In groundbreaking research, it has been revealed that governments and regimes around the world used NSO Group’s Pegasus spyware, a company based in Herzliya, Israel.
Around 17 media outlets participated in a sweeping investigation on the nefarious activities of Israeli spyware maker NSO Group’s Pegasus spyware. Washington Post reports that investigation revealed the software was used for hacking nearly 37 smartphones of human rights activities and journalists.
Reportedly, the phone numbers were stored in a leaked list of numbers and discovered by Paris-based journalism non-profit organization Hidden Stories and Amnesty International. It is also revealed that NSO singled out these numbers and crafted the list to facilitate surveillance activities of its client governments.
About Pegasus Software Capabilities
For your information, NSO offers spyware to governments for tracking potential criminals and terrorists. Pegasus software can extract the entire data from a mobile device and activate its microphone to eavesdrop on the conversations.
This isn’t the first time that Pegasus spyware is blamed for carrying out surveillance activities. Citizen Lab reported between July and August 2020, 36 phones belonging to Al Jazeera journalists were hacked using Pegasus by hackers sponsored by governments in the Middle East.
On the other hand, encrypted chat service WhatsApp sued NSO in 2019, accusing the company of hacking its users.
The list comprising journalists’ numbers dates back to 2016 and includes nearly 50,000 numbers, including 180 journalists. Part of the list is The Post’s own reporters and reporters/journalists from CNN, Voice of America, the Associated Press, the New York Times, Bloomberg News, the Wall Street Journal, Agence France-Presse, Le Monde, Al Jazeera, and the Financial Times.
The list also includes numbers of two females having ties with the murdered Saudi journalist Jamal Khashoggi and Mexican journalist Cecilio Pineda Birto.
The report suggested that both iPhone and Android were the targets, but the company found surveilling the iPhones easier via Pegasus. They could easily use Apple’s zero-click exploit on iMessage in iOS version 14.6 to hack an iPhone and install Pegasus spyware. The exploit is known as KISMET and was later patched by Apple on an urgent basis.
NSO Denies the Report
As per an NSO spokesperson, the company rejected the allegations and claims made in the report. NSO stated that the report makes wrong assumptions and “uncorroborated theories” that make its reliability and customers’ intentions doubtful. The company also questioned the sources used by the media outlets in their investigation.
“After checking their claims, we firmly deny the false allegations made in their report. These allegations are so outrageous and far from reality,” the company stated.
Moreover, NSO is planning to file a defamation lawsuit against the investigators. However, Amnesty International Security Lab, which is part of this investigation with Pegasus Project, a consortium of news outlets, refuted NSO’s claims that its software is only used to investigate terrorism and crime-related activities and claims that Pegasus’s surveillance tactics violate user privacy and human rights laws.