Pegasus: Investigations by media consortium point to possible use of spyware to target journalists, activists
New Delhi, July 18, 2021
Human rights activists, journalists, and lawyers across the world have been allegedly targeted by governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak, the Guardian reported.
Investigations by the Guardian and 16 other media organisations, including the Washington Post of the US and The Wire in India, have identified at least 10 governments believed to be NSO customers who were entering numbers into a system: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE).
Rwanda, Morocco, India, and Hungary denied having used Pegasus to hack the phones of the individuals named in the list.
The governments of Azerbaijan, Bahrain, Kazakhstan, Saudi Arabia, Mexico, and the UAE did not respond to invitations to comment.
The Wire's analysis of the data shows that most of the Indian names were targeted between 2018 and 2019 -- in the run-up to the 2019 Lok Sabha general elections.
While some journalists appear to have been added to the list at more or less the same time, suggesting official interest in the group, others figure as standalone entries, perhaps for the stories they were working on at the time. And these stories are not always the obvious ones.
The investigation suggests the Hungarian government of Viktor Orban appears to have deployed NSO's technology as part of his so-called war on the media, targeting investigative journalists in the country as well as the close circle of one of Hungary's few independent media executives.
The leaked data and forensic analyses also suggest NSO's spy tool was used by Saudi Arabia and its close ally, the UAE, to target the phones of close associates of the murdered Washington Post journalist Jamal Khashoggi in the months after his death. The Turkish prosecutor investigating his death was also a candidate for targeting, the data leak suggests.
The investigation by the consortium suggests widespread and continuing abuse of NSO's hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.
Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.
The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.
In India, reports suggest phone numbers of 40 journalists were targeted.
Forbidden Stories, a Paris-based media non-profit organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.
Guardian said the presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO's government clients identified in advance of possible surveillance attempts.
Forensics analysis of a small number of phones whose numbers appeared on the leaked list also showed more than half had traces of the Pegasus spyware.
The Guardian and its media partners will be revealing the identities of people whose number appeared on the list in the coming days. They include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.
The list also contains the numbers of close family members of one country's ruler, suggesting the ruler may have instructed their intelligence agencies to explore the possibility of monitoring their own relatives.
The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.
Analysis of the data suggests the NSO client country that selected the most numbers - more than 15,000 - was Mexico, where multiple different government agencies are known to have bought Pegasus. Both Morocco and the UAE selected more than 10,000 numbers, the analysis suggested.
The phone numbers which were selected, possibly ahead of a surveillance attack, spanned more than 45 countries across four continents. There were more than 1,000 numbers in European countries that, the analysis indicated, were selected by NSO clients.