Omar Radi is the latest journalist to have his phone compromised by NSO Group. They are not tools to surveil dissidents or human rights activists. The messages containing malicious links were sent to him during what he recalls was the peak of the Hirak El-Rif movement and the subsequent repression by the Moroccan security forces. This allows them to change the behaviour of a targeted device and, such as in this case, to re-route it to malicious downloads or exploit pages without requiring any extra interaction from the victim. ]co, was previously identified by Citizen Lab in the report “Hide and Seek: Tracking NSO Group‘s Spyware to Operations in 45 Countries“ as associated to the threat actor they named “ATLAS“ and suspected by Citizen Lab to be of Moroccan origin. Abdessadak El Bouchattaoui had also long suspected that his digital communications were being monitored. When people are targeted for surveillance based only on the exercise of their human rights, it would amount to an “arbitrary or unlawful” attack on their privacy and hence, would violate their freedom of expression that is enshrined in the International Covenant on Civil and Political Rights. In February 2017, a court in Al Hoceima sentenced him to 20 months in prison and a fine for online posts in which he criticized the use of excessive force by the authorities during the protests. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. h�b```���@��(���1�B���G�kg6��l��/̼�������RE�B>�a^���tu��Y3�[���Kd���>A�M:~�~�����o��n��N���$�����ɩ��? This month, Amnesty International identified two Moroccan activists targeted by attempts to install Pegasus since at least October 2017. NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company's founders) is an Israeli technology firm whose spyware called Pegasus enables the remote surveillance of smartphones. In the absence of adequate transparency on investigations of misuse by NSO Group and due diligence mechanisms, Amnesty International has long found these claims spurious. Currently, we do not have sufficient information to conclusively attribute these suspected network injection attacks to NSO Group’s products or services. Normally, the browser would be immediately redirected by Yahoo to its default TLS-secured site at https://fr.yahoo.com/. In June 2018 Amnesty International documented the targeting of an Amnesty staff member and a Saudi HRD using NSO Group‘s Pegasus. The link between Warner and Omri Lavie, an ex-Israeli intelligence officer and one of the three founders of NSO Group (NSO stands for Niv, Shalev, and Omri, the first names of the three founders) lies in Warner’s longtime confidant, current business partner, and the former manager of his family’s investment office, Nicholas Perrins. Instead, the browser history indicates that the page immediately (in less than 3 milliseconds) redirected to a very suspicious looking site: hxxps://bun54l2b67.get1tn0w.free247downloads[.]com:30495/szev4hz. Amnesty International met Maati Monjib and checked his devices for traces of targeting. ]biz/yTnWt1Ct, ALQODS RESTERA TOUJOURS LA CAPITALE DE LA PALESTINE SAUVEZ LA VILLE SAINTE EN SIGNANT CETTE PETITION hxxp://tinyurl[. Our analysis of Maati Monjib’s phone showed that, on one occasion, all these crash files were wiped a few seconds after one of these Safari redirections happened. La société a débuté financée par un groupe d'investisseurs menés par Eddy Shalev, un partenaire dans le fonds d'investissement Genesis Partners. We confirmed Maati Monjib had already been targeted with NSO Group’s Pegasus spyware via malicious SMS messages. According to our research, these targeted attacks have been ongoing since at least 2017. Interestingly, some of the malicious links started with a capital “Https://” instead of “http://” and in one case the link missed a character, which suggests the attackers might have been typing SMS messages manually, and then sending them from a Moroccan number. However, Morocco has denied these accusations claiming that it has never had a relationship with NSO Group, the company in charge of designing this type of software. Privacy Policy 446 0 obj <>stream Further, Moroccan authorities should disclose the details of any deals carried out with the NSO Group and should ensure that HRDs are protected from unlawful surveillance through adequate legal and policy safeguards that are in line with international standards, including by providing effective legal remedies for people to challenge violations of their human rights linked to surveillance. Earlier this month, the NSO Group also released its Human Rights Policy. SMS messages sent to Moroccan Human Rights Defenders, as documented in this report, also carry similar links to the same set of Internet infrastructure attributed