“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” Danna Ingelton, deputy director of Amnesty Tech, said in a statement on Monday. “It’s time to stop the use of NSO Group’s tools to infiltrate, intimidate and silence civil society.”
Amnesty, which was targeted along with several human rights lawyers by the WhatsApp exploit, is working with a group of Israeli citizens and a civil rights group on a legal action to force the Israeli Ministry of Defense to revoke NSO Group’s export license, claiming the company’s flagship product, called Pegasus, is dangerous and prone to abuse – and that NSO deliberately sells it to repressive governments.
Attackers installed Pegasus on target users’ phones through WhatsApp’s call function, according to the company; users did not even have to answer the call to become infected. Pegasus can turn on a target’s microphone and camera at will, peruse emails and texts, and track location – all without the target’s knowledge.
While NSO claims Pegasus is intended for government usage – its website insists its mission is “developing technology to prevent and investigate terror and crime,” and the company claims it carefully vets customers – a number of activists and human rights campaigners in the Middle East have found themselves on the wrong end of Pegasus attacks. Amnesty International claims “at least 24 human rights defenders, journalists and parliamentarians in Mexico,” an employee, several Saudi activists, an Emirati human rights campaigner, and even (allegedly) Saudi dissident Jamal Khashoggi, whose killers reportedly used the software to track him, have been targeted using Pegasus.
Facebook is not yet aware of how many of its 1.5 billion users were affected by the exploit.