Image copyright Getty Images Image caption PAWRA is the most widely used NGO registration database in the world
Phones of PAWRA, a Palestinian human rights organisation, and other UN agencies and NGOs have been infected with a spyware program, rights groups have claimed.
The PAWRA’s most widely used platform is the Pluribus API, which is a commonly used public relations platform used by both political parties.
The Guardian has reached out to Pluribus for comment.
Five human rights organisations published a joint statement on the the report on Wednesday.
A report in November said Skype data had been mined by Israeli intelligence for years, suggesting targeted surveillance.
Palestine Information Centre for Development and Media Freedom (PAWRA) specialises in conflict resolution, rights advocacy and media freedom.
The network was made vulnerable to intelligence-gathering by Pegasus, a surveillance programme used by Israel’s spy agencies, by computer hackers, and then inadvertently compromised by new hosting servers.
“The revelations of the APT 28 Israel group about Israeli spyware exploiting modern social media applications like WhatsApp and Skype provide evidence that Israeli intelligence agencies were operating through these tools in a way that required neither foreign hardware nor software purchases,” PAWRA said in a statement.
“And as the APT 28 group proved, that covertly breaking into online chat networks is done in such a way as to avoid being discovered.”
PAWRA listed the causes for concern on its website as:
“Using malicious software code-named Pegasus, Israeli intelligence agencies are probing and collecting the identities and communications of journalists, supporters and elected politicians of the Palestinian Authority”.
“Using its regular or proxy registrations, the Israeli government and intelligence services impersonate a foreign company in order to track Palestinian communities and individuals on the web.
“Using traditional methods of intelligence gathering, the Israeli intelligence services either create ‘secret feeds’ that run on a corporate organisation’s API or deploy the same technique on multiple platforms to capture e-mails, text messages and audio/video calls.
“Israeli intelligence is also suspected of deploying various tools to redirect activists’ Messenger contacts to fake accounts or cellphones. To mitigate the risk, Palestinian journalists are turning to locally developed encryption systems to protect sensitive messages.”
PAWRA encourages its users to use VPN and Tor to avoid the breach, and has suggested that researchers employ similar techniques to avoid being targeted by hackers.