An investigation by The Washington Post, The Guardian, Monde and 14 other media organizations around the world, led by the Paris-based non-profit journalism group Forbidden Stories, showed how repressive regimes can buy and use sophisticated spy equipment that he once warned about Edward Snowden.
Human rights activists, journalists and lawyers around the world have been targeted by the "Pegasus" spyware sold to authoritarian governments by an Israeli surveillance company, according to media reports. The media, which participated in the investigation, had access to about 50 phone numbers of people believed to be of interest to clients of the NSO Group company. The origin of the list is unclear, as are the details of how many phones were hacked, and the "Guardian" points out that the investigation showed that the assurances of Western intelligence agencies that when it comes to surveillance "if you have done nothing wrong, then you have nothing to fear" are unfounded. ".
The media announced that they have identified over 1000 people from 50 countries whose numbers are on the list. Among them are politicians, heads of state, company directors, businessmen, activists and several members of the Arab royal family. The list also includes the phone numbers of over 180 journalists who work for media outlets such as CNN, The New York Times and Al Jazeera, Reuters, AP, The Wall Street Journal, Paisa, Radio Free Europe, The Economist ".
Most of the numbers are from ten countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.
When contacted by reporters, government spokespeople either denied that Pegasus was used or denied that surveillance powers had been abused.
Israeli Minister of Health Nitzan Horovic, head of the Merec liberal party and member of the prime minister's security cabinet Naftali Bennett he said that he would meet with the Minister of Defense Benny Ganz to discuss NSO exports.
The Israeli Defense Ministry, which approves the export, did not comment on the media reports yesterday.
It's unclear how many devices were actually infected, but a forensic analysis of 37 phones showed that there were "attempted and successful hacks," the Washington Post reported.
Among them are phones belonging to people close to Saudi journalists to Jamal Khashoggi, who was killed in October 2018 while at the Saudi consulate in Istanbul. His body was then dismembered.
The investigation established that spy software was installed in his fiancee's phone a few days after his murder.
The NSO Group claims that their technology is "in no way connected to the heinous murder".
Mexican journalist's phone Cecilia Pinjeda Borta also appears twice on the list, including the month he was killed, the investigation found. His phone disappeared from the scene where he was killed so forensic analysis was not possible. The NSO said that even if his phone was targeted, it does not mean that the collected data was connected to his murder.
Chief Editor of the Financial Times Rula Kalaf, the first woman to hold that position in the paper's history, was chosen as a potential target during 2018.
In India, over 40 journalists, three opposition leaders and two ministers in the prime minister's cabinet Narendra Modi are on the list, claim the media. Among them is an oppositionist Raul Gandhi.
For the European Union, the most worrying reports are that the govt Viktor Orban used the Pegaz software to spy on investigative journalists and people close to the owner of one of the last remaining independent media outlets in Hungary. The investigation established that the phones belonged to investigative journalists Andres Saba i Sabolča Panjija successfully infected. When he found out about the hacking, Panji said that it was "devastating". "There are some people in this country who believe that regular journalists are just as dangerous as someone suspected of terrorism," he said.
The spokesperson of the Hungarian government told the "Guardian" that "they are not aware of any data collection".
The Hungarian research portal Direkt 36 announced that there were 300 targets in Hungary, mostly critical of Orban's government.
Yesterday, the EU condemned the spying on journalists and the president of the European Commission Ursula von der Lajen said that it was unacceptable. "Freedom of the media, freedom of the press is one of our essential values. If it is confirmed that hacking happened, it is completely unacceptable".
The revelations about the use of Pegasus in Hungary come as policymakers across the EU seek access to encrypted messages from mobile phone users.
In December, Politiko recalls, national capitals asked the EU to step up efforts to give police "legal access" to encrypted communications, ostensibly with the aim of arresting criminals. In the same month, Europol unveiled a new platform to help national police authorities crack codes in investigations of criminal activity.
As a result of these efforts, national authorities have come into conflict with technology companies who claim that they undermine user privacy if they give authorities access to platforms through so-called "back doors".
Companies and privacy activists warn that allowing some governments to access those encrypted messages opens the door to authoritarian regimes and other actors.
The Guardian writes that on-demand espionage like that offered by NSO has boomed since the Snowden scandal, whose revelations led to mass adoption of encryption across the Internet. As a result, the Internet has become safer, and mass spying on communications has become more difficult.
On the other hand, it provided a chance for companies like NSO that offer solutions to governments to intercept messages, emails and calls.
NSO bypassed the codes by hacking the device, writes the British newspaper.
Will Cathcart, the head of Facebook's WhatsApp application, said that the revelations about Pegasus are "a wake-up call about Internet security." "To those who suggest weakening encryption: Deliberately weakened security will have dire consequences for us all," he tweeted.
Allegations made by the media about Pegasus are nothing new, analysts claim, but they point out that the data related to the scale of targeting innocent people are shocking. Billions of people are inseparable from their mobile phones. The devices are always at hand throughout the day, during public and the most intimate events. Few consider that their phones can be transformed into surveillance devices, and that someone miles away is tracking their messages, photos and location, activating the phone's microphone and recording in real time. These are exactly the capabilities of Pegasus, writes "The Guardian" and adds that it is in the interest of the public to announce that governments are spying on their citizens and that seemingly benign processes such as HLR searches can be abused in such an environment.
Two years ago, the UN Special Rapporteur on Freedom of Expression, David Kay, called for a moratorium on the sale of spyware to governments until functional export controls are in place. He warned of the dangers of an industry operating "out of control, unaccountable and providing governments with unlimited access for relatively little cost to spying tools previously only available to the most advanced state intelligence services".
NSO: Software intended for use against criminals
The NSO Group claims that its software is intended for use against criminals and terrorists and is only available to military, intelligence and police agencies from countries with good human rights records.
It was reported that the original investigation that led to the media reports, conducted by the NGO "Forbidden Stories" and Amnesty International, was "full of wrong assumptions and unsubstantiated theories".
However, he adds that "they will continue to investigate all credible allegations of abuse and take appropriate actions."
Just two weeks ago, NSO released its first "transparency report" outlining the company's human rights policies. Amnesty International dismissed the 32-page document as a "promotional brochure".
The latest claims will further damage the company's image, but, as the BBC writes, will not cause major damage in financial terms. There are only a handful of private companies in the world that can produce the kind of invasive spy tools that NSO sells, and it's clear that the largely unregulated market for the software is constantly expanding.
Ismailova: This time the victim is not only me, but everyone around me
Kadija Ismailova, an award-winning Azerbaijani journalist, is on the list of people whose phones were hacked in 2019. She reported on the corruption network of the autocratic President Ilham Aliyev, who has ruled the country since 2003.
She faced a campaign of harassment and intimidation for her work. Intimate footage of her, captured by a camera installed in her condition without her knowledge, was released online after she received a letter warning her to "watch her behavior or face embarrassment".
In 2014, she was arrested on charges of tax evasion, "illegal activities" and "inciting the suicide" of a colleague, who is alive. After an appeal, she was released from prison, where she was supposed to spend seven and a half years according to the original verdict. She is banned from traveling and until recently her assets were frozen.
According to the "Guardian", her phone was almost certainly hacked by agents of Ali's regime, as determined by the analysis of leaked data. The NSO client also selected over 1000 more phones in Azerbaijan for surveillance, many of which belong to dissidents, as well as two of Ismail's lawyers.
"I feel guilty about the sources who sent me information thinking that some encrypted ways were safe. They did it without knowing that my phone was infected," Ismailova said. "My family members are also victims, people I worked with. Victims are also people who trusted me with their private secrets. This is not just about me.
She said that she is angry with those who "produce these tools and sell them to bad characters like those in Ali's regime. It's disgusting... When the video was released, it was only about me. Now, I don't know who else was exposed because of me, who is still in danger because of me".
Bonus video:
