NSO Spyware Used to Target Moroccan Human Rights Activists, Says Amnesty
According to Amnesty’s report, the two activists received SMS messages with malicious links that would have installed NSO’s Pegasus spyware on their devices if clicked. Both previously faced harassment from the Moroccan regime over their activism
According to the report, the activists received SMS messages with malicious links that would have installed the Pegasus spyware on their devices if clicked. As previously reported, the spyware gives operators complete access to a person’s calls and messages and remote control of the mobile device on which it is installed. Alongside the SMS attack, Amnesty said it had identified likely successful network injection attacks against one of the activist’s mobile network, also intended to install malware, which the organization suspects used NSO tools as well.
The two activists targeted, according to Amnesty, are Maati Monjib, 57, a journalist and historian working to promote freedom of expression, and Abdessadak El Bouchattaoui, a human rights attorney that defended protestors against the regime who took part in a social justice movement in 2016 and 2017. In recent years, Morocco has stepped up its legal efforts to delegitimize human rights activism, and has harassed, threatened, and jailed activists and protestors, according to Amnesty.
Monjib was accused in 2015 of “threatening the internal security of the state” through “propaganda” that may threaten “the loyalty that citizens owe to the State and institutions of the Moroccan people,” Amnesty said. His trial is still ongoing, and he could face up to five years in jail if found guilty. Due to concerns that he has been placed under digital surveillance since 2015, Monjib has self-censored his digital communication.
El Bouchattaoui was sentenced in 2017 to 20 months in prison following online posts he made about the violence with which authorities treated protestors. Since 2018, he has been residing in France, which gave him asylum. He was monitored in the past and his clients harassed, he said, and he has also suspected he was under digital surveillance.
Experts Amnesty has brought in to go over Monjib’s and El Bouchattaoui’s devices found that as of late 2017, they had repeatedly received malicious SMS messages that contained links to websites used to install Pegasus. Amnesty said it was the same internet infrastructure it previously linked to attempts made to target one of its staff members and a Saudi human rights activist.
Amnesty stated that at this point it does not have enough evidence to connect NSO to the network injection attacks made against Monjib, but based on certain facts such as the similarity to other Pegasus infections and Monjib being targeted by other NSO tools, they have reason to believe the network attack was performed using NSO tools as well.
In May, Amnesty Israel filed a petition with Tel Aviv district court, alleging that NSO’s spyware was used in attempted surveillance of an Amnesty staff member and calling on the court to order the Israeli Ministry of Defense to revoke NSO’s export license. The petition is scheduled to be discussed in court on November 7.
In a response to Amnesty, NSO said that it is taking the allegations seriously and will investigate the matter according to its policy, though it cannot comment on the actual details due to legal and contractual constraints. The company repeated previous statements that its tools are intended to help intelligence and law enforcement agencies to save lives and not to “surveil dissidents or human rights activists.”