NSO Group's Pegasus spyware used against journalists, political activists worldwide: report

A probe into the group suggests that its products are being used for purposes beyond criminal or terrorist investigations.
Written by Charlie Osborne, Contributing Writer

An investigation into leaked data allegedly connected to NSO Group has resulted in claims that its software is being used to target journalists, activists, and government figures. 

As reported by The Guardian, an investigation into a data leak apparently connected to the Israeli spyware vendor implies that "authoritarian" governments are using NSO Group's Pegasus software to compromise mobile devices belonging to human rights activists, political dissidents, lawyers, journalists, and politicians. 

Pegasus is a spyware tool with remote access capabilities that is able to extract handset information, harvest conversations taking place over apps including WhatsApp and Facebook, monitor email clients and browser activity, record calls, and spy on victims through their microphone and camera. 

Based in Israel, NSO Group markets its products as intended for governments to detect and "prevent a wide range of local and global threats," as well as a way to tackle criminal and terrorist activity. 

However, a probe launched by non-profit Forbidden Stories, Amnesty International, and a number of media outlets alleges that the software is being abused to monitor innocents. 

According to the publication, a leaked list of phone numbers accessed by Forbidden Stories and Amnesty International revealed over 50 000 numbers believed to have been "of interest" to NSO Group clients and "selected for targeting" since 2016.

While the existence of a phone number does not mean that a handset has been compromised, the consortium's investigation -- dubbed the Pegasus project -- says that infection was confirmed: "in dozens of cases."

The project says:

"NSO Group contends that its Pegasus software is meant only to help legitimate law enforcement bodies go after criminals and terrorists, and that any other use would violate its policies and user agreements.

The Pegasus Project did find numbers belonging to suspected criminal figures on the leaked list. However, of over 1,000 numbers whose owners were identified, at least 188 were journalists. Many others were human rights activists, diplomats, politicians, and government officials. At least 10 heads of state were on the list."

In response, the Israeli firm slammed the project's claims as full of "wrong assumptions and uncorroborated theories" and has denied any wrongdoing.

"Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims," the NSO Group says. "In fact, these allegations are so outrageous and far from reality that NSO is considering a defamation lawsuit."

According to the company, the data used to back up the Pegasus project's claims is likely based on "accessible and overt basic information" gleaned from services such as HLR Lookups and are not related to "the customers' targets of Pegasus or any other NSO products."

"Such services are openly available to anyone, anywhere, and anytime, and are commonly used by governmental agencies for numerous purposes, as well as by private companies worldwide," NSO Group says. "The claims that the data was leaked from our servers is a complete lie and ridiculous since such data never existed on any of our servers."

The company repeated that its technologies are only sold to vetted governments, law enforcement, and intelligence agencies. 

In 2019, Facebook filed a lawsuit against the software vendor, alleging that the company was responsible for the sale and deployment of a zero-day vulnerability in WhatsApp to target over 1,400 devices owned by government employees, political dissidents, journalists, activists, and more. 

Tech giants including Microsoft, Google, and Cisco later filed an amicus brief in support of the court case. 

Last year, the US Federal Bureau of Investigation (FBI) launched an investigation into the NSO Group amid suspicions that US citizens and organizations may have been targeted for cyberespionage. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards