Meet the team that investigates journalists and activists when they are kidnapped by government spying programs

For more than a decade, many journalists have been human rights activists they have been fighting and stolen by governments around the world. The police and spies come in Ethiopia, Greece, Hungary, India, Mexico, Poland, Saudi Arabiaand United Arab Emiratesin others, they have used sophisticated spying software to hack into victims’ phones, which in some cases they faced real violence threats, harassment, and access very difficulton to be killed.

In the last few years, in the fight to protect the most vulnerable areas, a group of twelve experts in digital security, especially those in Costa Rica, Manila, and Tunisia, among other places, have played a major role. He works for the New York-based non-profit Access Now, mainly for his own Digital Security Helpline.

Their goal is to be a community of people that journalists, human rights activists, and critics can go to if they suspect that they have been hacked, such as by spyware programs created by companies such as. The NSO team, Intellexaor Paragon.

“The idea is to provide 24/7 support for government agencies and the media to reach where they have a … cyber security incident,” Hassen Selmi, who heads the incident response team at Helpline, told TechCrunch.

According to Bill Marczaka senior researcher at the University of Toronto’s Citizen Lab who has been investigating spyware for nearly 15 years, Access Now’s Helpline is a “front line” for journalists and others who may have been targeted or hacked by spyware.

The helpline has become an important resource for victims. So much so that when Apple sends its users a so-called “danger notification” warning them that they have been targeted by mercenary spyware, the tech giant has referred victims to Access Now investigators.

Speaking to TechCrunch, Selmi explained what happened someone receives one of these threatening messagesand where Access Now can help victims.

“Having someone to explain to them, tell them what they should do, what they shouldn’t do, what it means… This is a big relief for them,” Selmi said.

According to a number of digital rights experts who have researched espionage cases and have previously spoken to TechCrunch, Apple is generally taking the right approach, even if it looks like the trillion-dollar tech giant is offloading its responsibility to a small group of non-profit workers.

Being mentioned by Apple in the notification, said Selmi, “one of the biggest things” in the support process.

Selmi and his colleagues now look into about 1,000 cases of people suspected of threatening to spy on the government a year. About half of these cases turn into real investigations, and only about 5%, about 25, which lead to the problem of espionage, according to Mohammed Al-Maskati, director of the helpline.

When Selmi began working on the project in 2014, Access Now was only investigating about 20 cases of suspected espionage each month.

At that time, there were three or four people working each time zone in Costa Rica, Manila, and Tunisia, places that allowed them to have someone online all day. The team is not that big right now, with less than 15 people working on the helpline. This support system has many people in Europe, the Middle East, North Africa, and sub-Saharan Africa, since these are the places where espionage cases are committed, according to Selmi.

The increase in cases, Selmi explained, due to several events. First, the helpline is now well known, so it attracts more people. So, with government spying programs going global and becoming more accessible, there is maybe more crimes. Finally, the support team has done a lot of outreach to the suspects, finding cases of abuse that they might not have found otherwise.

When someone contacts the helpline, Selmi told TechCrunch, his researchers accept the call, then first check to see if the person they contacted is within the organization’s criteria, meaning if they’re a regular person — not, for example, a business executive or a lawmaker. Then, the investigators evaluate the case through triage. If the case is a lead, the investigators will ask questions, such as why the person believes they shot him (if there was no information), and what device he has, which helps determine the type of information that investigators may need to gather from the victim’s device.

After the first, small check of the device is done remotely over the Internet, the helpline operators and investigators may ask the victim to send information, such as all the backups of their device, to perform a more thorough analysis to find signs of intrusion.

“For every known hack that’s been used in the last five years, we have a way to see what’s going on,” Selmi said, referring to the most common hacking methods.

“We know a lot about what’s normal and what’s not,” Selmi said.

Access Now staff, who manage communication and often speak the victim’s language, will also give the victim advice on what to do, such as getting another device, or taking precautions.

Each issue a nonprofit focuses on is unique. “It varies from person to person, culture to culture,” Selmi told TechCrunch. “I think we need to do more research, get more people – not just skilled people – to know how to deal with these types of people.”

Selmi said that the phone has been supporting the same research groups in other parts of the world, sharing documents, information, and equipment, as part of the so-called collaboration. CiviCERT’s photoan international group of organizations that can help people who are suspected of being victims of espionage programs.

Selmi said that this network has also helped to reach journalists and other people in places they could not reach.

“No matter where they are, (victims) have people they can talk to and explain,” Selmi told TechCrunch. “Having these people speak their language and know their stories helped a lot.”