An Israeli software program designed to spy on criminals and terrorists was used to infiltrate at least 37 cell phones belonging to reporters, human rights activists, company directors and two women close to Saudi journalist Jamal Khashoggi.
That is one of the main findings of an investigation published Sunday and conducted by The Washington Post and 16 other media outlets with the help of Amnesty International and the French nonprofit Forbidden Stories.
Amnesty International and Forbidden Stories had access to a list of more than 50,000 phone numbers and shared them with the media, which used them for their investigation.
Of those 50,000 phone numbers, 37 were infiltrated with the software program, according to the research.
The program at the center of the controversy is spyware called Pegasus, created by the Israeli technology firm NSO Group, which sells the program to up to 60 military, intelligence or security agencies in 40 countries around the world.
Pegasus first hit the front pages of the media in 2016, when the prestigious Citizen Lab at the University of Toronto discovered vulnerabilities in iOS, Apple’s mobile operating system.
Later, in 2019, 1,400 people, including several Catalan politicians, fell victim to spying by Pegasus, which exploited a WhatsApp vulnerability to infiltrate phones.
Now, however, The Washington Post revealed the existence of a list of 50,000 phone numbers belonging to countries famous for spying on their citizens or which are NSO Group customers.
Of those numbers, the authors of the investigation were able to identify 1,000 people living in 50 countries around the world.
They include several members of Arab royal families, at least 65 senior corporate officials, 85 human rights activists, 189 journalists and more than 600 politicians and government officials, including heads of state and government, ministers and diplomats.
The Washington Post and the other media have not been able to find out what exactly was the target of the 50,000-name list. Nor do they know who created the list and how many of the phones were spied on.
For the moment, they have been able to confirm that 37 were infiltrated, if only for a few seconds.
The governments or security agencies that used Pegasus to infiltrate the phones of journalists, activists and other politicians allegedly violated the license created by NSO Group, which in theory designed these programs to monitor terrorists and criminals.
In statements to The Washington Post, NSO Group declined to identify the governments to which it has sold the spyware.
However, the media analysis concludes that, of the list of 50,000 cell phone numbers, the largest number – 15,000 – were in Mexico and belonged to politicians, journalists and trade unionists, among others.
Another large number of possible victims have been located in Qatar, Yemen, the United Arab Emirates and Bahrain.
The investigation also reveals that Pegasus attempted to infiltrate the Android phone of Hanan Elatr, one of Khashoggi’s wives, just six months before her death. It is not known whether those spying attempts were successful.
In addition, the phone of his later fiancée, Hatice Cengiz, was infiltrated by the spyware just days after he died, according to research published today.
In statements to The Washington Post, NSO defended that its programs help save lives and prevent criminal attacks and, furthermore, considered that the investigation makes unfounded accusations.