Nine human rights activists, journalists, academics and lawyers in India have been targeted by a “coordinated” spyware operation, according to an investigation by Amnesty International and the Citizen Lab.
Between January and October 2019 an unidentified person or organisation sent 12 spearphishing emails containing a link that, if opened, would have installed commercial spyware software on the victim’s computers or smartphones.
Amnesty and Citizen Lab said they believe individuals were targeted because of their human rights work.
The spyware campaign targeted at least nine human rights defenders (HRDs) based in India. Eight of them had been calling for the release of 11 prominent activists arrested two years ago in relation to the protests at Bhima Koregaon in Maharashtra, India.
The emails were “very carefully crafted and personalised”, said Amnesty and Citizen Lab, often impersonating those known to the targets, such as journalists or officials from local courts.
If opened, they would have installed commercially available spyware Netwire, which has the ability to steal credentials, make audio recordings, log keystrokes and more.
“The spearphishing emails and spyware suggest that this is not a cybercrime attack, but a spyware campaign trying to compromise devices of HRDs,” said Amnesty International and Citizen Lab in a blog post published today.
“If successful it would have enabled the attackers to monitor the HRD’s actions and communications and is therefore a violation of their rights to freedom of expression and privacy.”
Amnesty and Citizen Lab were not able to conclusively attribute the attack to a particular group.
India spyware operation: “No known links to NSO Group”
According to Amnesty and Citizen Lab, the spyware in this campaign has “no known links to NSO Group”, the spyware maker currently being sued by Facebook after it emerged the Israeli firm’s Pegasus spyware could be used to gain access to a person’s phone via WhatsApp.
However, three of the people targeted in the India spyware campaign were allegedly targeted using NSO Group’s surveillance software – a claim that NSO has disputed.
“That some of these individuals were targeted multiple times shows that there is a disturbing pattern of spyware attacks against HRDs involved in the Bhima Koregaon case,” said the Amnesty/Citizen Lab report.
“Targeting people solely for exercising their right to peaceful dissent amounts to an arbitrary or unlawful attack on their privacy and violates their right to freedom of expression. States have an obligation to protect human rights by ensuring that HRDs are protected from unlawful surveillance.”