We confirmed Maati Monjib had already been targeted with NSO Group’s Pegasus spyware via malicious SMS messages. With the revelations detailed in this report, it has become increasingly obvious that NSO Group’s claims and its human rights policy are an attempt to whitewash rights violations caused by the use of its products. 0 Otherwise, we'll assume you're OK to continue. This means that only select individuals would have been targeted. You can’t behave freely. Il est dit que les fondateurs sont des anciens membres de l'unité 8200, l'unité de renseignement israélienne responsable du Renseignement d'origine électromagnétique4. In June 2018 Amnesty International documented the targeting of an Amnesty staff member and a Saudi HRD using NSO Group‘s Pegasus. Normally, the browser would be immediately redirected by Yahoo to its default TLS-secured site at https://fr.yahoo.com/. Such a network vantage point could be any network hop as close as possible to the targeted device. ]co, which seems to impersonate Hmizate, an e-commerce company from Morocco. Le groupe y a investi 1,8 million de dolla… We believe this is what happened with Maati Monjib’s phone. We believe it was a deliberate clean-up executed by the spyware in order to remove traces that could lead to the identification of the vulnerabilities actively exploited. Another domain we found in SMS messages sent to Moroccan HRDs, revolution-news[. The links contained in such messages closely resemble the URLs involved in the network injection attacks: Both links are composed of rather generic domain names, followed by a 7-9 random alphanumeric string. Previously, he had protested restrictions on his movements by going on a hunger strike. ]co/nBBJBIP, فاجعة الصويرة تسقط أول المسؤولين أمام القضاء hxxps://infospress[. Further analysis of the device led us to identify at least four similar injection attempts between March and July 2019. h�bbd```b``^"W�Is��D2U�e���`R,�����d���o���`vX�j9g ��� �� WAl�P�� H�/�������g`����1�3@� DiZ En octobre 2019, Amnesty International a publié un premier rapport sur l’utilisation d’un logiciel espion produit par l’entreprise israélienne NSO Group en vue de cibler des défenseurs des droits humains marocains, Maati Monjib et Abdessadak El Bouchattaoui. While analysing the iPhone of Maati Monjib, who we confirmed above was targeted with NSO Group’s Pegasus spyware using malicious SMS links, we observed some suspicious traces which we believe are indicative of some peculiar exploitation attempts. endstream endobj startxref Amnesty International has uncovered targeted digital attacks against two prominent Moroccan Human Rights Defenders (HRDs) using NSO Group’s Pegasus spyware. ]” instead of dots or “hxxp” instead of “http”, in order to avoid accidental clicks or copy & paste.). In this case, the attackers cleverly crafted the attack to appear like a flood of automated spam SMS messages with the same text, and offering the malicious link as a way to stop receiving them. Le Maroc et 44 autres pays sont les clients de NSO qui a créé Pegasus, un logiciel utilisé pour pirater des comptes WhatsApp. If you received similar SMS messages to those described in this report, you can share them with us by writing to the following email address: “As per our policy, we investigate reports of alleged misuse of our products. During the course of his trial he received death threats and his family was intimidated over the phone. Refunds of donations. ]com/y73qr7mb, فضيحة أخلاقية داخل مقهى بورتز في حي أكدال بالرباط \r\nلمشاهدة الفيديو الذي يوثق الفضيحة hxxps://videosdownload[. NSO Group spyware used against Moroccan journalist after company pledged to respect human rights; Inc. Co. comments. Cookie Statement ]biz/TY8us0h, TruecaIIer à le plaisir de vous annoncer l'ajout d'une nouvelle fonctionnalité, consulter les noms des personnes qui ont cherché votre numéro durant une semaine hxxp://tinyurl[. In February 2017, a court in Al Hoceima sentenced him to 20 months in prison and a fine for online posts in which he criticized the use of excessive force by the authorities during the protests. They could be imprisoned for up to five years if found guilty. One message carrying a link with this domain showed the same characteristics as typical Pegasus SMS messages. Espionnage: le Royaume du Maroc serait un client de Circles, filiale de l’Israélien NSO Group Aux côté de 24 pays au monde, le Maroc a été cité comme client potentiel pour les produits de l’entreprise Circles, filiale de le la société israélienne NSO, dans une nouvelle … According to our research, these targeted attacks have been ongoing since at least 2017. ]com/y93yg2sc, Nhar lekbir c'est le vendredi 24 Novembre ! I need to constantly analyze the consequences of what I say and the risk that this may lead to defamatory accusations against me. Dans un nouveau rapport publié le 22 juin, nous révélons que l’entreprise israélienne, NSO Group, qui commercialise sa technologie pour combattre la pandémie de COVID-19, a favorisé une intense