An investigation by The Guardian and 16 other media organizations has revealed that hacking software sold by Israeli surveillance company NSO Group was used by governments to spy on journalists, politicians, lawyers and activists across the globe.
The spyware, known as Pegasus, infects phones and enables a third-party to extract messages, photos, and emails, as well as to record calls and turn on the device’s microphone, all unbeknownst to the owner of the device.
This bombshell revelation comes after Forbidden Stories, a Paris-based nonprofit organization, along with Amnesty International shared with reporters a leaked list of over 50,000 phone numbers that reportedly belong to “people of interest” by clients of NSO since 2016.
Among those targeted by the spyware were people close to the late journalist Jamal Kashoggi, who was killed and dismembered inside the Saudi consulate in Istanbul in October of 2018.
Back then the NSO Group strongly denied that any of its government clients had used the malware to target Kashoggi or his family, but forensic analysis these phones now show that Pegasus was indeed used to monitor Kashoggi’s inner circle both before and after his murder.
According to the investigation, Saudi Arabia along with the UAE used Pegasus to monitor Kashoggi’s associates as well as the Turkish murder investigation, going so far as to select the phone of Istanbul’s chief prosecutor for potential surveillance.
In addition, evidence was found showing that an NSO client targeted the phone of Kashoggi’s wife, Hanan Elatr, several months before his murder.
Other names linked to Kashoggi that were found in the leaked list include: his fiancée Hatice Cengiz; Wadah Khanfar, the former head of the Al Jazeera television network; Abdullah Khashoggi, the journalist’s son; Azzam Tamimi, a Palestinian-British activist; Madawi Al-Rasheed, a London-based scholar who founded an opposition party of expatriate Saudis soon after the murder; Yahya Assiri, a UK-based Saudi activist who documents human rights violations in Saudi Arabia and Yasin Aktay, a friend of Khashoggi and a top aide to the Turkish president, Recep Tayyip Erdogan.
It has also been revealed that the UAE targeted multiple journalists with the hacking software, including Roula Khalaf who last year became the first-ever female editor of the Financial Times, as well as Greg Galstrom of The Economist and Bradley Hope who at the time worked at The Wall Street Journal.
Hope’s number was allegedly chosen for surveillance at a time when he was looking into the 1Malaysia Development Berhad scandal, a corruption scheme involving the theft of $4.5bn from the state of Malaysia, and which led to the ousting of the country’s prime minister.
The investigation of the scandal suggested that some of the stolen money had been spent on a luxury yacht for Sheikh Mansour, the deputy prime minister of the UAE and a senior member of the Abu Dhabi royal family.
It is believed Abu Dhabi may have deployed the malware against a further 10,000 phone numbers belonging to activists and lawyers.
Other nations that abused the malware sold to them by the NSO Group include Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Hungary and India.
Mexico is reportedly the nation that selected the most numbers for surveillance, with over 15,000 listed. Among these was the number for the late freelance journalist Cecilio Pineda Birto, who was added to the surveillance list a few weeks before he was shot and killed outside of a car-wash in Ciudad Altamirano on 2 March of 2017.
The Guardian’s investigation also found that the Hungarian government of Viktor Orbán allegedly deployed NSO’s technology on investigative journalists, as well as on the close circle of one of Hungary’s few independent media executives.
For their part the NSO Group maintains that its technology is only sold to military, law enforcement and intelligence agencies, and that their contracts stipulate the spyware must only be used for criminal and national security investigations.
The company also says it rigorously vets its customers’ human rights records before allowing them to use its products, while the Israeli Minister of Defense closely regulates NSO’s granting of individual export licenses before its surveillance technology can be sold to a new country.