Pegasus Spyware: Omar Radi Critical Review
Article Sidebar
Main Article Content
Abstract
This research critically examines the forensic methodologies employed by Amnesty International and The Citizen Lab in their analysis of NSO Group’s Pegasus spyware, with a particular focus on the high-profile case of Moroccan journalist Omar Radi. Despite claims of scientific rigor, significant methodological flaws are evident, including reliance on speculative forensic indicators, the generation of false positives, and the absence of independent peer review. These shortcomings undermine the validity of the findings and raise concerns about their transparency, particularly in politically sensitive cases. Technical inconsistencies, such as the reliance on ambiguous data artifacts like browsing history and process executions, highlight failures to meet established standards for transparency, reproducibility, and accountability. The study also identifies systemic issues related to overlapping personnel between Amnesty International and The Citizen Lab, which compromise the independence of these investigations. These issues are compounded by the lack of rigor in evidence handling, exemplified by Amnesty’s quiet retraction of false positives without formal updates to their published findings. Such practices not only diminish the credibility of the conclusions but also risk misrepresenting critical evidence in cases with far-reaching implications. By uncovering these flaws, this research underscores the urgent need for more robust and scientifically validated methodologies in spyware detection. Emphasis is placed on the importance of adopting peer-reviewed practices that prioritize accuracy, reproducibility, and impartiality. Ultimately, the findings contribute to a broader discourse on the critical role of methodological rigor and transparency in digital forensics, particularly when addressing issues with profound implications for human rights and state accountability.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
IJCERT Policy:
The published work presented in this paper is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. This means that the content of this paper can be shared, copied, and redistributed in any medium or format, as long as the original author is properly attributed. Additionally, any derivative works based on this paper must also be licensed under the same terms. This licensing agreement allows for broad dissemination and use of the work while maintaining the author's rights and recognition.
By submitting this paper to IJCERT, the author(s) agree to these licensing terms and confirm that the work is original and does not infringe on any third-party copyright or intellectual property rights.
References
] Amnesty International, "Morocco: Authorities must ensure Omar Radi’s fair trial rights," Mar. 3, 2022. [Online]. Available: https://www.amnesty.org/en/latest/news/2022/03/morocco-authorities-must-ensure-omar-radis-fair-trial-rights/
] Amnesty International, "NSO spyware used against Moroccan journalist days after company pledged to respect human rights," Jun. 22, 2020. [Online]. Available: https://www.amnesty.org/en/latest/news/2020/06/nso-spyware-used-against-moroccan-journalist/
] Amnesty International, "Forensic methodology report: How to Catch NSO Group’s Pegasus," Jul. 18, 2021. [Online]. Available: https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
] P. Chauhan and P. Bansal, "Assessment of Forensics Investigation Methods," Smart Innovation, Systems and Technologies, pp. 317–324, 2021. doi: 10.1007/978-981-33-4443-3_30.
] A. M. Alashjaee and M. Haney, "A Framework for Mobile Malware Forensics," 2020 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, 2020, pp. 175–181. doi: 10.1109/CSCI51800.2020.00037.
] Privacy International, "Taming Pegasus: A way forward on surveillance tech proliferation," Jul. 27, 2021. [Online]. Available: https://privacyinternational.org/news-analysis/4602/taming-pegasus-way-forward-surveillance-tech-proliferation
] Maratsi, M. I., Popov, O., Alexopoulos, C., & Charalabidis, Y. (2022). Ethical and legal aspects of digital forensics algorithms: The case of digital evidence acquisition. Proceedings of the 15th International Conference on Theory and Practice of Electronic Governance, 72, 32–40. https://doi.org/10.1145/3560107.3560114
] Privacy International, "Briefing note on OECD Complaints against Gamma International and Trovicor in the UK and Germany," Feb. 3, 2013. [Online]. Available: https://web.archive.org/web/20130308002112/https://www.privacyinternational.org/sites/privacyinternational.org/files/downloads/press-releases/2013_02_01_oecd_briefing_note.pdf
] Privacy International, "Our People," Jul. 6, 2012. [Online]. Available: https://web.archive.org/web/20120706172455/https://privacyinternational.org/people
] Privacy International, "Our People," Mar. 7, 2013. [Online]. Available: https://web.archive.org/web/20130307220652/https://privacyinternational.org/people
] The Citizen Lab, "People," Jun. 18, 2020. [Online]. Available: https://web.archive.org/web/20200618113556/https://citizenlab.ca/people/
] C. Guarnieri, "Claudio Guarnieri," Sep. 27, 2020. [Online]. Available: https://web.archive.org/web/20200927032322/https://www.allamericanspeakers.com/speakers/398576/Claudio-Guarnieri
] E. Maynier, "About Me," Jan. 24, 2024. [Online]. Available: https://web.archive.org/web/20240124110622/https://randhome.io/about/
] Amnesty International, "Amnesty International Limited: Report and financial statements for the year ended 31 December 2021," Oct. 1, 2022. [Online]. Available: https://www.amnesty.org/en/documents/fin40/6385/2022/en/
] The Munk School, "Meet MGA alumna-turned-faculty, Sarah Beamish," Apr. 21, 2021. [Online]. Available: https://web.archive.org/web/20221125144203/https://munkschool.utoronto.ca/mga/news/meet-mga-alumna-turned-faculty-sarah-beamish
] University of Toronto, "Human ethics principles & guidelines," Human Ethics Principles & Guidelines, 2019. [Online]. Available: https://research.utoronto.ca/ethics-human-research/human-ethics-principles-guidelines
] N. Sunde, "Strategies for safeguarding examiner objectivity and evidence reliability during digital forensic investigations," Forensic Science International: Digital Investigation, vol. 40, p. 301317, 2022. doi: 10.1016/j.fsidi.2021.301317.
