Recently, legitimate concerns have been raised among media professionals about information disclosed in July 2021 that some repressive regimes around the world were using an Israeli-made spy system to eavesdrop on the phones of journalists and activists (1). On July 18, 2021, a group of 17 media organizations calling themselves Project Pegasus (2) revealed that a spyware system made by the Israeli surveillance software company NSO Group with the same name “Pegasus” was used to hack the phones of activists, journalists and politicians .
The scale of these surveillance operations was first leaked to Amnesty International and Forbidden Stories, a Paris-based non-profit organization. Subsequently, both organizations conducted a criminal investigation into the data and its partnership with the media. Among that data is a list of 50,000 phone numbers belonging to journalists, political activists and public policy figures who are believed to be targeted by NSO customers. According to a report published by the Guardian newspaper, the list included figures for employees of Agence France-Presse, The Wall Street Journal, CNN, New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El Pais, Associated Press, Le Monde, Bloomberg, The Economist, Reuters, And the Voice of America.
The list also included the numbers of some heads of state, prime ministers, members of royal families, diplomats and politicians, as well as activists and businessmen. The Guardian reported that it has not yet been verified whether all the numbers on the list were hacked. And the Washington Post (3) reported that the Pegasus spy program also targeted the phone of the fiancée of the late journalist Jamal Khashoggi days before his assassination inside the Saudi Arabian consulate in Istanbul in 2018.
Two years earlier, (4) NSO pledged to control the abuse of its software, stating that it would align the company’s activities with the United Nations Guiding Principles on Business and Human Rights. The company denied what the Guardian newspaper reported in its report and considered it “false allegations”.
In its statement, the company said: “NSO Group strongly denies the false allegations made in your report. It asserts that most of what is stated in it are fabricated theories that raise doubts about the credibility of your sources and the foundations on which your report was based. Pegasus is a spyware program that can turn Android phones or iPhones into surveillance devices, and it has been previously controversial for its use by repressive regimes to hack and spy on journalists and human rights activists.
In 2016, Citizen Lab and Lookout revealed that an Emirati human rights activist (5) had been hacked, which prompted them to alert Apple, which issued an update to fill the vulnerability that was used to hack his phone.
In 2019, WhatsApp filed a lawsuit (6) against NSO, due to the Pegasus spyware, which was used to hack the accounts of more than 1,400 journalists, human rights activists and dissidents around the world, by exploiting vulnerabilities that had not yet been discovered.
What distinguishes the recent scandal is the number of victims and the disclosure that this advanced spyware is able to penetrate phones without the need for interaction or response from the target person (zero click) in order to give the hacker full control and access to the victim’s phone. It is known that Pegasus is neither the first nor the last spyware program, nor can we be sure that it is the most advanced program.
Government agencies have long used spyware to monitor the activities of people of concern or suspicion; In the United States, the National Security Agency used a spyware program called Dropout Jeep (7) to hack iPhones (8).
The Israeli-made Cellebrite (9) program has also been widely used by law enforcement, intelligence and special agencies in 150 different countries, while Candiru has produced a spyware called Sourgum (10) that can exploit vulnerabilities in Microsoft and Google products, It is also believed to have been used to monitor journalists and human rights activists.