Activists, journalists and politicians around the world have been spied on using cellphone malware developed by a private Israeli firm, reports said Sunday, igniting fears of widespread privacy and rights abuses.
The use of the software, called Pegasus and developed by Israel’s NSO Group, was reported on by the Washington Post, the Guardian, Le Monde and other news outlets who collaborated on an investigation into a data leak.
The leak was of a list of up to 50,000 phone numbers believed to have been identified as people of interest by clients of NSO since 2016, the reports said.
Israeli firm’s #spyware Pegasus found on phones worldwide. https://t.co/AMTqVp8Oid#infosec #cybersecurity #privacy #malware pic.twitter.com/4Kfff42XP6
— Incognito (@incognito_app) July 19, 2021
Not all of those numbers were subsequently hacked, and the news outlets with access to the leak said more details about those who were compromised would be released in coming days.
Among the numbers on the list are those of journalists for media organizations around the world including Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, the Associated Press, Le Monde, Bloomberg, the Economist, Reuters and Voice of America, the Guardian said.
The use of the software to hack the phones of Al-Jazeera reporters and a Moroccan journalist has been reported previously by Citizen Lab, a research center at the University of Toronto, and Amnesty International.
50,000 phone numbers worldwide on list linked to Israeli spyware.
Pegasus malware is capable of switching on a phone's camera or microphone and harvesting its data. Details: https://t.co/r0n9IKZpMP #PegasusSpyware pic.twitter.com/B5eX7VVyWK
— Khaleej Times (@khaleejtimes) July 19, 2021
Among the numbers found on the list were two belonging to women close to Saudi-born journalist Jamal Khashoggi, who was murdered by a Saudi hit squad in 2018.
The list also included the number of a Mexican freelance journalist who was later murdered at a carwash. His phone was never found and it was not clear if it had been hacked.
The Washington Post said numbers on the list also belonged to heads of state and prime ministers, members of Arab royal families, diplomats and politicians, as well as activists and business executives.
Prime Minister @ImranKhanPTI's phone was also targeted via Pegasus Malware. Since, overwhelming proportion of Cabinet Members are evidently using iPhone, their phones must be inspected for any potential traces of the Pegasus. 1/2 #Cyberespionage pic.twitter.com/AXGlmTNJOH
— Rafay Baloch (@rafaybaloch) July 19, 2021
The list did not identify which clients had entered the numbers on it. But the reports said many were clustered in 10 countries – Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates.
The Guardian wrote that the investigation suggests “widespread and continuing abuse” of Pegasus, which NSO says is intended for use against criminals and terrorists.
Amnesty International and Forbidden Stories, a Paris-based media non-profit organization, initially had access to the leak, which they then shared with media organizations.
#UPDATE France said on Monday it was outraged over allegations that Morocco's intelligence services used Israeli malware to spy on dozens of French journalists, calling revelations in the media "extremely shocking" https://t.co/d5FHjr6Y5g #Pegasus pic.twitter.com/bTHMwioPb0
— AFP News Agency (@AFP) July 19, 2021
NSO, a leader in the growing and largely unregulated private spyware industry, has previously pledged to police for abuses of its software.
It called the allegations exaggerated and baseless, according to The Washington Post, and would not confirm its clients’ identities.
Citizen Lab reported in December that dozens of journalists at Qatar’s Al-Jazeera network had their mobile communications intercepted by sophisticated electronic surveillance.
Amnesty International reported in June of last year that Moroccan authorities used NSO’s Pegasus software to insert spyware onto the cellphone of Omar Radi, a journalist convicted over a social media post.
(The New Arab, PC, Social Media)