Technical specifications and marketing material from surveillance vendors is often kept secret. The resulting information asymmetry prevents defenders in the cybersecurity industry and at-risk civil society groups from understanding the full scope of threats that they face. The aim of this research is to provide concrete information about surveillance capabilities available from one vendor in the commercial surveillance market. We hope that this report can be a resource for the cybersecurity community and major mobile device and technology vendors.

Amnesty International’s Security Lab is pleased to announce that it is part of the inaugural cohort of groups to be supported by the Spyware Accountability Initiative (SAI), whose mission is to grow a global field of civil society organizations who are advancing threat research, advocacy and accountability to address the use and trade of spyware. 

The increasing number of spyware scandals across Europe and around the world were an alarm bell for Alex, a 31-year-old Romanian activist working at the intersection of human rights, technology and public policy.

The following talk was presented by Donncha Ó Cearbhaill from the Amnesty International Security Lab at the 37c3 Chaos Communications Congress in December 2023.

Ahead of the COP28 climate conference, which begins in Dubai on 30 November, Rebecca White, Campaigner at Amnesty International’s Disrupting Surveillance Team, said:

A new investigation into the global surveillance crisis by the European Investigative Collaborations (EIC) media network, with technical assistance from Amnesty International’s Security Lab, today begins to reveal the shocking truth about how far the industry’s tentacles have spread and how ineffective EU regulation has been in controlling it. 

This blog post was written as part of the Digital Forensics Fellowship by one of the 2022-2023 Fellows. 

For many of us, that unsettling feeling of being watched is all too real. After all, we live in a world of mass surveillance, from facial recognition to online tracking – governments and technology companies are harvesting intimate information about billions of people. Targeted surveillance is slightly different. It’s the use of technology to spy on specific people.   Targeted surveillance can include the use of hidden cameras, recording devices, or being physically followed or monitored. Here at Amnesty’s Security Lab, we focus on uncovering targeted digital surveillance including spyware, phishing and other digital attack techniques.   Governments across the world are buying and allowing the sale of advanced highly invasive spyware that can compromise anybody’s digital devices and monitor their activity. These tools are made and sold by private companies who are profiting from human right abuses.   Governments and companies say that these surveillance tools are necessary to target ‘criminals and terrorists’. But in reality, scores of human rights defenders, journalists and many others – including Amnesty International staff members – have instead been unlawfully targeted with spyware.  

UN member states should urgently support a halt on the sale, transfer and use of spyware to end the endemic unlawful surveillance of activists, journalists, lawyers, and political leaders, Amnesty International said today.

Confirming that Amnesty International has independently confirmed that Pegasus spyware was used to hack Polish senator, Krzysztof Brejza, when he was running the opposition’s 2019 parliamentary election campaign, Amnesty International Poland’s Director Anna Błaszczak, said:

South Sudan’s National Security Service (NSS) is using abusive surveillance to terrorize journalists, activists and critics, leading to a climate of intense fear and self-censorship, Amnesty International said in a new report.

FinSpy is a full-fledged surveillance software suite, capable of intercepting communications, accessing private data, and recording audio and video, from the computer or mobile devices it is silently installed on. FinSpy is produced by Munich-based company FinFisher Gmbh and sold to law enforcement and government agencies around the world. According to media reports, when Egyptian protesters broke into the offices of the now dissolved State Security Investigations Service, an intelligence body responsible for investigating security threats and notorious for committing grave human rights violations during Hosni Mubarak’s decades’ long rule, in 2011, they discovered contracts for the sale of FinSpy to Egyptian authorities. Since then, research groups such as Citizen Lab, at the University of Toronto, and Privacy International have discovered FinSpy being used to target HRDs and civil society in many countries, including Bahrain, Turkey and Ethiopia. Because of this, Amnesty International’s Security Lab tracks FinSpy usage and development as part of our continuous monitoring of digital threats to HRDs.