Activists, politicians and journalists from around the world were targeted in a surveillance operation using software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak by The Guardian, the Washington Post and other media outlets.
The reports released on Sunday said “authoritarian governments” abused the Pegasus software, “hacking 37 smartphones,” according to a report by the Washington Post.
According to the Guardian, the leak contains a list of more than 50,000 numbers believed to have been of interest to clients of NSO since 2016.
However, the mention of phone numbers in the leaked data does not necessarily mean that those devices were hacked, it said.
The Washington Post reported numbers on the list also belonged to heads of state and prime ministers, members of Arab royal families, diplomats and politicians, as well as activists and business executives.
Also, the list included journalists for media organisations around the world including Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, the Associated Press, Le Monde, Bloomberg, the Economist, Reuters and Voice of America, the Guardian said.
According to forensic analysis by Amnesty’s Security Lab, two women close to slain Saudi columnist Jamal Khashoggi were targeted with Pegasus spyware, according to the Washington Post newspaper.
The phone of Khashoggi’s fiancée, Hatice Cengiz, was infected with the malware days after his murder in the Saudi consulate in Istanbul in October 2018, the paper, for whom Khashoggi wrote, reported.
Pegasus, a sophisticated surveillance tool developed by the Israeli company, infects the user’s smartphone and steals all the information of the phone, including every contact name and phone number, text message, email, Facebook message, everything from Skype, WhatsApp, Viber, WeChat and Telegram.
“The scale is staggering compared with anything we have seen before,” Bill Marczak, a research fellow at cyberspace research group Citizen Lab, said. He noted that a previous expose had uncovered the hacking of about 1,400 numbers.
The latest list did not identify the clients but the reports said many were clustered in 10 countries – Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.