The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

The heart of tech

This article was published on July 19, 2021

What we know about new investigations into Pegasus, the spyware targeting journalists

Widespread impact

What we know about new investigations into Pegasus, the spyware targeting journalists
Ivan Mehta
Story by

Ivan Mehta

Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh." Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh."

A string of reports from a new consortium called the Pegasus Project is shedding light on how an invasive piece of spyware has been used to target journalists and activists around the world. As the investigation aims to throw light on significant events cased by the spyware,here’s a rundown of what these initial reports have revealed so far.

What is Pegasus?

Pegasus is a type of spyware developed by Israel-based NSO Group. It could reside on your phone and track all your activities.

Pegasus entered the limelight in 2019, when it allegedly exploited a bug in WhatsApp to gain access to hundreds of smartphones across the world. Later, WhatsApp even filed a lawsuit in the US against the company, for helping governments snoop on more than 1,400 individuals across the globe.

The spyware was also believed to have played part in notable events such as journalist Jamal Khashoggi’s murder, and the breach of Jeff Bezos’ phone that led to his divorce.

What is Pegasus Project?

Pegasus Project is a widespread investigation into NSO group-built spyware and who was affected by it. It involves Forbidden Stories, a non-profit to help journalists uncover stories; Amnesty International, a global human rights organization; and 80 journalists from 17 media organizations across the globe.

The project will try and reveal the extent of damage caused by Pegasus spyware across the world and how people were impacted by it.

What do we know so far?

Forbidden Stories got access to a list of 50,000 phone numbers that could be targeted individuals with the Pegasus spyware. The early reports from the Pegasus Project partners suggest that there’s no evidence all of these numbers might have been targeted, but they could be persons of interest for government agencies.

Journalists involved in the project were able to identify and verify about 1,000 numbers across the globe.

The Pegasus Project alleged that at least 10 governments were trying to punch in numbers in a secret system to monitor their targets in some way. These countries included Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE).

Amnesty international ran forensic tests across 67 phones out of which, 37 phones were found to have traces of the Pegasus Spyware. Canada-based Citizen Labs also verified these findings to solidify earlier observations.

Journalist Jamal Khashoggi who was murdered in 2018
Credit: Wikimedia Commons
Journalist Jamal Khashoggi who was murdered in 2018

The report stated that two of Khashoggi’s close aides, his fiance, and his son, were targeted by the notorious spyware.

The investigation also found out that the phone of Mexican journalist Cecilio Pineda, who was killed in 2017, had his phone hacked. Plus, Xavier Olea Pelaez, the state prosecutor in charge of the Pineda murder case, was also attacked using Pegasus.

What is NSO Group’s response?

NSO Group responded to Pegasus Project by claiming that these investigations contain “wrong assumptions” and “uncorroborated theories,” and the company’s is committed to a “life-saving mission”: 

NSO Group firmly denies false claims made in your report which many of them are uncorroborated theories that raise serious doubts about the reliability of your sources, as well as the basis of your story. Your sources have supplied you with information that has no factual basis, as evidenced by the lack of supporting documentation for many of the claims.

The alleged amount of ‘leaked data of more than 50,000 phone numbers,’ cannot be a list of numbers targeted by governments using Pegasus, based on this exaggerated number.

The group added that they don’t have insights into how its software is used by its customers. However, it said that it performs checks on its customers’ human rights violation record before onboarding them.

What are the governments saying?

The Indian government responded to these allegations by saying that previously, the country’s IT minister had specified that “there has been no unauthorised interception by government agencies.” Plus, it has a clear protocol about interception, which involves several highly ranked officers at the national and state level.

The Rawanda government said that it doesn’t possess this technical ability in any form and these accusations are false. The Hungarian government also squashed these claims, and retorted by asking whether these investigating journalists have similarlyl questioned the US, the UK, Germany or France.

Amnesty’s investigation found attacks dating from 2014 to as recently as this month. As Pegasus’ threat is still looming large, we’ll keep an eye on reports from this new consortium and bring you recaps covering how it’s being used around the world.

Also tagged with