Pakistan: Investigation uncovers 'sinister' hacking campaign targeting activists
- Exclusive investigation used digital forensic techniques and malware analysis to uncover hacking methods
- Fake Facebook and Google login pages trick victims into sharing passwords and personal information
- Hacked info used to persecute, threaten and discredit
Activists in Pakistan are under threat from a targeted campaign of digital attacks, which has seen social media accounts hacked and computers and mobile phones infected with spyware, a four-month investigation by Amnesty International reveals.
In a new report released today, Human Rights Under Surveillance: Digital Threats against Human Rights Defenders in Pakistan, Amnesty reveals how attackers are using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime.
Sherif Elsayed-Ali, Director of Global Issues at Amnesty International, said:
“We uncovered an elaborate network of attackers who are using sophisticated and sinister methods to target human rights activists. Attackers use cleverly designed fake profiles to lure activists and then attack their electronic devices with spyware, exposing them to surveillance and fraud and even compromising their physical safety.
“Our investigation shows how attackers have used fake Facebook and Google login pages to trick their victims into revealing their passwords. It is already extremely dangerous to be a human rights defender in Pakistan and it is alarming to see how attacks on their work are moving online.
“As an elected member of the UN Human Rights Council, Pakistan has a responsibility to uphold the highest international standards. It has repeatedly vowed to protect human rights activists and criminalise enforced disappearances, but what we are seeing shows they have done nothing on this front while the situation is getting worse.
“The Pakistani authorities must immediately order an independent and effective investigation into these attacks and ensure that human rights defenders are protected both online and off."
Every time I open an email I am now scared
The report highlights the case of Diep Saeeda, a prominent Pakistani civil society activist from Lahore. On 2 December 2017, one of Diep’s friends, Raza Mehmood Khan, a peace activist who tried to bring people from India and Pakistan together through activities like letter-writing was “disappeared”. Diep began publicly calling for Raza’s release, including petitioning the Lahore High Court. Soon after, she began to receive suspicious messages from people claiming to be concerned about Raza’s well-being.
One Facebook user who claimed to be an Afghan woman named Sana Halimi, living in Dubai and working for the UN, repeatedly contacted Diep Saeeda via Facebook Messenger saying that she had information about Raza Mehmood. The operator of the profile sent Diep links to files containing malware called StealthAgent which, if opened, would have infected her mobile devices. The profile, which Amnesty believes was fake, was also used to trick Diep into divulging her email address, to which she started receiving emails infected with a Windows spyware commonly known as Crimson.
Amnesty found that several human rights activists in Pakistan have been targeted in this way, sometimes by people claiming to be human rights activists themselves.
Diep Saeeda also received emails claiming to be from staff of the Chief Minister of Punjab province. The emails included false details of a supposed upcoming meeting between the provincial Ministry of Education and Diep’s organisation, the Institute for Peace and Secular Studies. In other cases, the attackers pretended to be students looking for guidance and tuition from Diep.
Diep Saeeda said:
“Every time I open an email I am now scared. It’s getting so bad I am actually not able to carry out my work – my social work is suffering.”
Over the course of several months, Amnesty used digital forensic techniques and malware analysis to identify the infrastructure and web pages connected to online attacks on human rights activists in Pakistan. Amnesty’s traced these attacks to a group of individuals based in Pakistan. The report reveals a network of individuals and companies based in Pakistan that are behind the creation of some of the tools seen in surveillance operations used to target individuals in Pakistan.
These online attacks are taking place against the backdrop of a broader assault on Pakistani civil society. Over the past few months, Amnesty has noted with alarm that activists are being subjected to threats, intimidation, violent attacks and enforced disappearances. They include journalists, bloggers, peaceful protestors and other mainstays of civil society.
Kate Allen, Director of Amnesty UK, said:
“The level of danger facing activists worldwide has reached crisis point. Every day people are threatened, tortured, imprisoned and killed for what they fight for.
“The protection of human rights defenders must be put at the heart of the Foreign Secretary’s vision of ‘Global Britain’ if the UK is to be a credible voice on human rights post Brexit. Now is the time to act and develop a coherent strategy on tackling the global surge in repression of human rights defenders.”