July 26, 2021 (LifeSiteNews) – A collaborative investigation into the use of next-generation cyber surveillance software by government agencies, supposedly to be used to track terrorist targets, has revealed that the spyware was in fact employed to hack the smartphones of thousands of journalists, lawyers, businessmen, and politicians across 20 countries.
The technology in question, Pegasus, was designed and sold by Israel-based technology firm NSO Group, which sold and distributed the hacking software to the governments of eleven countries. But a report in The Guardian claimed that at least 10 of those states, including Saudi Arabia, India, and Hungary, abused the powers granted by the spyware.
The technology allows users to “infect” cell phones powered by Apple iOS and Android operating systems, giving access to the owner’s photographs and private messages, as well as the ability to hack a device’s microphone, camera, and geolocation facilities, completely covertly.
The joint investigation, run in partnership with 80 journalists from 17 media outlets in 10 countries and known as the Pegasus Project, was spearheaded by Parisian non-profit Forbidden Stories, with technical assistance provided by advocacy group Amnesty International.
Reports published by some of the media partners involved in the investigation, including the Washington Post and The Guardian, detail a data leak of 50,000 telephone numbers, suspected as targets of Pegasus spyware.
Members of the Pegasus Project believe that the numbers could belong to individuals targeted by NSO’s government clients, however not every number was correlated with a device able to be hacked by Pegasus spyware. According to the Guardian, “forensic examinations of a small sample of mobile phones with numbers on the list found tight correlations between the time and date of a number in the data and the start of Pegasus activity – in some cases as little as a few seconds,” meaning that the likelihood of Pegasus being used to at least attempt secret surveillance is far from negligible.
Amnesty was able to identify 23 successfully infected smartphones from a small pool of 67 devices on which hacking was suspected, with 14 showing signs of a failed attempt. The Amnesty Security Lab revealed that while Android-powered devices do not log the information that Amnesty uses to investigate Pegasus infection, three of the fifteen Android phones examined showed signs of unsuccessful hacking attempts.
The Post reported that, through investigating the numbers on the data list, they were able to identify over 1,000 of the people whose numbers appeared, including “several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials — including cabinet ministers, diplomats, and military and security officers.” They added that many of the numbers belonged to foreign presidents and prime ministers.
Of the 189 journalists identified in the data leak, Financial Times editor Roula Khalaf was named, but an examination of her phone confirmed that any attempted hack with Pegasus software was unsuccessful, a lawyer representing NSO said.
Within India, 38 journalists were possible Pegasus targets, some of whom the Guardian notes were “critics of the prime minister.” Likewise in Azerbaijan, a country in which only a handful of independent press agencies still exist, Amnesty said, there were at least 48 journalists targeted, “many of them critics of repression and corruption,” the article reads.
The NSO client country which registered the most activity with the software, accounting for 30 percent of all numbers identified in the data leak, was Mexico, from where a staggering 15,000 individual numbers were found to originate. The Guardian reported that multiple government-run agencies within Mexico are known to have purchased Pegasus.
The late Mexican journalist Cecilio Pineda Birto, who was tracked and murdered at a carwash, was identified as one of those whose device had been infected, just weeks before his demise. The Guardian report notes that his smartphone was not recovered after his death, and thus no examination could be carried out to establish a successful Pegasus penetration.
NSO responded to allegations of a connection between their flagship spyware and Birto’s death, saying that “even if” Birto’s phone had been targeted, “that does not mean that the NSO Group client or data collected by NSO Group software were in any way connected to the journalist’s murder the following month.”
“Correlation does not equal causation,” the company’s lawyers continued, “and the gunmen who murdered the journalist could have learned of his location at a public carwash through any number of means not related to NSO Group, its technologies, or its clients.”
Despite historically tense relations with the state of Israel, Saudi Arabian agencies acquired NSO’s Pegasus software in a deal authorized by the Israeli government and worth upwards of $55 million, according to a Guardian report. NSO acknowledged in a recent report into the company’s dealings that the Israeli government “closely regulate[s]” their exports, “strictly” restricting the licencing of their military-grade spyware to would-be customers based on human rights concerns.
To this end, Riyadh had its privileges withdrawn by NSO shortly after the murder of Washington Post journalist Jamal Khashoggi in 2018, but was permitted to use the technology again after the Israeli government stepped in. No reason for the government intervention was ever made public.
The Pegasus Project discovered evidence of successful Pegasus infection in the phone of Khashoggi’s fiancée, Hatice Cengiz, just days after his murder. Other family members were also identified as targets in the months leading up to the Saudi journalist’s murder.
NSO released a statement, defending that their “technology was not used to listen, monitor, track, or collect information regarding him or his family members… We previously investigated this claim, which again, is being made without validation.”
In spite of NSO’s commitment to human rights, Saudi Arabia and at least nine other countries thought to be using the spyware against its citizens have contracts with NSO, and diplomatic relations are reported to have improved “markedly” between these states and Israel in recent years.
In fact, the Guardian reported that no country known to have poor diplomatic relations with Israel has any NSO technology.
NSO Chief Executive Shalev Hulio responded to the widespread reports of illegitimate surveillance using his company’s product, saying that they “are checking every allegation, and if some of the allegations are true, we will take stern action, and we will terminate contracts like we did in the past.”
“If anybody did any kind of surveillance on journalists, even if it’s not by Pegasus, it’s disturbing,” Hulio said. The company has publicly denied all the reported wrongdoing associated with their spyware, claiming that the joint investigation is based on “uncorroborated theories” and “wrong assumptions.”
Upon the revelations of malicious use of Pegasus spyware Agnès Callamard, the Secretary General of Amnesty International, said that the Pegasus Project “lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril.”
She added that the reports “blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology.”
“While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations.”
Callamard stressed the need for regulation within the surveillance industry, which has so far “created a wild west of rampant abusive targeting of activists and journalists.”
“The surveillance industry must no longer be afforded a laissez-faire approach from governments with a vested interest in using this technology to commit human rights violations.”
“Until this company and the industry as a whole can show it is capable of respecting human rights,” she added, “there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology.”
NSO has said that it sells its products to 60 clients in 40 countries worldwide but will not identify who its customers are, citing confidentiality agreements. The firm maintains that it deals only with national military, law enforcement, and intelligence agencies, vetting each state which invests in the technology for human rights violations.
Further distancing itself from any criminal wrongdoing, NSO affirmed that it “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets.”
The firm maintains the position that it “creates technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe.”