WASHINGTON, 19 July 2021:
An Israeli software program designed to track criminals and terrorists was used to infiltrate at least 37 mobile telephones belonging to reporters, human rights activists, company leaders and two women close to murdered Saudi journalist Jamal Khashoggi.
This is one of the main conclusions of an investigation published yesterday and undertaken by The Washington Post and 16 other media outlets – with the help of Amnesty International and the French non-profit organisation Forbidden Stories.
Amnesty International and Forbidden Stories gained access to a list of more than 50,000 telephone numbers and shared them with the media outlets, which used them for their investigation.
Of those 50,000 phone numbers, 37 were found to have been infiltrated with the software program, according to the investigation.
The program at the centre of the controversy is “spyware” – or a digital espionage program – called Pegasus created by Israel’s NSO Group, a technology firm, which sells the program to 60 military, intelligence and security agencies in 40 countries around the world.
Pegasus hit headlines worldwide for the first time in 2016, when the University of Toronto’s prestigious Citizen Lab discovered vulnerabilities in iOS, an Apple mobile operating system.
In 2019, 1,400 people, including several politicians in Spain’s region of Catalonia, became the victims of spying by Pegasus, which took advantage of a vulnerability in WhatsApp to infiltrate their cellphones.
Now, however, The Washington Post has revealed the existence of the list of 50,000 phone numbers belonging to countries famous for spying on their citizens and/or who are customers of NSO Group.
Of that number, the investigators were able to identify 1,000 persons living in 50 countries around the world.
Among them are several members of Arab royal families, at least 65 top executives at various companies, 85 human rights activists, 189 journalists and more than 600 politicians and government officials, including heads of state and government, cabinet ministers and diplomats.
The Post and the other media outlets have not been able to verify what the precise aim of the 50,000-name list is, and neither do they know with certainty who created the list or how many of the phone numbers were targeted in spying campaigns.
At present, however, the media outlets have been able to confirm that 37 cellphones were indeed infiltrated, if only for a few seconds.
The governments or security agencies that used Pegasus to infiltrate the phones of journalists, activists and political figures could have violated the user licence created by NSO Group, which in theory designed those programs to monitor the activities and communications of criminals and terrorists.
In comments to the Post, NSO Group refused to identify the governments to which it has sold the spy software.
However, the media outlets’ analysis concludes that, out of the 50,000 numbers, some 15,000 are in Mexico and belong to politicians, reporters and union leaders there, among others.
Large numbers of potential victims are also located in Qatar, Yemen, the United Arab Emirates and Bahrain.
In addition, the investigation revealed that Pegasus tried to infiltrate the Android phone of Hanan Elatr, who was one of Khashoggi’s wives, just six months before his death. It is not known if those espionage attempts were successful.
Also, the telephone that later belonged to his fiancee Hatice Cengiz was infiltrated by the spy software just days after Khashoggi’s murder, according to the investigation published yesterday.
In remarks to the Post, NSO Group said its programs help save lives and prevent criminal attacks, and the firm added that the investigation is making unfounded accusations.