THE PEGASUS PROJECT Live Blog: Major Stories from Partners
A powerful hacking tool called Pegasus, sold to governments around the world by the Israeli surveillance company NSO Group, has been used to spy on journalists, human rights activists, the fiancée of the murdered Saudi journalist Jamal Khashoggi and others, according to a months-long investigation by 17 news organizations, including FRONTLINE.
The investigation of the spyware was coordinated by the journalism nonprofit Forbidden Stories, with technical support from Amnesty International’s Security Lab. Forbidden Stories and Amnesty had access to a leak of more than 50,000 records of phone numbers concentrated in countries known to be NSO clients. NSO has disputed the findings of the reporting and said it will investigate all credible claims of misuse and take appropriate action.
FRONTLINE is producing a documentary with Forbidden Stories. We are linking here to major stories from our partner news outlets.
Aristegui Noticias | Daraj | Die Zeit | Direkt36
Forbidden Stories | Haaretz | Knack | Le Monde | Le Soir
OCCRP | Proceso | Radio France | Süddeutsche Zeitung
The Guardian | The Washington Post | The Wire
Jump to coverage from each day:
- Thursday, July 29: NSO Offices
- Wednesday, July 28: Fallout
- Monday, July 26: U.S. House Members Respond
- Sunday, July 25: France
- Saturday, July 24: WhatsApp
- Friday, July 23: Recap
- Thursday, July 22: Dalai Lama
- Wednesday, July 21: Dubai, Reaction
- Tuesday, July 20: Israel, Heads of State
- Monday, July 19: Apple, India, Mexico, Lawyers & Activists
- Sunday, July 18: The Pegasus Project Launch
Thursday, July 29, 2021
The Washington Post
White House has spoken to Israeli officials about spyware concerns following Pegasus Project revelations
“The White House has raised concerns about the Israeli surveillance giant NSO Group in meetings with senior Israeli officials, according to three people familiar with the matter, in a reflection of diplomatic tensions between the allies following revelations by The Washington Post and other news organizations that NSO spyware has been used to target journalists, human rights activists and private citizens.
Members of Congress also have called on the Biden administration to push forward on new regulations, sanctions and federal investigations into potential spyware abuse.”
“Israeli authorities have inspected the offices of the surveillance outfit NSO Group in response to the Pegasus project investigation into abuses of the company’s spyware by several government clients.
Officials from the defense ministry visited the company’s offices near Tel Aviv on Wednesday, at the same time as the defense minister, Benny Gantz, arrived for a pre-arranged visit to Paris in which the Pegasus revelations were discussed with his French counterpart.”
Wednesday, July 28, 2021
The Washington Post
“Israeli Defense Minister Benny Gantz was set to meet with his French counterpart on Wednesday, amid the fallout over revelations that President Emmanuel Macron may have been considered as a target for surveillance through an Israeli firm’s spyware licensed to governments around the world.”
“Hungary’s opposition has called for ministerial resignations from Viktor Orbán’s far-right government over allegations it selected journalists, media owners and opposition political figures as potential targets for invasive Pegasus spyware.”
Monday, July 26, 2021
The Washington Post
“Four House Democrats on Monday suggested blacklisting or imposing sanctions against the Israeli firm that licensed spyware used by governments to hack the smartphones of journalists, human rights activists and business executives.
‘Enough is enough. The recent revelations regarding misuse of the NSO Group’s software reinforce our conviction that the hacking for hire industry must be brought under control,’ Reps. Tom Malinowski (D-N.J.), Katie Porter (D-Calif.), Joaquin Castro (D-Tex.) and Anna G. Eshoo (D-Calif.) said in a joint statement.”
Sunday, July 25, 2021
“Emmanuel Macron has reportedly spoken to the Israeli prime minister, Naftali Bennett, to ensure that the Israeli government is ‘properly investigating’ allegations that the French president could have been targeted with Israeli-made spyware by Morocco’s security services.
In a phone call, Macron expressed concern that his phone and those of most of his cabinet could have been infected with Pegasus, hacking software developed by the Israeli surveillance firm NSO Group, which enables operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones from infected devices.”
Saturday, July 24, 2021
“Senior government officials around the world — including individuals in high national security positions who are ‘allies of the US’ — were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive.
[Will] Cathcart said that he saw parallels between the attack against WhatsApp users in 2019 — which is now the subject of a lawsuit brought by WhatsApp against NSO — and reports about a massive data leak that are at the centre of the Pegasus project.
‘The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,’ Cathcart said in an interview with the Guardian.”
Friday, July 23, 2021
“The Pegasus project investigation has reverberated across the world; claims about the use of invasive spyware, and the governments that use the technology, have provoked demonstrations, political outrage and calls for industry regulation.
… Guardian reporters pull together the impact of the investigation, which has put a spotlight on the government customers of the Israeli company NSO Group.”
“In 2019, when NSO Group was facing intense scrutiny, new investors in the Israeli surveillance company were on a PR offensive to reassure human rights groups.
In an exchange of public letters in 2019, they told Amnesty International and other activists that they would do “whatever is necessary” to ensure NSO’s weapons-grade software would only be used to fight crime and terrorism.
But the claim, it now appears, was hollow.
Unknown to the activists, NSO would later hatch a deal that would help a longtime government client with an awful human rights record. Dubai, a monarchy in the United Arab Emirates, wanted NSO to give it permission to expand its potential use of the spyware so it could target mobile phones in the UK.”
Thursday, July 22, 2021
“An Israeli commission reviewing allegations that NSO Group’s Pegasus spyware was misused by its customers to target journalists and human rights activists will examine whether rules on Israel’s export of cyberweapons such as Pegasus should be tightened, a senior MP has said.
The move came as the French president, Emmanuel Macron, convened an emergency cybersecurity meeting after reports his mobile phone and those of government ministers appeared in the leaked list.
NSO has said Macron was not a ‘target’ of any of its customers, meaning the company denies he was selected for surveillance using its spyware, saying in multiple statements that it requires its government clients to only use its powerful spying tools for legitimate investigations into terrorism or crime.”
The Washington Post
“The French government said Thursday that investigations are underway into reports from The Washington Post and other international news organizations that phone numbers for President Emmanuel Macron and other world leaders, as well as for activists and journalists, were found on a list that included some people targeted by government clients of the Israeli surveillance giant NSO Group and its spyware tool Pegasus.
The journalism consortium, operating as the Pegasus Project, revealed that the numbers for three presidents, 10 prime ministers and the king of Morocco had all been discovered among the more than 50,000 phone records on the list. None of the world leaders’ devices was forensically examined, but tests of other phones on the list found evidence of an attempted or successful spyware intrusion.”
“The phone numbers of a top ring of advisers around the Dalai Lama are believed to have been selected as those of people of interest by government clients of NSO Group. Analysis strongly indicates that the Indian government was selecting the potential targets.
NSO’s Pegasus spyware allows clients to infiltrate phones and extract their calls, messages and location. The selected Tibetans did not make their phones available to confirm whether any hacking was attempted or successful, but technical analysis of 10 other phones on the suspected Indian client list found traces of Pegasus or signs of targeting related to the spyware.
In multiple statements, NSO said the fact a number appeared on the leaked list was in no way indicative of whether it was selected for surveillance using Pegasus. ‘The list is not a list of Pegasus targets or potential targets,’ the company said. ‘The numbers in the list are not related to NSO Group in any way.'”
Wednesday, July 21, 2021
The Washington Post
“The agents said the Israelis’ technology, which helped carriers troubleshoot their customers’ smartphones by sending them an SMS link that enabled the carrier to access the phone remotely, could be useful for saving people’s lives. Traditional methods of wiretapping calls were becoming obsolete in the age of the smartphone, the officers explained, because early encryption software blocked their ability to read and listen to the conversations of terrorists, pedophiles and other criminals. Would Hulio and Lavie be able to help them, by building a version of their technology that the officials could use?
More than a decade later, the cybersecurity company that arose out of that fateful conversation — the NSO Group, an acronym based off the first names of the three founders — is at the center of a global debate over the weaponization of powerful and largely unregulated surveillance technology.”
“As her plane touched down in April 2019, Princess Haya bint al-Hussein, who was accompanied by her two children, might have hoped she was beyond the reach of her ex-husband, the emir of Dubai, Sheikh Mohammed bin Rashid al-Maktoum.
