A global media consortium investigation based on leaked targeting data provides further evidence that military malware from Israel’s NSO Group, the world’s most notorious hacker-for-hire group, is being used to target journalists, human rights activists and political dissidents.
From a list of more than 50,000 cell phone numbers received by the Paris-based non-profit journalism organization Forbidden Stories and the human rights group Amnesty International and given to 16 news organizations, journalists were able to identify more than 1,000 people in 50 countries allegedly by NSO- Clients for potential monitoring.
These include 189 journalists, more than 600 politicians and government officials, at least 65 business people, 85 human rights activists and several heads of state, according to The Washington Post, a consortium member. The journalists work for organizations such as The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.
Amnesty also reported that its forensic researchers found that NSO Group’s flagship spyware Pegasus was successfully installed on the phone of post-journalist Jamal Khashoggi’s fiancée, Hatice Cengiz, just four days after he met at the Saudi consulate in Istanbul in 2018 killed had previously been implicated in other espionage on Khashoggi.
In an email response to AP questions, NSO Group denied that it had ever kept “a list of potential, past, or existing targets.” In a separate statement, she called the report “Forbidden Stories” “full of false assumptions and unconfirmed theories.”
The company reiterated its claim that it only sells to “audited government agencies” for use against terrorists and major criminals and that it has no view of its customers’ data. Critics call these claims dishonest – and have provided evidence that NSO is directly managing the high-tech espionage. They say the repeated abuse of Pegasus spyware shows the almost complete lack of regulation in the private global surveillance industry.
The source of the leak – and how it was authenticated – has not been disclosed. While the presence of a phone number in the data does not mean an attempt was made to hack a device, the consortium assumed the data indicated potential targets for NSO’s government customers. The Post said it identified 37 hacked smartphones on the list. Another consortium member, the Guardian, reported that Amnesty found traces of Pegasus infections on the phones of 15 journalists who had their phones checked after their number was included in the leaked data.
Most of the numbers on the list, 15,000, were for Mexican phones, with a large proportion in the Middle East. NSO Group’s spyware has been involved in targeted surveillance primarily in the Middle East and Mexico. Saudi Arabia is said to be one of the NSO customers. Phones in countries like France, Hungary, India, Azerbaijan, Kazakhstan and Pakistan were also on the lists.
“The number of journalists identified as a target clearly shows how Pegasus is used as an instrument to intimidate critical media. It is about controlling the public narrative, defying the control and suppressing any dissenting voice, “Amnesty quoted its general secretary Agnes Callamard.
In a case highlighted by the Guardian, Mexican reporter Cecilio Pineda Birto was murdered in 2017 a few weeks after his cell phone number appeared on the leaked list.
Lauren Easton, director of media relations at AP, said the company was “deeply concerned to learn that two AP journalists along with journalists from many news organizations” were on the list of 1,000 potential targets for Pegasus infection. She said the AP is investigating to see if its two employees’ devices have been compromised by the spyware.
The consortium’s findings build on extensive work by cybersecurity researchers, primarily from the University of Toronto’s Watchdog Citizen Lab. NSO targets identified by researchers as of 2016 include dozens of Al Jazeera journalists and executives, the head of the New York Times Beirut office, Ben Hubbard, Moroccan journalist and activist Omar Radiand, and the well-known Mexican Anti-corruption reporter Carmen Aristegui. Her phone number was on the list, the Post reported. The Times said Hubbard and his former Mexico City office manager, Azam Ahmed, were on the list.
Two Hungarian investigative journalists, Andras Szabo and Szabolcs Panyi, were among the journalists on the list whose phones were successfully infected with Pegasus, the Guardian reported.
Among the more than two dozen previously documented Mexican victims are proponents of a soda tax, opposition politicians, human rights activists investigating a mass disappearance, and the widow of a murdered journalist. In the Middle East, the victims were mostly journalists and dissidents, allegedly targeted by the governments of Saudi Arabia and the United Arab Emirates.
The consortium’s coverage of the “Pegasus Project” supports the allegation that not only autocratic regimes, but also democratic governments, including India and Mexico, have used the NSO Group’s Pegasus spyware for political purposes. Its members, including Le Monde and the Süddeutsche Zeitung, promise a number of stories based on the leak.
Pegasus infiltrates phones to soak up personal and location data and covertly control the smartphone’s microphones and cameras. In the case of journalists, hackers can spy on reporters’ communications with sources.
The program is designed to bypass detection and mask its activity. The NSO Group’s methods of infecting its victims are so sophisticated that researchers say they can now do it without user interaction, the so-called “zero-click” option.
In 2019, WhatsApp and its parent company Facebook sued the NSO Group in a US federal court in San Francisco, accusing them of exploiting a flaw in the popular encrypted messaging service to target around 1,400 users with missed calls alone. The NSO Group denies the allegations.
The Israeli company had been sued the previous year in Israel and Cyprus, both countries from which it exports products. Plaintiffs include Al-Jazeera journalists, as well as other Qatari, Mexican and Saudi journalists and activists who say the company’s spyware was used to hack them.
Several of the lawsuits are heavily based on leaked material made available to Abdullah Al-Athbah, editor of the Qatari newspaper Al-Arab and one of the alleged victims. The footage appears to show officials in the United Arab Emirates debating whether to hack the phones of high-ranking figures in Saudi Arabia and Qatar, including members of the Qatari royal family.
The NSO Group does not disclose its customers, saying that it is selling its technology to Israel-approved governments to help them fight terrorists and disband pedophile rings and sex and drug trafficking rings. It claims its software helped save thousands of lives and denies that its technology was in any way linked to the Khashoggi assassination.
The NSO Group also denies involvement in lavish undercover operations uncovered by The AP in 2019, where shadowy agents targeted NSO critics, including a Citizen Lab researcher, in an attempt to discredit them.
Last year, an Israeli court dismissed Amnesty International’s lawsuit seeking to revoke NSO’s export license, citing insufficient evidence.
The NSO Group is by no means the only retailer of commercial spyware. But its behavior has drawn the most attention, and critics say it is for good reason.
Last month it released its first transparency report, which stated that it “turned down more than $ 300 million in sales opportunities as a result of its human rights review procedures.” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and harsh critic, tweeted, “If this report were printed, it would not be worth the paper it was printed on.”
A new, interactive online data platform, created by the Forensic Architecture group with the support of Citizen Lab and Amnesty International, catalogs the activities of the NSO group by country and destination. The group worked with filmmaker Laura Poitras, best known for her 2014 documentary, Citzenfour, about NSA whistleblower Edward Snowden, which offers video narration.
“Stop what you do and read this,” Snowden tweeted Sunday, referring to the consortium’s findings. “This leak will be the story of the year.”
The British private equity company Novalpina Capital has controlled a majority stake in the NSO Group since 2019. Earlier this year, Israeli media reported that the company was considering an IPO, most likely on the Tel Aviv Stock Exchange.
[ad_1]
