Israeli NSO Group target Moroccan journalist Omar Radi
As NSO Group faced mounting criticism last year that its
hacking software was being used illegally against journalists, dissidents and
campaigners around the world, the Israeli spyware company unveiled a new policy
that it said showed its commitment to human rights.
Now an investigation has alleged that another journalist,
Omar Radi in Morocco, was targeted with NSO’s Pegasus software and put under
surveillance just days after the company made that promise.
The investigation by Amnesty International alleges that
Radi, a Rabat-based investigative journalist, was targeted three times and
spied on after his phone was infected with an NSO tool. The mechanism allegedly
used to target Radi, a so-called “network injection attack”, can be deployed
without the victim clicking an infected link and is believed to have been used
against another Moroccan journalist.
NSO does not publish a list of its government clients, but
an earlier investigation by researchers at Citizen Lab identified Morocco as
one of 45 countries where the company’s spyware was active.
The Guardian is publishing this report in coordination with
Forbidden Stories, a collaborative journalism network that highlights the work
of journalists who are threatened, jailed or killed.
Amnesty said the timing of the alleged attacks in Morocco
indicated that they occurred after NSO published a new human rights policy in
September 2019, and after the company became aware of an earlier report by
Amnesty that detailed other allegedly unlawful hacking attacks in Morocco that
used the company’s technology.
Under the terms of the human rights policy, NSO promised to
investigate any well founded report detailing abuse of technology by its
clients, and that the client’s access to its technology would be terminated if
necessary if the company found that its technology has been abused.
“NSO has serious questions to answer as to what actions it
took when presented with evidence its technology was used to commit human
rights violations in Morocco,” said Danna Ingleton, the deputy director of
Amnesty Tech.
NSO said in a statement that it was “deeply troubled” by a letter
it received from Amnesty that contained the allegations.
“We are reviewing the information therein and will initiate
an investigation if warranted,” the company said. “Consistent with our human
rights policy, NSO Group take seriously our responsibility to respect human
rights. We are strongly committed to avoiding causing, contributing to, or
being directly linked to human rights impacts.”
In response to questions about its relationship with
Moroccan authorities, NSO said it “seeks to be as transparent as feasible” but
was obliged to respect “state confidentiality concerns” and could not disclose
the identity of its customers.
A spokesperson added that NSO had taken “investigatory
steps” following the publication of an earlier report by Amnesty that alleged
other Moroccans had been hacked using Pegasus, but that it could not provide
further details because of confidentiality constraints.
Authorities in Morocco did not respond to requests for
comment.
The new claims come as NSO fights a lawsuit brought against
it by WhatsApp, the messaging app owned by Facebook, which alleges that Pegasus
was used to target 1,400 users over a two-week period last year. NSO denies the
claims and has said that its government clients were ultimately responsible for
the way its technology is used.
At the centre of the latest case is Radi, a journalist who
was being targeted as part of a broader campaign by Moroccan authorities to
quash dissent, Amnesty said.
Radi is a freelance investigative journalist who writes
primarily for Le Desk and is a member of the ICIJ journalism consortium. He
covers human rights issues, social movements and land rights, an issue Radi
says is rife with corruption.
A report by Amnesty earlier this year said Moroccan
authorities were intensifying their crackdown on “peaceful voices” with more
arbitrary arrests of individuals who have been targeted for criticising the
king or other officials.
In one case earlier this year, Radi said he interviewed
villagers for a story but was later prevented from publishing their accounts,
after they called him and pleaded with him to delete their interviews because
they had been harassed by police after his visit.
As a journalist, Radi said he had lived with the suspicion
that he was under regular surveillance since 2011, after it became known that
Morocco was acquiring spyware technology from various sources.
Technology experts at Amnesty who investigated Radi’s phone
in February found it had been subjected to various attacks between September
2019 and January 2020, when Radi was being “repeatedly harassed” by the
Moroccan authorities.
He has in the past faced interrogations and detention in
solitary confinement. He was given a suspended four-month prison term in March
for a tweet he posted in April 2019 in which he criticised a trial of a group
of activists.
Radi said Amnesty had contacted him after his December 2019
arrest and told him it believed he was a possible target for surveillance.
Radi said the discovery that he had been hacked raised
immediate questions in his mind. “What could I have said on the phone that was
sensitive? Or do I have sources that might be in trouble if the people
listening to me find out who I’m talking to?”
Amnesty said forensic data extracted from Radi’s phone
indicated he had been subjected network injection attacks in September and
February 2019, and January 2020. Amnesty said it believed the attacks were used
to infect Radi’s mobile phone with Pegasus in a way that did not require him to
click on any infected links.
Network injection attacks allow hackers to redirect a
target’s browser and apps to malicious sites which are under the attackers’
control, and then instal spyware to infect the target’s device. Amnesty said
Radi’s phone was directed to the same malicious websites Amnesty found in an
attack against Moroccan activist and academic Maati Monjib, which Amnesty
detailed in an earlier report.
In both cases, the injections occurred while the targets –
Radi and Monjib – were using an LTE/4G connection. One way spyware companies
can execute such infections involve the use of what Amnesty called a “rogue”
cell tower: a portable device that imitates legitimate cellular towers and,
when placed in close physical proximity to a target, enables attackers to
manipulate intercepted mobile traffic.
Last year, the Guardian reported that two other Moroccans
were believed to have been targeted using NSO’s technology, including Aboubakr
Jamaï, a campaigner and former journalist who lives in France.
Jamaï, who was asked to respond to the latest news, said
that the Moroccan targets were clearly perceived as threats to the Moroccan
regime.
“In a sense I’m almost happy that they’ve done it and that
it’s been rendered public because it kind of lifts the veil on the true nature
of the regime, which has been getting away with a lot of things because … it’s
not as violently repressive as the Syrian regime or even the Egyptian regime.
But it is still an authoritarian regime,” he said.
Comments
Post a Comment