Some 50,000 phone numbers belonging to journalists, human rights activists, and others living in countries known to spy on their citizens have been compiled by the Pegasus Project report, it was revealed over the weekend. This is not the first time the NSO Group Technologies’ hacking spyware, Pegasus, has been accused of being used to violate human rights.
While the Herzliya-based company says its software is used exclusively by governments and intelligence agencies use to hack the cell phones of terrorists, drug rings and pedophiles, Amnesty International and other human-rights groups have long accused NSO of selling its services to governments that abuse human rights.
Among them, NSO’s Pegasus has been fingered for playing a role in the murder of Saudi dissident Jamal Khashoggi by agents of the Saudi government in 2018.
Facebook has also sued NSO in the United States for exploiting a flaw in WhatsApp messaging service to hack 1,400 users. The US Justice Department, among others, is also said to be investigating the company.
NSO has repeatedly denied any role in these and other attacks, saying it only sells its technologies to law enforcement and intelligence agencies of vetted governments for the purpose of saving lives. The company has also claimed success in blocking ISIS terror attacks and cracking drug and pornography rings in Europe, Africa and Oceania.
In 2020, the Tel Aviv District Court rejected Amnesty’s lawsuit to cancel NSO’s export license, saying that the Defense Ministry’s process for vetting NSO clients was sufficient.
However, the Pegasus Project, a collaboration by more than 80 journalists from 17 media organizations in 10 countries, says it has found the smoking gun proving the company’s connection to dangerous regimes. It says that 50,000 phone numbers of potential surveillance targets were gathered by potential NSO clients in 11 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates.
While being included on the list does not necessarily indicate that a person’s device was infected with the spyware, Pegasus Project partners believe the list identifies potential past and future surveillance targets.