] D. Kim and S. Lee, "Study of identifying and managing the potential evidence for effective Android forensics," Forensic Science International: Digital Investigation, vol. 33, p. 200897, 2020. doi: 10.1016/j.fsidi.2019.200897.
] N. Hughes and U. Karabiyik, "Towards reliable digital forensics investigations through Measurement Science," WIREs Forensic Science, vol. 2, no. 4, 2020. doi: 10.1002/wfs2.1367.
] Le 360, "Omar Radi Case: Government Demands Official Response From Amnesty Again," Le 360 Français, Feb. 7, 2020. [Online]. Available: https://fr.le360.ma/politique/video-affaire-omar-radi-le-gouvernement-exige-de-nouveau-une-reponse-officielle-damnesty-218462/
] Amnesty International, "Forensic methodology report: How to catch NSO group’s Pegasus - Original Report," Jul. 18, 2021. [Online]. Available: https://web.archive.org/web/20210718160124/https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
] ENISA, "Mobile threats incident handling," 2014. [Online]. Available: https://www.enisa.europa.eu/topics/training-and-exercises/trainings-for-cybersecurity-specialists/online-training-material/documents/Mobileincidenthandlinghandbook.pdf
] Lookout, "Technical analysis of the Pegasus exploits on iOS," Dec. 13, 2016. [Online]. Available: https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf
] Mitre.org, "CVE-2016-4657," CVE, May 11, 2016. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4657
] Apple Developer Forums, "Many apps crash with EXC_CRASH (SIGABRT)," Sep. 2023. [Online]. Available: https://developer.apple.com/forums/thread/737336
] Rick Rheo, "False indication of Pegasus · issue #19 · AmnestyTech/investigations," GitHub, Jul. 27, 2021. [Online]. Available: https://github.com/AmnestyTech/investigations/issues/19
] AmnestyTech, "Remove a file that creates false positive · AmnestyTech/investigations@928ea5a," GitHub, Jul. 28, 2021. [Online]. Available: https://github.com/AmnestyTech/investigations/commit/928ea5a820df6596762241da147b5afa1458b5ee
] AmnestyTech, "Removing false positive · AmnestyTech/investigations@1c69421," GitHub, Jul. 19, 2021. [Online]. Available: https://github.com/AmnestyTech/investigations/commit/1c694217c3efb4e40f34822b6ef99a7b5bd8a064
] B. Marczak, J. Scott-Railton, S. Anstis, and R. Deibert, "Independent peer review of Amnesty International’s forensic methods for identifying Pegasus spyware," The Citizen Lab, Jul. 18, 2021. [Online]. Available: https://citizenlab.ca/2021/07/amnesty-peer-review/
] AmnestyTech, "Warning + remove false positive · AmnestyTech/Investigations@ba749a9," GitHub, Jul. 22, 2021. [Online]. Available: https://github.com/AmnestyTech/investigations/commit/ba749a926cec4bf43920c9300922296689fdc57b
] AmnestyTech, "Re-added indicator that was removed as FP by mistake · AmnestyTech/investigations@6914279," GitHub, Nov. 4, 2021. [Online]. Available: https://github.com/AmnestyTech/investigations/commit/6914279c3c3226c2c88a28f0fb008ef9bc4bc8e5
] EU Parliament, "Joint motion for a resolution on the case of Paul Rusesabagina in Rwanda: RC-B9-0500/2021," Oct. 6, 2021. [Online]. Available: https://www.europarl.europa.eu/doceo/document/RC-9-2021-0500_EN.html
] A. Bielan and A. F. Adam, "Joint motion for a resolution on the situation of journalists in Morocco, notably the case of Omar Radi: RC-B9-0057/2023," Jan. 18, 2023. [Online]. Available: https://www.europarl.europa.eu/doceo/document/RC-9-2023-0057_EN.html