Morocco used Israeli malware to spy on journalists

Man stands outside, metal detector in the background

Journalist Omar Radi outside the court in Casablanca, Morocco, on 12 March. 

Youssef Boudlal Reuters

The Moroccan government is using technology it obtained from Israeli cyberwarfare company NSO Group to spy on its own citizens, according to a new investigation by Amnesty International.

Meanwhile, a Saudi activist previously targeted with the Israeli spyware has been warned by Canadian authorities that his life is potentially in danger from the Saudi government.

In a report published on Monday, Amnesty revealed that Moroccan journalist Omar Radi was targeted from January 2019 until January 2020 using systems run by NSO Group.

Radi is an award-winning journalist who’s written about corruption and human rights abuses in Morocco.

He was arrested last year and in March given a four-month suspended jail sentence and a fine for a tweet he wrote in April 2019 criticizing a judge’s ruling against protesters from the opposition Hirak Rif movement.

Radi currently lives in Rabat, the capital.

Radi’s phone was targeted by Pegasus, a sophisticated cyber weapon produced by NSO Group which allows its remote operators to hijack smartphones undetected and extract massive amounts of private data.

Those doing the spying can access messages, pictures, passwords, documents, emails and contacts, and operate the camera, microphone and calls.

Previously, targets were required to click on a link sent to them as bait in order for Pegasus to infiltrate the device.

More advanced versions have made it possible for operators to hijack smartphones without relying on the target clicking on a link.

Morocco as Israel’s customer

NSO Group claims its products are used “exclusively by government intelligence and law enforcement agencies to fight crime and terror.”

In addition to the firm’s insistence that it sells malware only to governments, evidence suggests that so-called “network injection” attacks – the type used to target Radi – “require either physical proximity to the targets or leverage over mobile operators in the country which only a government could authorize,” according to Amnesty.

This led Amnesty to conclude that it was the Moroccan government that did the spying on Radi’s phone.

Canadian cyber security organization Citizen Lab has long identified Morocco as an NSO Group client.

Israel and Morocco have no formal diplomatic relations, but covert relations exist.

Israel’s flag was even raised in Morocco last year at a judo competition.

“They’re friends,” Radi told the publication Forbidden Stories.

“Israel is a great supplier of technology. Not just surveillance,” he said. “Morocco is a big customer of Israel.”

Previous targets

In October 2019, Amnesty revealed that two other Moroccan activists were targeted by Pegasus.

They were activist Maati Monjib and Abdessadak El Bouchattaoui, a human rights lawyer who was involved in the defense of protesters from the Hirak Rif movement.

The Palestinian BDS National Committee, the steering group of the global boycott, divestment and sanctions movement, and a human rights groups in Morocco, previously issued a joint condemnation of the targeting and harassment of the pair.

At the time, Amnesty requested that NSO Group respond to its revelations regarding the targeting of Monjib and El Bouchattaoui.

The company said its tools were not meant “to surveil dissidents or human rights activists.”

“If we ever discover that our products were misused in breach of such a contract, we will take appropriate action.”

Amnesty said evidence showed that the same type of network injection attack used on Monjib’s phone was used against Radi.

In other words, even after NSO Group was made aware in October 2019 that human rights defenders and activists were being spied on using its technology, the Moroccan government apparently remained NSO Group’s client until at least January 2020.

“This suggests that contrary to its claims, NSO Group has not taken adequate action to stop the use of its tools for unlawful targeted surveillance of [human rights defenders] in Morocco, despite being aware that this was taking place,” Amnesty said.

Earlier this month, Amnesty asked NSO Group to respond to its more recent revelations.

The company replied that it would neither “confirm or deny that such authorities use our technology,” according to Amnesty.

Embroiled in scandal

NSO Group has been embroiled in spying on and violating the human rights of journalists, activists and government officials and is facing multiple lawsuits and an FBI investigation.

Amnesty is pursuing legal action over NSO Group by taking Israel’s defense ministry to court and demanding its export license be revoked.

Facebook is also suing the Israeli firm for exploiting a flaw in its WhatsApp messaging service to spy on hundreds of people, including American citizens’ phones.

NSO Group responded to accusations by launching a new “human rights policy.”

But those who serve as senior advisers at the firm include at least one former Israeli official with a record of defending war crimes rather than protecting human rights.

Saudi activist warned of threat

Another such lawsuit is being brought by Omar Abdulaziz, a Saudi activist and close friend of slain Saudi journalist Jamal Khashoggi.

NSO Group is implicated in Khashoggi’s murder, as Pegasus was apparently used by the Saudi government to intercept conversations between Abdulaziz and Khashoggi.

Now, Canadian federal police are warning Abdulaziz that he’s a potential target of the Saudi government.

Abdulaziz said in a Twitter video on Sunday that the Royal Canadian Mounted Police informed him that he must protect himself from a possible attempt at kidnapping or assassination by Saudi Arabia.

Canada’s relationship with Saudi Arabia has been somewhat strained since Canada’s previous foreign minister Chrystia Freeland criticized the Gulf government’s crackdown on Samar Badawi in 2018.

Samar Badawi is the sister of Raif Badawi, a Saudi blogger who was arrested in 2012 after writing critically of Muslim clerics and theocracy. Ensaf Haidar, Raif’s wife, is a Canadian citizen.

Haidar has maintained a cozy relationship with Prime Minister Justin Trudeau and the Israel lobby in an effort to free her husband.

It remains notable that Canada is willing to risk major diplomatic ruptures over the rights of a non-Canadian like Samar Badawi, while barely speaking out when the rights of some Canadians are directly violated by Israel.

Google uncovers spyware

Meanwhile, internet security experts uncovered a massive spyware effort that exploited security loopholes in Google’s web browser Chrome.

Researchers for the firm Awake Security found that the spyware attacked users who downloaded some 32 million extensions for the Chrome browser, Reuters reported.

Those extensions – little bits of software that are meant to enhance the browser’s usability – acted as trojan horses to collect data from users.

It remains unclear who was behind the attack.

There is, however, a notable link to Israel.

The malware surreptitiously linked users’ devices to websites in order to transmit the information.

“All of the domains in question, more than 15,000 linked to each other in total, were purchased from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication Ltd.,” Reuters reported.

The Israeli firm is denying any wrongdoing.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” the company’s founder, Moshe Fogel, said.

“You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”

Galcomm describes itself as an online marketing company. It is headquartered in Netanya in central Israel, and was founded by Fogel in 2000.

Its customers include Israel’s ministry of tourism.

Military to start-up pipeline

These incidents highlight the need for countries to be wary of cooperating with Israel’s tech industry, which has deep ties to and recruits directly from the country’s military and intelligence apparatus.

NSO Group, for example, was founded by Unit 8200 veterans, the equivalent of the US National Security Agency, in the Israeli military.

Unit 8200 veterans have admitted to abusing the human rights of Palestinians by collecting private information that Israeli intelligence services could use to blackmail them.

The coronavirus pandemic has provided a ripe opportunity for the surveillance market.

A new report by the Israeli defense ministry reveals that while Israel’s weapons exports dipped from more than $9 billion in 2017 to just over $7 billion last year, sales of spy technologies have surged.

Surveillance and spying technology now makes up 14 percent of Israel’s total arms exports.

Despite its involvement in grave human rights abuses, EU countries are rushing to embrace Israel’s cyberwarfare industry.


Tamara Nassar

Tamara Nassar is an assistant editor at The Electronic Intifada.