For more than a decade, dozens of journalists and human rights activists have been targeted and hacked by governments all over the world. Cops and spies in Ethiopia, Greece, Hungary, India, Mexico, Poland, Saudi Arabia, and United Arab Emirates, among others, have used sophisticated spyware to compromise the phones of these victims, who at times have also faced real-world violence being intimidated, harassed, and in extreme cases, even murdered.
In the last few years, in the fight to protect these higher-risk communities, a team of a dozen digital security experts, mostly based in Costa Rica, Manila, and Tunisia, among other places, have played a key role. They work for the New York-headquartered nonprofit Access Now, specifically its Digital Security Helpline.
Their mission is to be the team of people who journalists, human rights defenders, and dissidents can go to if they suspect they’ve been hacked, such as with mercenary spyware made by companies like NSO Group, Intellexa, or Paragon.
“The idea is to provide this 24/7 service to civil society and journalists so they can reach out whenever they have… a cybersecurity incident,” Hassen Selmi, who leads the incident response team at the Helpline, told TechCrunch.
According to Bill Marczak, a senior researcher at the University of Toronto’s Citizen Lab who has been investigating spyware for almost 15 years, Access Now’s Helpline is a “frontline resource” for journalists and others who may have been targeted or hacked with spyware.
The helpline has become a critical funnel for victims. So much so that when Apple sends its users a so-called “threat notification” alerting them that they have been targeted with mercenary spyware, the tech giant has long directed victims to Access Now’s investigators.
In speaking with TechCrunch, Selmi described a scenario where someone gets one of these threat notifications, and where Access Now can help victims.
“Having someone who could explain it to them, tell them what they should do, what they should not do, what this means… This is a big relief for them,” said Selmi.
According to several digital rights experts who have investigated spyware cases and previously spoke with TechCrunch, Apple is generally taking the right approach, even if the optics look like a trillion-dollar tech giant offloading its responsibility to a small team of nonprofit workers.
Being mentioned by Apple in the notifications, said Selmi, was “one of the biggest milestones” for the helpline.
Selmi and his colleagues now look into about 1,000 cases of suspected government spyware attacks per year. Around half of those cases turn into actual investigations, and only around 5% of them, around 25, result in a confirmed case of spyware infection, according to Mohammed Al-Maskati, the helpline’s director.
When Selmi started doing this work in 2014, Access Now were only investigating around 20 cases of suspected spyware attacks per month.
At the time, there were three or four people working in each timezone in Costa Rica, Manila, and Tunisia, locations that allowed them to have someone online throughout the whole day. The team isn’t that much bigger now, with fewer than 15 people working for the helpline. The helpline has more people in Europe, the Middle East, North Africa, and Sub-Saharan region, given that these are hotspots for spyware case …