SurveillanceJournalists, Activists among 50,000 Targets of Israeli Spyware: Reports

Published 19 July 2021

Israeli cyber firm NSO Group claims that its Pegasus surveillance malware is sold to governments so they can better track terrorists and criminals, but many of the 45 governments deploying the surveillance software use it to track journalists, opposition politicians, and civil society activists. Some of these governments are authoritarian (for example, Azerbaijan, Bahrain, Kazakhstan, UAE, Saudi Arabia). Other are democracies (for example, India, Mexico, South Africa). The only EU member country to deploy the surveillance malware is Hungary, which places it in violation of the EU’s strict privacy and surveillance regulations.

An investigation by an international consortium of journalists published Sunday revealed that activists, journalists, politicians, and business executives from around the world were targeted by a military-grade malware from Israel-based NSO Group

NSO Group’s flagship Pegasus spyware had been allegedly abused by its clients, mainly governments, the extent of which was reported by multiple media outlets who collaborated on an investigation into a data leak.

The leaked database contains a list of more than 50,000 phone numbers believed to be those of persons of interest by multiple government clients of NSO since 2016, news reports said.

Paris-based non-profit Forbidden Stories and Amnesty International had initially accessed the list and later shared it with media partners as part of the Pegasus Project, the Guardian newspaper said.

The British paper added that the mention of a phone number did not mean the corresponding phone was infected by Pegasus, or that there was an attempted hack. But the consortium believed the list was indicative of potential targets of NSO clients.

___________________________________

HSNW has reported on the NSO group and its spyware for more than five years. See, among other articles:

— “Israeli Court to Hear Case against Spy-Software Company NSO Behind Closed Doors,” HSNW, 17 January 2020

— “The WhatsApp-NSO Group Lawsuit and the Limits of Lawful Hacking,” HSNW, 6 November 2019

— “Private Surveillance Is a Lethal Weapon Anybody Can Buy,” HSNW, 22 July 2019

— “WhatsApp’s Loophole Reveals Role of Private Companies in Cyber-Surveillance,” HSNW, 4 June 2019

— “Israeli Tech Company’s Spyware Turns UAE Activist’s iPhone into a Self-Tracking Device,” HSNW, 29 August 2016

___________________________________

Media outlets participating in the project were able to identify about 1,000 individuals from 50 countries who were potential targets of NSO clients.

They included 85 human rights activists, 189 journalists, at least 65 business executives, and more than 600 politicians and government officials including presidents, prime ministers, and cabinet ministers.

What is Pegasus?
Pegasus is reportedly a highly invasive tool by NSO, the world’s most infamous hacker-for-hire outfit. The firm’s spyware is used to spy on people through their smartphones.

It works by sending an exploit link to the target user, which if clicked downloads malware or code onto the device without the user’s knowledge or permission.

Once the malware is installed, the hacker has complete access to the target’s phone. This includes private data, including passwords, contact lists, calendar events, text messages, and live voice calls.

It even can switch on a target’s phone camera and microphone.