Indonesia: Murky network of spyware imports exposed - new report

Highly-invasive spyware imported using complex chain of global commercial networks

Volume of spyware imports to Indonesia is particularly concerning given its assault on human rights

‘The murky trade in spyware tools to Indonesia adds another dangerous tool for potential intimidation’ - Carolina Rocha da Silva

A wide range of highly invasive spyware and surveillance products are being imported and deployed in Indonesia, Amnesty International’s Security Lab said today, as it released a new report in collaboration with media partners Haaretz, Inside Story, Tempo, WAV research collective and Woz. 

The 34-page report - A web of surveillance: Unravelling a murky network of spyware and surveillance exports to Indonesia - reveals evidence of the sale and deployment of highly-invasive spyware and other surveillance technologies to companies and state agencies in Indonesia between 2017 and 2023, with recipients including the Indonesian National Police and the National Cyber and Crypto Agency. 

The sale and transfer of these spyware and surveillance technologies was enabled through a murky ecosystem of surveillance sellers, brokers and resellers with complex ownership structures. Vendors include Luxembourg-based Q Cyber Technologies SARL (linked to the notorious Israeli company NSO Group), the Intellexa consortium, Israel-based Wintego Systems Ltd and Saito Tech (also known as Candiru), and Malaysia-based Raedarius M8 Sdn Bhd (linked to FinFisher).

The investigation - conducted through open-source intelligence, including commercial trade databases and spyware infrastructure mapping - also identified brokers and resellers based in Singapore and Indonesia. 

These opaque commercial networks can hide the nature of surveillance exports, making independent oversight challenging for national and international judicial authorities, regulators and civil society organisations. Limited transparency and a systemic lack of information on dual-use surveillance transfers (technology or goods that can be used for either civilian and military purposes), including the suppliers and end-users involved and export licences requested, granted or rejected, make it challenging for regulatory mechanisms - where they exist - to be effectively enforced. 

Jurre van Bergen, Amnesty International’s Technologist, said:

“The sale and transfer of highly-invasive spyware and surveillance technologies to Indonesia continues to be a concerning development for human rights.

“The secretive trade of such spyware tools continues at a time when the rights to freedom of expression, peaceful assembly and association are already under attack in the country.”

 Malicious attack sites

Amnesty also identified malicious domain names and network infrastructure linked to multiple advanced spyware platforms, seemingly aimed at targeting people in Indonesia. Malicious domains tied to Candiru and Intellexa’s Predator spyware have imitated key national and regional news media outlets, opposition political parties and media stories related to documenting rights violations. Such attack sites are typically chosen by spyware operators to trick their intended targets into clicking through to a site which may expose their device to a potential infection. 

While Amnesty has uncovered significant new evidence about spyware and surveillance systems supplied to Indonesia, this research did not involve a forensic investigation or an attempt to identify specific individuals who may have been targeted with such surveillance tools. Spyware tools are designed to leave as few traces as possible, making it difficult to detect cases of their unlawful misuse. Instead, the research focuses on the sale and transfer of several highly-invasive spyware tools.

Amnesty requested comments and clarifications on the investigation’s findings from the 21 entities concerned. A summary of the responses from Candiru (referred to as Saito Tech in the research) and NSO Group (responding for Circles and Q Cyber Technologies SARL), as well as exporting agencies Swiss State Secretariat for Economic Affairs and the Israeli Defense Exports Control Agency, can be found in the report.

Assault on human rights

The sale and deployment of invasive spyware to Indonesia is particularly concerning given the ongoing assault on human rights in the country.  

Carolina Rocha da Silva, Security Lab’s Operations Manager, said:

“Human rights defenders and activists have repeatedly faced repression online in Indonesia.

“The Electronic Information and Transaction law and other restrictive laws have been used to prosecute and intimidate human rights defenders, activists, journalists, academics and others.

“The murky trade in spyware tools to Indonesia adds another dangerous tool for potential intimidation. This cannot be allowed to continue.”

 Even extensive human rights safeguards will not protect members of civil society against invasive spyware and Amnesty is calling for a permanent global ban on such technology, with an end to the sale, transfer and use of all spyware until there are proper international and national human rights regulatory frameworks in place to protect people from the human rights abuses caused by spyware and surveillance technology.