Governments and non-state actors regularly use digital attacks to surveil, harass and intimidate human rights defenders (HRDs), activists, journalists, and other civil society members. Digital attacks can be varied in nature, ranging from malicious software attacks such as spyware, social engineering threats like phishing and impersonation, online harassment and abuse such as gender-based violence, disinformation and misinformation, and doxing, among others.  

Supporting civil society to fend off digital attacks, and seeking justice and accountability when they do occur, is one of our team’s main goals. While it is not possible to stop all attacks, it is possible to increase the protection of individuals’ and organisations’ data, accounts, devices and infrastructure, and to raise the cost for attackers who wish to unlawfully target human rights defenders.  

To support civil society against digital attacks, the Security Lab provides:  

1. Advice to protect your device and data from spyware
2. A Digital Forensics Helpline if you suspect a spyware attack
3. A Digital Security Resource Hub to enhance your digital resilience and security 

---

1. Advice to protect your device and data from spyware

Spyware is a type of malicious software that covertly collects information from a device without alerting the user and then sends it to another unauthorised entity. It can target any connected device: phones, computers and other devices that connect to the internet. Spyware can infect a device when a user clicks on a malicious link (known as a one-click attack) or even without any interaction from the user (known as a zero-click attack). In our spyware explainer you can find more information about spyware. 

If you are at risk of digital surveillance, or if you want to strengthen your digital resilience, we have put together a list of tools and features* you can enable and use on your devices and online accounts to make it more difficult for unauthorised entities to access them. 

The level of risk you are exposed to varies according to your context and profile. If you are at lower risk of being targeted by spyware, you can consider general digital security actions, tools and features that will enhance the protection of your devices and data.  

• Recommendations for all risk levels

If you are at heightened risk of spyware attacks – for example if you have received a threat alert or if you have been targeted by spyware in the past – specific protective tools and features are available on iPhones, Android devices and online services.  

• Recommendations for high-risk users  

Please note these recommendations are not intended as a replacement for formal information, digital security risk assessments and training. If you have concrete grounds to suspect you have been targeted by spyware or another targeted digital attack, please reach out to us through our Helpline. 

*The Security Lab assumes no responsibility for the resources and organisations shared. This list is in ongoing improvement so please feel free to suggest additional resources or let us know when resources are no longer available by contacting us. 

---

2. Digital Forensics Helpline 

If you have strong reasons to believe you have been targeted by spyware, it is important to get a forensic check on your device. This could help confirm if an attack took place. The forensic evidence collected could also contribute to the protection of other at-risk individuals.  

The Security Lab has created a free-of-charge Digital Forensics Helpline offering direct forensic support to human rights defenders, activists, journalists and other civil society members. If you have serious concerns that you or your devices may be targeted by spyware or other targeted digital threats, please click below to contact the Security Lab. 

Note: The Security Lab is unable to respond to requests which are not from civil society. Requests received by the Security Lab are triaged to assess if a forensic analysis or other actions are relevant to your situation. 

How does the Security Lab determine if someone has been targeted by spyware? 

The Security Lab uses a variety of research methodologies to understand the surveillance threats that impact civil society. This includes gathering threat intelligence by tracking the sale and deployment of various spyware products and surveillance systems. In addition, through forensic investigations we gather information from mobile phones or devices like laptops to look for signs of malicious activity, which may indicate a digital attack has occurred.  

The best way to reach out to us is to complete the Helpline form. The secure form will guide you through a series of questions to understand your current situation and concerns, which will help us identify the adequate support for your needs.  

Before we respond to a request, Security Lab staff will conduct a vetting and mandate check process to ensure the individual seeking assistance is a member of civil society, and that the type of assistance requested falls within the range of services we can provide. As part of this process, the Security Lab may refer the individual to another organisation or reject a request for support. Please note the Security Lab is unable to respond to requests which are not from civil society. 

If your case requires digital forensics to detect traces of spyware, the Security Lab has developed tailored methodologies to support you. The methodologies used to perform digital forensics will depend on your device or online service, as well as your specific circumstance. 

We will need to understand your specific needs to offer specialised support on a case-by-case basis. The more detailed answers that you can send in the Helpline form, the better. If we require additional information, we will contact you directly on a separate, encrypted communication channel. 

After performing digital forensics, the Security Lab will inform you of the results. Although we intend to provide the best possible service and guidance, we cannot guarantee that the information or services provided are completely accurate or reliable. There is always a possibility that a device may be targeted in a way which is not detectable during the forensic analysis. We recommend continued caution when relying on the devices, especially in particularly sensitive security contexts.  

The Security Lab may also recommend specific actions, tools and features to mitigate or manage security risks, depending on your circumstances. To support digital resilience and security, we have made public a list of our recommendations. 

The Security Lab also supports other civil society helplines and partner organisation to improve and validate their own capacity to detect digital threats. 

How do we ensure your privacy is protected?  

Amnesty International’s Security Lab is committed to ensuring the privacy of all our users. We have long campaigned for the right to privacy and that is a core tenet of our work.  

To provide digital forensics support, the Security Lab may require personally identifiable information, such as requesting access to your devices and their contents. We will only request the necessary data to fulfil our purpose of providing digital forensics support. We take appropriate security measures to ensure that we keep your information secure, and we will not share your forensic information with third parties (such as partner organisations) unless you have given your permission, we are legally required to, or it is crucial to provide adequate support. If you are under 18 years old, please make sure that you have your parent/guardian’s permission before giving us personal information.  

For a clear explanation on what type of information we collect, how it is collected and used, and what your rights are, please refer to our Privacy Policy.

---

3. Digital Security Resource Hub

Spyware is one form of digital attack, but governments and non-state actors may use other forms of targeted digital attacks. To support building your digital resilience and security, the Security Lab has brought together a Digital Security Resource Hub. 

In the Hub you can find:  

1. Recommendations to protect your devices and data. Not all individuals face the same level of risk, so recommendations are grouped by risk level. 

2. Digital and information security resources created by civil society organisations and available in multiple languages for different geographies. All resources listed are free, accessible, high quality and are regularly updated. These include: 
   • Helplines and helpdesks if you need immediate support; 
   • Guides and tools you can use to enhance your digital resilience and security.  

This list is updated on an ongoing basis, so please feel free to suggest additional resources and share any feedback by contacting us.