Posted on July 20, 2021 at 5:16 PM
An Israeli firm, linked with the supply of spyware to governments, has been connected to a list of thousands of smartphone numbers from politicians, business executives, activities, and journalists around the world.
The group has the capability of harvesting data or switching on its microphone or camera. The malware group made headlines in 2016 when it was accused of helping to spy on protesters in the UAE.
The findings of the group’s recent activities were made via a collaborative effort by Le Monde, the Guardian, and The Washington Post. The revelation shows how the firm’s software can be misused by threat actors to damaging effects.
The report noted that the data leak has a list of more than 50,000 numbers who are from clients of NSO since 2016. But the number of phone numbers stolen doesn’t necessarily mean all of those devices were hacked.
The phone numbers on the list also belonged to members of Arab royal families, prime ministers, and heads of state.
The list also includes journalists for media organizations around the world, including the Associated Press, El Pais, Mediapart, Radio Free Europe, France 24, Al Jazeera, The New York Times, CNN, and The Wall Street Journal.
Amnesty’s security lab carried out forensic analysis on the incidence where it disclosed that threat actors used the Pegasus spyware to target two women close to murdered Saudi columnist Jamal Khashoggi. Also, the phone of Hatice Cengiz, Khashoggi’s fiancée, was infected with a malware few days after the columnist was slain in the Saudi consulate in Instanbul in October 2018.
Governments illegally monitoring journalists
Forbidden Stories, a Paris-based media non-profit organization, and Amnesty International had initial access to the leaked data, which they shared with media organizations.
Citizen Lab reported late last year that sophisticated electronic surveillance intercepted the mobile communications of dozens of journalists at Qatar’s Al Jazeera network. There have been other similar cases where governments have been blamed for using the surveillance network of the security firm to spy on journalists and protesters.
The Pegasus surveillance tool infects the users’ smartphones and steals their phone’s information, including phone number and every contact name. they can also steal details from Telegram, WeChat, WhatsApp, Skype, Facebook message, email, text message, and every other place.
Bill Marczak, a researcher with cybersecurity research group Citizen Lab, stated that a previous revelation showed that the hacking numbers reached 1,400.
Although the recent list didn’t identify the clients, it reported that several of the clients were clustered in 10 countries. These include the United Arab Emirates, Saudi Arabia, Rwanda, Morocco, Mexico, Kazakstan, India, Hungary, Bahrain, as well as Azerbaijan.
French government responds to incident
On Monday, France was infuriated by the allegations that Morocco’s intelligence services used Israeli malware to spy on dozens of French journalists, calling the action “extremely shocking.
The report revealed that Morocco was one of several other countries that spied on cities of the kingdom using the Pegasus software.
Spokesperson to the France government Gabriel Attal stated that the situation is very serious if it’s true. “These are extremely shocking acts and, if proven, are extremely serious,” he stated.
He added that the government is very serious about respecting the freedom of the press, and it will be a very serious crime if the revelations revealed that there were manipulations to undermine this freedom.
Tech Legal Counsel at Access Now, Natalia Krapiva, spoke about the incidents, saying that the surveillance industry works under a cloud of darkness,
She told Al Jazeera that spyware firms can no longer be trusted in the industry. This recent incident as well as the incidences involving Candiru and Cellebrite shows that these surveillance companies need to be held responsible.
She added that the industry has demonstrated that it is not capable of policing itself, and the government is excusing the abuses by hiding behind national security. The industry needs accountability, transparency, and proper regulation, she reiterated.