Dhaka, Sunday


25 July 2021


Business Insider Bangladesh

Spyware used to target activists, leak suggests

BI Desk || BusinessInsider

Published: 16:10, 19 July 2021   Update: 16:12, 19 July 2021
Spyware used to target activists, leak suggests

Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm, media reports say. Photo: Colected

Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm, media reports say.

They are on a list of some 50,000 phone numbers of people believed to be of interest to clients of the company, NSO Group, leaked to major news outlets.

It was not clear where the list came from — or how many phones had actually been hacked, reports BBC.

NSO denies any wrongdoing

It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records.

It said the original investigation which led to the reports, by Paris-based NGO Forbidden Stories and the human rights group Amnesty International, was “full of wrong assumptions and uncorroborated theories.”

The allegations about use of the software, known as Pegasus, were carried on Sunday by the Washington Post, the Guardian, Le Monde and 14 other media organisations around the world.

Pegasus infects iPhones and Android devices to enable operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras.

The Hindu reports:

Telephone numbers of some 40 Indian journalists figure in a “leaked list of potential targets for surveillance” and forensic tests were said to have “confirmed that some of them were successfully snooped upon by an unidentified agency using Pegasus software”, The Wire, an independent news website, reported on Sunday night.

Indian ministers, government officials and opposition leaders also figure in the list of people whose phones may have been compromised by the spyware, The Wire, which conducted the investigation along with international partners, claimed.

The leaked telephone numbers included correspondents and writers from the Hindustan Times, The Hindu, India Today, Indian Express and Network18. Vijaita Singh, who works for The Hindu’s national bureau, also figures in the list, which includes journalists like Shishir Gupta, Siddharth Vardarajan, MK Venu, Sushant Singh, Rohini Singh, Muzamil Jaleel, Ritika Chopra and Swati Chaturvedi.

The BBC adds: The numbers on the list were unattributed, but media outlets working on the investigation said they had identified more than 1,000 people spanning over 50 countries.

Among them are politicians and heads of state, business executives, activists, and several Arab royal family members. More than 180 journalists were also found to be on the list, from organisations including CNN, the New York Times and Al Jazeera.

Many of the numbers were clustered in 10 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates, according to the reports.

When contacted by the outlets involved in the investigation, spokespeople for these countries either denied that Pegasus was used or denied that they had abused their powers of surveillance.

It was not clear how many of the devices on the list had actually been targeted, but forensic analysis of 37 of the phones showed there had been “attempted and successful” hacks, the Washington Post reported.

This included people close to Saudi journalist Jamal Khashoggi, who was murdered while visiting the Saudi consulate in Istanbul, Turkey, in October 2018 and his body dismembered.

The investigation found that spyware was installed on his fiancée’s phone days after his murder, and that his wife’s phone was targeted with spyware between September 2017 and April 2018.

The NSO Group said its technology was “not associated in any way with the heinous murder”.

The phone of Mexican journalist Cecilio Pineda Birto also appeared twice on the list, including in the month before he was murdered, the investigation found.

His phone disappeared from the scene of the murder so a forensic examination was not possible, but NSO said that even if his phone was targeted, that did not mean that data collected was connected with his murder.

More details about who has been targeted are expected to be released in the coming days.

WhatsApp sued NSO in 2019, alleging the company was behind cyber-attacks on 1,400 mobile phones involving Pegasus. At the time, NSO denied any wrongdoing, but the company has been banned from using WhatsApp.

The allegations here are not new but what is new is the scale of the targeting of innocent people that’s allegedly taking place. Nearly 200 reporters from 21 countries have their phone numbers on this list and more names of high-profile public figures are expected to be revealed.

There are plenty of unknowns in these allegations - including where the list comes from and how many of the phone numbers were actively targeted with spyware. NSO Group have once again come out swinging and deny all accusations but it’s a blow for the company that is actively trying to reform its reputation.

Only two weeks ago they released their first “transparency report” detailing human right policies and pledges. Amnesty International brushed the 32-page document off as a “sales brochure”.

These latest allegations will do further damage to its image, but they won’t hurt the company financially. There are very few private companies able to produce the sort of invasive spy tools that NSO sells, and clearly the largely unregulated market for the software is booming.

IBBL