Israeli firm ‘used malware against dissidents’
An investigation by a global media consortium has alleged that military-grade malware from the Israelbased NSO Group is being used to spy on journalists, human rights activists and political dissidents.
An investigation by a global media consortium has alleged that military-grade malware from the Israel-based NSO Group is being used to spy on journalists, human rights activists and political dissidents.
The consortium of 17 news organisations says it has identified more than 1,000 individuals in 50 countries allegedly selected by NSO clients for potential surveillance. They include nearly 200 journalists.
The leaked targeting data – a list of more than 50,000 mobile phone numbers – was obtained by the French journalism non-profit Forbidden Stories and the human rights group Amnesty International.
The NSO Group denies the data was leaked from its servers and calls Forbidden Stories' report "full of wrong assumptions and uncorroborated theories".
The leaked list includes 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists and several heads of state, according to The Washington Post. The journalists work for organisations includingthe associated press, reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.
Amnesty also reported that its forensic researchers had determined that the NSO Group's flagship Pegasus spyware was successfully installed on the phone of Post journalist Jamal Khashoggi's fiancee, Hatice Cengiz, just four days after he was killed in the Saudi Consulate in Istanbul in 2018. The company had previously been implicated in other spying on Mr Khashoggi.
The NSO Group denied it has ever maintained" a list of potential, pastor existing targets ".
The company reiterated its claims that it only sells to "vetted government agencies" for use against terrorists and major criminals and that it has no visibility into its customers' data.
Critics call those claims dishonest – and have provided evidence that NSO directly manages the high-tech spying.
They say the repeated abuse of Pegasus spyware highlights
the nearly complete lack of regulation of the private global surveillance industry.
The source of the leak – and how it was authenticated – was not disclosed. While a phone number's presence in the data does not mean an attempt was made to hack a device, the consortiumsaid it believed the data indicated potential targets of NSO'S government clients.
The Post said it identified 37 hacked smartphones on the
list. The Guardian, another consortium member, reported that Amnesty had found traces of Pegasus infections on the phones of 15 journalists who let their phones be examined after discovering their number was in the leaked data.
The most numbers on the list, 15,000, were for Mexican phones, with a large share in the Middle East.
Saudi Arabia is reported to be among NSO clients. Also on
the lists were phones in countries including France, Hungary, India, Azerbaijan, Kazakhstan and Pakistan.
Amnesty's secretary-general, Agnes Callamard, said: "The number of journalists identified as targets vividly illustrates how Pegasus is used as a tool to intimidate critical media. It is about controlling public narrative, resisting scrutiny, and suppressing any dissenting voice."