campagne menée par le Maroc pour espionner le journaliste marocain Omar Radi. This type of redirection would only be possible when the request is in clear text, and not protected with Transport Layer Security (or TLS, which is essentially the https:// you sometimes see in links), as was the case with http://yahoo.fr. Technology developed by Israeli cyber security company NSO Group was used by the Moroccan government to spy on journalist Omar Radi, a critic of Morocco's human rights record, Amnesty International said on Monday. If you are talented and passionate about human rights then Amnesty International wants to hear from you. Our analysis of Maati Monjib’s phone showed that, on one occasion, all these crash files were wiped a few seconds after one of these Safari redirections happened. The targeting of Maati Monjib and Abdessadak El Bouchattaoui, simply for carrying out human rights work, is unlawful according to principles laid out in international human rights law. Abdessadak El Bouchattaoui, is a lawyer and HRD. Toute l'actualité NSO_Group du Maroc et des Marocains à travers le Monde. In this document, NSO Group refers to the vantage point as “Tactical Network Element“, and explains how a rogue cell tower (or Base Transceiver Station) could be used to identify the phone of the target, and remotely inject and install Pegasus. However, Morocco has denied these accusations claiming that it has never had a relationship with NSO Group, the company in charge of designing this type of software. The targeting of Radi came at a time when he was being repeatedly harassed by the Moroccan government between January 2019 and January 2020. This even applies to very practical things like arranging meetings or a dinner downtown. Read more about Morocco used Israeli malware to spy on journalists . Le rapport d’Amnesty International sur les activités de NSO Group en relation avec le Maroc, complètent en réalité toute une série d’actions entreprises ces 5 dernières années par l’organisation de Droits de l’Homme dans un bras de fer avec l’entreprise israélienne spécialisée dans les logiciels de surveillance. As laid out in the UN Guiding Principles on Business and Human Rights, the NSO Group and their primary investor, the UK-based private equity firm Novalpina Capital, should urgently take pro-active steps to ensure that they do not cause or contribute to human rights abuses within their global operations, and to respond to any human rights abuses when they do occur. This allows them to change the behaviour of a targeted device and, such as in this case, to re-route it to malicious downloads or exploit pages without requiring any extra interaction from the victim. They are not tools to surveil dissidents or human rights activists. endstream endobj 409 0 obj <. Since the middle of 2018, he has been living in France after his request for asylum was accepted. hxxp://tinyurl[. The browser first attempted an unencrypted connection to http://yahoo.fr. ��P�G,S���1�`����x�q�9���LJL�a����V��u�`������{�'������4#� m��9q�ff`�愇�#�^u�*FS� � l� SMS messages sent to Moroccan Human Rights Defenders, as documented in this report, also carry similar links to the same set of Internet infrastructure attributed to NSO Group. Abdessadak El Bouchattaoui had also long suspected that his digital communications were being monitored. Additionally, we identified a new previously unknown domain: hmizat[. %%EOF This affected his sense of psychological well-being and made it difficult for him to carry out his work. Maati Monjib’s fears were proven to be true. The full response from the NSO Group is included in Appendix-I, wherein they reiterate that allegations of misuse would be investigated. The journalist, Omar Radi, was targeted by surveillance software capable of tracking texts, calls, emails, camera, and more — just days after NSO Group, the Israeli surveillance software company, … Moroccan HRDs have faced harassment, intimidation, and imprisonment. These suspicions are now definitively confirmed. (Note: with each attempt, the redirected URL would change slightly with different subdomains, port number, and URI.). Morocco has been connected to multiple cases of surveillance abuse over the past decade, ranging from the targeting of human rights organizations with Hacking Team’s spyware to a string of more recent cases in which NSO Group’s Pegasus spyware was used to target civil society within Morocco … The trial in this case is ongoing. Amnesty International suspects that the NSO Group may also be behind these network injection attacks.   |   This is increasingly making it difficult for HRDs and activists to exercise their rights to freedom of expression and association, and peaceful assembly. He is a part of the legal defence team for people imprisoned for participating in the social justice protests in the Hirak El-Rif across 2016 and 2017. These revelations are particularly significant in a context where Moroccan authorities are increasingly using repressive provisions from penal codes and security laws to criminalise and discredit human rights defenders and activists for exercising their rights to freedom of expression, association, and peaceful assembly. Aux côté de 24 pays au monde, le Maroc a été cité comme client potentiel pour les produits de l’entreprise Circles, filiale de le la société israélienne NSO, dans une nouvelle Amnesty International met Maati Monjib and checked his devices for traces of targeting. NSO Group publicly committed to abide by the UN Guiding Principles on Business and Human Rights on 10 September. Le siège social de NSO Group en Israël. NSO Group, entreprise israélienne commercialisant sa technologie pour combattre la pandémie de COVID-19, a favorisé une intense campagne menée par le Maroc pour espionner le journaliste marocain Omar Radi, a révélé Amnesty International dans un nouveau rapport d’enquête rendu public lundi 22 juin.On ne peut manifestement pas faire confiance à NSO Group. NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company's founders) is an Israeli technology firm whose spyware called Pegasus enables the remote surveillance of smartphones. Der Name NSO GmbH (Netzwerk Systemadministration und Onlineservices) hat uns über 16 Jahre treu begleitet. This visit was followed by a redirect to the same domain, but provided with additional arguments: hxxps://bun54l2b67.get1tn0w.free247downloads[.]com:30495/szev4hz#048634787343287485982474853012724998054718494423286. With network injection spyware attacks, the attacker requires either physical proximity to the targets or access over national mobile networks (which only a government can authorise), further indicating that the Moroccan authorities were responsible for the attack against Radi. Résumé. ]com/y7wdcd8z, Urgent le livre sur Donald Trump s est arrache dans toutes les librairies une version arabe est disponible gratuitement sur le lien hxxp://tinyurl[.]com/y87hnl3o. Omar Radi is the latest journalist to have his phone compromised by NSO Group. ]biz/2Kj2ik6, Le BackFriday continue exceptionnellement aujourd'hui chez CityClub!Dernière chance de s'offrir 15MOIS de fitness à 1633!\r\nDemain il sera trop tard 0522647000 STOPSMS: hxxps://stopsms[. ]com/y9hbdqm5 \nvous pouvez consulter nos offres du moment, Vous l'avez demandé,CityClub l'a fait!Grand retour du BLACKFRIDAY vendredi 24/11!\r\nRéservez votre carte promo 15 mois à 1633dh! Morocco used Israeli malware to spy on journalists. He says that he has been followed multiple times and that his clients have also been harassed. After checking his devices for evidence of targeting, Amnesty International was able to confirm that Abdessadak El Bouchattaoui was indeed targeted repeatedly with malicious SMS messages that carried links to websites connected to NSO Group’s Pegasus spyware. Additionally, a similar network injection capability was briefly described in a document named "Pegasus – Product Description" – apparently written by NSO Group – that was found in the 2015 leak of the competing Italian spyware vendor, Hacking Team. This allows us to reconstruct redirections and the chronology of web requests. Privacy Policy NSO Group, entreprise israélienne commercialisant sa technologie pour combattre la pandémie de COVID-19, a favorisé une intense campagne menée par le Maroc pour espionner le journaliste marocain Omar Radi, a révélé Amnesty International dans un nouveau rapport d’enquête rendu public lundi 22 juin. Because this attack is executed “invisibly” through the network instead of with malicious SMS messages and social engineering, it has the advantages of avoiding any user interaction and leaving virtually no trace visible to the victim. Pour ne plus recevois nos SMS : hxxp://stopsms[. Radi was targeted by a series of network injection attacks, which allowed attackers to intercept and manipulate targets’ internet traffic, Amnesty International said. Amnesty International has uncovered targeted digital attacks against two prominent Moroccan Human Rights Defenders (HRDs) using NSO Group’s Pegasus spyware. NSO Group, entreprise israélienne commercialisant sa technologie pour combattre la pandémie de COVID-19, a favorisé une intense campagne menée par le Maroc pour espionner le journaliste marocain Omar Radi, a révélé Amnesty International dans un nouveau rapport d’enquête rendu public lundi 22 juin. However considering the technical similarities to other Pegasus infections, the fact that Monjib has already been targeted with NSO Group’s software and the fact that NSO Group advertise the network injection capability we suspect was used in this attack, there is reason to believe that NSO Group’s tools may also have been used in this attack. They can be found in Settings > Privacy > Analytics > Analytics Data. NSO Group licences have failed in their responsibility to protect human rights by not adequately scrutinising and failing to deny export authorization where there is a substantial risk that the export in question could be used to violate human rights. The