Recent research by Security Lab partner organisations, Access Now, Citizen Lab and Reporters Without Borders has demonstrated the continued use of the highly invasive spyware Pegasus. 

Our right to privacy and our ability to express ourselves freely online is more at risk than ever before. Governments use spyware to target human rights defenders and disruptive internet censorship systems that block entire websites that talk about human rights. In fact, Amnesty’s websites are completely blocked to people living in countries like Russia, Iran and China, just because we dare to confront human rights violations in those countries.

Technical specifications and marketing material from surveillance vendors is often kept secret. The resulting information asymmetry prevents defenders in the cybersecurity industry and at-risk civil society groups from understanding the full scope of threats that they face. The aim of this research is to provide concrete information about surveillance capabilities available from one vendor in the commercial surveillance market. We hope that this report can be a resource for the cybersecurity community and major mobile device and technology vendors.

The Pegasus Project was a ground-breaking collaboration by more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, in partnership Amnesty International’s Security Lab. The Security Lab conducted cutting-edge forensic tests on potentially targeted mobile devices which confirmed numerous new cases of Pegasus spyware attacks.

The Predator Files, an investigation published in October 2023 and coordinated by the European Investigative Collaborations (EIC) media network, exposed the proliferation of surveillance technologies around the world and the failure of governments and the European Union to properly regulate the industry. The Intellexa alliance – an association of several European companies – supplied a form of highly invasive spyware, Predator, to states around the world and enabled the unlawful targeting of activists, journalists, academics and political figures.

Amnesty International’s Security Lab website, like most websites, uses small text files called cookies. This note provides information on what cookies are, which cookies the Security Lab uses, and how they can be controlled. 

Amnesty International’s Security Lab is committed to ensuring the privacy of all our users. We have long campaigned for the right to privacy and against government unlawful surveillance and intrusion. This policy represents our commitment as an organisation to your right to privacy, giving you a clear explanation about how we use your information and your rights over that information. The same principles also apply when we collect personal data from you through other channels (e-mail, phone calls or messages, etc.). 

Amnesty International’s Security Lab is pleased to announce that it is part of the inaugural cohort of groups to be supported by the Spyware Accountability Initiative (SAI), whose mission is to grow a global field of civil society organizations who are advancing threat research, advocacy and accountability to address the use and trade of spyware. 

Amnesty International has developed the Mobile Verification Toolkit, a tool to facilitate the consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise. It continues to be maintained by Amnesty International and other contributors.

The increasing number of spyware scandals across Europe and around the world were an alarm bell for Alex, a 31-year-old Romanian activist working at the intersection of human rights, technology and public policy.

The following talk was presented by Donncha Ó Cearbhaill from the Amnesty International Security Lab at the 37c3 Chaos Communications Congress in December 2023.

This forensic appendix outlines forensic evidence on the use of highly invasive spyware against two journalists from India. Our investigation confirms that the devices of both individuals were targeted with NSO Group’s Pegasus spyware between August and October 2023. More information about the context for these attacks is available in an accompanying press release.