Pegasus: Human Rights Watch employee spied on

iPhone (Symbolbild)
The organization was unable to determine who was behind the attacks on the human rights activist. (Source: Unsplash)

The head of the Beirut office of Human Rights Watch (HRW), Lama Fakih, was attacked several times last year with the Pegasus spy software. This was reported by the human rights organization on Wednesday.

Between April and August 2021, two of Fakih’s smartphones were infected with Pegasus a total of five times. In November, she had received a warning from Apple. The corporation has been informing users since late last year when it detects evidence of “state-sponsored spyware attacks.” Subsequently, experts from Human Rights Watch were able to detect the Pegasus infections on the two iPhones used by Fakih. Security researchers from Amnesty International confirmed the analysis.

According to HRW, the attacks were so-called zero-click attacks: In other words, the spyware was installed remotely, without Fakih having to click on a link, for example, or being aware of the attacks.

Unknown attacker

At Human Rights Watch, Fakih is responsible for crises and conflicts in countries such as Lebanon, Syria, Myanmar, Greece, Kazakhstan, and also the United States. Her responsibilities include documenting and exposing human rights violations in the context of armed conflict, humanitarian crises and social unrest.

“This work may have attracted the attention of various governments,” HRW says. Meanwhile, the organization was unable to determine who was behind the attacks. In response to an inquiry from HRW, Pegasus developer NSO said it was not aware of any customer using the spying program against HRW employees. In the past, the company had repeatedly denied having any indications that its technology was being abused.

Fakih said that during the period of the Pegasus attacks, she was mainly concerned with the explosion in Beirut, which occurred in August 2020 and killed more than 200 people.

Worry over contacts

Fakih commented, “It is no accident that governments are using spyware to target activists and journalists, the very people who uncover their abusive practices. They seem to believe that by doing so, they can consolidate power, muzzle dissent, and protect their manipulation of facts.”

She said she had not used her Lebanese smartphones to access HRW’s internal systems. Since she became aware of the attacks, she said, she stores very little data on her phone. Because such an attack also impacts the security of those she communicates with, she said, “These attacks make our work more difficult and risky. They have real-life implications. People have been detained, tortured, and in some cases even killed after they or someone they know was attacked with Pegasus. While I don’t believe these illegal attacks on my phone have caused harm to others, the risk remains.”

What is Pegasus?

Pegasus is a spy software from the Israeli company NSO Group. The spying software can completely take over an infiltrated device and, for example, turn on the camera and microphone without being noticed or copy all data. Location data can also be retrieved and passwords read out. The surveillance program has been criticized for years in connection with human rights violations.

In the summer of 2021, research conducted by the organizations Forbidden Stories and Amnesty International, as well as several international media outlets, uncovered how media professionals, human rights activists and opposition figures around the world were being monitored using the Pegasus spyware. They had analyzed a dataset with more than 50,000 telephone numbers that were apparently selected by Pegasus users as potential spying targets. This list is said to have included around 300 Lebanese phone numbers.

At the beginning of last week, the organizations Access Now and Front Line Defenders reported that two human rights activists in Bahrain and Jordan had also been spied on. Pegasus has been criticized for years in connection with human rights violations: as early as 2018, for example, Amnesty International had observed an attempted attack on an employee.

HRW calls for moratorium

Deborah Brown, senior digital rights researcher at HRW, commented, “Governments are using NSO Group’s spyware to monitor and silence human rights defenders, journalists, and others who expose abuse. That it has been allowed to operate with impunity in the face of overwhelming evidence of abuse, not only undermines efforts by journalists and human rights groups to hold powerful actors to account, but also puts the people they are trying to protect in grave danger.”

The organization renewed its call for a moratorium on the sale, transfer and use of surveillance technologies. Governments should also disclose whether they use spying programs like Pegasus. The organization also calls for United Nations experts to monitor the sale of spy software as well as its use.

The U.S. had imposed sanctions on Pegasus manufacturer NSO in November. There is also a debate in the EU about the technology: the EU Parliament’s “Special Committee on Foreign Interference in all Democratic Processes in the European Union” recommended yesterday that surveillance software such as Pegasus be classified as illegal and its use be banned. (js)