‘NSO targeted activists’, journalists’ cellphones’
Report says spyware used in Khashoggi case • EU: It is completely unacceptable if claims are true
Israeli cyber company NSO was in the eye of the storm Monday after a report was published suggesting “widespread and continuing abuse” of its hacking spyware, Pegasus, by authoritarian governments around the world, and used to hack 37 smartphones of journalists, government officials and human rights activists around the world.
The report was published by 17 outlets on Sunday.
One of the organizations, The Washington Post, said the Pegasus spyware licensed by Israel-based NSO Group also was used to target phones belonging to two women close to Jamal Khashoggi, a Post columnist murdered at a Saudi consulate in Turkey in 2018, before and after his death.
The Guardian, another of the media outlets, said the investigation suggested “widespread and continuing abuse” of NSO’s hacking software, described as malware that infects smartphones to enable the extraction of messages, photos and emails; records calls; and secretly activates microphones.
“While the company highlights its successes in blocking ISIS terror attacks and cracking drug and pornography rings in Europe, Africa and Oceania, critics have long said its software has also been used to abuse human rights in Mexico, Morocco and elsewhere,” the report stated.
Using spyware against journalists would be completely unacceptable, the head of the European Commission said on Monday.
“What we could read so far, and this has to be verified, but if it is the case, it is completely unacceptable. Against any kind of rules we have in the European Union,” European Commission President Ursula von der Leyen said.
NSO said its product is intended only for use by government intelligence and law enforcement agencies to fight terrorism
and crime.
The company issued a statement denying the reporting by the 17 media partners led by the Paris-based journalism nonprofit Forbidden Stories.
“The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the ‘unidentified sources’ have supplied information that has no factual basis and is far from reality,” the company said.
“After checking their claims, we firmly deny the false allegations made in their report.”
NSO said its technology was not associated in any way with Khashoggi’s murder. NSO representatives were not immediately available to provide additional information to Reuters on Sunday.
In a report published earlier this month, NSO claimed it had canceled contracts with five clients since 2016, at a loss of NIS
330 million ($100 million).
The leak contains a list of over 50,000 phone numbers that the report estimated were identified as “people of interest” by NSO clients since 2016.
While simply being on the list does not necessarily reveal whether a device was infected with the spyware, a reporting consortium known as the “Pegasus Project” believes the data are indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.
The Guardian also reported that forensics analysis of some phones whose numbers appeared on the list showed more than half had traces of the Pegasus spyware.
The report said that The Guardian and its media partners will be revealing the identities of people whose numbers appeared on the list, including at least 10 lawyers, an opposition politician and at least five journalists from Hungary.
Two of the journalists on the list – who work at a Hungarian partner of the Pegasus Project, the investigative outlet Direkt36 – were successfully infected with the spyware, including the relatively well-known reporter Szabolcs Panyi.
Forensic analysis of his device by Amnesty International stated conclusively that Panyi’s phone had been repeatedly compromised by Pegasus during a seven-month period in 2019, with the infection often coming soon after comment requests made by Panyi to Hungarian government officials.
NSO Group said in response to the revelation that it “does not have access to the data of its customers’ targets.”
The company also cast doubt on the significance of the leaked data, saying it was misinterpreted
and that the company would “continue to investigate all credible claims of misuse and take appropriate action.”
Also revealed to be on the list was freelance Mexican reporter Cecilio Pineda Birto, who was murdered in March 2017, only a few hours after he broadcast on Facebook accusing state police and local politicians of colluding with a violent local crime leader known as El Tequilero.
While his phone was selected as a possible target for surveillance by a Mexican NSO client, it disappeared from the scene of his murder, making it impossible to determine whether the phone had indeed been infected with Pegasus.
NSO rightly claimed that his location at a car wash could have been tracked by other means, however, The Guardian claims that the attackers knew precisely where to find him, despite the hammock he was laying in not being visible from the street.
The report revealed that the phone numbers of at least 26 Mexican journalists appear on the list, including freelance investigative reporters, senior editors from major Mexican major news organizations and former New York Times bureau chief Azam Ahmed.
The report also claims to have uncovered new evidence that NSO spyware was used to monitor people close to Washington Post columnist Jamal Khashoggi both before and after his death.
The report claims that, according to peer-reviewed forensic analysis of her device – a woman in Khashoggi’s inner circle was hacked four days after his murder.
The report also said that following Khashoggi’s assassination at the Saudi consulate in Istanbul in October 2018, several of his close associates were targeted, even going so far as to monitor his wife on four separate occasions using text messages that came from the UAE.
Last February, US intelligence confirmed that the assassination of Khashoggi was approved by Saudi Crown Prince Mohammed bin Salman, though Riyadh has denied these reports.
The numbers of more than 180 journalists are also reportedly listed in the data, including executives at some of the world’s largest and most wellknown media organizations. The first number of these prominent journalists to be released on Sunday was Financial Times editor Roula Khalaf.
The Guardian teased readers by noting that the list of leaked numbers, which the report claims include “hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.”
The report added that the immediate family members of one world leader were on the list, indicating that the ruler may have been looking to investigate his own relatives.
The phone numbers on the leaked list span more than 45 countries across four continents, with the majority – more than 15,000 numbers – coming from Mexico, followed by Morocco and the United Arab Emirates – whose clients selected more than 10,000 numbers.
While NSO Group claimed in a response that the report was merely misleading, the governments of Hungary, Rwanda, Morocco and India have all fully denounced the report and denied the allegations which have been leveled against them regarding the Pegasus software.
Health Minister Nitzan Horowitz said on Monday he would ask the Defense Ministry about exports of Israeli spyware.
Horowitz said he would meet Defense Minister Benny Gantz on Thursday to discuss the exports by NSO Group.
“The State of Israel regulates marketing and export of cyber products in accordance with the 2007 Defense Export Control Act. Control lists are based on the Wassenaar Arrangement, and include additional items,” the Defense Ministry said on Sunday.
“As a matter of policy, the State of Israel approves the export of cyber products exclusively to governmental entities, for lawful use, and only for the purpose of preventing and investigating crime and counter terrorism, under end use /end user certificates provided by the acquiring government. In cases where exported items are used in violation of export licenses or end use certificates, appropriate measures are taken. Israel does not have access to the information gathered by NSO’s clients.”