to NSO Group. In 2015, Moroccan authorities accused him (and four others) of “threatening the internal security of the state” through “propaganda” that may threaten “the loyalty that citizens owe to the State and institutions of the Moroccan people” under Article 206 of the Penal Code, according to official court papers. The organization found that Radi's phone was subjected to several attacks using a "sophisticated new technique" that silently installed NSO's Pegasus spyware. Once the phone is exploited and Pegasus is installed, it begins contacting the operator’s command and contr… The trial in this case is ongoing. Safari records its entire browsing history in a SQLite database stored on the device (and exportable through an iTunes backup procedure). After about 30 seconds, Maati Monjib again tried to access Yahoo, this time by searching “yahoo.fr mail“ on Google and then eventually being directed to the right location where he then read his email. News NSO_Group Maroc. With the revelations detailed in this report, it has become increasingly obvious that NSO Group’s claims and its human rights policy are an attempt to whitewash rights violations caused by the use of its products. Amnesty International is calling on the Moroccan authorities to drop the charges against Monjib and his co-defendants. Amnesty International has uncovered targeted digital attacks against two prominent Moroccan Human Rights Defenders (HRDs) using NSO Group’s Pegasus spyware. We have placed cookies on your device to help make this website better. NSO Group, entreprise israélienne commercialisant sa technologie pour combattre la pandémie de COVID-19, a favorisé une intense campagne menée par le Maroc pour espionner le journaliste marocain Omar Radi, a révélé Amnesty International dans un nouveau rapport d’enquête rendu public lundi 22 juin.On ne peut manifestement pas faire confiance à NSO Group. NSO Group, the Israeli company marketing its technology in the fight against COVID-19, contributed to a sustained campaign by the government of Morocco to spy on Moroccan journalist Omar Radi, a new investigation by Amnesty International reveals. If you are talented and passionate about human rights then Amnesty International wants to hear from you. Read more about Morocco used Israeli malware to spy on journalists . They can be found in Settings > Privacy > Analytics > Analytics Data. Die Aufgaben und die Komplexität der heute digitalisierten Welt haben sich geändert und wir sind mitgewachsen, haben die Sprach- und Verständnisbarrieren zwischen Technikern und Nicht … Our products are developed to help the intelligence and law enforcement community save lives. The NSO Group claims that the technology is only used for lawful purposes, such as against terrorists and criminals and that if states misuse its tools, its human rights due diligence mechanisms are sufficient to investigate and remedy that misuse. ]biz/2Kj2ik6, Le BackFriday continue exceptionnellement aujourd'hui chez CityClub!Dernière chance de s'offrir 15MOIS de fitness à 1633!\r\nDemain il sera trop tard 0522647000 STOPSMS: hxxps://stopsms[. Espionnage: le Royaume du Maroc serait un client de Circles, filiale de l’Israélien NSO Group Aux côté de 24 pays au monde, le Maroc a été cité comme client potentiel pour les produits de l’entreprise Circles, filiale de le la société israélienne NSO, dans une nouvelle … Additionally, a similar network injection capability was briefly described in a document named "Pegasus – Product Description" – apparently written by NSO Group – that was found in the 2015 leak of the competing Italian spyware vendor, Hacking Team. ), (Please note: throughout this text domain names and links are escaped, for example using “[. The targeting of Radi came at a time when he was being repeatedly harassed by the Moroccan government between January 2019 and January 2020. He is a part of the legal defence team for people imprisoned for participating in the social justice protests in the Hirak El-Rif across 2016 and 2017. Since 2015, Maati Monjib believed that he has been under digital surveillance by Moroccan authorities. A new investigation led by Amnesty International revales that NSO Group, the Israeli company marketing its technology in the fight against COVID-19, contributed to a sustained campaign by the government of Morocco to spy on Moroccan journalist Omar Radi. Israel-based “Cyber Warfare” vendor NSO Group produces and sells a mobile phone spyware suite called Pegasus. ]com/y93yg2sc, Nhar lekbir c'est le vendredi 24 Novembre ! endstream endobj 409 0 obj <. Amnesty International collected evidence of new abuses of the NSO Group ‘s surveillance spyware, this time the malware was used to spy two rights activists in Morocco. These revelations are