Massive Global Pegasus Spyware Campaign Covertly Stalked Politicians, Activists, Journalists

Pegasus is a malware used to infect both iPhones and Androids to, according to NSO Group’s website, “detect and prevent terrorism and crime.” It can be used to steal messages, photos, emails, calls, and secretly record users. However, a recent leak of over 50,000 phone numbers has been identified as a list of people of interest to clients of the NSO Group, suggesting potential abuse of NSO Group’s software.
While having a phone number on the list does not necessarily mean the attached phone was hacked, it does put a target on people. The Guardian reports that the list includes “hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.” This list will be disclosed in the coming weeks, with the first round consisting of 180 journalists worldwide from outlets such as CNN, New York Times, Associated Press, Reuters, and more.

It is also noted that at least ten government believed to be NSO Group customers have been entering data into the leaked system. These countries include “Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE),” but that list could potentially grow.
However, NSO maintains that it does not operate the systems it sells or does not have access to its customers’ targets data. This was reiterated in a statement issued through lawyers to The Guardian, in which it was stated that this report contains “false claims.” Moreover, “It said the list cannot be a list of numbers ‘targeted by governments using Pegasus’ and described the 50,000 figure as ‘exaggerated’.” However, it is curious that the company says it does not have access to data yet describes the list of targeted people as “exaggerated.”

Further, there is also analysis from Amnesty’s Security Lab that suggests there is a correlation between numbers being entered into the database and Pegasus activity, as little a moments later. The Citizen Lab at the University of Toronto provided peer-review of this analysis and found that it was sound as well.

Whether or not any of these 50,000 people on the list were actually hacked using the Pegasus product still raises concerns nonetheless. The fact that pro-democracy and human rights activists alongside journalists can be targeted en masse spells massive issues worldwide. Also, this is simply a massive privacy breach for people worldwide who are not criminals or terrorists, of whom NSO suggests its software is used. Hopefully, we will gain more clarity on the situation as it develops, so stay tuned to HotHardware for updates.