Illustration of a protestor looking at their phone, with the shadow of someone spying on them using binoculars. There are a group of other protestors in the background.

Support against digital attacks: how the Security Lab can help

Amnesty International’s Security Lab is a team of researchers, hackers, coders, advocates and campaigners. We strive to create a world where civil society is free from unlawful targeted surveillance and other human rights violations enabled by technology. 

Governments and non-state actors regularly use digital attacks to surveil, harass and intimidate human rights defenders (HRDs), activists, journalists, and other civil society members. Digital attacks can be varied in nature, ranging from malicious software attacks such as spyware, social engineering threats like phishing and impersonation, online harassment and abuse such as gender-based violence, disinformation and misinformation, and doxing, among others.  

Supporting civil society to fend off digital attacks, and seeking justice and accountability when they do occur, is one of our team’s main goals. While it is not possible to stop all attacks, it is possible to increase the protection of individuals’ and organisations’ data, accounts, devices and infrastructure, and to raise the cost for attackers who wish to unlawfully target human rights defenders.  

To support civil society against digital attacks, the Security Lab provides:  

  1. Advice to protect your device and data from spyware
  2. A Digital Forensics Helpline if you suspect a spyware attack
  3. A Digital Security Resource Hub to enhance your digital resilience and security 

1. Advice to protect your device and data from spyware

Spyware is a type of malicious software that covertly collects information from a device without alerting the user and then sends it to another unauthorised entity. It can target any connected device: phones, computers and other devices that connect to the internet. Spyware can infect a device when a user clicks on a malicious link (known as a one-click attack) or even without any interaction from the user (known as a zero-click attack). In our spyware explainer you can find more information about spyware. 

If you are at risk of digital surveillance, or if you want to strengthen your digital resilience, we have put together a list of tools and features* you can enable and use on your devices and online accounts to make it more difficult for unauthorised entities to access them. 

The level of risk you are exposed to varies according to your context and profile. If you are at lower risk of being targeted by spyware, you can consider general digital security actions, tools and features that will enhance the protection of your devices and data.  

If you are at heightened risk of spyware attacks – for example if you have received a threat alert or if you have been targeted by spyware in the past – specific protective tools and features are available on iPhones, Android devices and online services.  

Please note these recommendations are not intended as a replacement for formal information, digital security risk assessments and training. If you have concrete grounds to suspect you have been targeted by spyware or another targeted digital attack, please reach out to us through our Helpline. 

*The Security Lab assumes no responsibility for the resources and organisations shared. This list is in ongoing improvement so please feel free to suggest additional resources or let us know when resources are no longer available by contacting us

2. Digital Forensics Helpline 

If you have strong reasons to believe you have been targeted by spyware, it is important to get a forensic check on your device. This could help confirm if an attack took place. The forensic evidence collected could also contribute to the protection of other at-risk individuals.  

The Security Lab has created a free-of-charge Digital Forensics Helpline offering direct forensic support to human rights defenders, activists, journalists and other civil society members. If you have serious concerns that you or your devices may be targeted by spyware or other targeted digital threats, please click below to contact the Security Lab. 

Note: The Security Lab is unable to respond to requests which are not from civil society. Requests received by the Security Lab are triaged to assess if a forensic analysis or other actions are relevant to your situation. 

How does the Security Lab determine if someone has been targeted by spyware? 

The Security Lab uses a variety of research methodologies to understand the surveillance threats that impact civil society. This includes gathering threat intelligence by tracking the sale and deployment of various spyware products and surveillance systems. In addition, through forensic investigations we gather information from mobile phones or devices like laptops to look for signs of malicious activity, which may indicate a digital attack has occurred.  

The Security Lab also supports other civil society helplines and partner organisation to improve and validate their own capacity to detect digital threats. 

How do we ensure your privacy is protected?  

Amnesty International’s Security Lab is committed to ensuring the privacy of all our users. We have long campaigned for the right to privacy and that is a core tenet of our work.  

To provide digital forensics support, the Security Lab may require personally identifiable information, such as requesting access to your devices and their contents. We will only request the necessary data to fulfil our purpose of providing digital forensics support. We take appropriate security measures to ensure that we keep your information secure, and we will not share your forensic information with third parties (such as partner organisations) unless you have given your permission, we are legally required to, or it is crucial to provide adequate support. If you are under 18 years old, please make sure that you have your parent/guardian’s permission before giving us personal information.  

For a clear explanation on what type of information we collect, how it is collected and used, and what your rights are, please refer to our Privacy Policy.

3. Digital Security Resource Hub

Spyware is one form of digital attack, but governments and non-state actors may use other forms of targeted digital attacks. To support building your digital resilience and security, the Security Lab has brought together a Digital Security Resource Hub

In the Hub you can find:  

  1. Recommendations to protect your devices and data. Not all individuals face the same level of risk, so recommendations are grouped by risk level. 
  1. Digital and information security resources created by civil society organisations and available in multiple languages for different geographies. All resources listed are free, accessible, high quality and are regularly updated. These include: 
    • Helplines and helpdesks if you need immediate support; 
    • Guides and tools you can use to enhance your digital resilience and security.  

This list is updated on an ongoing basis, so please feel free to suggest additional resources and share any feedback by contacting us