Skip to content Skip to footer

Massive Data Leak Shows Israeli Spyware Targeted Journalists Around the World

Governments are hacking the phones of reporters and activists, according to a wide-ranging investigation.

An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group, on August 28, 2016, in Herzliya, near Tel Aviv.

NSO Group, a private Israeli firm that sells surveillance technology to governments worldwide, insists that its Pegasus spyware is used only to “investigate terrorism and crime.” Leaked data, however, reveals that the company’s hacking tool “has been used to facilitate human rights violations around the world on a massive scale.”

That’s according to an investigative report published Sunday by the Pegasus Project, a media consortium of more than 80 journalists from 17 news outlets in 10 countries. The collaborative endeavor was coordinated by Forbidden Stories, a Paris-based media nonprofit, with technical assistance from Amnesty International, which conducted “cutting-edge forensic tests” on smartphones to identify traces of the military-grade spyware.

The Guardian, one of the newspapers involved in the analysis, reported that “Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls, and secretly activate microphones.” The Washington Post, another partner in the investigation, noted that the tool “can infect phones without a click.”

A massive data leak turned up a list of more than 50,000 phone numbers that, according to the Post, “are concentrated in countries known to engage in surveillance of their citizens and also known to have been clients of… NSO Group, a worldwide leader in the growing and largely unregulated private spyware industry.”

More phone numbers were based in Mexico than any other country, with over 15,000 on the list, “including those belonging to politicians, union representatives, journalists, and other government critics,” the Post noted.

As The Guardian reported: “The phone number of a freelance Mexican reporter, Cecilio Pineda Birto, was found in the list, apparently of interest to a Mexican client in the weeks leading up to his murder, when his killers were able to locate him at a carwash. His phone has never been found so no forensic analysis has been possible to establish whether it was infected.”

Other nations that either had large shares of numbers on the list or were deemed to be potential government clients of NSO include: France, Hungary, Turkey, Morocco, Togo, Algeria, Rwanda, Saudi Arabia, the United Arab Emirates (UAE), Dubai, Qatar, Bahrain, Yemen, India, Pakistan, Azerbaijan, and Kazakhstan.

While “the presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack,” The Guardian noted, the consortium believes that “the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.”

Amnesty’s Security Lab analyzed a small sample of phones belonging to activists, journalists, and lawyers whose numbers appeared on the leaked list. Of the 67 phones examined, traces of Pegasus spyware were found on 37 devices, including 23 that had been successfully infected and 14 with signs of attempted hacking.

“NSO claims its spyware is undetectable and only used for legitimate criminal investigations,” Etienne Maynier, a technologist at Amnesty’s Security Lab, said in a statement. “We have now provided irrefutable evidence of this ludicrous falsehood.”

According to the Post:

The list does not identify who put the numbers on it, or why, and it is unknown how many of the phones were targeted or surveilled. But forensic analysis of the 37 smartphones shows that many display a tight correlation between time stamps associated with a number on the list and the initiation of surveillance, in some cases as brief as a few seconds.

The numbers on the list are unattributed, but reporters were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents: several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials—including cabinet ministers, diplomats, and military and security officers. The numbers of several heads of state and prime ministers also appeared on the list.

Among the journalists whose numbers appear on the list, which dates to 2016, are reporters working overseas for several leading news organizations, including a small number from CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde in France, the Financial Times in London, and Al Jazeera in Qatar.

The newspaper added that Amnesty found evidence of NSO’s spyware being used by Saudi Arabia and UAE to target the phones of close associates of Post columnist Jamal Khashoggi before and after he was brutally murdered by Saudi operatives in 2018.

“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists, and crush dissent, placing countless lives in peril,” Agnès Callamard, Secretary General of Amnesty International, said in a statement.

“These revelations,” Callamard continued, “blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology. While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations.”

Callamard emphasized that “[NSO’s] actions pose larger questions about the wholesale lack of regulation that has created a wild west of rampant abusive targeting of activists and journalists.”

“Until this company and the industry as a whole can show it is capable of respecting human rights,” she added, “there must be an immediate moratorium on the export, sale, transfer, and use of surveillance technology.”

