Spyware from NSO Group has been used to spy on journalists worldwide

The Pegasus spyware from the Israeli private espionage company NSO Group has been used in hacking attempts by at least 37 journalists and human rights activists. That is what seventeen news organizations claim on the basis of a joint investigation.

The various news organizations, including The Guardian and The Washington Post, are jointly setting up a consortium called The Pegasus Project. The media managed to obtain a list of phone numbers of 50,000 potential surveillance victims of the spyware through human rights organization Amnesty International and journalistic nonprofit Forbidden Stories. The media jointly investigated this list. It is not known how Amnesty and Forbidden Stories obtained the list.

The Washington Post reports that the owners of the phone numbers were not named on the list, but the 17 media organizations were able to identify more than 1,000 people through a joint investigation. Those potential victims were selected for possible surveillance via the Pegasus spyware between 2016 and June 2021.

The people come from 50 different countries and include at least 65 businessmen, 85 human rights activists and more than 600 politicians and government employees, including ministers, diplomats and military and security officials. Seven members of the Arab royal family were also on the list. The list also included at least 189 journalists, who work for CNN, the Associated Press, The Wall Street Journal, The New York Times, Bloomberg, the Financial Times and Al Jazeera, among others.

Forensic investigation and response NSO Group

The media organizations have analyzed the list through interviews and research on ‘four different continents’. At the same time, Amnesty’s security lab conducted a forensic investigation of 67 potentially infected smartphones. Of these, 23 were successfully infected with Pegasus and 14 showed ‘signs of hacking attempts’.

For the other 30, the tests were inconclusive, writes The Washington Post. Fifteen of those phones were Android smartphones. They showed no sign of a successful infection, but according to the medium, Android smartphones do not store the information needed for Amnesty’s investigation, unlike iPhones. Three Android phones did show signs of targeting, for example, to Pegasus-linked text messages.

NSO Group told The Guardian about the findings of the seventeen media organizations: “NSO Group strongly denies the false claims in your report, which contain many unconfirmed theories that cast serious doubts on the reliability of your sources and the basis of your story,” the company said. NSO Group would consider a lawsuit for defamation, writes The Verge.

NSO Group and Pegasus

Pegasus is spyware that can be used to eavesdrop on smartphone users. The spyware can track smartphone users remotely. For example, The Guardian writes that it can copy a phone’s messages, photos and emails and listen in on conversations by activating the microphone of an infected smartphone.

According to NSO Group, Pegasus is intended to track down potential criminals and terrorists. For example, the company has investigation and intelligence services from more than forty unnamed countries as customers. The company says it thoroughly checks its customers’ human rights records before selling spyware to them.

NSO Group’s Pegasus spyware has often been discredited. For example, last year the Canadian research group Citizen Lab claimed that at least 36 journalists from Al Jazeera and the British Al Araby TV were attacked with the Pegasus malware. WhatsApp previously sued NSO Group for allegedly spreading the company’s Pegasus spyware to at least 1,400 WhatsApp users. Several tech companies and human rights organizations sided with WhatsApp in that lawsuit. Amnesty International also previously sued NSO Group over the Pegasus spyware, but lost that lawsuit earlier this month.