Pegasus Spyware Used to Target Activists, Journalists, Report Finds
An investigation by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International revealed thousands of people were targeted by spyware developed by the Israel-based NSO Group Technologies.
Hundreds of human rights activists, government officials, business executives and journalists worldwide had their cellphones compromised by the “Pegasus” spyware, remotely granting hackers access to targeted individuals’ text messages, emails, microphone, camera, contacts and call logs. NSO Group has circulated a written statement to media outlets refuting much of the report’s findings.
“NSO Group firmly denies false claims made in [Forbidden Stories’] report, many of which are uncorroborated theories that raise serious doubts about the reliability of [the report’s] sources, as well as the basis of [Forbidden Stories’ report],” the firm said in a written statement.
“NSO Group has good reason to believe that claims that [Forbidden Stories has] been provided with are based on misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers’ targets of Pegasus or any other NSO products.”
Forbidden Stories undertook its investigative report with assistance from international media publications The Guardian, Le Monde, Süddeutsche Zeitung and The Washington Post, according to Amnesty International. Because of “contractual and national security considerations,” NSO Group could not name its government customers or former customers.
NSO Group regularly sells the spyware to governments around the world, although the technology is classified as a weapon by Israel and the firm must get government permission to export it, according to The Washington Post. Once sold to vetted government customers, NSO Group claims it does not operate the systems or have access to the data of the customers’ targets.
“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” Agnès Callamard, secretary general of Amnesty International, said in a written statement. “These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology. While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations.”
Pegasus spyware can remotely infiltrate and infect targeted iPhone and Android devices through messaging applications with so-called “zero-click” exploits, meaning targeted individuals can have their data compromised with no interaction necessary. In its investigation, Forbidden Stories alongside its media partners identified potential NSO clients in 11 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates.
Many of the targeted victims identified in the report are well-known public figures, including Hatice Cengiz, the fiancée of murdered Saudi Arabian journalist Jamal Khashoggi. Pegasus spyware had previously been implicated in the electronic surveillance of friends and associates of Khashoggi, TWN previously reported.
From 2016 to June 2021, at least 180 journalists in 20 countries were identified as potential targets of NSO spyware, according to the report. Further, at least 40 journalists from almost all major media outlets in India were tapped as potential targets between 2017 and 2021.
“The alleged amount of ‘leaked data of more than 50,000 phone numbers’ cannot be a list of numbers targeted by governments using Pegasus, based on this exaggerated number,” NSO Group’s written statement continued. “The fact that a number appears on that list is in no way indicative of whether that number was selected for surveillance using Pegasus. NSO is not related to the list [of numbers], it is not an NSO list, and it never was. It is not a list of targets or potential targets of NSO’s customers. Forbidden Stories never shared the leaked list with NSO Group to allow it to verify or comment on the list.”
Targeted individuals included 189 journalists, over 600 government officials and politicians, at least 65 business executives, 85 human rights activists and multiple heads of state — including French President Emmanuel Macron — according to The Washington Post. The phone of Mexican journalist Cecilio Pineda was targeted weeks before his murder in 2017.
A Dec. 2020 report published by Citizen Lab tied the hacking of 36 journalists, producers, anchors and executives at Al-Jazeera to Pegasus spyware likely employed by Saudi Arabia and the United Arab Emirates, TWN previously reported. The Forbidden Stories report identified targeted journalists who work for the Associated Press, CNN, The New York Times and Reuters, as victims of the spyware.
“Clearly, their actions pose larger questions about the wholesale lack of regulation that has created a wild west of rampant abusive targeting of activists and journalists,” Callamard continued in her written statement. “Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology.”
In The News
WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More
WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More
North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based... Read More
North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based approach to cybersecurity that includes a minimum set of standards, said three experts yesterday. As much as the pandemic has accelerated the rate in which governments... Read More
WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,”... Read More
WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,” but there is “still a lot of work to do,” said CISA Director Jen Easterly Wednesday. Kicking off the 6th annual Aspen Cyber Summit, Exploring Collective... Read More
WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S.... Read More
WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S. government, according to Carole House, director of cybersecurity and secure digital Innovation at the White House National Security Council. It “sits at the heart of zero... Read More
WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront... Read More
WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront the kinds of cyberattacks that have wreaked havoc on U.S. computer networks in recent years. He testified to a House Homeland Security subcommittee as it considers... Read More
WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the... Read More
WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks. The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded,... Read More