Two Human Rights Watch staff members based in Jordan have been repeatedly targeted with advanced surveillance spyware, Human Rights Watch said today. The targeting, which violates their right to privacy, began in October 2022 and succeeded briefly in infecting one of their mobile phones.
The same spyware was also used to target the devices of at least 32 Jordanian and Jordan-based journalists, activists, and politicians between 2019 and September 2023, according to an Access Now report, released on February 1, 2024, that relied on a forensic investigation conducted jointly with the Canadian academic research center, Citizen Lab. The investigation found traces of Pegasus spyware in their mobile devices, with some devices infected multiple times. The analysis could not determine which government initiated the attacks.
"The sweeping targeting of dozens of Jordan-based activists and journalists is a stark reminder of the urgent need to safeguard digital rights and privacy," said Lama Fakih, Middle East and North Africa director at Human Rights Watch. "Governments will abuse surveillance technology with no hesitation or accountability until there are global norms and regulations to protect human rights in the digital age.
The personal mobile iPhone of Adam Coogle, deputy Middle East and North Africa director and head of the Human Rights Watch Jordan office, which uses a Jordanian phone number, was infected with Pegasus on October 2, and the infection lasted until October 3, 2022. Apple notified Coogle via email, iMessage, and an alert on the Apple ID login screen on March 2, 2023, that state-sponsored attackers may be targeting his device. After performing a forensic analysis on his devices, Human Rights Watch information security team, in collaboration with Amnesty International's Security Lab, confirmed the infection
Coogle's phone was infected with a "zero-click" exploit, meaning that his device was compromised without the need for him to act, such as by clicking on a link. This is an advanced and sophisticated attack technique that is effective at compromising devices, while also being very difficult for the person targeted to detect or prevent the attack. Technical analysis showed that the infection was related to the iPhone HomeKit feature, confirming the Citizen Lab publication that NSO Group, which developed and sells Pegasus, was exploiting vulnerabilities in HomeKit around October 2022.
In August 2023, Coogle and another Jordan-based Human Rights Watch employee, Hiba Zayadin, senior researcher in the Middle East and Africa division, received notifications from Apple that state-sponsored attackers had attempted to remotely compromise their personal mobile phones. Zayadin's targeted iPhone also used a Jordanian phone number. Zayadin received a notification from Apple about an additional attempt to remotely compromise her phone on October 30, 2023.
The forensic analysis established that all of the attempted hacks targeting Coogle and Zayadin in 2023 were unsuccessful, most likely due to iPhone's Lockdown Mode, a relatively recent Apple feature that heightens the device security. Coogle and Zayadin investigate, document, and expose human rights abuses in a number of countries in the Middle East and North Africa, including Jordan.
Pegasus software is surreptitiously introduced on people's mobile phones. Once Pegasus is on the device, the client is able to turn it into a powerful surveillance tool by gaining complete access to its camera, calls, media, microphone, email, text messages, and other functions, enabling surveillance of the person targeted and their contacts.
Coogle's October 2022 attack is not the first time a Human Rights Watch staff member was targeted with the spyware. The iPhone device of Lama Fakih, Middle East and North Africa director and head of the Human Rights Watch Beirut office, was infected five times between April and August 2021. At the time, she was Human Rights Watch's crisis and conflict director.
The use of Pegasus to target the devices of local activists in Jordan has also been previously documented. The rights group Front Line Defenders reported in January 2022 that Pegasus had compromised the phone of a local lawyer and human rights activist, Hala Ahed, in March 2021. In April 2022, the Canadian academic research center Citizen Lab reported that the devices of four Jordanian human rights defenders, lawyers, and journalists had been hacked with Pegasus spyware between August 2019 and December 2021, and identified two Pegasus operators it believed were most likely connected to the Jordanian government. Front Line Defenders reported in January 2022 that Ahed's phone had been compromised by Pegasus in March 2021.
In April 2021, the online US-based news outlet Axios reported that the Jordan government had entered negotiations with NSO Group to obtain advanced surveillance software, but there was no confirmation at that time that the deal had been finalized.
The targeting of Jordan-based and Jordanian researchers, journalists, activists, members of political parties, and diplomats using spyware comes amid an intensifying crackdown on civic space in Jordan. Jordanian authorities are increasingly persecuting and harassing citizens organizing peacefully and engaging in political dissent by using existing vague and abusive laws that criminalize speech, association, and assembly. Most recently, in August, the Jordanian government passed a strict cybercrimes law that makes it harder for people to freely express themselves online, endangers the right to stay anonymous on the internet, and gives the government more authority to control social media, potentially leading to more online censorship.
In response to evidence that Pegasus has been used to target human rights defenders, journalists, and dissidents, NSO Group has repeatedly said that its technology is licensed for the sole use of providing governments and law enforcement agencies the ability to lawfully fight terrorism and crime, and that it does not operate the spyware it sells to government clients.
Human Rights Watch wrote to Jordanian authorities and NSO Group about the targeting of staff with Pegasus spyware on October 10. NSO Group responded on October 19, stating that its "contractual provisions require that the customers operate NSO's products in a manner consistent with international human rights norms and only in connection with suspected terrorism and serious crimes." Human Rights Watch has repeatedly contacted NSO Group about these attacks and to ask it to investigate the attack on Coogle's device in October 2022, but has received no substantive response to these inquiries.
The extensive use of Pegasus to spy on the human rights and civil society movement in Jordan underscores the urgent need to regulate the global trade in surveillance technology. Governments should put a moratorium on the sale, export, transfer, and use of surveillance technology until human rights safeguards are in place, Human Rights Watch said.
"The ongoing erosion of civil and political rights in Jordan is deeply concerning, and the apparent abuse of surveillance technology to hack local activists only adds to the chilling effect," Fakih said. "Jordanian authorities should immediately take stock of the current situation and reaffirm their human rights commitments before there is further erosion of civic space."