particularly significant in a context where Moroccan authorities are increasingly using repressive provisions from penal codes and security laws to criminalise and discredit human rights defenders and activists for exercising their rights to freedom of expression, association, and peaceful assembly. With network injection spyware attacks, the attacker requires either physical proximity to the targets or access over national mobile networks (which only a government can authorise), further indicating that the Moroccan authorities were responsible for the attack against Radi. Further analysis of the device led us to identify at least four similar injection attempts between March and July 2019. This report reveals that at least since 2017, state authorities have also been using NSO Group’s spyware as a tool to further shrink the space for carrying out human rights work by targeting HRDs. NSO Group has repeatedly said it only sells its technology to governments. Un rapport documenté de Citizen Lab affirme que le Maroc, à travers ses instances sécuritaires, fait partie des Etats clients de Circles Systems, une filiale de la firme israélienne NSO Group qui commercialise des technologies de surveillance controversées. Il est dit que les fondateurs sont des anciens membres de l'unité 8200, l'unité de renseignement israélienne responsable du Renseignement d'origine électromagnétique4. These suspicions are now definitively confirmed. Le rapport d’Amnesty International sur les activités de NSO Group en relation avec le Maroc, complètent en réalité toute une série d’actions entreprises ces 5 dernières années par l’organisation de Droits de l’Homme dans un bras de fer avec l’entreprise israélienne spécialisée dans les logiciels de surveillance. ]com/y7wdcd8z, Urgent le livre sur Donald Trump s est arrache dans toutes les librairies une version arabe est disponible gratuitement sur le lien hxxp://tinyurl[.]com/y87hnl3o. It employed almost 500 people as of 2017, and is based in Herzliya, near Tel Aviv, Israel. One message carrying a link with this domain showed the same characteristics as typical Pegasus SMS messages. Refunds of donations. This was followed by the execution of a suspicious process and by a forced reboot of the phone. These crash logs are stored on the phone indefinitely, at least until the phone is synced with iTunes. Abdessadak El Bouchattaoui, is a lawyer and HRD. In order to meet that responsibility, NSO Group must carry out adequate human rights due diligence and take steps to ensure that HRDs in Morocco do not continue to become targets of unlawful surveillance. Such a network vantage point could be any network hop as close as possible to the targeted device. In this case, because the targeted device is an iPhone, connecting through a mobile line only, a potential vantage point could be a rogue cellular tower placed in the proximity of the target, or other core network infrastructure the mobile operator might have been requested to reconfigure to enable this type of attack. This is not the first time that spyware manufactured by the NSO Group has been used against HRDs. This has had a detrimental impact on his activism and daily life. On July 22nd Maati Monjib opened Safari and tried to visit Yahoo by manually typing “yahoo.fr“ in the address bar. We believe this is a symptom of a network injection attack generally called “man-in-the-middle” attack. In this document, NSO Group refers to the vantage point as “Tactical Network Element“, and explains how a rogue cell tower (or Base Transceiver Station) could be used to identify the phone of the target, and remotely inject and install Pegasus. In October 2019, in response to our report that NSO Group’s tools were used to unlawfully target HRDs in Morocco, NSO Group told Amnesty International in a letter: “Our products are developed to help the intelligence and law enforcement community save lives. Archives Un rapport documenté de Citizen Lab affirme que le Maroc, à travers ses instances sécuritaires, fait partie des Etats clients de Circles Systems, une filiale de la firme israélienne NSO Group qui commercialise des technologies de surveillance controversées. Amnesty International wrote to the NSO Group and Novalpina Capital to seek their response on the information detailed in this report. This is increasingly making it difficult for HRDs and activists to exercise their rights to freedom of expression and association, and peaceful assembly. Maureen Clare Murphy 17 April 2020. As laid out in the UN Guiding Principles on Business and Human Rights, the NSO Group and their primary investor, the UK-based private equity firm Novalpina Capital, should urgently take pro-active steps to ensure that they do not cause or contribute to human rights abuses