Data Leak Shows How Israeli NSO’s Group Spyware was Used to Target Activists, Journalists, and Political Leaders

Data Leak Shows How Israeli NSO’s Group Spyware was Used to Target Activists, Journalists, and Political Leaders

The spyware used by the NSO group has been used as part of a massive global breach of human rights, according to a major investigation into leaks of 50,000 phone numbers of potential surveillance targets. The targets include activities, journalists, and global leaders, including the family of Jamal Khashoggi.

The Pegasus Project, a collaboration of over 80 journalists from 17 media organizations across 10 countries, exposed how the spyware is used as a weapon by repressive governments to silence journalists and destroy dissenters. The Project is coordinated by the French non-profit Forbidden Stories, with technical support from Amnesty International. The group used cutting-edge forensic tests to find traces of the spyware on mobile phones.

These new revelations show how little credit claims that targeted attacks like this are rare and caused by rogue agents have. The company can claim that the spyware is only used as part of legitimate criminal and counterterrorism investigations, but the evidence shows that the technology enables system abuse. The NSO paints a pretty picture of legitimacy that hides the darker human rights violations underneath.

The NSO Group wrote a response to Forbidden Stories in which it “Firmly denies…false claims” from the report. The response says the consortium reported using “wrong assumptions” and “uncorroborated theories” and reiterated the claim that the company was on a “life-saving mission.” Here is a more complete summary of the response.

Investigating Pegasus Spyware

The Pegasus Spyware was at the heart of the investigation. The spyware allows attackers complete access to emails, messages, media, calls, contacts, camera, and microphone of a target phone. News organizations in the Pegasus Project, including The Guardian and Washington Post, plan to publish several stories showcasing how the spyware targeted world leaders, politicians, human rights activists, and journalists.

Forbidden Stories identified potential clients in 11 countries: Azerbaijan, India, Hungary, Kazakhstan, Morocco, Mexico, Saudi Arabia, Rwanda, The United Arab Emirates, and Togo. The NSO Group has failed to take proper action to prevent its tools from being used for unlawful surveillance, even though it either knew – or should have known – that such abuses were taking place.

Potential Khashoggi Connections

The investigation shows potential evidence that family members of murdered Saudi journalist Jamal Khashoggi were targeted with the spyware before and after the journalist was murdered by Saudi operatives in Istanbul on 2^nd October 2018, despite continued denials from NSO Group.

The Amnesty International Security Lab showed the spyware was installed on the phone of Hatice Cengiz, Khashoggi’s fiancée, four days after the murder. Hanan Elatr, his wife, was targeted by spyware several times between September 2017 and April 2018. His son Abdullah, along with other family members, was also targeted across Saudi Arabia and the UAE.

The NSO Group continues to deny all allegations, saying that the technology was not associated with the “heinous murder of Jamal Khashoggi.” The Group also claims to have investigated the claim itself and found no supporting evidence.

Journalism Under Attack

The investigation has discovered some 180 journalists across 20 countries identified as potential targets for the NSO spyware between 2016 and 2021, including journalists in Azerbaijan, India, Morocco, and Hungary – countries where crackdowns on independent media and journalism are increasing.

The discovery shows the damaging potential of such unlawful surveillance:

• Mexican journalist Cellio Pineda was chosen for targeted weeks before he was killed in 2017. The Pegasus Project identified over 25 Mexican journalists chosen for targeting across a two-year period. The NSO says even if the phone was targeted, the data stolen from the phone played no part in the death.
• Pegasus is rampant in Azerbaijan, a country with only a handful of independent media outlets. The investigation identified over 40 journalists chosen as potential targets. The Security Lab discovered that freelance journalist Sevinc Vagifgizi had the spyware for over two years leading up to May 2021.
• At least 40 journalists in India, from every major media outlet in the country, were chosen as potential targets between 2017 and 2021. Forensic testing showed that the phones of MK Venu and Siddharth Varadrajan, the co-founders of The Wire, were infected as recently as June 2021.
• The investigation also found several journalists working for major international organizations including CNN, The Associated Press, Reuters, and The New York Times were chosen as potential targets. Roula Khalaf, the editor for the Financial Times, was one of the most prolific targets.

Exploring and Exposing the Pegasus Infrastructure

Amnesty International plans to release the full technical details of the in-depth forensic investigation as part of the Pegasus Project. The report shows how Pegasus Spyware has evolved since 2018, including details on the infrastructure of the spyware and information on over 700 related domains.

The NSO claims Pegasus Spyware is undetectable and is only used as part of legitimate criminal investigations, but the latest evidence suggests this couldn’t be further from the truth. Amnesty International hopes that publishing this evidence and running stories on the widespread violations will force worldwide governments to bring the surveillance industry under control.