Governments of several countries were found using Pegasus software for mass surveillance of journalists, human rights activists, and advocates.
A joint investigation by 17 organizations led by the French Forbidden Stories revealed that several world governments were using the Israeli-developed spyware to carry out surveillance over their citizens.
The investigation was carried out by over 80 journalists from all over the world, including those from The Guardian, The Washington Post, Haaretz, Suddeutsche Zeitung, as well as the human rights organization Amnesty International, and the OCCRP.
What is Pegasus?
Pegasus is malicious spyware that embeds itself on iOS and Android devices and allows the attacker to gain access to chat messages, emails, photos, the user’s GPS, as well as activate the device’s microphone and camera remotely without the user knowing.
The software was originally developed by an Israeli-based company NSO Group. The company specializes in developing advanced software for intelligence agencies.
The Pegasus software’s original intention is said to be surveillance over dangerous criminals and terrorist organizations, with only governmental bodies having access to it.
Over 50,000 people were under surveillance
Forbidden Stories and Amnesty International have gained access to phone numbers that the NSO Group clients could have targeted starting as far back as 2016.
The list does not contain names, but the journalists have identified over a thousand people from 50 countries that could have been surveillance targets. It includes 65 company executives, 85 human rights advocates, over 600 politicians and government functionaries, ministers, diplomats, military servants, several country leaders, and prime ministers.
The list also contains the names of 189 journalists, including the Mexican journalist Cecilio Pineda Birto. His name was added to the surveillance system a few weeks before his assassination in 2017.
The list does not make it clear how many devices were infected by Pegasus, and whether the governments actually carried out active surveillance of their users.
However, a detailed inspection of 67 phones has shown: in 23 cases they were successfully infected by Pegasus, and in 16 cases the government has attempted to do so. Another 30 results remained inconclusive for various reasons.
All of the devices with traces of Pegasus did not belong to criminals. Even though NSO Group has stated that their software will only be used to defend against criminal activity and terrorists.
The investigation also revealed that the spyware was used to carry out attacks on the phones of two women, close to the Saudi Arabian journalist Jamal Khashoggi who was murdered in October 2018 in the Saudi Arabian consulate in Istanbul.
In one of the cases, there was an attempt to hack the device 6 months prior to the assassination, in the second case – a few days after.
The US government has stated that the order to assassinate Khashoggi was given by the Crown Prince of Saudi Arabia Mohammed bin Salman; the accusations were denied by Riyadh.
10 countries identified as clients of the NSO
The 10 countries that were identified as the biggest clients of the NSO-developed Pegasus software were: Azerbaijan, Bahrein, Hungary, India, Kazakhstan, Morocco, Mexico, the United Arab Emirates, Rwanda, and Saudi Arabia.
Over 15 thousand surveillance requests were made by the government bodies of Mexico. It is closely followed by Morocco and the UAE, which made over 10,000 surveillance requests each.
NSO denies the unlawful use of their software
In response to recent accusations, the NSO Group company stated, that:
NSO Group firmly denies false claims made in your report, many of which are uncorroborated theories that raise serious doubts about the reliability of your sources, as well as the basis of your story.
The NSO maintains that the journalist claims are unfounded, and are based on data leaks that have no connection to the Pegasus clients (the company has refused to disclose its customers).
The NSO has also stated that they will continue their own investigation and will take action if the software was indeed used to violate human rights.
The governments deny using the Pegasus program
So far, Hungary, India, Morocco, and Rwanda have denied any claims that they have been using the Pegasus software for surveillance over the general public.
The office of Hungary’s prime minister Viktor Orbán has stated that they know nothing about any kind of surveillance and intelligence gathering claimed by the journalist.
Have you asked the same questions of the governments of the United States of America, the United Kingdom, Germany or France? In the case you have, how long did it take for them to reply and how did they respond? Was there any intelligence service to help you formulate the questions? – States in the government’s response.
The Moroccan authorities have denied any involvement with NSO Group and Pegasus, as did the Indian government.
Israel’s representatives have stated that they only allow the export of their IT products to fight terrorism, investigate and prevent crimes. The Israeli government does not have access to any information gathered by NSO Group.
The governments of Azerbaijan, Bahrain, Kazakhstan, Mexico, the UAE, and Saudi Arabia have not yet made a statement.
Activists and politicians call to tighten control over surveillance systems
Edward Snowden – the former employee of the National Security Agency – has already named the NSO investigation “story of the year”. He also demanded to ban all kinds of surveillance systems as well as holding the developers of Pegasus accountable for the deaths and imprisonment of those targeted by the software.
The coming week's stories about the global hacking of phones identical to the one in your pocket, by for-profit companies, make it clear that export controls have failed as a means to regulate this industry.
Only a comprehensive moratorium on sales can remove the profit motive.
— Edward Snowden (@Snowden) July 18, 2021
David Kay – the UN Special Rapporteur in 2014-2020 – has proposed a worldwide moratorium on selling and handing over spyware.
what's the solution to an out-of-control #spyware industry? start with a global moratorium on sale/transfer & move toward this (from my report to @UN_HRC in 2019): https://t.co/WEgxIN7stx pic.twitter.com/1uOtpB9f8A
— David Kaye (@davidakaye) July 18, 2021
The head of Whatsapp Will Cathcart stated that NSO-developed software is being used to violate human rights all over the world and called to hold its users accountable.
This groundbreaking reporting from @Guardian, @WashingtonPost, and many others demonstrates what we and others have been saying for years: NSO’s dangerous spyware is used to commit horrible human rights abuses all around the world and it must be stopped.https://t.co/dMD0wKjceF
— Will Cathcart (@wcathcart) July 18, 2021