Last week, Access Now, Amnesty International, Citizen Lab, and CyberHUB-AM jointly reported that members of civil society in Armenia had been hacked with NSO Group’s Pegasus spyware. The victims include human rights defenders, a United Nations official, and journalists with Radio Free Europe/Radio Liberty. The reports were quickly picked up and shared by numerous news outlets, including Forbes, the Guardian, NBC, Reuters, TechCrunch, and Wired. But sadly, the articles did not contain much guidance for at-risk communities.
And that’s a problem.
Journalists have written about the use of sophisticated spyware and hacking tools to target civil society for over a decade. Yet information about how to protect yourself against these attacks is frequently missing, leaving at-risk communities to figure things for themselves. That’s assuming they even know they’re at-risk, but that’s a topic for another day.
Maybe we are so focused on preventing attacks, or simply reporting on them, that we forget we can make attacks harder to achieve; notify victims they may have been targeted; and provide support to those who need it.
At least three of Citizen Lab’s spyware investigations began with victims reaching out to Access Now’s digital security helpline–Mexico, El Salvador, and Armenia. In one of those investigations, the victims reached out to Access Now after first testing their devices with the Mobile Verification Toolkit released by Amnesty International as part of the Pegasus Project in 2021. Considering the value provided by the helpline–for free, around-the-clock, since 2009–I’m surprised it does not get more attention.
This latest investigation into spyware in Armenia began when Apple sent threat notifications to victims in November 2021. Examples of notifications are easy to find on Twitter and Facebook; they look like this. Apple sent one to Lama Fakih with Human Rights Watch too. The notification did not say how she was targeted, with what, or by whom. But that message, and frankly that awareness, helped start an investigation. Together with Amnesty International, Human Rights Watch determined that Fakih, a U.S.-Lebanese national, had been targeted with Pegasus five times between April and August 2021.
Last year, Apple introduced a new, opt-in security feature for macOS, iOS, and iPadOS called Lockdown Mode. While the feature does not guarantee that your device will never be hacked, it reduces the attack surface that could be exploited by sophisticated spyware. In short, Lockdown Mode makes attacks harder to achieve. When asked, Citizen Lab said it has not seen any cases of spyware compromising a device with Lockdown Mode on “with zero-click attacks,” suggesting the feature really does provide additional protection.
We may not be able to prevent these attacks from happening. And if it’s not Pegasus, it will likely be something else. A part of that ongoing arms race between technology giants and spyware makers. But I believe there’s tremendous value in sharing what we do know with the people who need it the most. After all, isn’t that what journalism is all about?
Citizenlab has something helpful: in Research > Tools & Resources, see Security Planner