She did not know, however, it was likely mobile phone numbers belonging to her, her closest aides, advisers and friends, were being entered into a computer system operated by agents of the emirate of Dubai, one of the clients of spyware manufacturer NSO Group.”
The Washington Post
“Princess Latifa bint Mohammed al-Maktoum, the 32-year-old daughter of Dubai’s fearsome ruler, believed she was closer than ever to political asylum — and, for the first time, real freedom in the United States, members of her escape team said in interviews.
But there was one threat she hadn’t planned for: The spyware tool Pegasus, which her father’s government was known to have used to secretly hack and track people’s phones. Leaked data shows that by the time armed commandos stormed the yacht, eight days into her escape, operatives had entered the numbers of her closest friends and allies into a system that had also been used for selecting Pegasus surveillance targets.”
“Israel’s government is reportedly setting up a task force to manage the fallout from Pegasus project revelations about the use of spying tools sold to authoritarian governments by the Israeli surveillance firm NSO Group.
A team including representatives from the defence ministry, ministry of justice, foreign ministry, military intelligence and the Mossad, the national intelligence agency, is poised to conduct an investigation into whether “policy changes” are needed regarding sensitive cyber exports, several Israeli media outlets reported on Tuesday night, quoting unnamed officials.”
“Cybersecurity experts who have examined how NSO’s Pegasus spyware works say the software does not discriminate between encrypted messaging apps and can access pretty much everything on an infected phone. They say Telegram, as well as WhatsApp, Signal and other messaging apps promising end-to-end encryption, are in effect rendered powerless if the device on which they are installed is infected by hacking software as powerful as Pegasus.”
Tuesday, July 20, 2021
The Washington Post
“The head of the Israeli surveillance giant NSO Group pledged Sunday to investigate potential cases of human rights abuses following a sweeping report by The Washington Post and other media organizations that uncovered how NSO’s government clients had deployed its spyware tool Pegasus against activists, journalists and private citizens around the world.
The company has raced to address growing outrage from human rights activists, technology executives, political dissidents and the general public over the widespread hacking and surveillance revealed in the Pegasus Project, an investigation by The Post and 16 international media partners. By Monday, government and political opposition leaders from the European Union and France, India, Hungary and other countries had expressed fury and demanded answers as to whether the surveillance system had been abused.”
“The leaked database at the heart of the Pegasus project includes the mobile phone numbers of the French president, Emmanuel Macron, and 13 other heads of state and heads of government, the Guardian can reveal.
The South African president, Cyril Ramaphosa, and the Pakistani prime minister, Imran Khan, are also listed in the data, which includes diplomats, military chiefs and senior politicians from 34 countries.
The appearance of a number on the leaked list — which includes numbers selected by governments that are clients of NSO Group, the Israeli spyware firm — does not mean it was subject to an attempted or successful hack. NSO insists the database has “no relevance” to the company.”
The Washington Post
“Spies for centuries have trained their sights on those who shape destinies of nations: presidents, prime ministers, kings.
And in the 21st century, most of them carry smartphones.
Such is the underlying logic for some of the most tantalizing discoveries for an international investigation that in recent months scrutinized a list of more than 50,000 phone numbers that included — according to forensics analyses of dozens of iPhones — at least some people targeted by Pegasus spyware licensed to governments worldwide.
The list contained the numbers of politicians and government officials by the hundreds. But what of heads of state and governments, arguably the most coveted of targets?”
“Revelations about the use of spying tools sold to governments by NSO Group sparked furious political rows across the world on Monday after evidence emerged to suggest the surveillance firm’s clients may have sought to target their political opponents.
Amid growing concern over the apparent abuse of NSO’s powerful phone-hacking spyware, Pegasus, Amazon confirmed it had already cut some of its ties to the Israeli surveillance company. The stock price of Apple dipped amid worries about the privacy and security of its handsets.”
The Washington Post
“The Israeli company NSO Group has earned a reputation among national security experts around the world as a best-in-class manufacturer of surveillance technology capable of secretly gathering information from a target’s phone.
But U.S. and European security officials regard the company with a degree of suspicion despite the ability of its technology to help combat terrorists and violent criminals. In interviews, several current and former officials said they presumed that the company, which was founded by former Israeli intelligence officers, provides at least some information to the government in Jerusalem about who is using its spying products and what information they’re collecting.”
