Human rights activists, journalists and lawyers around the world have been targeted for espionage by authoritarian governments through Pegasus software. The information was revealed by the British newspaper The Guardian this Sunday (18).
According to a poll by the newspaper and 16 other media companies, the spyware created by the Israeli company NSO Group suggests “widespread and continuous abuse”. The company denies and insists that the project is only used against criminals and terrorists.
O The Guardian promises that it will bring further developments on the case soon, including names that are on the list of targets improperly spied on with Pegasus.
Pegasus exploits vulnerabilities to infect devices.Source: The Guardian/Reproduction
What is Pegasus?
Pegasus is malware that infects iPhones and Android phones, allowing operators to access device data. Intruders can then extract messages, photos and emails as well as record calls and secretly activate microphones.
According to the British newspaper, the leak brings a list of more than 50 thousand phone numbers. These contacts are believed to be from people of interest to NSO customers since 2016.
The data does not reveal whether a device was infected or attempted to hack. However, this information is a possible indication of the potential targets of authoritarian governments that are clients of the Israeli company.
Numbers of journalists from the New York Times and other media are on the leaked list.Source: UFCG/Reproduction
Journalists’ data found in the leak
A forensic analysis of a small amount of the leaked numbers showed that more than half had traces of spyware. Contacts of executives, academics, NGO employees and union leaders were found.
There is also information from government officials, including ministers, presidents and prime ministers. As well, there are data from close relatives of a country’s ruler, who would have been instructed by intelligence agencies to monitor his own family.
Finally, the leaked list includes numbers of more than 180 journalists, including reporters, editors and executives. These are individuals who work in large vehicles such as Financial Times, CNN, New York Times, The Economist, Associated Press and Reuters.
Data from Mexican reporter Cecilio Pineda Birto, murdered in 2017, appears in the leaked list.Source: The Guardian/Reproduction
Possible involvement in the death of a Mexican reporter
The telephone number of Mexican reporter Cecilio Pineda Birto was also found in the list. Apparently, the journalist was the target of interest from a Mexican client in the weeks before his murder in March 2017.
There are suspicions that the assassins managed to locate him through his cell phone in a car wash. However, the device was never found, making it impossible to analyze whether the device was infected with spyware.
On the other hand, the NSO said that even if Pineda’s phone had been used to track him, that does not mean that the data collected contributed to his death. The company indicates that governments could use other means to locate him.
Amnesty International is supporting the Pegasus project investigationsSource: Amnesty International/Disclosure
breach of contracts
According to the The Guardian, there is nothing to suggest that NSO clients have used Pegasus in crime and terrorism investigations. The numbers on the list belong to individuals who apparently have no connection with criminality.
This information suggests that the company’s clients are violating contracts by spying on pro-democracy activists and journalists investigating corruption. As well as political opponents and figures who criticize the government.
The thesis is supported by forensic analysis on the telephones of a small sample of people whose numbers were on the leaked list. The survey was conducted by Amnesty International’s Security Laboratory.
Thus, traces of Pegasus activity were found in 37 of the 67 phones examined. In addition, the analysis revealed sequential correlations between the time and date the number was entered into the list and the start of spyware activity.
NSO has pledged to investigate the allegations.Source: New Yorker/Reproduction
NSO defends itself
In statements issued by lawyers, the NSO denied the “false charges” made about the clients’ activities. The company has pledged to investigate allegations of misuse and has said it will take appropriate action.
However, the company claims that the leak could not be a list of numbers “targeted by governments using Pegasus”. As well, she described the 50,000 contacts as something “exaggerated”.
The NSO Group reports that it sells software to military, law enforcement and intelligence agencies in 40 unidentified countries. The company says it rigorously examines customers’ human rights records before allowing the tools to be used.
In addition, the company is regulated by the Israeli defense minister. The government official grants individual export licenses before surveillance technology can be sold to a new country.