organization found that Radi's phone was subjected to several attacks using a "sophisticated new technique" that silently installed NSO's Pegasus spyware. Instead, the browser history indicates that the page immediately (in less than 3 milliseconds) redirected to a very suspicious looking site: hxxps://bun54l2b67.get1tn0w.free247downloads[.]com:30495/szev4hz. SMS messages delivered to them carried links that pointed to malicious websites previously connected to NSO Group. Permissions   |   We believe this is a symptom of a network injection attack generally called “man-in-the-middle” attack. Dans ce rapport, elle affirme toujours en employant le conditionnel que le téléphone de l’historien Maati Mounjib aurait fait … If an investigation identifies actual or potential adverse impacts on human rights we are proactive and quick to take the appropriate action to address them. Amnesty International wrote to the NSO Group and Novalpina Capital to seek their response on the information detailed in this report. This report uncovers how this spyware was used to unlawfully target two prominent HRDs from Morocco, who have a history of facing reprisals from the state for speaking out openly about human rights in the country. NSO Group, entreprise israélienne commercialisant sa technologie pour combattre la pandémie de COVID-19, a favorisé une intense campagne menée par le Maroc pour espionner le journaliste marocain Omar Radi, a révélé Amnesty International dans un nouveau rapport d’enquête rendu public lundi 22 juin. Amnesty International urges the NSO Group to conduct a transparent investigation and awaits concrete action that adequately addresses the concerns raised in this report. Indian journalists reported among targets of alleged NSO Group WhatsApp hack October 31, 2019 2:29 PM EDT New York, October 31, 2019—The Committee to Protect Journalists is alarmed by news reports that several journalists in India have been notified that they were among the targets of suspicious WhatsApp contact that may have been used to install advanced surveillance technology on their phones. When people are targeted for surveillance based only on the exercise of their human rights, it would amount to an “arbitrary or unlawful” attack on their privacy and hence, would violate their freedom of expression that is enshrined in the International Covenant on Civil and Political Rights. After about 30 seconds, Maati Monjib again tried to access Yahoo, this time by searching “yahoo.fr mail“ on Google and then eventually being directed to the right location where he then read his email. Since he began his work on defending protestors in Hirak, Abdessadak El Bouchattaoui was also fairly certain that he was under surveillance by the state. Espionnage : Le Maroc serait client de Circles, filiale de l'Israélien NSO Group. These were carried out through SMS messages carrying malicious links that, if clicked, would attempt to exploit the mobile device of the victim and install NSO Group’s Pegasus spyware. Additional evidence found on the phone reinforces this suspicion. He was charged under repressive penal provisions that criminalise the exercise of the right to free expression. The NSO Group says that it licenses products “only to government intelligence and law enforcement agencies” to investigate serious crime. This was followed by the execution of a suspicious process and by a forced reboot of the phone. This has had a detrimental impact on his activism and daily life. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. NSO Group, the Israeli company marketing its technology in the fight against COVID-19, contributed to a sustained campaign by the government of Morocco to spy on Moroccan journalist Omar Radi, a new investigation by Amnesty International reveals. By inspecting Maati Monjib’s Safari browsing history we found visits to suspicious links that did not originate from SMS or WhatsApp messages. To monitor a target, a government operator of Pegasus must convince the target to click on a specially crafted exploit link, which, when clicked, delivers a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission. Citizen Lab survey lists Morocco as customer of Circles, a subsidiary of Israel’s NSO Group. Amnesty International said Sunday its security team found evidence of abuse on a Moroccan journalist’s cell phone that can be tied back to spyware developed by NSO Group. We have placed cookies on your device to help make this website better. ]com/LQoHgMCEE, Bonjour,Quelqu'un vous a recherché sur Truecaller.Découvrez de qui il s'agit. Annual report 2019: Eastern Europe and Central Asia, EU Counter-Terrorism Agenda takes a wrecking ball to rights, Human rights monitoring needed more than ever in Western Sahara, documented the targeting of an Amnesty staff member and a Saudi HRD using NSO Group‘s Pegasus, malicious websites previously connected to NSO Group, previously identified and disclosed by Amnesty International, Hide and Seek: Tracking NSO Group‘s Spyware to Operations