“It is common for governments to help companies export their products. NSO, after all, employs former Israeli cyber-intelligence officials and retains links to the defence ministry.
But revelations about how repressive states such as Saudi Arabia, the United Arab Emirates, Azerbaijan and others have used NSO’s technology to target human rights lawyers, activists and journalists raise questions for Israel and have put the issue under fresh scrutiny.
The disclosures threaten to put diplomatic pressure on Israel, amid questions over whether it is using the licensing of NSO’s spyware for political leverage – and allowing the software to be sold to undemocratic countries that are likely to misuse it.”
Monday, July 19, 2021
“At least 50 people close to Mexico’s president, Andrés Manuel López Obrador – including his wife, children, aides and doctor – were included in a leaked list of numbers selected by government clients of the Israeli spyware company NSO Group before his election.
Politicians from every party, as well as journalists, lawyers, activists, prosecutors, diplomats, teachers, judges, doctors and academics, were also among more than 15,000 individuals selected as possible targets for surveillance between 2016 and 2017, according to an investigation by a collaboration of international media outlets including the Guardian.”
“When Shalev Hulio tells his story, he likes to present himself as the archetype of the successful serial entrepreneur.”
“Governments must impose a global moratorium on the international spyware trade or face a world in which no mobile phone is safe from state-sponsored hackers, Edward Snowden has warned in the wake of revelations about the clients of NSO Group.
Snowden, who in 2013 blew the whistle on the secret mass surveillance programmes of the US National Security Agency, described for-profit malware developers as “an industry that should not exist”.
He made the comments in an interview with the Guardian after the first revelations from the Pegasus project, a journalistic investigation by a consortium of international media organisations into the NSO Group and its clients.”
“The American daughter of Paul Rusesabagina, the imprisoned Rwandan activist who inspired the film Hotel Rwanda, has been the victim of a near-constant surveillance campaign, according to a forensic analysis of her mobile phone that found evidence of multiple attacks using NSO Group spyware.
Carine Kanimba, a US-Belgian dual citizen, has been leading her family’s effort to free her father from prison following Rusesabagina’s abduction and forced return to Kigali last year by the government of the Rwandan president, Paul Kagame.
Amnesty International’s forensic analysis found that Kanimba’s phone had been infiltrated since at least January this year.”
The Washington Post
“The Israeli surveillance giant NSO Group and companies linked to it or its founders have spent millions of dollars in hopes of wooing their way into the U.S. market, hosting demonstrations for government intelligence officials and hiring Washington’s most prominent names despite pledges that its phone-hacking tool can’t be used inside the United States.
The company’s attempts to secure U.S. contracts appear to have been unsuccessful, with federal and local law enforcement agency representatives saying in emails and interviews that they balked at its Pegasus spyware tool’s million-dollar price tag.
But an influential network of Washington consultants, lawyers, lobbyists and other prominent personalities have earned money from the company, its parent company or its founders, a Washington Post review of government and company filings shows. Those beneficiaries include some of the most powerful members of the Obama, Trump and Biden administrations.”
“In a sign that intrusive surveillance technologies are perhaps being deployed to gather information about the principal opposition party, The Wire and its media partners in the Pegasus Project can confirm that at least two mobile phone accounts used by Congress leader Rahul Gandhi were among 300 verified Indian numbers listed as potential targets by an official Indian client of the Israeli surveillance technology vendor, NSO Group.
Such was the apparent interest in Gandhi that the numbers of five of his social friends and acquaintances were also placed on the list of potential targets. None of the five plays any role in politics or public affairs.”
The Washington Post
“Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.
These kinds of “zero-click” attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance — and built marketing campaigns on assertions that it offers better privacy and security than rivals.”
The Washington Post
The spyware is sold to governments to fight terrorism. In India, it was used to hack journalists and others.
“Hundreds of Indian phone numbers appeared on a list that included some selected for surveillance by clients of NSO Group, an Israeli firm. The list contained numbers for Rahul Gandhi, India’s main opposition leader; Ashok Lavasa, a key election official considered an obstacle to the ruling party; and M. Hari Menon, the local head of the Bill and Melinda Gates Foundation.
