The software is sold by the Israeli surveillance company NSO Group and is intended to be used to track terrorists and criminals. Instead, activists, journalists and lawyers around the world have been exposed to authoritarian governments using hacking software against them, according to a new review of a massive data leak.
The review was conducted by 17 major media organizations, under the Pegasus Collaborative name, and points to widespread and ongoing abuse of NSO’s Pegasus spyware. The company insists that the software is only intended for use against criminals and terrorists, and believes that authoritarian regimes are unlikely to abuse it.
Pegasus is a malicious code Which infects iPhone and Android devices and enables the person running the app to secretly extract messages, photos, emails, record calls and activate microphones.
The 37 phone numbers were included in a leaked list of numbers seized by the Paris-based non-profit media organization Forbidden Stories and human rights organization Amnesty International. The list consists of 50,000 number of representatives, who are believed to be interested in monitoring which countries are NSO clients.
It is not known how many numbers were monitored in the list, but forensic analysis of 104 smartphones, conducted by the AI Security Lab, showed a clear correlation between the number added to the list and the monitored phone on 37 of the phones.
included in the list, According to The Guardian, hundreds of business leaders, religious figures, academics, NGOs, union officials and government officials, including presidents and prime ministers, have yet to be published.
The list also includes more than 180 journalists, including journalists, editors and executives at the Financial Times, CNN, New York Times, France 24, The Economist, Associated Press and Reuters.
The list includes two women close to the murdered Saudi journalist Jamal Khashoggi, as well as the case of freelance Mexican journalist Cecilio Pineda Berto, who was murdered in 2017. His phone was never found, so no forensic analysis was found to identify him. If it could be infected.
In the words of their lawyers NSO denies the allegations about its clients’ activities, but says it will “continue to investigate all credible allegations of abuse and take appropriate action.”
The company sells only to the military, law enforcement and intelligence agencies of 40 countries and claims to examine countries’ human rights work before they are allowed to use the spy tool.
A review of the leaked data identified at least ten governments believed to be NSO customers who had entered phone numbers into the system: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India and the United Arab Emirates.
Rwanda, Morocco, India and Hungary have denied using Pegasus to hack the phones of the people on the list. The governments of Azerbaijan, Bahrain, Kazakhstan, Saudi Arabia, Mexico, the United Arab Emirates and Dubai have yet to comment.
This isn’t the first time that NSO has been criticized, even before the monitoring firm was accused of data snooping.