Phones of several top journalists as well as of politicians in the United States and other countries were bugged by the Pegasus spyware developed by the private Israeli firm NSO Group Ltd. According to investigation by the Washington Post, the spyware was used in attempted and successful hacks of thousands of smartphones belonging to journalists, activists and business executives worldwide.
Besides, targets included friends of Saudi-born Washington Post reporter Jamal Khashoggi and also his wife before his murder by a Saudi hit squad in 2018, the report reveals. The investigation also reveals that NSO group has previously launched a public relations crusade led by SKDKnickerbocker, of which White House senior adviser Anita Dunn is the managing director.
The use of the software Pegasus that was allegedly used to hack the mobile phones of top US journalists and politicians was reported on by the Washington Post, the Guardian, Le Monde and other news outlets who collaborated on an investigation into a data leak.
The investigations reveal that NSO group hired SKDKnickerbocker in 2019 to coordinate its public relations efforts and save its reputation after lawsuits alleged that its software was being used to spy on journalists and political dissidents. Presidents, prime ministers, human rights activists, business leaders and journalists, including the editor of the Financial Times, were said to have been included on the list of more than 50,000 leaks.
Also on the list are phone numbers of overseas journalists for news organizations, including CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde in France and Al Jazeera in Qatar.
"The sort of surveillance being reported is an appalling violation of press freedoms and we strongly condemn it," said a Bloomberg News spokesperson.
Amnesty International and Paris-based media organization Forbidden Stories said that it gained access to the leaked list of phone numbers and shared access with media partners, including The Guardian and The Wire. The outlets are expected to name other possible victims of the software in the coming days.
According to the Guardian, Pegasus was sold to at least 10 governments, who spied on these high-profile people across the world. The report claims Mexico, Morocco and the United Arab Emirates had entered the most numbers. Hungary was also named along with Bahrain, Saudi Arabia, Azerbaijan, Kazakhstan, Rwanda, and India.
What is Pegasus?
NSO sells its Pegasus spyware to select governments and law enforcement agencies like the military and intelligence agencies. The spyware can hack into mobile phones through a link and secretly record emails, calls and text messages.
The Pegasus spyware can infect phones if a target clicks on a malicious link, which can be disguised in a text message from a contact. Once the phone is infected, the entire data on the phone, including messages, emails, photos and chats on apps such as WhatsApp, Telegram and Signal, can be accessed. In some cases, Pegasus can also activate itself without the victim clicking on the link, the Post said.
It is not known how many phones were targeted in all but initial reports claim it was over 50,000. Of the 40 countries it sells Pegasus, Morocco, Hungary, Rwanda and India denied they had used the spyware to hack phones. Saudi Arabia, Mexico, the UAE, Azerbaijan, Bahrain and Kazakhstan did not comment.
According to the Guardian, Khashoggi, 59, who was highly critical of Saudi Arabia's royal family and was killed after he walked into the Saudi consulate in Istanbul in 2018, was also one of the high-profile targets of the major hack. However, it was not directly his phone but the phone of his 52-year-old Egyptian wife.
However, in response to the investigation, NSO denied that its technology was used against Khashoggi and said the investigation contained flawed assumptions and factual errors.
More information on the leaks will be released over the next few days.