Israeli cyber espionage company NSO provided tools that helped the Moroccan regime track a local journalist named Omar Radi, according to a thorough investigation that human rights organization Amnesty International conducted over the past few months. The report was released on Monday.
The espionage against Radi began only a few days after NSO ostensibly committed itself to a new policy of transparency in keeping with the United Nations’ human rights guidelines for companies, according to the Amnesty investigation.
This comes after a long list of cases where dictatorial regimes allegedly used NSO’s cyber tool against journalists, rights workers and dissidents.
Radi is an independent, award-winning Moroccan journalist who lives in Rabat. His work is published by several news outlets, including radio and television stations, but primarily appears in the local newspaper LeDesk. In an interview with the organization Forbidden Stories he stated, “I specialize in investigating political power and its relationship with business, the business world, etc. I also work on issues related to human rights, especially social movements and protests, and also the repression of people demanding rights and freedoms.”
Forbidden Stories is an international organization focused on journalistic freedom and is working with Amnesty to publicize Radi’s story around the world, including in TheMarker.
In December, Radi was detained by Moroccan authorities, several weeks after he published a tweet criticizing the Moroccan justice system in a ruling against local protesters. He was held for a week. In March he stood trial in Casablanca over that tweet, was convicted and given a four-month suspended sentence and a fine.
The detention, trial and conviction are part of Morocco’s policy of persecuting dissidents, Amnesty says. “The Moroccan authorities have lately intensified their crackdown on peaceful dissent, with arbitrary arrests and prosecutions of individuals, including journalist Omar Radi, rappers and Youtubers, many of whom have been targeted simply for criticizing the King or other officials,” states Amnesty’s report.
- Israeli Defense Ministry teaming up with spyware firm NSO to fight coronavirus
- Facebook alleges Israeli spyware firm NSO ran attack servers on U.S. soil
- WhatsApp closer to winning spyware lawsuit after Israeli firm NSO is a no-show
The organization recorded 10 such detentions in Morocco between November 2019 and March this year. The activists were given sentences ranging from suspended sentences to four years in prison.
For example, in October 2019 the Moroccan journalist Hajar Raissouni was sentenced to a year in jail on charges of having an extramarital relationship and an abortion, which she denied. Her supposed lover was also given a year in jail, while the doctor charged with carrying out the abortion was sentenced to two years in jail. Raissouni said the investigation was tied to her journalistic work. She was later pardoned by the king and released.
Amnesty: NSO still helping Morocco spy
NSO specializes in cellular surveillance and develops Trojan horse software called Pegasus, that, once installed on a phone, can give a remote operator full control of the device and its content.
Amnesty published its first report on how NSO’s products were being used in Morocco last October. It showed that the Herzliya-based company’s espionage tool was used against two human rights activists: human rights lawyer Abdessadak El Bouchattaoui and academic and activist Maati Monjib. A review of Monjib’s cell phone found that in 2017 and 2018 he was hacked via text messages tied to NSO. The texts were designed to tempt him to click on a link that would lead him to a website with malware that would have enabled taking remote control of his phone.
At the time the company stated in response, “NSO Group develops cyber technology to allows government agencies to identify and disrupt terrorist and criminal plots. Our product is intended to be used exclusively for the investigation and prevention of crime and terrorism. Any use of our technology that is counter to that purpose is a violation of our policies, legal contracts, and the values that we stand for as a company.”
Once the method of taking control of a phone via text message became public knowledge, NSO switched to a more sophisticated method: According to Amnesty, this time, the hackers used a method called Network Injection. This kind of takeover involves manipulating the user’s web browsing so that the user is redirected to the infected website. There are two means of doing this. One involves planting a fake cellular antenna that redirects the user to the spy website. Another involves redirecting network traffic via the mobile operator’s own network.
Amnesty found that the attackers registered a website named free247downloads.com to carry out the attack on Bouchattaoui and Monjib. When Amnesty inspected Radi’s iPhone, they discovered he was directed to that website in January, February and September 2019. They also found remnants of the malware that was used in the previous spying operation.
On October 2, 2019, Amnesty asked NSO for a response regarding the first spying operation, and four days later, that website was taken down. On November 6, a new domain name was registered, urlpush.net, apparently to serve as a new network for hacks. This site was used to spy on Radi in January, Amnesty says.
Radi told Forbidden Stories he wasn’t entirely surprised to find out he’d been targeted. “The Moroccan authorities are buying every possible and imaginable surveillance and espionage solution. They want to know everything, it’s an espionage company, Morocco is a police state so it’s quite normal,” he said, adding, “On the other hand, we are starting to think: What could I have said on the phone that was sensitive? Or do I have sources that might be in trouble if the people listening to me find out who I’m talking to? He noted that in the past, bits of his phone conversations with sources somehow reached the news site 360, which is associated with the Moroccan regime.
