Pegasus: Report finds spyware used to target journalists, activists

NSO Group sold the surveillance tool to authoritarian governments, investigation finds

Spyware manufactured by Israeli firm NSO Group was sold to authoritarian governments to target at least 50,000 journalists, government and union officials, human rights activists, business executives, religious figures, academics, NGO employees, and lawyers, an investigation has found. 

This investigation was conducted by 17 media organisations, including the Washington Post and the Guardian, which published a list of more than 50,000 affected phone numbers over the weekend.

The media outlets, known collectively as the Pegasus Project, found that the NSO Group had been selling its Pegasus spyware to the governments of  Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates.

Pegasus was used to extract messages, photos, and emails, as well as to record calls and activate microphones on iOS and Android devices. These included mobile phones belonging to close associates of the murdered journalists Jamal Khashoggi, from the Washington Post, and Cecilio Pineda Birto, a Mexican freelance reporter. Mexico was found to be the NSO Group’s largest client, with over 15,000 affected phone numbers being linked to the country.

The NSO Group denied the allegations, adding that they were considering legal action against the media publications.

“We would like to emphasise that NSO sells it[s] technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts. NSO does not operate the system and has no visibility to the data,” the company stated on its website. 

Related Resource

Hybrid cloud for video surveillance

What it is and why you'll want one

Wasabi_Hybrid_Cloud_Video_Surveillance_WP_coverFree download

“Our technologies are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones. Simply put, NSO Group is on a life-saving mission, and the company will faithfully execute this mission undeterred, despite any and all continued attempts to discredit it on false grounds,” it added.

Pegasus Project partner, Amnesty International’s secretary general Agnès Callamard, described the Pegasus spyware as “a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril”.

“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology. While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations,” she added.

Callamard also called for “an immediate moratorium on the export, sale, transfer and use of surveillance technology” until sufficient regulations are set in place.

Last year, it was revealed that Facebook had attempted to purchase NSO Group's Pegasus spyware to monitor iOS users.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
£100 contactless payment limit could place shoppers at risk, warn industry experts
Policy & legislation

£100 contactless payment limit could place shoppers at risk, warn industry experts

15 Oct 2021
Hackers used MSHTML exploit a week before patches were ready
zero-day exploit

Hackers used MSHTML exploit a week before patches were ready

14 Oct 2021
Hackers fake DocuSign and offer fraudulent signing methods
document management systems (DMS)

Hackers fake DocuSign and offer fraudulent signing methods

14 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021