Amnesty International, in a report published on Thursday, has uncovered a targeted digital attack campaign against a Human Rights Defender (HRD) in Togo — West of Africa. The Amnesty International Security Lab investigation found that the spyware used in these attacks ties to an attacker group known as the Donot Team, previously connected to attacks in India and Pakistan among others.
Amnesty International has identified links between the infrastructure used by Donot Team and an Indian cybersecurity company, Innefu Labs, which advertises digital security, data analytics, and predictive policing services to law enforcement and armed forces.
A Togolese activist, who wishes to remain anonymous for security reasons, had their phone hacked. Their devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 Togolese presidential election.
The discovery is the first time Donot Team spyware was found in attacks outside of South Asia.
“Across the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty Tech.
“Anyone can be a target – attackers living hundreds of miles away can hack your phone or computer, watch where you go and who you talk to, and sell your private information to repressive governments and criminals.”
The persistent attacks over WhatsApp and email tried to trick the victim into installing a malicious application that masqueraded as a secure chat application. The application was in fact a piece of custom Android spyware designed to extract some of the most sensitive and personal information stored on the activist’s phone.
The spyware would have enabled attackers to access the camera and microphone, collect photos and files stored on the device, and even read encrypted WhatsApp messages as they are being sent and received. The covert nature of such attacks makes it extremely difficult for activists to detect whether their devices have been compromised.
“Having realized that this was an attempt at digital espionage, I felt in danger. I can’t believe that my work could be so disturbing to some people that they would try to spy on me. I am not the only one working for human rights in Togo. Why me?”, the Togo-based human rights defender told Amnesty International.
Amnesty International’s investigation uncovered a trail of technical evidence left by the attackers which identified links between the attack infrastructure and an Indian-based, Innefu Labs. The company advertises digital security, data analytics, and predictive policing services to law enforcement and armed forces and claims to work with the Indian government.
Innefu Labs does not have a human rights policy and does not appear to carry out human rights due diligence – despite the enormous risks their products pose to civil society. Amnesty International has observed additional evidence of Donot Team attacks against organizations and individuals across Asia, mostly concentrated in the north of India, Pakistan and Kashmir.