Amnesty International Faces Spyware Attempt Via WhatsApp

Did Israeli-made spyware effort to hack a man rights grouping through WhatsApp?

On Wednesday, Amnesty International reported an encounter with a spyware campaign that appears to be targeting activists from Saudi Arabia using malicious messages over the popular chat app.

The culprit behind the attack? According to Amnesty International, the campaign bears the hallmarks of an Israel surveillance vendor called NSO Group that'southward been selling its controversial engineering to governments across the earth.

The hacking endeavor occurred in June when an Immunity International staffer received a WhatsApp message well-nigh how the sender's blood brother was detained in Saudi Arabia. The same message carried a malicious link to a dummy Standard arabic news site domain.

Citizen Lab WhatsApp NSO

The staffer wasn't the merely 1 to encounter the spyware campaign. A Saudi activist based abroad also received WhatsApp messages from an unknown sender loaded with similar links. One message fifty-fifty contained text that was pulled verbatim from an Immunity International press release, probably in an attempt to fob the activist into opening the link.

The human being rights group decided to investigate who might've sent the WhatsApp letters by analyzing the domains used in the malicious links. To do this, the group probed the internet-facing servers behind the domains, which revealed they shared traits with "anonymizing" web traffic technology from NSO Group.

"With the technique we developed, we were then able to identify over 600 servers that demonstrated similar behavior," Amnesty International said, noting that a number of the domains try to impersonate news websites.

The group's findings were corroborated by Citizen Lab, a research group at the University of Toronto that'due south been studying state-sponsored surveillance technologies. In 2022, Denizen Lab published research linking an iPhone-based spyware with NSO Group's internet infrastructure.

In this case, no sample of the spyware was obtained. The attackers behind the campaign probably configured their servers to evangelize the malicious code under very specific atmospheric condition, like in a certain time frame or to devices based in a set country. This was probably done to prevent security researchers from uncovering the spyware, Amnesty International said.

"If the targets had clicked the links, their phones would likely have been infected with NSO Group's Pegasus spyware," Citizen Lab added. Once installed, the spyware has the ability to secretly tape your phone calls, take photos, log messages from chat apps, and rails your handset's location.

NSO Grouping couldn't be reached for comment. But the Israeli vendor sent a statement to Amnesty International that neither denied or confirmed the hacking attempt.

"Our product is intended to be used exclusively for the investigation and prevention of crime and terrorism," the company said. "Whatever use of our technology that is counter to that purpose is a violation of our policies, legal contracts, and the values that nosotros stand for as a company." The vendor has told Amnesty International it plans to investigate the matter.