When asked about the relationship between Morocco and Israel, he stated, “They’re friends,” adding, “There is no direct diplomatic representation between Morocco and Israel, but there is a lot of commercial exchange, tourism ... and also Israel is a great supplier of technology. Not just surveillance. A lot of things: cop stuff, Tasers, all that, repression ... stuff. What else? Information systems of governments, ministries,” he stated, adding, “Morocco is a big customer of Israel.”
The Amnesty investigators note that two years ago, the organization Citizen Lab found evidence that NSO’s software had been used to run a spy operation on Moroccan activists. Amnesty stated, “The network injection attacks we have documented in Morocco require either physical proximity to the targets or leverage over mobile operators in the country which only a government could authorize. Because of this, and the continued targeting of Moroccan human rights defenders, we believe Moroccan authorities to be responsible.
“Therefore, despite the unlawful surveillance of Maati Monjib and Abdessadak El Bouchattaoui that Amnesty International uncovered and documented in October 2019, we conclude that the Moroccan government actively remained a customer of NSO Group until at least January 2020 and continues to unlawfully target [human rights defenders], such as in the case of Omar Radi.”
Not first accusation against NSO
This isn’t the first time that NSO’s software has allegedly been used to spy on journalists. In a lawsuit filed by Facebook against NSO, which is currently ongoing, NSO was accused of hacking some 100 civil rights activists and journalists, including a large number of Indian journalists. The suit also states NSO allegedly tried to plant spyware in the cell phone of the wife of Mexican journalist Javier Valdez Cardenas, who was murdered in 2017. In 2016, NSO’s tool was allegedly used to track Mexican journalist Rafael Cabrera, it adds.
“NSO vehemently denies Facebook’s claims,” NSO stated in response at the time. “As opposed to the erroneous claims by Facebook, the company does not operate the technology by itself and allows only government bodies to purchase and operate these technologies.”
Amnesty also alleges that NSO’s cyber tool was used to spy on several people tied to Saudi journalist Jamal Khashoggi, a fierce critic of the Saudi regime who was murdered at the Saudi embassy in Turkey. NSO has fiercely denied all connections to the case, and said that after a thorough review, it did not find a link to his assassination.
In addition, Circles Technologies, a company that has since merged with NSO, allegedly ran a 2014 espionage against the editor of the Qatari newspaper Al Arab, among others.
In March, Journalists Without Borders declared NSO a threat to digital journalistic freedom.
The Radi case is the first instance of alleged evidence of espionage by NSO after the company committed to changing direction and raising its standards. In September 2019, NSO published a new policy committing to honoring human rights in all its work, to adopt detailed practices to implement this policy and to publish an annual report on its transparency and responsibility. NSO also launched an ethics panel to examine and approve every customer and project goal.
Three days after this public declaration, the espionage campaign against Radi began.
Amnesty stated in its summary: “NSO Group’s repeated failure to act on the misuse of its tools by Moroccan authorities indicates that it has failed in its human rights responsibilities to not contribute to human rights violations, and failed to conduct adequate human rights due diligence in order to mitigate harm.”
Amnesty added: “This report provides strong evidence that Omar Radi was unlawfully targeted using NSO Group’s tools in January 2020. ... The company’s tools are being used in support of the Moroccan government’s efforts to persecute people for free expression and clamp down on dissent.”
Radi stated in the interview, “I don’t believe a lot in [NSO’s] commitment. Israel is not a model in general in terms of respect for international commitments. … I think it will continue. They will continue to sell,” he said. “They will make [an] ethical commitment and that kind of thing, they will swear all their gods to say ‘We no longer do that, we do not hurt.’ And then they will still sell and they will continue to sell. That’s not the point. I don’t know, but you have to live with it. It’s like the coronavirus.”
NSO replied to TheMarker: “NSO is deeply troubled by the allegations in the Amnesty International letter. We are reviewing the information therein and will initiate an investigation if warranted. ... Due to the confidentiality constraints detailed below, we cannot confirm or deny whether the authorities that you have asked about use our technology.
“NSO is the first company of its kind to implement a Human Rights Program for the implementation of the UN Guiding Principles on Business and Human Rights (UNGPs) and is committed to full compliance to this Program. Consistent with our Human Rights Policy, NSO Group takes seriously our responsibility to respect human rights. We are strongly committed to avoiding causing, contributing to, or being directly linked to negative human rights impacts.
Regarding NSO’s relationship with Moroccan authorities, and what was done after Amnesty contacted the company with allegations that its products were being misused, the company stated, “NSO seeks to be as transparent as feasible in response to allegations that its products have been misused. But, as we develop and license technologies to assist in combating terrorism, serious crimes, and threats to national security to states and state agencies, NSO is obligated to respect state confidentiality concerns and cannot disclose the identities of customers.”
The company added that it takes a long list of steps to investigate and respond “when we receive allegations of potential misuse and a range of responses when misuse is identified. NSO can assure you that we followed this approach with respect to Amnesty’s previous report – though due to the aforementioned confidentiality constraints we are unable to provide further details.”