Spies hacked Moroccan activists amid crackdown on protests: researchers

(Reuters) - Moroccan human rights activists have been targeted by hackers armed with sophisticated computing spying software amid a government crackdown on protests in recent years, according to research by Amnesty International.

A report here released Wednesday by the British non-profit human rights advocacy organization shows how two prominent Moroccan activists were repeatedly targeted since at least 2017 with virus-laden text messages and through an internet interception technique, which can covertly plant malware on cell phones.

The findings show how governments and other groups around the world are able to buy sophisticated hacking tools and expertise from outside vendors to spy on activists, journalists and political rivals.

Claudio Guarnieri, a security researcher with Amnesty, told Reuters the two affected human rights activists in Morocco, Maati Monjib and Abdessadik El Bouchattaoui, were hacked with the help of tools developed by an Israeli cyber arms dealer known as NSO Group.

Guarnieri said he suspected the hackers worked for the Moroccan government, although conclusive technical evidence was not found.

“Amnesty believes these attacks to be unlawful and a violation of the rights of the (activists),” said Guarnieri. “There is an inevitable link to Moroccan authorities having been behind these attacks.”

In telephone interviews with Reuters, Monjib and Bouchattaoui said they also think the government is to blame.

Messages left with the Moroccan Ministry of Foreign Affairs in Rabat and the Moroccan Embassy in Washington on Wednesday were not immediately returned. NSO said it is looking into the allegations.

Monjib said he believed he was spied on because of his involvement in the pro-democracy movement in Morocco. He is the co-founder of the NGO Freedom Now organization, which advocates for a free press in Morocco.

The Amnesty report explains how one particular NSO product, known as the Pegasus spyware platform, used text messages with embedded malware targeting Monjib and Bouchattaoui to collect information stored on their cellphones.

“I knew I was being monitored by state intelligence but I didn’t know how (before),” said Bouchattaoui.

The booby-trapped text messages, reviewed by Amnesty, were sent between 2017 and 2018.

“You cannot count on companies like NSO to disclose how their products are used to repress and snoop. That is why technical research like Amnesty’s latest report is so critical to the debate,” said John Scott-Railton, a senior researcher with the digital civil society group Citizen Lab. “We are confident that this is indeed NSO.”

More recently, Amnesty discovered Monjib’s iPhone was targeted again in 2019 through a series of “network injection attacks.”

When Monjib attempted to visit a French language-version of Yahoo’s email service in Morocco he was instead redirected to a suspicious webpage.

It is unclear whether malware was download through this page. But the activity raised flags. Typically, such an attack requires “privileged access to a target’s network connection” in order to hijack their internet traffic, the report explains.

Security experts say this type of hacking technique is most common in countries where the government is in control of the domestic telecommunications industry.

Reporting by Christopher Bing and Raphael Satter; Editing by Lincoln Feast