Israeli Spyware ‘Pegasus’ used by governments to target journalists and activists

Media outlets including The Washington Post, The Guardian and Le Monde drew links Sunday between the Israel-based NSO Group, accused of supplying spyware to governments, and a list of tens of thousands of smartphone numbers, including those of activists, journalists, business executives and politicians around the world.

The Washington Post reported Sunday that the phones were “on a list of more than 50,000 numbers that are concentrated in countries known to monitor their citizens” and are known to be clients of the company, NSO Group, whose spyware apparently is licensed to track down terrorists and major criminals.

The newspaper reported that through the investigation, which was also carried out with the help of Amnesty International and Forbidden Stories, a non-profit journalistic organization based in Paris, the media “were able to identify more than 1,000 people in more from 50 countries through investigations and interviews on four continents: various members of the Arab royal family, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials, including cabinet ministers, diplomats and military and security officials. The numbers of various heads of state and prime ministers also appeared on the list.”

The phone numbers of reporters working abroad for Citizen Free Press, Globe Live Media, Voice of America, The New York Times, The Wall Street Journal, Bloomberg News, France’s Le Monde, the UK’s Financial Times and Qatar’s Al Jazeera are among the numbers on the list, which dates back to 2016, according to The Washington Post.

The newspaper did not name the reporters in its article. The newspaper reported that “the list does not identify who put the numbers on it, or why, and it is unknown how many of the phones were targeted or monitored”.

Citizen Free Press has not independently verified the findings of the Pegasus Project investigation, which was hosted by Forbidden Stories.

In a lengthy statement to Citizen Free Press on Sunday, the NSO Group flatly denied the investigation’s findings, saying in part that it sells its “technologies solely to vetted government intelligence and law enforcement agencies for the sole purpose of saving lives by preventing crime and terrorist acts”.

“NSO does not operate the system and has no visibility into the data,” the company said, saying it will continue to investigate “all credible claims of misuse and take appropriate action based on the results” of such investigations.

NSO also said its systems “are used every day to crack down on pedophile, sexual and drug trafficking networks, locate missing and abducted children, locate survivors trapped under collapsed buildings, and protect airspace from disruptive penetration by dangerous drones”.

The Washington Post reported that while many of the phone numbers on the list were from the Middle East, including Qatar and the United Arab Emirates, “the highest number was in Mexico, where more than 15,000 numbers, including those for politicians, union representatives, journalists and other critics of the government were on the list.”

Other countries, including India, Pakistan, Azerbaijan, Kazakhstan, France and Hungary, are also represented on the list, according to the newspaper.

The investigation found that “the numbers of about a dozen Americans working abroad were discovered on the list, in all but one case while using phones registered on foreign cellular networks,” the newspaper said. “The consortium was unable to perform forensic analysis on most of these phones.”

The newspaper noted that NSO “has said for years that its product cannot be used to monitor US phones” and added that the investigation “found no evidence of successful penetration of spyware on phones with the US country code”.

The newspaper further noted that “spyware can also activate cameras and microphones for real-time surveillance.”

Pegasus spyware can initiate the attack in several different ways, the newspaper said, including through “a malicious link in an SMS text message or an iMessage.”