“Stop what you’re doing and read this,” tweeted Edward Snowden, the whistleblower who leaked a large amount of classified information from the National Security Agency in 2013. “This leak will be the story of the year.” .
More than a thousand people – including nearly 190 journalists, over 600 politicians and government officials, at least 65 business executives, 85 human rights activists and several heads of state and government – have come under fire from authoritarian governments who have resorted to software. spy company Pegasus of the Israeli company NSO Group.
Revealing the maxi espionage system is an investigation conducted by 17 international newspapers – including the Washington Post and the Guardian – based on data obtained by the Paris-based non-profit journalism organization Forbidden Stories and the rights group Amnesty International. According to the NGO’s Security Tech Lab, led by Italian Claudio Guarnieri, the malware was installed on the phone of Hatice Cengiz, Khashoggi’s girlfriend, four days before his assassination. The spyware of the Israeli company NSO Group – the organization denounces – “is used to facilitate human rights violations globally and on a massive scale”.
NSO Group is the world’s most infamous commissioned hacking organization, and Pegasus is the group’s flagship spyware. The military-grade software, created to allow governments to penetrate networks of terrorists and criminals, is a malware that infects iPhones and Android smartphones to allow those who operate it to access devices and extract messages, photos, emails and also to secretly activate the device’s microphone and camera. NSO Group denies that data was leaked from its servers and calls the Forbidden Stories report “full of erroneous assumptions and unconfirmed theories”.
There are at least ten countries involved in the Pegasus affair as NSO customers: they are Hungary, Azerbaijan, Kazakhstan, Saudi Arabia, United Arab Emirates, Bahrain, India, Mexico, Morocco, Rwanda. As international newspapers are keen to point out, the mere presence of the telephone number in the Pegasus database – consisting of over 50,000 contacts – does not necessarily mean that that person has been spied on, however the data is revealing that there are governments ready to keep under control the professional and private life of people who have nothing to do with crime or international terrorism.
The technology – reports the Guardian – would also have been used by the Hungarian government of Viktor Orbán as part of its war on the media. Orban’s staff, with the Washington Post, replies sharply: “In Hungary, state bodies authorized to use undercover tools are regularly monitored by governmental and non-governmental institutions. Did you ask the same question to the governments of the United States, the United Kingdom, Germany or France? ”.
Saudi Arabia and the United Arab Emirates would also have resorted to Pegasus to target the cell phones of some people close to the slain journalist Jamal Khashoggi. According to Amnesty’s verifications, the spyware was successfully installed on the phone of Khashoggi’s girlfriend, Hatice Cengiz, just four days after the 2018 murder in the Saudi consulate in Istanbul. The NSO company had previously been involved in other espionage activities on the Khashoggi case.
From a list of more than 50,000 cell phone numbers obtained by Forbidden Stories and Amnesty International, the Pegasus Project identified more than 1,000 people in 50 countries who would be selected by NSO customers for potential surveillance. To have ended up in the eye of Pegasus are, among others, the editor of the Financial Times Roula Khalaf and journalists from Associated Press, Reuters, CNN, Wall Street Journal, New York Times, Bloomberg News, Le Monde.
The analysis of the list shows that the NSO customer who has selected the most telephone numbers is Mexico with over 15,000. Morocco and the United Arab Emirates have selected more than 10,000. The selected numbers were tracked in over 45 countries across four continents. In Europe there are over 10,000 telephone contacts entered by NSO customers.
The investigation reopens the debate on the widespread use of espionage tools that threaten democracies, critics say, noting how surveillance makes it difficult for journalists to gather information, for activists to continue their business and for political opponents to plan. their strategies. With Pegasus, ex-US intelligence Timothy Summers points out, you can spy on almost the entire world population: “There is nothing wrong with developing technologies that allow you to collect data. But humanity is not in a position to make so much power accessible to all ”.
For Agnes Callamard, Amnesty International’s secretary general, “the number of journalists identified as targets clearly illustrates how Pegasus is being used as a tool to intimidate critical media. It is about controlling public fiction, resisting scrutiny and suppressing any voices of dissent ″. In one case highlighted by the Guardian, Mexican journalist Cecilio Pineda Birto was murdered in 2017 just weeks after his cell phone number appeared on the leaked list. Among the spied on is Umar Khalid, Indian leader of the Democratic Students’ Union in prison since last year.
During the trial, the prosecution presented documents that were on the defendant’s personal phone without explaining how it came into possession. The phone of Khadija Ismayilova, one of the most important Azerbaijani reporters, was spied on for three years for her investigations aimed at revealing corruption and abuses of President Ilham Aliyev. The Baku government is accused of monitoring at least 48 reporters.
The investigation has re-launched international pressure on the Israeli government, which effectively allows the company to do business with authoritarian regimes that use spyware for purposes that go far beyond its stated goal, which is to target terrorists and criminals. . The revelations follow a recent New York Times report that Israel allowed the NSO to do business with Saudi Arabia and encouraged it to continue doing so even after the murder of journalist and dissident Khashoggi.
To provide its services in a given country, the company must receive a permit from the Israeli government, but once the software is delivered to the governments that request it, the NSO has limited control over the purposes and methods of use.
The new allegations have heightened concerns among privacy activists that no smartphone user, not even those using software like WhatsApp or Signal, is safe from governments and anyone else with the right cyber surveillance technology.