Hide Message

Updating the Resource Centre Digital Platform

The Business & Human Rights Resource Centre is at a critical point in its development. Our digital platform is home to a wealth of information on business and human rights, but hasn’t had a visual refresh for a number of years.

We will soon be updating the site to improve its usability and better serve the thousands of people that use our site to support their work.

Please take an advance peek at our new look, and let us know what you think!

Thank you,
Alex Guy, Digital Officer

Find Out More Hide Message

Spyware tools of NSO Group allegedly used to spy on activists through WhatsApp security flaws

The products of the NSO Group, which operated in secret for years, were found in 2016 as part of a spying campaign on the iPhone of a now-jailed human-rights activist in the United Arab Emirates through undisclosed Apple security vulnerabilities. Since then, the NSO Group’s spyware has been found on the iPhones of journalists, dissidents, and even nutritionists.

The NSO Group said in a statement on Monday that its spyware was strictly licensed to government agencies and that it would investigate any “credible allegations of misuse.” The company said it would not be involved in identifying a target for its technology, including the lawyer at the center of the latest accusations.

Human Rights organizations have raised concern against the repeatedly evidenced digital attacks targeting human rights defenders, journalists, activists intended to surveil, harass and otherwise interfere with their work. 

Get RSS feed of these results

All components of this story

29 April 2020

WhatsApp says Israeli firm NSO Group 'deeply involved' in hacking its users

Author: Stephanie Kirchgaessner, The Guardian

WhatsApp has alleged in new court filings that an Israeli spyware company used US-based servers and was “deeply involved” in carrying out mobile phone hacks of 1,400 WhatsApp users... [and] bears responsibility in serious human rights violations, including the hacking of more than a dozen Indian journalists and Rwandan dissidents... In the court filings last week, WhatsApp said its own investigation into how Pegasus was used against 1,400 users last year showed that servers controlled by NSO Group – not its government clients – were an integral part of how the hacks were executed... According to WhatsApp’s filing, NSO gained “unauthorised access” to its servers by reverse-engineering the messaging app and then evading the company’s security features that prevent manipulation of the company’s call features.

... “Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients,” the company said. “Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate.”... The new developments in the case come as NSO is facing separate questions about the accuracy of a tracking product it has launched following the outbreak of Covid-19... our Covid-19 product, Fleming, has proved vital for governments around the world working to contain the outbreak. Well-respected journalists from several countries have viewed Fleming, understood how the technology works and recognised it is the latest evolution in analytics software - which does not compromise privacy,” the company said.

Read the full post here

31 March 2020

USA: Israeli spyware firm NSO accuses Facebook of not following proper legal procedure in lawsuit against them for undue mass surveillance

Author: Aaron Holmes, Business Insider France

"The Israeli spyware firm accused of hacking WhatsApp is now claiming Facebook disregarded international law as the legal battle between the 2 companies heats up," 10 March 2020

Facebook is suing NSO Group for allegedly exploiting WhatsApp in order to carry out mass surveillance.

The legal battle between Facebook and the Israeli spyware firm NSO Group is heating up, with the company accusing Facebook of lying to the court in a new filing...

...Facebook won a default ruling against the company last week, when NSO Group representatives didn't show up to court in San Francisco.

NSO Group now claims that Facebook didn't properly serve it with the lawsuit in accordance with international law, and says Facebook lied in the process.

Facebook responded to NSO Group's filing, saying that the Israeli company was properly served.

Read the full post here

27 January 2020

Israel: Amnesty International files suit against NSO Group for alleged hacking of activists through WhatsApp

Author: All Classics News

"Amnesty International is suing the Israeli firm that experts say might have helped Saudi Arabia hack Bezos’s phone," 22 Jan 2020

The technology company has drawn the attention of human rights and privacy advocates, who are seeking to rein in its practices.

Israeli human rights lawyer Eitay Mack is one of them. He’s part of a team suing Israel’s Ministry of Defense to revoke NSO’s export license to limit the company’s right to sell its signature spyware abroad.

“It’s our responsibility that surveillance systems that claim to be for targeting terrorist or criminal organizations will not be used for human rights violations,” Mack said.

The suit, brought this month in partnership with London-based Amnesty International and other human rights groups, alleges that NSO’s “Pegasus software has been used to target journalists and activists across the globe — including in Morocco, Saudi Arabia, Mexico and the United Arab Emirates,” according to Amnesty International...

Both the company and the Ministry of Defense have declined to comment on the case. NSO does not reveal its clients, although experts say they include Middle Eastern and Latin American countries.

Part of the problem, Mack said, is that governments can choose to paint any opposition as terrorism. “In many countries around the world, the definition of terrorist is someone supporting democracy or human rights or indigenous rights,” he said...

“NSO continues to profit from its spyware being used to commit abuses against activists across the world and the Israeli government has stood by and watched it happen,” Danna Ingleton, deputy director of Amnesty Tech, said in a statement.

