Togo: Togolese activist targeted by Indian-made spyware linked to hacker group

Activists in Togo may be at risk of being targeted by shadowy cyber mercenaries, who launch digital attacks in an attempt to steal victims' private data in order to sell it to private customers, new Amnesty investigation reveals International.

In its new report published today, Amnesty International reveals that the infamous hacker group Donot Team used fake Android apps and spyware-infected emails to target a well-known Togolese human rights defender, with the aim of illegally place under surveillance. This is the first time that Donot Team spyware has been identified in attacks outside of South Asia. This investigation also uncovered links between the spyware and the infrastructure used in these attacks, and Innefu Labs, an India-based cybersecurity firm.

This Togolese activist, who prefers to remain anonymous for security reasons, has worked for a long time with Togolese civil society organizations and is a key voice defending human rights in the country. His devices were targeted between December 2019 and January 2020, as the political climate was tense ahead of the 2020 presidential election in Togo.

“Cyber ​​mercenaries around the world profit unscrupulously from the unlawful surveillance of human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty Tech.

“Anyone can be a target: Cyber ​​mercenaries living hundreds of miles away can hack into your phone or computer, watch where you go and who you talk to, and sell your private data to repressive governments or criminals.”

Persistent WhatsApp and email attacks attempted to trick the victim into installing a malicious app disguised as a secure instant messaging app. It was actually spyware for Android designed to extract some of the most sensitive and personal information stored on the activist's phone.

This spyware would have allowed attackers to gain access to the camera and microphone, retrieve photos and files stored on the device, and even read WhatsApp messages encrypted at the time of sending and of reception. The secrecy of these attacks makes it extremely difficult for activists to detect if their phone is infected.

“When I realized it was an attempt at digital espionage, I felt in danger. I can't believe that my work can bother some people to the point that they try to spy on me. I am not the only one working for human rights in Togo. Why me ? the Togo-based human rights defender told Amnesty International.

This investigation by Amnesty International has uncovered a suite of technical evidence left by the perpetrators of the attack that proves links between the infrastructure used in these attacks and the India-based company Innefu Labs. This company announces that it offers services around digital security, data analysis and police forecasting to law enforcement agencies and the armed forces and claims to work with the Indian government. Innefu Labs does not have a human rights policy and does not appear to perform human rights due diligence – despite the enormous risks its products pose to civil society. Amnesty International found that Donot Team's attacks on organizations and individuals in Asia were mostly concentrated in northern India, Pakistan and Kashmir.

Attacks on activists

The space for action by human rights defenders in Togo has shrunk: in 2019, the year before the presidential election, Amnesty International noted the adoption of laws restricting the rights to freedom of expression and peaceful assembly, and documented cases of violations committed by the authorities, including against pro-democracy activists.

Several religious dignitaries and political opposition figures in Togo have reportedly been targeted by digital surveillance tools. In August 2020, The Guardian and Citizen Lab revealed that two Catholic clergy, Bishop Benoît Alowonou and Father Pierre Chanel Affognon, had been targeted through a WhatsApp flaw exploited by NSO Group.

Project Pegasus, coordinated by Forbidden Stories with technical support from Amnesty International's Security Lab, revealed this year that the numbers of hundreds of Togolese men and women had been put on a list of potential targets for NSO Group's Pegasus spyware. . Among them were independent journalists and members of political opposition movements.

The threat of targeted surveillance, whether real or not, can have severe psychological consequences for activists and a more than deleterious effect on their human rights work. Despite repeated calls from Amnesty International and civil society organizations for more transparency, not much is known about the cyber-surveillance industry, which evokes a veritable Wild West, and even less is known about the flourishing sector in which cybermercenaries operate.

“The surveillance industry is spiraling out of control with companies and cyber mercenaries operating entirely in the shadows.

“Surveillance companies must stop prioritizing profits over people and ensure that repressive regimes do not use their technology to stifle civil society,” said Danna Ingleton.

Amnesty International asks:

In a written response to Amnesty International, Innefu Labs denied "the existence of any link whatsoever between Innefu Labs and the spyware attributed to 'Donot Team'" or with the attacks against the human rights defender in Togo. Innefu Labs also stated that they are not aware of any use of their IP address in these alleged activities.

No evidence suggests direct involvement or knowledge of Innefu Labs in attacks against human rights defender in Togo using Donot Team spyware. Activities attributed to Donot Team may involve several separate actors or organizations with access to the same spyware or shared infrastructure.