A global media consortium has found additional evidence that NSO Group, Israel’s most notorious hacker-for hire outfit, is using military-grade malware to spy on journalists, activists, and political dissidents.
A list of over 50,000 phone numbers was compiled by Forbidden Stories, a Paris-based journalist organization. It was shared with 16 news agencies. The journalists were able identify more than 1,000 people in 50 countries who were selected by NSO clients to be subject to surveillance.
According to The Washington Post (a member of the consortium), they include 189 journalists and more than 600 politicians, government officials, and 85 human rights activists. The journalists are employed by organizations such as The Associated Press and Reuters, CNNs, The Wall Street Journals, Le Monde, The Financial Times, and CNN.
Amnesty reported that the forensic experts at NSO Group’s flagship Pegasus spyware was installed on Jamal Khashoggi, a Post journalist,’s phone. This was just four days after Khashoggi was murdered in Istanbul’s Saudi Consulate in 2018. This company was previously implicated in spying on Khashoggi.
NSO Group replied to AP’s questions by email, denying that it had ever maintained a “list of potential, past, or existing targets.”
The company claimed that it sells only to “vetted government agency” to use against terrorists or major criminals, and that it does not have access into the data of its customers. Critics have shown evidence that NSO directs high-tech spying and called those claims disingenuous. They claim that the widespread use of Pegasus spyware is a sign of the almost complete absence of regulation in the private global surveillance market.
The source of the leak and the method by which it was authenticated were not revealed. Although a phone number is not a sign that someone attempted to hack a device using it, the consortium stated that the data could indicate potential targets for NSO’s government clients. The Post reported that 37 of the hacked phones were identified by it. Another consortium member, The Guardian, reported that Amnesty found evidence of Pegasus infection on 15 journalist whose phones were examined after they discovered their number in the leaked data.
The list contained 15,000 numbers, the most for Mexican phones and a large portion from the Middle East. Targeted surveillance has been a major concern for NSO Group’s spyware, mainly in Mexico and the Middle East. NSO Group’s spyware is believed to have been used in targeted surveillance in the Middle East and Mexico. The lists also included phones from countries such as India, Pakistan, Hungary, India and Azerbaijan.
Pegasus is used to intimidate critical media. “The number identified journalists as targets clearly illustrates this,” Amnesty reported. It’s about controlling the public narrative, resisting scrutiny and suppressing any opposition,” Amnesty quoted Agnes Callamard as its secretary-general.
One case highlighted in the Guardian: Cecilio Pineda Burto, a Mexican reporter, was assassinated just weeks after his cell number appeared on the leaked List.
Lauren Easton, AP’s director for media relations, stated that the company was “deeply disturbed” to discover that two AP journalists and journalists from other news organizations are among the 1,000 potential targets of Pegasus infection. She stated that the AP was conducting an investigation to see if the spyware had infected its two staff members.
These findings are based on extensive research by cybersecurity researchers, mostly from Citizen Lab at the University of Toronto. Researchers identified NSO targets in 2016, including dozens of Al-Jazeera journalists, executives, New York Times Beirut Bureau chief Ben Hubbard and Omar Radi, a Moroccan journalist and activist, and Carmen Aristegui, a prominent Mexican anti-corruption reporter. The Post reported that her phone number was listed on the list. According to the Times, Hubbard and Azam Ahmed (the former Mexico City bureau chief), were both on the list.
Two Hungarian investigative journalist, Andras Szabo, and Szabolcs Pantyi were among those on the list whose phones were infected with Pegasus.
There are more than twenty-one previously documented Mexican targets: opposition politicians, human right activists investigating a mass disappearance, and widow of a murdered journalist. The victims in the Middle East have been mostly journalists and dissidents. They were allegedly targeted by the Saudi or United Arab Emirates governments.
The “Pegasus Project”, reporting by the consortium, supports accusations that both autocratic regimes and democratic governments (including India and Mexico) have used NSO Group’s Pegasus spyware to achieve political ends. The consortium’s members include Le Monde of Germany and Sueddeutsche Zeitung from Germany. They promise a series of stories that are based on the leak.
Pegasus infiltrates smartphones to steal personal and geographic data, and then secretly controls the microphones and cameras. This allows hackers to spy on journalists’ communications with their sources.
It is designed to hide its activities and avoid detection. Researchers have found that NSO Group’s infected victims can be infected without the need for user interaction. This is called “zero-click”.
NSO Group was sued by WhatsApp and Facebook its parent company in U.S. federal Court in San Francisco in 2019, alleging it exploited a flaw of the popular encrypted messaging platform to target users — with just missed calls — around 1,400. NSO Group denied the allegations.
In Israel and Cyprus, where it exports its products, the Israeli company was sued. Al-Jazeera journalists as well as other Qatari and Mexican journalists and activists allege that the spyware used by the company was used to hack their computers.
Many of the suits are heavily influenced by leaked material that was provided to Abdullah Al-Athbah editor at Al-Arab, one of the alleged victims. This material seems to show officials from the United Arab Emirates discussing hacking into phones of senior Saudi Arabian and Qatari figures, as well as members of the Qatari royal families.
NSO Group doesn’t disclose the names of its clients. It claims it sells its technology directly to Israeli-approved governments in order to assist them in targeting terrorists, breaking up pedophile rings, and sex and drug-trafficking rings. It claims that its software has saved thousands of lives, and denies any connection to Khashoggi’s death.
NSO Group also denied involvement in the elaborate undercover operations uncovered in 2019 by The AP. In which shadowy operatives targeted NSO critics, including a Citizen Lab researcher, to discredit them.
An Israeli court dismissed a lawsuit by Amnesty International seeking to strip NSO its export license.
NSO Group is not the only seller of commercial spyware. Its behavior has attracted the most attention and critics agree.
It published its first transparency document last month. In it, it claims that it rejected more than $300 million in sales opportunities due to its human rights review processes.
An interactive online data platform was created by Forensic Architecture, with the support of Citizen Lab and Amnesty International. It lists NSO Group activities by country and target. The group partnered with Laura Poitras (best known for her 2014 documentary “Citzenfour”, about Edward Snowden, NSA whistleblower), who offers narrations.
“Stop doing what you’re currently doing and read this,” Snowden tweeted Sunday. was referring to the findings of the consortium. “This leak will be the story for the year.”
The majority of NSO Group has been held by the U.K. private capital firm Novalpina Capital since 2019. Israeli media reportedthe firm was looking at an initial public offering. Most likely, it would be on the Tel Aviv Stock Exchange.