According to claims published Sunday, an Israeli corporation accused of supplying governments with spyware has been linked to a list of 50,000 phone numbers, including those of activists, journalists, corporate leaders, and politicians from around the world.
Since at least 2016, when researchers accused Israel’s NSO Group of assisting in the spying on a dissident in the United Arab Emirates, the company and its Pegasus virus have been in the news. The revelations on Sunday pose privacy and rights concerns, as well as revealing the far-reaching extent to which the private Israeli firm’s software may be misappropriated by its clients around the world.
The Washington Post, the Guardian, Le Monde, and other news organizations collaborated on an investigation into a data breach and reported on the extent of Pegasus’ use. According to media reports, a list of more than 50,000 smartphone numbers believed to have been recognized as people of interest by NSO clients during 2016 was leaked.
According to the Post, Forbidden Stories, a Paris-based journalistic charity, and Amnesty International shared the list with the news companies. The total number of phones on the list that were really targeted or monitored is unknown, according to the newspaper. According to the Post, 15,000 of the names on the list were from Mexico, and included politicians, union leaders, journalists, and government critics. The number of a Mexican freelance writer who was slain at a carwash was purportedly included on the list. His phone was never located, and it’s unclear whether it was hacked.
After WhatsApp filed a lawsuit in the United States accusing NSO of using the messaging platform to undertake cyber espionage, the Indian government denied employing the software to spy on its citizens in 2019. According to the Washington Post, forensic analysis of 37 of the smartphones on the list revealed “attempted and successful” breaches, including those of two women connected to Saudi journalist Jamal Khashoggi, who was killed by a Saudi hit team in 2018.
Journalists from Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El Pais, the Associated Press, Le Monde, Bloomberg, The Economist, Reuters, and Voice of America are among the names on the list, according to the Guardian.
Citizen Lab, a research center at the University of Toronto, and Amnesty International previously reported on the use of Pegasus software to hack the phones of Al-Jazeera reporters and a Moroccan journalist.
Pocket spy
The numbers on the list are unattributed, according to the Post, but the media outlets involved in the initiative were able to identify over 1,000 people in more than 50 nations. Several members of Arab royal families were among those arrested, as were at least 65 corporate leaders, 85 human rights activists, 189 journalists, and over 600 politicians and government officials, including presidents of state, prime ministers, and cabinet ministers.
Many of the numbers on the list were claimed to be centered in ten countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates, according to sources. According to the research, Moroccan security services used the spyware to target roughly 30 French journalists and media executives.
Pegasus is said to be a highly intrusive program that can turn on a target’s phone camera and microphone as well as access data, basically turning the phone into a pocket spy. It can be installed without tricking a person into starting a download in some instances.
On Sunday, NSO released a denial focusing on the Forbidden Stories report, describing it as “full of erroneous assumptions and uncorroborated ideas” and threatening a defamation action. NSO stated, “We vehemently dispute the fraudulent charges made in their report.”
“As NSO previously said, our technology was not linked to the horrible murder of Jamal Khashoggi in any way,” the business claimed.
“We want to highlight that NSO only offers its technologies to vetted nations’ law enforcement and intelligence organizations for the express goal of saving lives by preventing crime and terror activities,” it stated.
In December, Citizen Lab claimed that Pegasus malware had infected the mobile devices of roughly three dozen journalists working for Qatar’s Al-Jazeera network. Moroccan authorities used NSO’s Pegasus software to install spyware onto the cellphone of Omar Radi, a journalist jailed over a social media post, according to Amnesty International. NSO told AFP at the time that it was “very worried by the allegations” and that it was evaluating the data.
NSO Group is based in the Israeli hi-tech area of Herzliya, near Tel Aviv, and was founded in 2010 by Israelis Shalev Hulio and Omri Lavie. It claims to employ hundreds of individuals in Israel and other countries.
