Emrah Gurel / AP
BOSTON – Global media consortium investigation based on targeting data leaks provides further evidence that military-grade malware from Israeli group NSO, the world’s most infamous hacker company, is being used to spy journalists, human rights activists and political dissidents.
From a list of more than 50,000 mobile phone numbers obtained by the Paris-based nonprofit journalism association Forbidden Stories and the human rights group Amnesty International and shared with 16 news organizations, the Journalists were able to identify more than 1,000 people in 50 countries who would have been selected by NSO Clients for potential surveillance.
They include 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists and several heads of state, according to the Washington Post, a member of the consortium. Journalists work for organizations such as the Associated Press, Reuters, CNN, the Wall Street Journal, Le Monde and the Financial Times.
Amnesty also reported that its forensics researchers determined that NSO Group’s flagship spyware, Pegasus, was successfully installed on the phone of Post journalist Jamal Khashoggi’s fiancee, Hatice Cengiz, just four days after her assassination. at the Saudi consulate in Istanbul in 2018. The company had previously been involved in other spies on Khashoggi.
The NSO Group denied in an email response to AP’s questions that it had ever kept “a list of potential targets, past or existing.” In a separate statement, he called the Forbidden Stories report “filled with flawed assumptions and unsubstantiated theories.”
The company reiterated its claims that it only sold to “controlled government agencies” for use against terrorists and major criminals and that it had no visibility into its customer data. Critics call the claims dishonest – and have provided evidence that NSO directly handles high-tech espionage. They say the repeated abuse of Pegasus spyware highlights the almost complete lack of regulation of the private global surveillance industry.
Most of the numbers listed were for Mexican phones, then Middle Eastern ones
The source of the leak – and how it was authenticated – has not been disclosed. While the presence of a phone number in the data doesn’t mean an attempt was made to hack a device, the consortium said it believed the data pointed to potential targets of NSO’s government customers. The Post said it had identified 37 hacked smartphones on the list. The Guardian, another member of the consortium, reported that Amnesty found traces of Pegasus infections on the cellphones of 15 journalists who let their phones be examined after discovering their number was in the leaked data.
The most numbers on the list, 15,000, were for Mexican phones, with a large share in the Middle East. NSO Group’s spyware has been involved in targeted surveillance primarily in the Middle East and Mexico. Saudi Arabia is said to be among the NSO’s clients. The lists also included phones in countries such as France, Hungary, India, Azerbaijan, Kazakhstan and Pakistan.
âThe number of journalists identified as targets vividly illustrates how Pegasus is being used as a tool to intimidate critical media. It is about controlling public discourse, resisting scrutiny and suppressing any dissenting voice, âAmnesty said, quoting its secretary general, Agnes Callamard, as saying.
In a case highlighted by the Guardian, Mexican journalist Cecilio Pineda Birto was murdered in 2017 weeks after his cell phone number appeared on the leaked list.
AP Media Relations Director Lauren Easton said the company was “deeply disturbed to learn that two AP reporters, as well as reporters from numerous news agencies” were on the 1,000 list. potential targets for Pegasus infection. She said the AP was investigating to try to determine whether the devices of her two employees were compromised by the spyware.
The findings stem from research that began years ago
The consortium’s findings are based on extensive work by cybersecurity researchers, primarily from the University of Toronto watchdog Citizen Lab. NSO targets identified by researchers from 2016 include dozens of journalists and Al-Jazeera executives, New York Times Beirut bureau chief Ben Hubbard, Moroccan journalist and activist Omar Radi and prominent Mexican anti-corruption journalist Carmen Aristegui. His phone number was on the list, the Post reported. The Times said Hubbard and his former Mexico City bureau chief, Azam Ahmed, were on the list.
Two Hungarian investigative journalists, Andras Szabo and Szabolcs Panyi, were among the list journalists whose phones were successfully infected with Pegasus, the Guardian reported.
Among more than two dozen Mexican targets already documented are supporters of a soda tax, opposition politicians, human rights activists investigating a mass disappearance and the widow of a murdered journalist. In the Middle East, the victims are mostly journalists and dissidents, who have reportedly been targeted by the governments of Saudi Arabia and the United Arab Emirates.
The consortium’s reports on the “Pegasus Project” reinforce accusations that not only autocratic regimes but also democratic governments, including India and Mexico, have used NSO Group’s Pegasus spyware for political ends. Its members, including Le Monde and Sueddeutsche Zeitung from Germany, promise a series of stories based on the leak.
Pegasus infiltrates phones to suck up personal and location data and surreptitiously control smartphone microphones and cameras. In the case of journalists, this allows hackers to spy on journalists’ communications with sources.
The program is designed to bypass detection and hide its activity. The NSO Group’s methods of infecting its victims have become so sophisticated that researchers say it can now do so without any user interaction, the so-called “zero click” option.
NSO Group has been sued by various organizations
In 2019, WhatsApp and its parent company Facebook sued NSO Group in US federal court in San Francisco, accusing it of exploiting a loophole in the popular encrypted messaging service to target – with only missed calls – some 1 400 users. NSO Group denies the charges.
The Israeli company was sued the previous year in Israel and Cyprus, two countries from which it exports products. The plaintiffs include Al-Jazeera journalists, as well as other Qatari, Mexican and Saudi journalists and activists who say the company’s spyware was used to hack them.
Several of the prosecutions rely heavily on leaked information provided to Abdullah Al-Athbah, editor of the Qatari newspaper Al-Arab and one of the alleged victims. The material appears to show officials in the United Arab Emirates discussing whether to hack the phones of senior officials in Saudi Arabia and Qatar, including members of the Qatari royal family.
NSO Group does not disclose its customers and says it sells its technology to governments approved by Israel to help them target terrorists and break down pedophile rings and drug and sex trafficking rings. He claims his software has helped save thousands of lives and denies that his technology was in any way associated with Khashoggi’s murder.
NSO Group also denies any involvement in any elaborate undercover operations uncovered by the PA in 2019 in which shadow operatives targeted NSO critics, including a Citizen Lab researcher, in an attempt to discredit them.
Last year, an Israeli court dismissed an Amnesty International lawsuit to revoke NSO’s export license, citing insufficient evidence.
Hacking firm says it has review processes, rejects contracts
NSO Group is far from the only commercial spyware dealer. But his behavior has garnered the most attention, and critics say it is with good reason.
Last month it released its first transparency report, in which it says it rejected “more than $ 300 million in sales opportunities as a result of its human rights review processes.” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and outspoken critic, tweeted: âIf this report were printed, it wouldn’t be worth the paper it was printed on.
A new online interactive data platform created by the Forensic Architecture group with the support of Citizen Lab and Amnesty International lists the activities of the NSO group by country and by target. The group has teamed up with filmmaker Laura Poitras, best known for her 2014 documentary “Citzenfour” about NSA whistleblower Edward Snowden, which features video narratives.
“Stop what you’re doing and read this,” Snowden tweeted on Sunday, reference to the conclusions of the consortium. “This leak is going to be the story of the year.”
Since 2019, UK private equity firm Novalpina Capital has controlled a majority stake in NSO Group. Earlier this year, Israeli media reported that the company was considering an initial public offering, most likely on the Tel Aviv Stock Exchange.