50,000 phone numbers worldwide on list linked to Israeli spyware: reports
Israel’s NSO Group and its Pegasus malware have been in the headlines since at least 2016, when researchers accused it of helping spy on a dissident in the United Arab Emirates, reports AFP.
Sunday’s revelations raise privacy and rights concerns, and reveal the far-reaching extent to which the private Israeli company’s software may be being misused by its clients internationally.
The extent of the use of Pegasus was reported by The Washington Post, the Guardian, Le Monde and other news outlets who collaborated on an investigation into a data leak.
The leak was of a list of more than 50,000 smartphone numbers believed to have been identified as people of interest by clients of NSO since 2016, the media outlets said.
The Post said the list was shared with the news organizations by Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International. The newspaper said the total number of phones on the list that were actually targeted or surveilled is unknown.
The Post said 15,000 of the numbers on the list were in Mexico and included those of politicians, union representatives, journalists and government critics.
The list reportedly included the number of a Mexican freelance journalist who was murdered at a carwash. His phone was never found, and it was not clear if it had been hacked.
Indian investigative news website The Wire reported that 300 mobile phone numbers used in India — including those of government ministers, opposition politicians, journalists, scientists and rights activists — were on the list.
The numbers included those of more than 40 Indian journalists from major publications such as the Hindustan Times, The Hindu and the Indian Express, as well as two founding editors of The Wire, it said.
The Indian government denied in 2019 that it had used the malware to spy on its citizens after WhatsApp filed a lawsuit in the United States against NSO, accusing it of using the messaging platform to conduct cyber espionage.
The Post said a forensic analysis of 37 of the smartphones on the list showed there had been “attempted and successful” hacks of the devices, including those of two women close to Saudi journalist Jamal Khashoggi, who was murdered in 2018 by a Saudi hit squad.
Among the numbers on the list are those of journalists for Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El Pais, the Associated Press, Le Monde, Bloomberg, The Economist, Reuters and Voice of America, the Guardian said.
The use of the Pegasus software to hack the phones of Al-Jazeera reporters and a Moroccan journalist has been reported previously by Citizen Lab, a research center at the University of Toronto, and Amnesty International.
– Pocket spy –
The Post said the numbers on the list are unattributed, but the media outlets participating in the project were able to identify more than 1,000 people in more than 50 countries.