Amnesty investigation uncovers hacking campaign targeting activists in Pakistan

May 15, 2018
Samaa Web Desk

This illustration picture taken on April 20, 2018 in Paris shows apps for Google, Amazon, Facebook, Apple (GAFA) and the reflexion of a binary code displayed on a tablet screen. Photo: AFP

Amnesty International conducted a four-month investigation, which revealed that activists in Pakistan are under threat from a targeted campaign of digital attacks.

The attacks came in the form of social media accounts getting hacked and computers and mobile phones infected with spyware.

On Tuesday, Amnesty released its report, Human Rights under Surveillance: Digital Threats against Human Rights Defenders in Pakistan. The report reveals “how attackers are using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime”.

“We uncovered an elaborate network of attackers who are using sophisticated and sinister methods to target human rights activists,” said Sherif Elsayed-Ali, the director of Global Issues at Amnesty International. “Attackers use cleverly designed fake profiles to lure activists and then attack their electronic devices with spyware, exposing them to surveillance and fraud and even compromising their physical safety.”

He said their investigation shows how attackers have used “fake Facebook and Google login pages to trick their victims into revealing their passwords”.

“It is already extremely dangerous to be a human rights defender in Pakistan and it is alarming to see how attacks on their work are moving online,” he said. “As an elected member of the UN Human Rights Council, Pakistan has a responsibility to uphold the highest international standards. It has repeatedly vowed to protect human rights activists and criminalise enforced disappearances, but what we are seeing shows they have done nothing on this front while the situation is getting worse.”

He said the Pakistani authorities must immediately order an independent and effective investigation into these attacks and ensure that human rights defenders are protected both online and off.

Diep Saeeda’s case

The report highlights the case of Diep Saeeda, a Pakistani civil society activist from Lahore. On December 2, 2017, one of Diep’s friends, Raza Mehmood Khan, a peace activist who tried to bring people from India and Pakistan together through activities like letter-writing went missing. “Diep began publicly calling for Raza’s release, including petitioning the Lahore High Court,” said the press release. “Soon after, she began to receive suspicious messages from people claiming to be concerned about Raza’s well-being. One Facebook user who claimed to be an Afghan woman named Sana Halimi, living in Dubai and working for the UN, repeatedly contacted Diep Saeeda via Facebook Messenger saying that she had information about Raza Mehmood. The operator of the profile sent Diep links to files containing malware called StealthAgent which, if opened, would have infected her mobile devices. The profile, which Amnesty believes was fake, was also used to trick Diep into divulging her email address, to which she started receiving emails infected with a Windows spyware commonly known as Crimson.”

According to Amnesty, it found that several human rights activists in Pakistan have been targeted in this way, sometimes by people claiming to be human rights activists themselves.

Diep Saeeda also received malicious emails claiming to be from staff of the Chief Minister of Punjab province, read the press release.

“Every time I open an email I am now scared,” said Saeeda. “It’s getting so bad I am actually not able to carry out my work – my social work is suffering.”

According to the press release, Amnesty used digital forensic techniques and malware analysis to identify the infrastructure and web pages connected to online attacks on human rights activists in Pakistan. “Amnesty traced these attacks to a group of individuals based in Pakistan,” it read. “The report reveals a network of individuals and companies based in Pakistan that are behind the creation of some of the tools seen in surveillance operations used to target individuals in Pakistan.”

These online attacks are taking place against the backdrop of a broader assault on Pakistani civil society, the press release read. “Over the past few months, Amnesty has noted with alarm that activists are being subjected to threats, intimidation, violent attacks and enforced disappearances. They include journalists, bloggers, peaceful protestors and other mainstays of civil society.”

Published in Pakistan, SCIENCE

Story first published: 15th May 2018