Others included on the list were journalists, activists, opposition politicians, senior officials, business executives, public health experts, Tibetan exiles and foreign diplomats. A group of Modi critics accused of plotting to overthrow the government also appeared on the list.”
“A leak of phone data suggests human rights lawyers, activists and dissidents across the globe were selected as possible candidates for invasive surveillance through their phones.
Their mobile phone numbers appeared in leaked records, indicating they were selected prior to possible surveillance targeting by governmental clients of the Israeli company NSO Group, which developed the Pegasus spyware.
NSO has repeatedly said Pegasus, which can access all data on a target’s device as well as turn it into an audio or video recorder, is meant for use only against terrorists and serious criminals.”
Sunday, July 18, 2021
FRONTLINE & Forbidden Stories
“A consortium of news outlets from around the world, including FRONTLINE, has been investigating the use of the spyware called Pegasus and the Israeli company, NSO Group, that sells it to foreign governments. Pegasus has been used by NSO clients to spy on journalists, human rights activists and others. One target: Jamal Khashoggi’s fiancée.
The investigation is coordinated by the journalism nonprofit Forbidden Stories, with technical support from Amnesty International’s Security Lab. Washington Post reporter Dana Priest is one of more than 80 journalists from 17 media organizations working on the collaboration, known as The Pegasus Project. She traveled to Turkey to verify if Pegasus had been used to surveil Khashoggi’s fiancée, Hatice Cengiz.
NSO Group says its spyware is used to fight terrorism and serious crimes, and that its technology was not associated in any way with Khashoggi’s murder. This reporting is part of an upcoming FRONTLINE documentary produced with Forbidden Stories to air on PBS.”
The Washington Post
“Military-grade spyware licensed by an Israeli firm to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi, according to an investigation by The Washington Post and 16 media partners.
The phones appeared on a list of more than 50,000 numbers that are concentrated in countries known to engage in surveillance of their citizens and also known to have been clients of the Israeli firm, NSO Group, a worldwide leader in the growing and largely unregulated private spyware industry, the investigation found.”
The Washington Post
“NSO Group’s Pegasus spyware was used to secretly target the smartphones of the two women closest to murdered Saudi columnist Jamal Khashoggi, according to digital forensic analysis.
The Android phone of his wife, Hanan Elatr, was targeted by a Pegasus user six months before his killing, but the analysis could not determine whether the hack was successful. The iPhone of his fiancee, Hatice Cengiz, was penetrated by spyware days after the murder, the forensics showed.”
“For nearly three years, Khadija Ismayilova’s phone was regularly infected with Pegasus, a highly-sophisticated spyware tool developed by Israeli company NSO Group that gives clients access to the entirety of a phone’s contents and can even remotely access the camera and microphone, according to a forensic analysis by Amnesty International’s Security Lab, in partnership with Forbidden Stories.
Ismayilova is one of nearly 200 journalists around the world whose phones have been selected as targets by NSO clients, according to the Pegasus Project, an investigation released today by a global consortium of more than 80 journalists from 17 media outlets in 10 countries, coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab.”
“Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.
The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.”
“Pegasus is the hacking software – or spyware – that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group. It has the capability to infect billions of phones running either iOS or Android operating systems.”
The Washington Post
“How vulnerable are you to such spyware? Are there steps you can take to keep your phone safe? Here are some answers.”
“The editor of the Financial Times is one of more than 180 editors, investigative reporters and other journalists around the world who were selected as possible candidates for surveillance by government clients of the surveillance firm NSO Group, the Guardian can reveal.
Roula Khalaf, who became the first female editor in the newspaper’s history last year, was selected as a potential target throughout 2018.”
“Forensic tests conducted as part of this project on a small cross-section of phones associated with these numbers revealed clear signs of targeting by Pegasus spyware in 37 phones, of which 10 are Indian.”
“Viktor Orbán’s government has deployed a new weapon in its war on the media in Hungary, according to forensic analysis of several mobile devices, using some of the world’s most invasive spyware against investigative journalists and the circle of one of the country’s last remaining independent media owners.”
“The following is an edited summary of statements issued by NSO Group and their lawyers, Clare Locke, to the Guardian and other media organisations.
NSO Group firmly denies false claims made in your report, many of which are uncorroborated theories that raise serious doubts about the reliability of your sources, as well as the basis of your story.”