Amnesty International accuses Morocco of spying on an investigative journalist using Pegasus software from the Israeli company NSO Group Technologies, according to a report by the NGO published on its website. The Moroccan authorities have not yet commented on the document.
In a report published on its official website on Monday, Amnesty International said that the Moroccan authorities used Pegasus software, developed by the Israeli company NSO Group Technologies, to spy on investigative journalist Omar Radi. The NGO also says that this is not the first time the software has been used in Morocco to spy on opponents. Rabat has still not reacted.
Amnesty International experts who analyzed the journalist’s phone say the device has been attacked several times by “network injection” in a year, from 2019 to 2020.
A precedent
The NGO’s specialists say the traces left by these attacks are the same as those discovered in 2019 on the phone of human rights activist Maati Monjib. Indeed, in another report published in October 2019, the organization denounced the use of the Pegasus software for spying against the activist.
“Amnesty International found on Omar Radi’s phone the same evidence of the execution of a malicious program as on Maati Monjib’s, which corroborated the hypothesis that the same spyware was used in both cases, namely – based on the overlapping infrastructure and the characteristics of the links used – Pegasus developed by the NSO Group,” the report details.
Starting from the fact that “NSO Group Technologies claims to market its products only to government agencies” to fight organized crime and terrorism, the NGO points to the responsibility of the Moroccan government in these cyber attacks.
Technology
Network injection cyber-attacks involve forcing a smartphone’s browser to redirect itself to a malicious site from which spyware is downloaded. According to the NGO’s experts, the operation first requires taking control of the mobile network to which the target phone is connected. At this point, the device is bombarded with URLs in order to mislead the user, who redirects himself without realizing it to another server.
Omar Radi confirms that he’s been subjected to these kinds of attacks. “For example, I want to enter a site, and then I see on the strip a lot of URLs change. And so, I’m redirected to other servers. That’s an injection of URLs,” he explains, according to France culture.
“Amnesty explained to me that that’s how my phone got infected. And, ironically, I got infected by going to the Moroccan justice ministry’s website,” he adds.
NSO Group Technologies told Forbidden Stories that it would open an investigation, if necessary, into the case, saying it was “deeply disturbed” by Amnesty International’s latest revelations.
The Moroccan authorities have still not responded to the report.