Moroccan human rights activists were targeted by hackers armed with sophisticated computing spying software amid a government crackdown on protests, according to research by Amnesty International.
A report by the British non-profit human rights advocacy organisation shows two prominent Moroccan activists were repeatedly targeted since 2017 with virus-laden text messages and through an internet interception technique, which covertly plants malware on cell phones.
The findings show how governments and other groups are able to buy sophisticated hacking tools and expertise to spy on activists, journalists and political rivals.
Claudio Guarnieri, a security researcher with Amnesty, told Reuters the human rights activists in Morocco, Maati Monjib and Abdessadik El Bouchattaoui, were hacked with the help of tools developed by an Israeli cyber arms dealer known as NSO Group.
Guarnieri suspected the hackers worked for the Moroccan government, although conclusive technical evidence was not found.
“Amnesty believes these attacks to be unlawful and a violation of their rights,” said Guarnieri. “There is an inevitable link to Moroccan authorities being behind these attacks.”
In telephone interviews with Reuters, Monjib and Bouchattaoui said they think government is to blame.
Messages with the Moroccan Ministry of Foreign Affairs in Rabat and the Moroccan Embassy in Washington were not immediately returned. NSO is looking into the allegations.
Monjib believed he was spied on because of involvement in the pro-democracy movement in Morocco. He is co-founder of the NGO Freedom Now, which advocates for a free press in Morocco.
The Amnesty report explains how one NSO product,the Pegasus spyware platform, used text messages with embedded malware targeting Monjib and Bouchattaoui to collect information on their cellphones.
“I knew I was being monitored by state intelligence but I didn’t know how,” said Bouchattaoui.
The booby-trapped text messages, reviewed by Amnesty, were sent between 2017 and 2018.
“You cannot count on companies like NSO to disclose how their products are used to repress and snoop. That is why technical research like Amnesty’s latest report is critical to the debate,” said John Scott-Railton, a senior researcher with the digital civil society group Citizen Lab. “We are confident this is NSO.”
Recently Amnesty discovered Monjib’s iPhone was targeted in 2019 through “network injection attacks.”
When Monjib attempted to visit a French language-version of Yahoo’s email service in Morocco he was redirected to a suspicious webpage.
It is unclear whether malware was downloaded through this page but the activity raised flags. Typically, such an attack requires “privileged access to a target’s network connection” to hijack internet traffic, the report explains.
Security experts say this hacking technique is common in countries where government controls the domestic telecommunications industry.