An investigation by a global media consortium based on leaked targeting data provides further evidence that military-grade malware known as Pegasus from Israel-based NSO Group, the world’s most infamous hacker-for-hire outfit, is being used to spy on journalists, human rights activists and political dissidents.
Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously control the smartphone’s microphones and cameras.
From a list of more than 50,000 cellphone numbers obtained by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International and shared with 16 news organizations, journalists were able to identify more than 1,000 individuals in 50 countries who were allegedly selected by NSO clients for potential surveillance.
They include 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists and several heads of state, according to The Washington Post.
The journalists work for organizations including The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.
Amnesty also reported that its forensic researchers had determined that NSO Group's flagship Pegasus spyware was successfully installed on the phone of Post journalist Jamal Khashoggi's fiancee, Hatice Cengiz, just four days after he was killed in the Saudi Consulate in Istanbul in 2018. The company had previously been implicated in other spying on Khashoggi.
The company reiterated its claims that it only sells to “vetted government agencies” for use against terrorists and major criminals and that it has no visibility into its customers’ data.
Critics call those claims dishonest — and have provided evidence that NSO directly manages the high-tech spying. They say the repeated abuse of Pegasus spyware highlights the nearly complete lack of regulation of the private global surveillance industry.
The most numbers on the list, 15,000, were for Mexican phones, with a large share in the Middle East.
NSO Group's spyware has been implicated in targeted surveillance chiefly in the Middle East and Mexico. Saudi Arabia is reported to be among NSO clients. Also on the lists were phones in countries including France, Hungary, India, Azerbaijan, Kazakhstan and Pakistan.
The consortium's “Pegasus Project” reporting bolsters accusations that not just autocratic regimes but democratic governments, including India and Mexico, have used NSO Group's Pegasus spyware for political ends.
Additional reporting by the Associated Press.