In a new leak of information driven by an investigation by The Guardian and 16 other media organizations around the world, it has been revealed that a spyware company has sold its technology to countries around the globe that have used the capability, called Pegasus, to break into individuals’ lives through their cell phones improperly.
The military grade technology was developed by an Israeli based firm called NSO group. They initially developed it for governments to track criminals and terrorists within their nation. They have since sold the technology to governments around the world. And the Pegasus spyware leak reveals abuses and misuse of the technology by the governments who purchased the invasive technology.
Pegasus is malware that breaks into users’ Iphones and Android smartphones. This gives the government entity the ability to extract messages, track phone calls, record audio by activating the microphone, take pictures, follow online usage and target any phone’s location.
Within the Pegasus spyware leak, over 50,000 target phone numbers have been revealed.
The presence of a phone number does not identify if Pegasus hacked a phone. However, it does show a potential target by governments involved. Forensic analysis of a smaller number of listed phone numbers shows that the Pegasus malware had hacked more than half of them.
The listed phone numbers include business executives, religious figures, academics, government officials, cabinet members, presidents, prime ministers, journalists, human rights activists, lawyers and employees of the NGO so far. The phone data lists more than 180 journalists alone, covering the likes of agencies from the Financial Times, CNN, the New York Times, France 24, the Economist, Reuters and the Associated Press. Even the phone number of a recently murdered freelance journalist from Mexico named Cecilio Pineda Birto was listed. However, it is uncertain if his killers used the information to target this individual. Authorities never recovered the phone in question from the crime scene.
The analysis reports at least 10 countries that have used the technology, including Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, India, Hungary and the UAE. Of these, Mexico has used the technology to target the most individuals, while the UAE and Morocco are close behind. Target phone numbers include around 45 countries across 4 continents.
The Israeli minister of defense regulates the sales of the technology. And according to a report last month, he claims to have an industry leading approach to human rights. It has contracts with the countries it sells the technology to. It claims that governments must only use the technology to target criminal activity. The report says the company sells only to military, law enforcement and intelligence agencies from 40 unnamed countries. It also says it vets it’s customers records before any sale of the spyware.
The leak suggests that governments have misused the spyware. And the company claims to continue investigations to see if governments are properly using the technology.
NSP Chief Executive Shalev Hulio says about the revelation that, “We are checking every allegation, and if some of the allegations are true, we will take stern action, and we will terminate contracts like we did in the past. If anybody did any kind of surveillance on journalists, even if it’s not by Pegasus, it’s disturbing.”
Israel states that it “does not have access to the information gathered by NSO’s clients.”
In response, India says “This news report, thus, also appears to be a similar fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions… The procedure therefore ensures that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law.”
Rwanda and Morocco deny any involvement with the technology and say these are all false claims. Hungary also says there was no misuse of the technology.
So far, there has been no response from Azerbaijan, Bahrain, Kazakhstan, Saudi Arabia, the UAE or Mexico.
The Guardian also says that there will be more information from the leak in the days to come.