NSO Group’s Pegasus malware was abused by its government clients to spy on journalists, opposition politicians and rights activists, an investigation revealed. The targets also include presidents and prime ministers.
An investigation by an international consortium of journalists published Sunday revealed that activists, journalists, politicians, and business executives from around the world were targeted by a military-grade malware from Israel-based NSO Group.
NSO Group’s flagship Pegasus spyware had been allegedly abused by its clients, mainly governments, the extent of which was reported by multiple media outlets who collaborated on an investigation into a data leak.
The leaked database contains a list of more than 50,000 phone numbers believed to be those of persons of interest by multiple government clients of NSO since 2016, news reports said.
Paris-based non-profit Forbidden Stories and Amnesty International had initially accessed the list and later shared it with media partners as part of the Pegasus Project, the Guardian newspaper said.
The British paper added that the mention of a phone number did not mean the corresponding phone was infected by Pegasus, or that there was an attempted hack. But the consortium believed the list was indicative of potential targets of NSO clients.
Media outlets participating in the project were able to identify about 1,000 individuals from 50 countries who were potential targets of NSO clients.
They included 85 human rights activists, 189 journalists, at least 65 business executives, and more than 600 politicians and government officials including presidents, prime ministers, and cabinet ministers.
What is Pegasus?
Pegasus is reportedly a highly invasive tool by NSO, the world’s most infamous hacker-for-hire outfit. The firm’s spyware is used to spy on people through their smartphones.
It works by sending an exploit link to the target user, which if clicked downloads malware or code onto the device without the user’s knowledge or permission.
Once the malware is installed, the hacker has complete access to the target’s phone. This includes private data, including passwords, contact lists, calendar events, text messages, and live voice calls.
It even can switch on a target’s phone camera and microphone.
According to reports, the malware can even be installed without the target clicking the “exploit link.”
Targets in India, Mexico
NSO clients not only included totalitarian states such as Saudi Arabia, and Azerbaijan, but also democracies including India and Mexico.
The Wire, an Indian news website and member of the consortium, reported that 300 mobile phones used in India were on the list.
The phone numbers were used by cabinet ministers, opposition politicians, journalists, lawyers, businessmen, scientists, and rights activists, the news website said.
More than 40 Indian journalists from major publications including The Hindu, the Indian Express, and two founding editors of The Wire, were among people whose numbers were on the list.
In 2019, a study by the University of Toronto’s Citizen Lab revealed that the Indian government was spying on lawyers, activists, and journalists using the Pegasus software via WhatsApp.
The Indian government had denied the allegations after WhatsApp filed a lawsuit against NSO in the United States, in which the messenger app confirmed the details reported by Citizen Lab.
The Washington Post, another member of the consortium, reported that 10,000 phone numbers on the list were from Mexico, belonging to politicians, union representatives, journalists, and government critics.
One of them was a Mexican freelance journalist who was murdered at a carwash. His cellphone was never found, and it could not be confirmed if it was infected with Pegasus.
Jamal Khashoggi’s fiancée targeted
Amnesty International reported that the spyware was successfully installed on the phone of two women close to Saudi journalist Jamal Khashoggi, including his fiancée, Hatice Cengiz. Pegasus infected Cengiz’s phone just four days before he was killed in the Saudi Consulate in Istanbul in 2018, the report said.
This is the second time NSO has been implicated in spying on Khashoggi.
In January 2020, United Nations experts called for an official investigation into reports that Saudi Crown Prince Mohammed bin Salman had the phone of Amazon founder and Washington Post owner Jeff Bezos hacked.
Bezos’ phone was presumably hacked to keep tabs on the reporting of the Post, for which Khashoggi wrote.
NSO issues denial
The Israeli firm issued a denial on Sunday, calling the report by Forbidden Stories “full of wrong assumptions and uncorroborated theories.”
The company even threatened to file a defamation lawsuit.
“We firmly deny the false allegations made in their report,” NSO said.
“As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi,” it said.
“We would like to emphasize that NSO sells its technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts.”