Authoritarian regimes have allegedly used spyware developed by Israeli company NSO Group to keep tabs on journalists, activists, and political dissidents.
Humanitarian groups Amnesty International and Forbidden Stories gained access to data from NSO Group that included 50,000 phone numbers of potential targets for the Pegasus spyware.
Once secretly installed on a target’s phone, Pegasus gave its handlers total access to the device’s messages, images and video, microphone, camera, and contacts.
NSO clients using Pegasus included agencies in 11 countries such as Saudi Arabia, Mexico, India, and Hungry.
Its intended use is for criminal investigations and to track terrorists, but the joint investigation sparked by leaked data suggests regimes have extended the use of Pegasus spyware beyond criminal investigations.
Agnès Callamard, Secretary General of Amnesty International, said Pegasus was the “weapon of choice” for governments who want to “silence journalists, attack activists and crush dissent”.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology,” she said.
“While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse.
“They paint a picture of legitimacy, while profiting from widespread human rights violations.”
Forbidden Stories published an article featuring some of 180 journalists targeted by Pegasus spyware, each of whom was shocked and scared by revelations their phones may had been infected with spyware and were especially fearful for sources who had provided information on conditions of anonymity.
Carlos Martinez de la Serna, program director at the Committee to Protect Journalists, said it was “chilling” to know the extent to which these journalists had been surveilled.
“This is a very, very important problem that everyone needs to take seriously, not only in context of where journalists are working in a hostile environment for journalism, but in the US and Western Europe and other places,” he said.
NSO group “firmly” denied allegations its technology is used to illegally spy on journalists, in a statement published by The Guardian, adding that the reports contained “uncorroborated theories” based on a “misleading interpretation of leaked data”.
“NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets,” the company said.
“NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers.
“The fact is NSO Group’s technologies have helped prevent terror attacks, gun violence, car explosions and suicide bombings.
“The technologies are also being used every day to break up paedophilia, sex- and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones.’
It’s not the first NSO Group has come under fire for its Pegasus spyware.
WhatsApp warned users in 2019 that Pegasus was being secretly installed on devices.
A zero-click vulnerability meant attackers only needed to call a person’s number to install the spyware and gain full access to everything on a device.
WhatsApp subsequently filed a lawsuit against NSO for attacking its users' devices and stealing information.
