A global investigation involving 17 media organizations found that military-grade spyware designed by an Israeli firm has been used to spy on journalists, human rights activists, and business executives around the world. Israel-based NSO Group created and leases the Pegasus spyware, which is designed to track terrorists and criminals. But the new evidence suggests the spyware could have been provided to leaders of countries that have problematic human-rights records and they are using it to persecute political enemies. The data calls into question whether the NSO Group is making good on its promise to police its clients for human rights abuses.
The investigation began with a list of more than 50,000 cellphone numbers obtained by Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International. They in turn shared that with 17 news organizations, including the Washington Post and the Guardian, that carried out months of reporting to track down the numbers. It’s unclear who put the numbers on the list or why and just because a number is on the list doesn’t mean it was necessarily hacked. But through forensic analysis, the investigation was able to determine that at least 37 smartphones belonging to journalists, human rights activists, and business executives were hacked. Among the victims of the hack are two women close to murdered Saudi journalist Jamal Khashoggi. The Pegasus software was installed on the phone of Hatice Cengiz, Khashoggi’s fiancee, four days after the Saudi journalist was killed.
By combing through the phone numbers, reporters were able to identify more than 1,000 people in more than 50 countries. The people included “several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials—including cabinet ministers, diplomats, and military and security officers. The numbers of several heads of state and prime ministers also appeared on the list,” reports the Washington Post. The journalists whose numbers are included in the list include reporters from some of the world’s largest news organizations, including CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg, Le Monde, the Financial Times and Al Jazeera.“The number of journalists identified as targets vividly illustrates how Pegasus is used as a tool to intimidate critical media. It is about controlling public narrative, resisting scrutiny, and suppressing any dissenting voice,” Amnesty’s secretary-general, Agnes Callamard, said.
The Pegasus software is a malware that infects both iPhones and Android devices and grants access to all information stored in a smartphone. It can also secretly activate microphones. NSO Group has vehemently denied any wrongdoing and claims the global investigation is “full of wrong assumptions and uncorroborated theories.” The company said the 50,000 phone numbers “cannot be a list of numbers targeted by governments using Pegasus, based on this exaggerated number” but vowed it would “continue to investigate all credible claims of misuse and take appropriate action.” NSO Group insists it only sells its software to “vetted government agencies” but critics say this investigation shows how the private surveillance industry lacks regulation.