A new investigation has revealed that activists, journalists and politicians are among those believed to have been targeted by spyware developed by a private firm.
The Pegasus Project is an international collaborative reporting project led by the French nonprofit organisations Forbidden Stories and Amnesty International, in conjunction with 16 media outlets worldwide, including The Guardian. Journalists worked to uncover the extent to which governments infringed upon the privacy rights of individuals by surveilling their digital devices for years.
What Is The Pegasus Project?
The leak consists of more than 50,000 phone numbers believed to have been selected as they are people of interest to government clients. The Israel-based NSO Group, which sells surveillance software, has been helping target these individuals since 2016. The extensive leak contains the time and date that numbers were selected and entered onto a system.
Initial access holders were Paris-based nonprofit Forbidden Stories and Amnesty International who shared it with The Guardian which led to an international collaboration of organisations revealing the information under a consortium. Coming together over several months, over 80 journalists worked together on the project to cross-verify and reveal the information slowly and carefully. Amnesty’s Security Lab, a technical partner on the project, did the forensic analyses.
Whose Name Is In The Leak?
FT editor Roula Khalaf, the first female editor in the history of the publication
Roula Khalaf, the first female editor of the Financial Times, was revealed to be one of more than 180 editors, investigative reporters and other journalists worldwide to have their phones compromised. The surveillance firm, NSO Group, selected these individuals based on demands from government clients.
Alongside Khalaf is the UK phone number of American investigative journalist Bradley Hope, who is London-based. When he was targeted, he was an employee of Wall Street Journal and was looking into a corruption scandal involving the theft of $4.45bn from Malaysia. Hope, and his colleague, Tom Wright were looking into allegations centred around Najib Razak, the country’s prime minister, and a businessman named Jho Low. Gregg Calstrom, a Middle East reporter at the Economist, was another person revealed to have been targeted.
French President Emmanuel Macron and South Africa’s Cyril Ramaphosa are among 14 world leaders identified in the records, including several opposition leaders of state. The Guardian have noted that they have identified more than 1,000 individuals spanning 50 countries whose numbers were on the list. They plan to reveal them slowly as these individuals span politics, heads of state, business executives, activists and several royal Arab family members.
Why Were Individuals Hacked?
French President Emmanuel Macron
Currently, the media consortium believes that the data indicates that government clients wanted to scrutinise the activities of those that they deemed a threat, without any motivation. The reasons are wide-ranging and have been denied unequivocally by all those involved but the individuals targeted have all, in some way, revealed to have been “of concern” to state and private bodies.
What happens now?
NSO have denied all claims, stating, “NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets. NSO does not operate its technology, does not collect, nor possess, nor has any access to any kind of data of its customers. Due to contractual and national security considerations, NSO cannot confirm or deny the identity of our government customers, as well as identity of customers of which we have shut down systems.” Their full statement can be read here.
Stating that it is ”technically impossible’ to access these phones with its software, Amnesty International’s forensic analysis of mobile phones showed correlations between data entered on Pegasus systems and their software appearing on the mobile phones. In some cases, the date and time across both sets of data was just a few seconds apart.
Parties who have been affected have put out individual statements while private and state bodies continue to wholesale deny claims that they were involved.
After the revelations came to light, NSA whistleblower Edward Snowden has called for a spyware trade ban.
The UK Government is yet to put out a statement.
