Pegasus: Human Rights Watch targeted by Israeli spyware
Human Rights Watch is calling for governments to stop the sale, export and transfer of surveillance technology after discovering that a senior staff member was targeted with Pegasus spyware last year.
Crisis and conflict director and head of the Beirut office, Lama Fakih, who oversees HRW crisis response for countries such as Syria, Ethiopia, and the United States, was targeted with the spyware five times between April and August 2021.
With Fakih's work, which includes documenting and exposing human rights abuses, HRW has said that it may have attracted the attention of various governments, especially those suspected of being NSO clients.
The software, developed and sold by the Israel-based NSO Group, is introduced on mobile phones. Once Pegasus is on the device, the phone becomes a powerful surveillance tool, allowing full access to the camera, calls, media, email, and text messages.
"It is no accident that governments are using spyware to target activists and journalists, the very people who uncover their abusive practices," Fakih said.
"They seem to believe that by doing so, they can consolidate power, muzzle dissent, and protect their manipulation of facts."
Fakih was notified of the security breach by Apple, who sent an iMessage, an alert, and an email saying that someone was targeting her personal iPhone. HRW also discovered that Fakih's current and former phones were infected with the Pegasus spyware.
Through an investigation that Amnesty International's Security Lab reviewed, they found that Fakih's iPhones had been infected by a so-called "zero-click" exploit that infects a phone without the user doing anything, such as clicking on a link.
"Governments are using NSO Group's spyware to monitor and silence human rights defenders, journalists, and others who expose abuse," said Deborah Brown, senior digital rights researcher and advocate at Human Rights Watch.
"That it has been allowed to operate with impunity in the face of overwhelming evidence of abuse, not only undermines efforts by journalists and human rights groups to hold powerful actors to account, but also puts the people they are trying to protect in grave danger."
The NSO Group responded to the HRW's request for comment on Fakih's phone, saying that it is "not aware of any active customer using [its] technology against a Human Rights Watch staff member" and that it would open an initial assessment into the allegation to determine if an investigation is warranted.
The company also said it takes "any allegation of the misuse of [its] system against a human rights defender most seriously," and that it would violate their policies and the terms of its contracts with customers - referring HRW to its Whistleblower Policy and Transparency Report.
During an international investigation last year, it was uncovered that the Pegasus software was used to hack the phones of activists and journalists, including Middle East Eye's Turkey bureau chief Ragip Soylu, according to forensic analysis by Amnesty International.
Other key victims of the Pegasus software breach included the Middle East Eye columnist and Washington Post contributor Jamal Khashoggi, who was murdered inside the Saudi Arabian consulate in Istanbul in October 2018 by Saudi officials.
In June, Forbidden Stories, a Paris-based non-profit working with 16 media organisations, revealed that more than 50,000 phone numbers had been selected by government clients to be hacked since 2016.
In November 2021, the US Biden administration announced its decision to place the NSO Group on a US blacklist.
The US government said it had evidence that the Israeli company was enabling foreign governments to conduct "transnational repression".