Pakistan: Campaign of hacking, spyware and surveillance targets human rights defenders

Human rights defenders in Pakistan are under threat from a targeted campaign of digital attacks, which has seen social media accounts hacked and computers and mobile phones infected with spyware, a four-month investigation by Amnesty International reveals.
In a new report released today, “Human Rights Under Surveillance: Digital Threats against Human Rights Defenders in Pakistan”, Amnesty International reveals how attackers are using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime.
“We uncovered an elaborate network of attackers who are using sophisticated and sinister methods to target human rights activists. Attackers use cleverly designed fake profiles to lure activists and then attack their electronic devices with spyware, exposing them to surveillance and fraud and even compromising their physical safety,” said Sherif Elsayed-Ali, Director of Global Issues at Amnesty International.
“Our investigation shows how attackers have used fake Facebook and Google login pages to trick their victims into revealing their passwords. It is already extremely dangerous to be a human rights defender in Pakistan and it is alarming to see how attacks on their work are moving online.”
The report highlights the case of Diep Saeeda, a prominent Pakistani civil society activist from Lahore. On 2 December 2017, one of Diep’s friends, Raza Mehmood Khan, a peace activist who tried to bring people from India and Pakistan together through activities like letter-writing, was subject to an enforced disappearance.
Diep began publicly calling for Raza’s release, including petitioning the Lahore High Court. Soon after, she began to receive suspicious messages from people claiming to be concerned about Raza’s well-being.
One Facebook user who claimed to be an Afghan woman named Sana Halimi, living in Dubai and working for the UN, repeatedly contacted Diep Saeeda via Facebook Messenger saying that she had information about Raza Mehmood. The operator of the profile sent Diep links to files containing malware called StealthAgent which, if opened, would have infected her mobile devices. The profile, which Amnesty International believes was fake, was also used to trick Diep into divulging her email address, to which she started receiving emails infected with a Windows spyware commonly known as Crimson. 
Amnesty International found that several human rights activists in Pakistan have been targeted in this way, sometimes by people claiming to be human rights activists themselves.
Diep Saeeda also received emails claiming to be from staff of the Chief Minister of Punjab province. The emails included false details of a supposed upcoming meeting between the provincial Ministry of Education and Diep’s organization, the Institute for Peace and Secular Studies. In other cases, the attackers pretended to be students looking for guidance and tuition from Diep.
“Every time I open an email I am now scared. It’s getting so bad I am actually not able to carry out my work – my social work is suffering,” said Diep Saeeda.
Over the course of several months, Amnesty International used digital forensic techniques and malware analysis to identify the infrastructure and web pages connected to online attacks on human rights activists in Pakistan. Amnesty International’s Technology and Human Rights team has been able to trace these attacks to a group of individuals based in Pakistan. The report reveals a network of individuals and companies based in Pakistan that are behind the creation of some of the tools seen in surveillance operations used to target individuals in Pakistan.
These online attacks are taking place against the backdrop of a broader assault on Pakistani civil society. Over the past few months, Amnesty International has noted with alarm that activists are being subjected to threats, intimidation, violent attacks and enforced disappearances. They include journalists, bloggers, peaceful protestors and other mainstays of civil society.
“As an elected member of the UN Human Rights Council, Pakistan has a responsibility to uphold the highest international standards. It has repeatedly vowed to protect human rights activists and criminalize enforced disappearances, but what we are seeing shows they have they done nothing on this front while the situation is getting worse,” said Sherif Elsayed-Ali.
“The Pakistani authorities must immediately order an independent and effective investigation into these attacks, and ensure that human rights defenders are protected both online and off.”