A spyware tool licensed by the Israeli company NSO Group has been used to target smartphones belonging to 37 journalists, human rights activists and other prominent figures, according to an investigation published on Sunday.
The report gave a prompt response from NSO, which stated that it was “full of erroneous assumptions and uncorroborated theories”.
Conducted by the nonprofit Journalism Forbidden Journalism and 17 media partners, the investigation was based on a list of more than 50,000 phone numbers linked to people who were allegedly selected for possible surveillance by NSO clients since in 2016, the group he said.
Forbidden Stories said Pegasus, a software product that NSO sells to government agencies, had been “widely abused” by clients to target lawyers, academics and other professionals in countries such as India, Mexico and to France.
A forensic analysis conducted by Amnesty International found that 37 phones had been infected or faced with attempted NSO spyware infections, according to the human rights group, which published a separate report on their methodology.
The FT has not been able to independently verify the claims reported by the media consortium.
Victims of the attacks are said to include Siddharth Varadarajan, founder of the Indian site The Wire, and Szabolcs Panyi, investigative journalist in Hungary for non-profit journalism Direkt36, according to Forbidden Stories.
Bill Marczak, a former research fellow in the Canadian watchdog group Citizen Lab, said he had reviewed four of the phones and confirmed with “high confidence” that they had been targeted with Pegasus software. Marczak said that Citizen Lab reviewed Amnesty’s methodology and found it “sound”.
The consortium partners have promised to reveal the names of others on the wider watch list in the coming days. This list included business leaders, cabinet ministers, presidents and prime ministers, according to The Guardian newspaper., one of the consortium.
An NSO spokesman said the company would “continue to investigate all credible claims of abuse”, while denying what it claimed to be “false accusations” in the Forbidden Stories report.
“The NSO Group has good reason to believe that the claims made by unnamed sources in Forbidden Stories are based on misleading interpretations of data from accessible and obvious basic information, such as HLR Research Services, which they are not relevant in the list of target customers of Pegasus or any other NSO products, ”the spokesman said.
NSO he said the Pegasus software is intended to collect only mobile data on people suspected of being involved in crime and terrorism. He said his agreement with customers required that the products not be used to violate human rights, and had shut down customers ’systems“ several times in the past ”because of abuse.
The investigation adds to NSO’s scrutiny, which was valued at more than $ 1bn in a bid by its management team and private company Novalpina in 2019.
In December, Citizen Lab he said dozens of iPhones used by journalists at Al Jazeera had been hacked with NSO spyware. NSO said the claims were based on “speculation, inaccurate assumptions and without a complete command of the facts”.
Earlier, the Financial Times reported that the attackers had exploited a vulnerability in the WhatsApp messaging app to plant NSO spyware programs on the targeted phones. NSO said at the time that it was not involved in the operation or targeting of its technology, which was only managed by intelligence and law enforcement agencies.
Roula Khalaf, the editor of the FT, was among more than 180 journalists listed as potential targets by NSO clients in the investigation, The Guardian said. An NSO spokesman said he had confirmed that Khalaf “was not a Pegasus target by any of NSO’s clients”.
“Press freedoms are vital, and any illegal interference or surveillance of journalists is unacceptable,” an FT spokesman said.