Table of Contents
A sweeping investigation of a data leak containing more than 50,000 phone numbers has exposed widespread abuse of “military-grade spyware” developed by the Israeli company NSO Group, which has been used to monitor journalists, activists, and lawyers around the world.
This investigation, called the Pegasus Project, is being conducted by more than 80 journalists representing 17 media organizations in ten countries under the coordination of Forbidden Stories, a Paris non-profit media organization, with the technical assistance of Amnesty International.
Amnesty International’s Secretary-General said:
“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists, and crush dissent, placing countless lives in peril. These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology.
While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy while profiting from widespread human rights violations.”
Governments around the world purchase surveillance software from a vendor that either uses previously unknown security vulnerabilities in popular apps or tricks potential targets into clicking a malicious link. A state-run intelligence agency or law enforcement agency is the sole user of NSO Group’s precision cyber intelligence solutions.
Even though the attacks stretched over seven years, spanning from 2014 to July 2021, 180 journalists and more than 600 politicians and government officials have been identified so far. Nevertheless, Rwanda, Morocco, India, and Hungary said they didn’t use Pegasus to hack the people’s phones on the list.
Human Rights activists and journalists have long been targeted by phone-penetrating spy software from NSO Group. A vulnerability found in then-unpatched WhatsApp led to at least two dozen academics, lawyers, activists, and journalists in India being targeted for unlawful surveillance by a third party. Since then, WhatsApp has taken the company to court based on evidence that “the attackers previously held hosting accounts with NSO.”
The latest developments come days after another Israeli company known as Candiru was exposed as the commercial spyware provider behind a series of “precision attacks” against more than 100 journalists, academics, activists, and political dissidents across the globe.