Billions of people are inseparable from their phones. Their devices are within reach – and earshot – for almost every daily experience, from the most mundane to the most intimate.
Few pause to think that their phones can be transformed into surveillance devices, with someone thousands of miles away silently extracting their messages, photos and location, activating their microphone to record them in real time.
Such are the capabilities of Pegasus, the spyware manufactured by NSO Group, the Israeli purveyor of weapons of mass surveillance.
To continue reading this report in The Guardian, go to:
Private Israeli spyware used to hack cellphones of journalists, activists worldwide
Military-grade spyware licensed by an Israeli firm to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi, according to an investigation by The Washington Post and 16 media partners.
The phones appeared on a list of more than 50,000 numbers that are concentrated in countries known to engage in surveillance of their citizens and also known to have been clients of the Israeli firm, NSO Group, a worldwide leader in the growing and largely unregulated private spyware industry, the investigation found.
Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses
A major Israeli cyber-surveillance company, NSO Group, came under heightened scrutiny Sunday after an international alliance of news outlets reported that governments used its software to target journalists, dissidents and opposition politicians.
The Israeli government also faced renewed international pressure for allowing the company to do business with authoritarian regimes that use the spyware for purposes that go far afield of the company’s stated aim: targeting terrorists and criminals.
Jamal Khashoggi’s wife targeted with spyware before his death
NSO Group’s Pegasus spyware was used to secretly target the smartphones of the two women closest to murdered Saudi columnist Jamal Khashoggi, according to digital forensic analysis.
The Android phone of his wife, Hanan Elatr, was targeted by a Pegasus user six months before his killing, but the analysis could not determine whether the hack was successful. The iPhone of his fiancee, Hatice Cengiz, was penetrated by spyware days after the murder, the forensics showed.
Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections
Israeli-based NSO Group is being blasted in a groundbreaking report that alleges that the company’s controversial Pegasus malware is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits — including a zero-click zero-day in iOS.
Protecting Phones From Pegasus-Like Spyware Attacks
Pegasus spyware from the Israeli firm NSO Group is nearly invisible. It sends messages to compromise targeted phones without setting off any alarm bells to the phone’s user. There’s little you can do to protect yourself, say experts. But little isn’t nothing.
Q&A: A guide to ‘spyware’: How Pegasus works, who is most vulnerable and why it’s hard to protect yourself from hacks
The Pegasus Project, an investigation by The Washington Post and 16 other news organizations in 10 countries, was coordinated by the Paris-based journalism nonprofit Forbidden Stories and advised by Amnesty International. Those two groups had access to a list of more than 50,000 phone numbers that included surveillance targets for clients of the Israeli spyware company NSO Group, which they shared with the journalists. Over the past several months, the journalists reviewed and analyzed the list in an effort to learn the identities of the owners of the phone numbers and to determine whether their phones had been implanted with NSO’s Pegasus spyware.
The investigation was able to link more than 1,000 government officials, journalists, businesspeople and human rights activists to numbers and to obtain data for 67 phones whose numbers appeared on the list. That data was then analyzed forensically by Amnesty International’s Security Lab. Thirty-seven of those showed evidence of an attempted Pegasus intrusion or a successful hack.
Pegasus project: spyware leak suggests lawyers and activists at risk across globe
A leak of phone data suggests human rights lawyers, activists and dissidents across the globe were selected as possible candidates for invasive surveillance through their phones.
Their mobile phone numbers appeared in leaked records, indicating they were selected prior to possible surveillance targeting by governmental clients of the Israeli company NSO Group, which developed the Pegasus spyware.
The records were obtained by the nonprofit organisation Forbidden Stories and shared with a consortium of media outlets including the Guardian.
What is Pegasus spyware and how does it hack phones?
It is the name for perhaps the most powerful piece of spyware ever developed – certainly by a private company. Once it has wormed its way on to your phone, without you noticing, it can turn it into a 24-hour surveillance device. It can copy messages you send or receive, harvest your photos and record your calls. It might secretly film you through your phone’s camera, or activate the microphone to record your conversations. It can potentially pinpoint where you are, where you’ve been, and who you’ve met.
Pegasus is the hacking software – or spyware – that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group. It has the capability to infect billions of phones running either iOS or Android operating systems.
NSO Group vows to investigate potential spyware abuse following Pegasus Project investigation
The head of the Israeli surveillance giant NSO Group pledged Sunday to investigate potential cases of human-rights abuse following a sweeping report by The Washington Post and other media organizations that uncovered how NSO’s government clients had deployed its spyware tool Pegasus against activists, journalists and private citizens around the world.
Shalev Hulio, NSO’s chief executive and co-founder, continued to dispute that a list of more than 50,000 phone numbers assessed during the investigation had any relevance to NSO. The numbers were concentrated in countries known to have been NSO clients, the investigation found, and forensic analysis of some of the smartphones that had been on the list showed evidence of a suspected Pegasus targeting or successful hack.
Massive data leak reveals Israeli NSO Group’s spyware used to target activists, journalists, and political leaders globally [news release]
NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale, according to a major investigation into the leak of 50,000 phone numbers of potential surveillance targets. These include heads of state, activists and journalists, including Jamal Khashoggi’s family.
The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril. Agnès Callamard, Secretary General of Amnesty International.
The Pegasus Project is a ground-breaking collaboration by more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, who conducted cutting- edge forensic tests on mobile phones to identify traces of the spyware.
“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” said Agnès Callamard, Secretary General of Amnesty International.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology. While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations.”
