How Israeli Company NSO Hacked My Phone

Almost a year ago, on October 29, I received a WhatsApp notification informing me that Israeli spyware Pegasus had hacked my phone. I had expected them to tap my phone calls—I was enduring increased security harassment at that time—but I never thought they would use such spyware, especially with WhatsApp’s claims of end-to-end encryption.

On the same day, WhatsApp announced that Pegasus spyware exploited a security loophole in its application to spy on a number of people. The attack took place in May 2019, by sending malware through video-calls to approximately 1,400 people, among them are human rights defenders. The malware targeted the phones of activists in several countries around the world, including Morocco. Six other Moroccan activists received the same Whatsapp notification as I did, informing them that their phones had been hacked.

As soon as I received the message sent by Whatsapp, I began reading articles on how Pegasus attacks work. I also reached out to digital security experts at Front Line Defenders and Amnesty International for advice on what to do next. They urged me to discard my mobile phone immediately.

This was not the first time that activists’ phones got targeted in Morocco. Shortly before WhatsApp sent those alerts on October 10, 2019, Amnesty International had published a report revealing that Pegasus Spyware, developed by Israeli signals intelligence company NSO Group, had hacked the phones of two Moroccan activists. These were Dr. Maati Monjib, historian and human rights defender, and Abdessadak El Bouchattaoui, lawyer of the Hirak El-Rif Movement detainees.

Amnesty’s report was based on the findings of the research carried out by its Digital Security Lab on the two individuals’ phones. Technical analysis of the phones showed that they were hacked through SMS messages containing malicious links, in addition to “packet  injection” attacks. The latter exploits non-encrypted internet traffic, and automatically redirects browsers/applications of those targeted to harmful sites. These sites are controlled by the attackers who then secretly install Pegasus spyware on the victims’ phones.

While the Judiciary Sits Idle, Media Outlets are Prosecuting the Victims

After verifying the attack with evidence that confirms it took place (i.e. the WhatsApp notification and the Amnesty International report), I, along with several other victims, filed a complaint on December 9, 2019, to the National Control Commission for the Protection of Personal Data (CNPD). The CNPD is a governmental institution that verifies the legality of citizens’ personal data processing. We  requested opening a judicial investigation on the crime of spying on activists’ phones, by virtue of Act 09-08 on the protection of individuals from the processing of personal data.

The complainants have yet to receive a response from the Commission. Instead, journalists and human rights defenders continue to be targeted by Israeli spyware Pegasus. So far, 10 activists have been targeted, most of whom work in the fields of media, human rights and fighting tyranny in Morocco. Among those activists is journalist Omar Radi, whose personal phone was targeted with the Pegasus spyware last June, as revealed by Amnesty International in a technical investigation. He is currently in arbitrary detention on charges of “espionage” and “rape” which are claimed false and entirely fabricated by several national and international human rights organizations.

In cases where charges could not be pressed, some media outlets affiliated with the authorities launched false defamation campaigns against activists. Those targeted were already experiencing security harassment and prosecution for various charges. Six days after discovering that my phone had been hacked, I also became the subject of a defamation campaign that targeted me on a personal level, along with other activists.

This included threatening articles claiming that intelligence services had all our information and did not need to penetrate our phones. One example is an article titled: “To Hmamouchi and his Associates: when the intelligence has the keys to the house, it does not need to break inside.” Similarly, Maati Monjib, the president of Freedom Now, an association that defends freedom of expression and journalism in Morocco, was also among those targeted by the NSO spyware. Incidentally, he is now facing a large-scale defamation campaign by media outlets known for their affiliation with Moroccan security apparatuses.

Is the Local Security Apparatus Implicated in the Attacks?

Given that NSO claims it exclusively sells its equipment and software to government intelligence and law enforcement agencies, activists accused the Moroccan government of the spying attack. The report by Amnesty International confirmed this by revealing evidence that proves “the Moroccan government remained an active customer of NSO Group, and was able to continue to use the company’s technology to track, intimidate and silence activists, journalists and critics.”

Activists confirm that they have long been victims of spying, but that such practices increased after it was revealed that they had been targeted using technologies developed by Israeli company NSO. In this regard, Monjib tells SMEX: “I feel that I have been under constant surveillance since 2014 at least. Some of my text messages and phone calls with friends, and even pictures of me outside the country, are sometimes published in defamatory ‘media’ outlets affiliated with the Moroccan authorities, distorted and out of context, in order to smear my reputation and in a clear violation of my right to privacy.”

Moreover, a website called “ChoufTV” has dedicated an entire section to “Abu Wael al-Rifi,”  a pseudonym for a so-called “journalist” that anticipates the detention or prosecution of human rights activists and independent journalists, as well as the charges that will be pressed against them, days before they actually occur. One example is when the website successfully predicted the detention of journalists Suleiman Raissouni and Omar Radi.

In a statement to SMEX, lawyer and leader at the Moroccan Association for Human Rights, Souad Brahma, insisted that “the law does not allow the Moroccan government to spy on citizens and penetrate their phones, as it did in the case of the activists who were targeted with the Pegasus spyware.” According to Brahma, “this constitutes a serious violation of the right to privacy and the confidentiality of each individual’s personal information and data.” Further, Article 24 of the Moroccan Constitution stipulates that “Private communications, under whatever form that may be, are secret. Only justice can authorize, under the conditions and following the forms provided by the law, the access to their content, their total or partial divulgation or their summons at the demand of whosoever.”

Moving Forward 

Attacked activists continue to plea for an investigation into the violation of their privacy and the confidentiality of their personal data.

On July 3, eight of the activists targeted by Pegasus addressed a statement to the Moroccan authorities, requesting a response to the complaint they had submitted to the CNPD. Some of them are likely to present their case before international judicial bodies, as Moroccan authorities still refuse to look into the case.

Nevertheless, NSO’s penetration of human rights activists’ phones has led to some productive outcomes. In fact, this incident stirred discussion on the importance of digital security and the need to protect and shield one’s electronic devices as much as possible. It has also led to a greater awareness on the basics of digital security. Alternative softwares such as Signal for encrypted communication, Wire for anonymous communication, and ProtonMail for sending encrypted messages, are becoming more popular.

Moreover, there is an increased demand for subjecting security and intelligence agencies to parliamentary and judicial oversight. More people are calling for justice through holding authorities accountable for taking part in violating citizens’ privacy. This includes spying attempts carried out by penetrating activists’ electronic devices.

This page is available in a different language العربية (Arabic) هذه الصفحة متوفرة بلغة مختلفة

Avatar photo

Abdellatif el-Hamamouchi

Abdellatif el-Hamamouchi is an investigative journalist and political science researcher from Morocco. He is a member of the Central Office of the Moroccan Association for Human Rights.