AMNESTY INTERNATIONAL, ACCESS NOW, REPORTERS WITHOUT BORDERS

By Danna Ingleton, Research and Policy Advisor at Amnesty International

In June 2018, an Amnesty International staff member received a malicious WhatsApp message with Saudi Arabia-related bait content and carrying links Amnesty International believes are used to distribute and deploy sophisticated mobile spyware. Through the course of our subsequent investigation we discovered that a Saudi activist based abroad had also received similar malicious messages. In its analysis of these messages, Amnesty International found connections with a network of over 600 domain names. Not only are these domain names suspicious, but they also overlap with infrastructure that had previously been identified as part of Pegasus, a sophisticated commercial exploitation and spyware platform sold by the Israel surveillance vendor, NSO Group.

An Amnesty International staff member has been targeted by a sophisticated surveillance campaign, in what the organization suspects was a deliberate attempt to spy on its staff by a government hostile to its work.