For over a decade, journalists and human rights activists worldwide have faced a growing epidemic of state-sponsored digital surveillance. From Ethiopia and Greece to Hungary, India, Mexico, and Saudi Arabia, governments are deploying sophisticated mercenary spyware to compromise mobile devices. Victims often endure severe real-world consequences, ranging from constant harassment to targeted assassinations.
The Global Shield Against Digital Espionage
At the center of the resistance is the Digital Security Helpline, operated by the nonprofit Access Now. A specialized team of fewer than 15 experts, distributed across Costa Rica, Manila, and Tunisia, provides 24/7 incident response for those targeted by tools from entities like NSO Group, Intellexa, and Paragon.
Hassen Selmi, who leads the incident response unit, notes that the service offers critical guidance for victims facing complex cybersecurity threats. According to Bill Marczak of Citizen Lab, the helpline serves as a vital “frontline resource” for those under siege.
Apple’s Strategic Partnership
The helpline’s reputation is such that Apple officially directs users to Access Now when issuing “threat notifications” regarding suspected mercenary spyware. While some critics argue this offloads the responsibility of a trillion-dollar corporation onto a small nonprofit, investigators view the collaboration as a significant milestone in validating their work.
“Having someone who could explain it to them, tell them what they should do, what they should not do… this is a big relief for them,” Selmi explained.
Scaling the Fight Against Rising Threats
The volume of cases has skyrocketed since the team began in 2014, when they handled roughly 20 inquiries per month. Today, the team investigates approximately 1,000 suspected attacks annually. Of these, about half proceed to full investigations, with roughly 25 cases confirmed as successful spyware infections, according to Mohammed Al-Maskati, the helpline’s director.
Why Spyware Cases Are Surging
- Increased Visibility: Greater awareness of the helpline leads to more reports.
- Global Proliferation: Spyware is becoming more accessible to diverse government actors.
- Proactive Outreach: The team is actively identifying abuse that might otherwise go undetected.
The Investigation Protocol
When a case is accepted, the triage process is rigorous. Investigators first verify if the victim falls within the mandate of civil society, excluding government or corporate entities. Once prioritized, they perform remote checks and may request full device backups to scan for known exploit signatures.
Beyond technical analysis, the team provides essential security counseling, advising victims on device replacement and operational security. Because each case is culturally and contextually unique, the helpline is expanding its efforts by training and sharing documentation with CiviCERT, a global coalition designed to provide localized support to threatened communities.
“No matter where they are, victims have people who they can talk to,” Selmi said. “Having these people talk their language and know their context helps a lot.”