within their global operations, and to respond to any human rights abuses when they do occur. Amnesty International has uncovered targeted digital attacks against two prominent Moroccan Human Rights Defenders (HRDs) using NSO Group’s Pegasus spyware. Une fois ce postulat vide établi, il est devenu déterminant pour Amnesty de relier «NSO Group» au Maroc, malgré l’aveu préliminaire de cette ONG, sur le fait «qu’elle ne dispose d’aucune preuve sur l’achat, par Rabat, de cette technologie». While analysing the iPhone of Maati Monjib, who we confirmed above was targeted with NSO Group’s Pegasus spyware using malicious SMS links, we observed some suspicious traces which we believe are indicative of some peculiar exploitation attempts. Experts at […]   |   Amnesty International has discovered that since at least October 2017, HRDs from Morocco have been targeted with the infamous “Pegasus“ spyware produced by the Israeli company ‘NSO Group’. While there are significant legal and contractual constraints concerning our ability to comment on whether a particular government agency has licensed our products, we are taking these allegations seriously and will investigate this matter in keeping with our policy. This database not only keeps individual records of particular links being visited, but it also records the origin and destination of each visit. ]co/nBBJBIP, فاجعة الصويرة تسقط أول المسؤولين أمام القضاء hxxps://infospress[. Soyez au Rendez-vous sur notre site :hxxp://tinyurl[. If we ever discover that our products were misused in breach of such a contract, we will take appropriate action.”, Nouveau à temara La 1 ère fois à Bd Fouarate Apparts avec jardin ,grandes piscines & Salle sport + 2 piscines chauffées 7/7 6000/m2. Since the middle of 2018, he has been living in France after his request for asylum was accepted. Maati Monjib’s fears were proven to be true. hxxp://tinyurl[. We believe this is what happened with Maati Monjib’s phone. This may include suspending or immediately terminating a customer’s use of the product, as we have done in the past. Aux côté de 24 pays au monde, le Maroc a été cité comme client potentiel pour les produits de l’entreprise Circles, filiale de le la société israélienne NSO, dans une nouvelle I need to constantly analyze the consequences of what I say and the risk that this may lead to defamatory accusations against me. Amnesty International said Sunday its security team found evidence of abuse on a Moroccan journalist’s cell phone that can be tied back to spyware developed by NSO Group. 0522647000 STOPSMS: hxxps://stopsms[. Son ancien président du bureau dirigeant était le général en retraite Avigdor Ben-Gal, ancien responsable d'Israel Aircraft Industries dans les années 19901.   |   NSO Group ‘s surveillance spyware made the headlines again, this time the malware was used to spy on 2 rights activists in Morocco according Amnesty International. Read more about Israeli court backs notorious spy firm NSO Group . (Note: with each attempt, the redirected URL would change slightly with different subdomains, port number, and URI.). According to our research, these targeted attacks have been ongoing since at least 2017. Oct 10, 2019 | CYBERSCOOP Hackers potentially working on behalf of a foreign government have targeted Moroccan human rights advocates with malicious software built by NSO Group, a controversial spyware vendor, according to Amnesty International. Annual report 2019: Eastern Europe and Central Asia, EU Counter-Terrorism Agenda takes a wrecking ball to rights, Human rights monitoring needed more than ever in Western Sahara, documented the targeting of an Amnesty staff member and a Saudi HRD using NSO Group‘s Pegasus, malicious websites previously connected to NSO Group, previously identified and disclosed by Amnesty International, Hide and Seek: Tracking NSO Group‘s Spyware to Operations in 45 Countries, Amnesty International Among Targets of NSO-powered Campaign, Israel: Amnesty International engages in legal action to stop NSO Group’s web of surveillance, Open letter to Novalpina Capital, CC: NSO Group, Francisco Partners, Second open letter to Novalpina Capital, CC: NSO Group, Francisco Partners. This allows us to reconstruct redirections and the chronology of web requests. Le siège social de NSO Group en Israël. ]co, which seems to impersonate Hmizate, an e-commerce company from Morocco. He is an important voice on issues of freedom of expression in Morocco. ]com/y73qr7mb, فضيحة أخلاقية داخل مقهى بورتز في حي أكدال بالرباط \r\nلمشاهدة الفيديو الذي يوثق الفضيحة hxxps://videosdownload[. Whenever an application crashes, iPhones store a log file keeping traces of what precisely caused the crash. We asked NSO Group to respond to the revelations detailed in their report.