Read the full post here

14 May 2019

Access Now calls for governments action to address threats by surveillance technology

Author: Lucie Krahulcova & Peter Micek, Access Now

"Time to update your WhatsApp (and your surveillance laws)", 13th of May 2019

We remain extremely concerned about the lack of government action to address the threats posed by surveillance technologies to civil society actors across the globe.

This latest security threat put the privacy and security of WhatsApp’s 1.5 billion users at risk, and should convince all large platforms and their investors of the need to encourage disclosure of security vulnerabilities, to share security information with civil society in a timely fashion, and to collaborate with private and public stakeholders to bring accountability and transparency to the surveillance trade. Until governments step up though, we will likely see more victims targeted with impunity by this toxic industry...


Read the full post here

14 May 2019

Cyber attacks on activists & advice on how to avoid them

Author: Hans Thoolen

"Beyond WhatsApp and NSO – how human rights defenders are targeted by cyberattacks", 14 May 2019

Friedhelm Weinberg [of] HURIDOCS, published “3 ways activists are being targeted by cyberattacks’ on the website of World Economic Forum. A timely piece in view of the current turmoil surrounding the discovery of spyware crafted by a sophisticated hackers-for-hire, who took advantage of a flaw in WhatsApp.  The Financial Times identified the actor as Israel’s NSO Group, and WhatsApp...describ[ed] hackers as “a private company that has been known to work with governments to deliver spyware.” .As late as Sunday, as WhatsApp engineers raced to close the loophole, a UK-based human rights lawyer’s phone was targeted using the same method... Asked about the WhatsApp attacks, NSO said it was investigating the issue. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said. “NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual [the UK lawyer].” ...  Amnesty International is pushing for Israel’s defence ministry to withdraw an export license for NSO Group... NSO Group has been under increased scrutiny after a series of reports about the ways in which its spyware programme has been used against prominent human rights activists... Recently, these companies also started investigating who is behind these attacks... 

Read the full post here

14 May 2019

Joint NGO letter to Novalpina Capital, CC: NSO Group, Francisco Partners

Author: Human Rights Watch, Amnesty International, Committee to Protect Journalists, Privacy International, R3D, Reporters without Borders

"Joint Open Letter to Novalpina Capital, CC: NSO Group, Francisco Partners" April 15th 2019

Novalpina Capital Should Respect and Deliver on Its Commitment to Upholding the UN Guiding Principles on Business and Human Rights

Surveillance technology interferes with the human rights to privacy and to freedom of opinion and expression when it is used in a manner not prescribed by law, is not strictly necessary to meet a legitimate aim, or is not deployed in a manner that is proportionate to that aim. To date, the surveillance industry remains an opaque, reckless, and often defiant business sector, lacking leadership in respecting human rights and addressing harms. This includes NSO Group’s previous owner, Francisco Partners, which rebuffed efforts at outreach, seemingly ignored or dismissed peer-reviewed academic work, and failed to respond to public letters. This blatant disregard for any public engagement and accountability must stop...

Read the full post here

14 May 2019

NSO spyware tools allegely used to break into cellphones of human rights activists through WhatsApp security flaws

Author: Nicole Perlroth & Ronen Bergman, New York Times

NSO, an Israeli firm accused of supplying tools for spying on human-rights activists and journalists now faces claims that its technology can use a security hole in WhatsApp, the messaging app used by 1.5 billion people, to break into the digital communications of iPhone and Android phone users.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the Facebook-owned company said in a statement.

The WhatsApp hole was used to target a London lawyer who has been involved in lawsuits that accuse NSO Group of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists, the researchers said. The researchers believe the list of targets could be much longer.

The NSO Group said in a statement on Monday that its spyware was strictly licensed to government agencies and that it would investigate any “credible allegations of misuse.” The company said it would not be involved in identifying a target for its technology, including the lawyer at the center of the latest accusations.

Read the full post here

14 May 2019

UK: Human Rights lawyer targeted with NSO technology, repeatedly used against activists

Author: Nick Hopkins & Dan Sabbagh, The Guardian (UK)

"WhatsApp spyware attack was attempt to hack human rights data, says lawyer", 14 May 2019

The UK lawyer whose phone was targeted by spyware that exploits a WhatsApp vulnerability said it appeared to be a desperate attempt by someone to covertly find out the details of his human rights work.The lawyer, who asked not to be named, is involved in a civil case brought against the Israeli surveillance company NSO Group whose sophisticated Pegasus malware has reportedly been used against Mexican journalists, and a prominent Saudi dissident living in Canada. It has been claimed the would-be hacker had also repeatedly attempted to install Pegasus on the lawyer’s phone in recent weeks...” NSO Group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. Facebook-owned WhatsApp has encouraged its 1.5 billion users to update to the latest version of the app after discovering the vulnerability... WhatsApp said in a statement: “We have briefed a number of human rights organisations to share the information we can and to work with them to notify civil society.”...

Read the full post here