” the company said.
“The potent state hacking tools manufactured by NSO Group allow for an extraordinarily invasive form of surveillance,” Amnesty’s Franco said, adding: “This chilling attack on Amnesty International highlights the grave risk posed to activists around the world by this kind of surveillance technology.”