in 45 Countries, Amnesty International Among Targets of NSO-powered Campaign, Israel: Amnesty International engages in legal action to stop NSO Group’s web of surveillance, Open letter to Novalpina Capital, CC: NSO Group, Francisco Partners, Second open letter to Novalpina Capital, CC: NSO Group, Francisco Partners. This charge was leveled simply for promoting a mobile application for citizen journalism that protected users’ privacy. He is an important voice on issues of freedom of expression in Morocco. This database not only keeps individual records of particular links being visited, but it also records the origin and destination of each visit. Israel-based “Cyber Warfare” vendor NSO Group produces and sells a mobile phone spyware suite called Pegasus. Amnesty International is calling on the Moroccan authorities to quash the conviction against him. These messages, described as “Enhanced Social Engineering Message(s)“ (ESEM) in leaked NSO Group‘s documentation, attempt to lure victims to click on the contained link, which would then trigger an attempt of exploitation of the phone and the consequent silent installation of the Pegasus spyware on the device. The messages containing malicious links were sent to him during what he recalls was the peak of the Hirak El-Rif movement and the subsequent repression by the Moroccan security forces. In addition to SMS messages, we identified what appear to be network injection attacks against a HRD’s mobile network also aimed at installing spyware. Our products are developed to help the intelligence and law enforcement community save lives. In addition to it being used to target an Amnesty staff member in 2018, NSO group’s software has also been used to attack HRDs from Saudi Arabia, Mexico and UAE. h�b```���@��(���1�B���G�kg6��l��/̼�������RE�B>�a^���tu��Y3�[���Kd���>A�M:~�~�����o��n��N���$�����ɩ��? Oct 10, 2019 | CYBERSCOOP Hackers potentially working on behalf of a foreign government have targeted Moroccan human rights advocates with malicious software built by NSO Group, a controversial spyware vendor, according to Amnesty International. We believe at least one injection attack was successful and resulted in the compromise of Maati Monjib’s iPhone. The link between Warner and Omri Lavie, an ex-Israeli intelligence officer and one of the three founders of NSO Group (NSO stands for Niv, Shalev, and Omri, the first names of the three founders) lies in Warner’s longtime confidant, current business partner, and the former manager of his family’s investment office, Nicholas Perrins. ]com, have been previously identified and disclosed by Amnesty International as part of NSO Group‘s exploitation infrastructure. Two domain names from links delivered to Maati Monjib and Abdessadek El Bouchattaoui, stopsms[. Amnesty International collected evidence of new abuses of the NSO Group ‘s surveillance spyware, this time the malware was used to spy two rights activists in Morocco. Saudis put Palestinians on trial over vague claims . In order to meet that responsibility, NSO Group must carry out adequate human rights due diligence and take steps to ensure that HRDs in Morocco do not continue to become targets of unlawful surveillance. NSO Group Technologies est une entreprise israélienne de sécurité informatique fondée en 2010 par Niv Carmi, Omri Lavie, et Shalev Hulio [1].Elle est implantée à Herzelia en Israël et est constituée de deux cents employés. Surveillance in Morocco is carried out in an open and brazen way… Surveillance is a type of punishment. Son ancien président du bureau dirigeant était le général en retraite Avigdor Ben-Gal, ancien responsable d'Israel Aircraft Industries dans les années 19901. 408 0 obj <> endobj These crash logs are stored on the phone indefinitely, at least until the phone is synced with iTunes. It is part of their strategy to make you suspect you’re being watched so you feel like you’re under pressure all the time. Die Aufgaben und die Komplexität der heute digitalisierten Welt haben sich geändert und wir sind mitgewachsen, haben die Sprach- und Verständnisbarrieren zwischen Technikern und Nicht … Amnesty International claims that Israeli firm NSO Group’s spyware was used in a sustained campaign by Morocco’s government to spy on Moroccan journalist Omar Radi, with one attack occurring days after NSO pledged to prevent its technology from being used in human rights abuses. (I?�6�M�q�Q����\�7000vtt0d0H4�50yt0x0� I&� CF3�#�R� "#�:;:%:�:��1c�8��E�X In the absence of adequate transparency on investigations of misuse by NSO Group and due diligence mechanisms, Amnesty International has long found these claims spurious. June 22, 2020 By Pierluigi Paganini Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. ]biz and infospress[. Interestingly, some of the malicious links started with a capital “Https://” instead of “http://” and in one case the link missed a character, which suggests the attackers might have been typing SMS messages manually, and then sending them from a Moroccan number.