“Clearly, their actions pose larger questions about the wholesale lack of regulation that has created a wild west of rampant abusive targeting of activists and journalists. Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology.”
In a written response to Forbidden Stories and its media partners, NSO Group said it “firmly denies… false claims” in the report. It wrote that the consortium’s reporting was based on “wrong assumptions” and “uncorroborated theories” and reiterated that the company was on a “life-saving mission”. A fuller summary of NSO Group’s response is available here.
At the centre of this investigation is NSO Group’s Pegasus spyware which, when surreptitiously installed on victims’ phones, allows an attacker complete access to the device’s messages, emails, media, microphone, camera, calls and contacts.
Over the next week, media partners of The Pegasus Project – including The Guardian, Le Monde, Süddeutsche Zeitung and The Washington Post – will run a series of stories exposing details of how world leaders, politicians, human rights activists, and journalists have been selected as potential targets of this spyware.
From the leaked data and their investigations, Forbidden Stories and its media partners identified potential NSO clients in 11 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates (UAE).
NSO Group has not taken adequate action to stop the use of its tools for unlawful targeted surveillance of activists and journalists, despite the fact that it either knew, or arguably ought to have known, that this was taking place. The Pegasus Project revelations must act as a catalyst for change. The surveillance industry must no longer be afforded a laissez-faire approach from governments with a vested interest in using this technology to commit human rights violations. Agnès Callamard, Secretary General of Amnesty International
“As a first step, NSO Group must immediately shut down clients’ systems where there is credible evidence of misuse. The Pegasus Project provides this in abundance,” said Agnès Callamard.
Khashoggi family targeted
During the investigation, evidence has also emerged that family members of Saudi journalist Jamal Khashoggi were targeted with Pegasus software before and after his murder in Istanbul on 2 October 2018 by Saudi operatives, despite repeated denials from NSO Group.
Amnesty International’s Security Lab established that Pegasus spyware was successfully installed on the phone of Khashoggi’s fiancée Hatice Cengiz just four days after his murder.
His wife, Hanan Elatr was also repeatedly targeted with the spyware between September 2017 and April 2018 as well as his son, Abdullah, who was also selected as a target along with other family members in Saudi Arabia and the UAE.
In a statement, the NSO Group responded to the Pegasus Project allegations saying that its “technology was not associated in any way with the heinous murder of Jamal Khashoggi”. The company said that it “previously investigated this claim, immediately after the heinous murder, which again, is being made without validation”.
Journalists under attack
The investigation has so far identified at least 180 journalists in 20 countries who were selected for potential targeting with NSO spyware between 2016 to June 2021, including in Azerbaijan, Hungary, India and Morocco, countries where crackdowns against independent media have intensified.
The revelations show the real-world harm caused by unlawful surveillance:
- In Mexico, journalist Cecilio Pineda’s phone was selected for targeting just weeks before his killing in 2017. The Pegasus Project identified at least 25 Mexican journalists were selected for targeting over a two-year period. NSO has denied that even if Pineda’s phone had been targeted, data collected from his phone contributed to his death.
- Pegasus has been used in Azerbaijan, a country where only a few independent media outlets remain. More than 40 Azerbaijani journalists were selected as potential targets according to the investigation. Amnesty International’s Security Lab found the phone of Sevinc Vaqifqizi, a freelance journalist for independent media outlet Meydan TV, was infected over a two-year period until May 2021.
- In India, at least 40 journalists from nearly every major media outlet in the country were selected as potential targets between 2017-2021. Forensic tests revealed the phones of Siddharth Varadarajan and MK Venu, co-founders of independent online outlet The Wire, were infected with Pegasus spyware as recently as June 2021.
- The investigation also identified journalists working for major international media including the Associated Press, CNN, The New York Times and Reuters as potential targets. One of the highest profile journalists was Roula Khalaf, the editor of the Financial Times.
“The number of journalists identified as targets vividly illustrates how Pegasus is used as a tool to intimidate critical media. It is about controlling public narrative, resisting scrutiny, and suppressing any dissenting voice,” said Agnès Callamard.
“These revelations must act as a catalyst for change. The surveillance industry must no longer be afforded a laissez-faire approach from governments with a vested interest in using this technology to commit human rights violations.”
Exposing Pegasus infrastructure
Amnesty International is today releasing the full technical details of its Security Lab’s in-depth forensic investigations as part of the Pegasus Project.
The Lab’s methodology report documents the evolution of Pegasus spyware attacks since 2018, with details on the spyware’s infrastructure, including more than 700 Pegasus-related domains.
“NSO claims its spyware is undetectable and only used for legitimate criminal investigations. We have now provided irrefutable evidence of this ludicrous falsehood,” said Etienne Maynier, a technologist at Amnesty International’s Security Lab.
There is nothing to suggest that NSO’s customers did not also use Pegasus in terrorism and crime investigations, and the Forbidden Stories consortium also found numbers in the data belonging to suspected criminals.
“The widespread violations Pegasus facilitates must stop. Our hope is the damning evidence published over the next week will lead governments to overhaul a surveillance industry that is out of control,” said Etienne Maynier.
In response to a request for comment by media organizations involved in the Pegasus Project, NSO Group said it “firmly denies” the claims and stated that “many of them are uncorroborated theories which raise serious doubts about the reliability of your sources, as well as the basis of your story.” NSO Group did not confirm or deny which governments are NSO Group’s customers, although it said that the Pegasus Project had made “incorrect assumptions” in this regard. Notwithstanding its general denial of the claims, NSO Group said it “will continue to investigate all credible claims of misuse and take appropriate action based on the results of these investigations”.