NSO, for its part, issued a statement denying “false claims” in the report, including those related to Khashoggi. Attorneys for the company argued that the Pegasus Project’s investigation was based on “wrong assumptions” and “uncorroborated theories.” The company claimed that it is pursuing a “life-saving mission” to stamp out crime.

The Guardian noted that while the consortium “found numbers in the data belonging to suspected criminals… the broad array of numbers in the list belonging to people who seemingly have no connection to criminality suggests some NSO clients are breaching their contracts with the company, spying on pro-democracy activists and journalists investigating corruption, as well as political opponents and government critics.”

According to the Post, “After the investigation began, several reporters in the consortium learned that they or their family members had been successfully attacked with Pegasus spyware.”

In response, Callamard stressed that “the number of journalists identified as targets vividly illustrates how Pegasus is used as a tool to intimidate critical media. It is about controlling [the] public narrative, resisting scrutiny, and suppressing any dissenting voice.”

“These revelations must act as a catalyst for change,” said Callamard. “The surveillance industry must no longer be afforded a laissez-faire approach from governments with a vested interest in using this technology to commit human rights violations.”

The human rights expert demanded that NSO “immediately shut down clients’ systems where there is credible evidence of misuse.” She added that “the Pegasus Project provides this in abundance.”

NSO stated that it “will continue to investigate all credible claims of misuse and take appropriate action based on the results of these investigations.”

Timothy Summers, a former cyber security engineer at a U.S. intelligence agency and now director of IT at Arizona State University, told the Post that Pegasus “is nasty software.” One could use the technology, said Summers, to “spy on almost the entire world population.”

The Guardian noted that the Pegasus Project “will be revealing the identities of people whose number appeared on the list in the coming days.”

Amnesty’s Maynier said that “our hope is the damning evidence published over the next week will lead governments to overhaul a surveillance industry that is out of control.”

Truthout Is Preparing to Meet Trump’s Agenda With Resistance at Every Turn

Dear Truthout Community,

If you feel rage, despondency, confusion and deep fear today, you are not alone. We’re feeling it too. We are heartsick. Facing down Trump’s fascist agenda, we are desperately worried about the most vulnerable people among us, including our loved ones and everyone in the Truthout community, and our minds are racing a million miles a minute to try to map out all that needs to be done.

We must give ourselves space to grieve and feel our fear, feel our rage, and keep in the forefront of our mind the stark truth that millions of real human lives are on the line. And simultaneously, we’ve got to get to work, take stock of our resources, and prepare to throw ourselves full force into the movement.

Journalism is a linchpin of that movement. Even as we are reeling, we’re summoning up all the energy we can to face down what’s coming, because we know that one of the sharpest weapons against fascism is publishing the truth.

There are many terrifying planks to the Trump agenda, and we plan to devote ourselves to reporting thoroughly on each one and, crucially, covering the movements resisting them. We also recognize that Trump is a dire threat to journalism itself, and that we must take this seriously from the outset.

Last week, the four of us sat down to have some hard but necessary conversations about Truthout under a Trump presidency. How would we defend our publication from an avalanche of far right lawsuits that seek to bankrupt us? How would we keep our reporters safe if they need to cover outbreaks of political violence, or if they are targeted by authorities? How will we urgently produce the practical analysis, tools and movement coverage that you need right now — breaking through our normal routines to meet a terrifying moment in ways that best serve you?

It will be a tough, scary four years to produce social justice-driven journalism. We need to deliver news, strategy, liberatory ideas, tools and movement-sparking solutions with a force that we never have had to before. And at the same time, we desperately need to protect our ability to do so.

We know this is such a painful moment and donations may understandably be the last thing on your mind. But we must ask for your support, which is needed in a new and urgent way.

We promise we will kick into an even higher gear to give you truthful news that cuts against the disinformation and vitriol and hate and violence. We promise to publish analyses that will serve the needs of the movements we all rely on to survive the next four years, and even build for the future. We promise to be responsive, to recognize you as members of our community with a vital stake and voice in this work.

Please dig deep if you can, but a donation of any amount will be a truly meaningful and tangible action in this cataclysmic historical moment.

We’re with you. Let’s do all we can to move forward together.

With love, rage, and solidarity,

Maya, Negin, Saima, and Ziggy