The military-grade spyware was reportedly licensed by the Israeli spyware firm NSO Group. Private Israeli spy software was used to hack dozens of smartphones that belonged to reporters, human rights activists; business executives and the fiancee of murdered Saudi journalist Jamal Khashoggi, according to a sweeping investigation by the Washington Post and 16 other news organizations.
The investigation discovered; that the hacked phones were on a list of more than 50,000 numbers based in countries known to surveil people. The list of numbers were shared with the Post and other media organizations by Paris-based journalism nonprofit Hidden Stories and human rights group Amnesty International.
The Group denied the findings of the report in several statement; arguing that investigation includes “uncorroborated theories” based on “misleading interpretation of leaked data from accessible and overt basic information.” NSO Group also said it would continue to investigate all credible claims of misuse and take appropriate action.
The Group’s Pegasus spyware is licensed to governments around the world and can hack a mobile phone’s data and activate the microphone; according to the report. NSO said the spyware is only used to surveil terrorists and other criminals.
NSO’s sophisticated surveillance
Pegasus, a sophisticated surveillance tool developed by the Israel company, infects the user’s smartphone and steals all the phone’s information, including every contact name and phone number, text message, email, Facebook message, everything from Skype, WhatsApp, Viber, WeChat and Telegram.
The list did not identify the clients but the reports said many were clustered in 10 countries; Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.
“The surveillance industry works under a cloud of darkness – its products are designed to deceive and skirt culpability,” Natalia Krapiva, Tech Legal Counsel at Access Now, told Al Jazeera.
“Yet we ask ourselves, ‘how could something like this happen?’ Spyware companies simply cannot be trusted to hold themselves accountable. This story; along with the recent revelations of abuses by Cellebrite and Candiru, is another example of why we urgently need to hold these surveillance companies and the governments that use them up to the light.
“The industry; has shown that it is incapable of policing itself and governments are hiding behind national security to excuse these surveillance abuses. We need regulation, transparency, and accountability and we need them now,” she told Al Jazeera.
Amnesty International and Forbidden Stories; a Paris-based media non-profit organisation, initially had access to the leak, which they then shared with media organisations from around the world.
NSO, which previously pledged to police abuses of its software, firmly denied what it called “false claims”.
“NSO Group firmly denies false claims made in your report,” it said in a release published by the Guardian. “Many of which are uncorroborated theories that raise serious doubts about the reliability of your sources, as well as the basis of your story.”
According to the company, it has good reason to “believe … the claims … are based on a misleading interpretation of leaked data from accessible and overt basic information.”