According to TechCrunch, a small team of digital security experts at the nonprofit Access Now operates a critical Digital Security Helpline for journalists and activists targeted by government spyware. The team, mostly based in Costa Rica, Manila, and Tunisia, now investigates about 1,000 suspected spyware attacks per year, a massive jump from just 20 cases per month back in 2014. Only around 5% of those, roughly 25 cases annually, result in a confirmed infection from tools made by firms like NSO Group or Intellexa. The helpline has become so essential that Apple directly refers users who receive its “threat notification” warnings to Access Now’s investigators. Hassen Selmi, who leads the incident response team, called that Apple mention “one of the biggest milestones” for their work.
The Spyware Funnel
Here’s the thing: Apple’s referral is a double-edged sword. On one hand, it validates this tiny team’s work and funnels victims to the right place. On the other, it kinda looks like a trillion-dollar company outsourcing its hardest, most human problems. But the experts TechCrunch spoke to say it’s the right move. Apple isn’t equipped for the delicate, context-sensitive work of guiding a terrified journalist in Mexico or a harassed dissident in Hungary through a potential life-or-death security crisis. That requires cultural understanding, language skills, and a mandate to protect civil society—not corporate customers. So this helpline acts as the essential triage and trauma center.
A Needle in a Digital Haystack
Think about those numbers for a second. A thousand cases a year, but only 25 confirmed hits. That’s a 2.5% confirmation rate. It shows just how paranoid and fear-driven this ecosystem is—and for good reason, given the real-world violence linked to these hacks, like the targeting of murdered journalists in Mexico or the family of Jamal Khashoggi. The team’s process is fascinating. They first check if the person is even in their mandate (no CEOs or politicians). Then it’s a remote forensic dance, looking for the digital fingerprints of known exploits. “We know more or less what is normal, what is not,” Selmi says. But each case is unique, blending tech forensics with human psychology and local politics.
Why The Surge?
The case load explosion isn’t just because spyware is spreading, though it definitely is, with incidents reported from India to Hungary to Ethiopia. It’s also because the helpline is better known now and does more proactive outreach. They’ve built a coalition called CiviCERT to share tools and knowledge with other regional groups, creating a global safety net. This is crucial for reaching people in places a New York-based nonprofit can’t easily touch. “Having these people talk their language and know their context helped a lot,” Selmi notes. It’s a model that recognizes tech support can’t be one-size-fits-all when the stakes are this high.
The Human Firewall
So what’s the trajectory? The demand is only going up. Spyware is a booming business, and the targets—journalists, activists, organizers—are only getting more aware of the threat. Selmi himself says they need more people, “not just technical people,” to handle the human side of these intrusions. The future of this fight isn’t just in finding better digital forensics, though that’s part of it. It’s in scaling this very human, empathetic, and hyper-localized response. They’re not just hunting malware; they’re providing a crisis hotline for the digital age. And with fewer than 15 people on the frontlines, you have to wonder: is the world producing spyware victims faster than we can produce people to help them? For now, this small, globally-dispersed team is holding a critical line. If you need them, you can find their helpline at accessnow.org/help.
