Governments across the globe are using spyware made by the Israeli group NSO to hack into the smartphones of journalists and activists, reported The Washington Post on Sunday. NSO Group is notorious for its Pegasus spyware that allows smartphones to be remotely hacked and providing the hacker access to the phone’s camera and microphone, apart from the phone’s contents.
The Washington Post’s reveal is the first in a series that the outlet plans to release along with 16 other media partners around the globe. Dubbed the Pegasus Project, it includes investigations and forensic analysis of smartphones after a list of 50,000 mobile phone numbers surveilled using NSO’s technology, which was made available to Amnesty International, a global human rights organization.
Teaming up with Forbidden Stories, a Paris-based journalism outlet, Amnesty then shared this list with other media outlets to further the investigations and has now recognized over 1000 people in more than 50 countries that appear to have been surveilled.
The list of people includes politicians, members of Arab royal families, journalists, human rights activists, businessmen, and even a judge in the highest court in India. Amnesty International’s Security Lab also accessed 67 smartphones and conducted digital forensics on them. 23 of these were found to be successfully infected, while 14 showed signs of attempted infiltration. Tests on the rest were inconclusive either because the user had changed or reset their device.
Explaining the process of the forensic analysis on the website, The Wire, the partner media outlet in India, said that the Security Lab team at Amnesty was looking for traces of malicious code left by the spyware, which were also not part of the code of the operating system of the phone. It also stated that iPhones maintained better logs of activities, while Android logs kept their analysis severely limited.
Amnesty has also put in the public domain the method it has used in this forensic analysis, while also verifying its findings with CitizenLab, an interdisciplinary team of researchers at the University of Toronto, who tweeted their support to the findings with a peer-review.
We @citizenlab were asked to verify analysis and undertake a peer review of methods, and found them all sound.
Here is our peer review: https://t.co/uBTowaYlGG
— Citizen Lab (@citizenlab) July 18, 2021
On its part, NSO has rejected the claims made by the investigation, while also clarifying that it has no control over how its clients used its software. The company only provides its services to “vetted” governments, so a spyware attack is always the work of a governmental agency.
More details are expected to be released over the next few days.