Moroccan human rights defenders targeted using malicious NSO Israeli spyware

Two prominent human rights defenders in Morocco have been targeted using surveillance technology developed by the Israeli-based company NSO Group, according to new research published by Amnesty Tech today.

Maati Monjib, an academic and human rights activist, and Abdessadak El Bouchattaoui, a human rights lawyer who has represented protesters from the Hirak El-Rif social justice movement, have been targeted repeatedly since 2017. Both received SMS messages containing malicious links that if clicked would secretly install Pegasus software, allowing the sender to obtain near-total control of the phone. The same technology was used to target an Amnesty staff member and a Saudi Arabian human rights activist in June 2018.

NSO Group is known to only sell its spyware to government intelligence and law enforcement agencies, raising serious concerns that Moroccan security agencies are behind the surveillance.

“Amnesty International’s research has uncovered chilling new evidence that further illustrates how NSO Group’s malicious spyware is enabling state-sponsored repression of human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty Tech. 

“Subjecting peaceful critics and activists who speak out about Morocco’s human rights records to harassment or intimidation through invasive digital surveillance is an appalling violation of their rights to privacy and freedom of expression.”

Subjecting peaceful critics and activists who speak out about Morocco’s human rights records to harassment or intimidation through invasive digital surveillance is an appalling violation of their rights to privacy and freedom of expression

Danna Ingleton, Amnesty Tech

In May 2019, Amnesty International supported legal action to take the Israeli Ministry of Defence (MOD) to court to demand that it revoke NSO Group’s export license. The organization argued that the Israeli MOD is putting human rights at risk by allowing NSO to continue to export its products to governments worldwide.  

The attacks are part of a wider pattern of reprisals against human rights defenders by the Moroccan authorities in recent years, particularly in the wake of a growing crackdown on protesters in the northern Rif region since 2016. Moroccan human rights defenders today face harassment, intimidation, and imprisonment and the authorities have increasingly resorted to using repressive laws to crack down on human rights defenders simply for exercising their rights to freedom of expression, association, and peaceful assembly in Morocco/Western Sahara. 

One of the activists targeted with NSO software, Abdessadak El Bouchattaoui, received an unjust two-year prison sentence in April 2018 from a Moroccan criminal court for comments posted online in which he criticized the use of excessive force by the authorities during the Hirak Al- Rif protests. He told Amnesty International that he has been followed, repeatedly faced death threats, and his family and clients have been harassed. He has now sought asylum in France. 

He described to Amnesty International the psychological impact of feeling you are being monitored all the time: “Surveillance is a type of punishment. You can’t behave freely. It is part of their [the authorities’] strategy to make you suspect you’re being watched so you feel like you’re under pressure all the time.” 

In 2015, Moroccan authorities accused Maati Monjib and four others of “threatening the internal security of the state” through “propaganda” that may threaten “the loyalty that citizens owe to the State and institutions of the Moroccan people” under Article 206 of the Penal Code, according to official court papers. He could be imprisoned for up to five years if found guilty. This charge was levelled simply for promoting a mobile application for citizen journalism that protected users’ privacy. 

While the trial in this case is ongoing, Maati Monjib is also believed to have been targeted through mobile network injection attacks which allow the attacker to gain access to a target’s network connection to monitor and re-route web requests to malicious downloads. Such attacks are executed “invisibly” through the network and leave virtually no trace.

NSO group claims that its technology is only used for lawful purposes such as counterterrorism and fighting crime. The company has recently released a  human rights policy and claims to have human rights diligence mechanisms in place to investigate and prevent abuse by governments. However, the lack of transparency over investigations into misuse of its technology raises serious questions about these claims. 

Instead of attempting to whitewash human rights violations associated with NSO products, the company must urgently put in place more effective due diligence processes to stop its spyware being abused

Danna Ingleton, Amnesty Tech

“The latest evidence makes it patently clear – NSO is not currently able to prevent governments from unlawfully using its surveillance technology as tools to abuse human rights,” said Danna Ingleton. 

“Instead of attempting to whitewash human rights violations associated with NSO products, the company must urgently put in place more effective due diligence processes to stop its spyware being abused.” 

Under the UN Guiding Principles on Business and Human Rights, NSO Group and their primary investor, the UK-based private equity firm Novalpina Capital, have a clear obligation to take urgent steps to ensure that they are not causing or contributing to human rights abuses worldwide.