Are governments targeting their own journalists with surveillance spyware?

Pegasus is a spyware tool created by the NSO Group. The spyware targets iOS and Android devices, jailbreaking the former and acquiring root access to the latter. In both cases, this grants the spyware virtually unfettered access to the victim’s device, where it can monitor messages, listen in on calls, activate the camera, and more.

The NSO group claims that this powerful tool is meant to be used against criminals and terrorists, and has published contract excerpts requiring clients to use the spyware appropriately. However, there is evidence of rampant abuse of the spyware, and it is unclear what, if anything, the NSO group is doing to rein it in.

“NSO Group has not taken adequate action to stop the use of its tools for unlawful targeted surveillance of activists and journalists, despite the fact that it either knew, or arguably ought to have known, that this was taking place.” – Amnesty International

Pegasus Project

At the heart of this revelation – part of an elaborate media report called the Pegasus Project – is a leaked list of about 50,000 names. The names are those of journalists, activists, heads of state and their families, and other potential targets of powerful surveillance tools. One name on the list was Jamal Khashoggi – a journalist who was assassinated by the United Arab Emirates (UAE) for his dissident activities.

We have not yet been told exactly where the list came from or what it means:

• It is unclear whether it is a list of hacked targets or of individuals who may have been selected for targeting;
• Some of the telephone numbers belong to landlines. As far as we know, Pegasus spyware is only capable of targeting iOS and Android devices;

What we do know, however, is that the list consists predominantly of journalists, activists, and political figures, and that many of these have been targeted by Pegasus.

“The investigation has so far identified at least 180 journalists in 20 countries who were selected for potential targeting with NSO spyware between 2016 to June 2021…” – Amnesty International

Some of the most damning aspects of these allegations, published in a report by Amnesty international, include:

• Although the full scope and nature of the abuses has yet to be revealed, Amnesty International forensic analysis has revealed that the devices of numerous journalists were infected by the spyware in accordance with the list;
• A number of journalists infected by the spyware have then been persecuted by governments or other powerful organizations, and that persecution coincides with the infections on their devices;
• The NSO Group’s clients include governments with very poor free speech records. The countries named by the report include Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the UAE. There have also been reports of Mexican drug cartels using these tools to target journalists reporting on their activities;

How does it work?

Because this spyware is highly targeted, its users can deploy very advanced and successful methods to infect their victims’ devices. This detailed forensic analysis explains some of those methods in detail. They include spearphishing with emails and SMS, the abuse of zero-day vulnerabilities, and other nefarious methods.

In any case, the result is infection, followed by surveillance and potential abuse.

What happens now?

Amnesty international is calling for further scrutiny of the spyware and of the NSO Group. They’re also calling for greater oversight and regulation of surveillance tools around the world. However, if these tools are being bought and used by our governments, it’s not clear how much of a difference that might make.

The Pegasus Project reporting consortium has pledged to release additional information in the coming days and weeks, so we’ll keep you updated with the latest info.