Reasons behind 'coordinated' spyware attack on human rights activists

At least nine human rights activists, engaged in the fight for justice in the Bhima Koregaon case, have been targeted by a “coordinated” spyware operation, an investigation by Amnesty International and internet watchdog, Citizen Lab, has revealed.

The aim of the spyware campaign was apparently to monitor their actions and communications. The nine targets, who received malicious emails on their personal accounts, included well-known activists, lawyers, academics, and journalists.

Even as it is unclear who was behind the spyware campaign, there is a pattern of digital attacks against the human rights defenders supporting the imprisoned Bhima Koregaon activists.

Those targeted include: lawyers and activists Nihalsing B Rathod, Degree Prasad Chouhan, Yug Mohit Choudhary, and Ragini Ahuja; academics Partho Sarothi Ray and P K Vijayan, a human rights collective — Jagdalpur Legal Aid Group (JAGLAG) — and lawyer Shalini Gera.

Related news: Beware of phishing attack by ‘malicious actors,’ warns govt

They had called for the release of other activists who have been charged by the police in connection to the Bhima Koregaon incident.

“Between January and October 2019, the human rights defenders were targeted with emails containing malicious links. If these links were clicked, a form of commercially-manufactured Windows spyware would have been deployed, compromising the target’s Windows computers, in order to monitor their actions and communications. This is a violation of their rights to freedom of expression and privacy,” the Citizen Lab-Amnesty International report said.

“Each of the targets were sent spear phishing emails containing malicious links that, if opened, would have installed NetWire, a commercially available spyware. A spear phishing attack is a targeted attempt to install a spyware (a malicious software) on the victim’s computer or smartphone. Spear phishing is generally performed by sending very carefully crafted and personalized emails to the target, often impersonating colleagues or loved ones,” it said.

Amnesty International and Citizen Lab have called for an “independent impartial, and transparent investigation” into the unlawful targeted surveillance to determine whether it is linked to any specific government agencies.

The emails were “very carefully crafted and personalised”, often impersonating those known to the targets, such as journalists or officials from local courts.

Related news: 21,467 Indian websites hacked in 2019 till October

“The spear phishing emails and spyware suggest that this is not a cyber crime attack, but a spyware campaign trying to compromise devices of the human rights defenders,” Amnesty International and Citizen Lab said in a blog post.

This is not the first time that civil rights activists have been targeted with malware in India.

In October 2019, Facebook’s WhatsApp had revealed that NSO Group, a surveillance tool vendor, had exploited a vulnerable feature on their platform to target 1,400 individuals earlier in the year.

The NSO Group says that it sells its products only to “government intelligence and law enforcement agencies.”