Leaked Data Shows NSO Group's Malware Was Used To Target Journalists, Activists, And World Leaders

from the not-your-usual-bad-guys dept

A massive data leak has confirmed what's been suspected (and reported by security researchers like Citizen Lab) for a long time: Israeli malware developer NSO Group's powerful cellphone snooping tools have been used to target journalists, activists, and dissidents all over the world.

The Guardian and 16 other media outlets have dug into the data leak and uncovered some pretty disturbing info about NSO's Pegasus malware, which allows those deploying the spyware to extract messages, record phone calls, and surreptitiously activate microphones.

Who's in the list of phone numbers seen by the Guardian? Lots and lots and lots of journalists.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

[...]

The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.

Here's who's included in this first revelation by the Guardian:

[J]ournalists who were selected as possible candidates for surveillance by NSO’s clients work for some of the world’s most prestigious media organisations. They include the Wall Street Journal, CNN, the New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, Associated Press, Le Monde, Bloomberg, Agence France-Presse, the Economist, Reuters and Voice of America.

Also found on the list was the number of Mexican reporter Cecilio Pineda Birto, who was murdered while waiting for his pickup to finish being cleaned at a local car wash. This followed weeks of death threats that began after his reporting accused state police and local government officials of colluding with crime lords.

It's not just journalists being targeted by NSO's powerful malware. The list also includes numbers linked to religious figures, executives of private companies, union officials, high-ranking government officials, and NGO employees.

NSO, for its part, continues to insist it's not the bad guy here. It says it only sells the software to a "select group" of "vetted" government agencies. Unfortunately, that list of approved governments includes notorious human rights violators like the Saudi government (which killed Washington Post reporter Jamal Khashoggi) and agencies in the UAE, Bahrain, and Kazakhstan.

The government of Mexico is one of NSO's most enthusiastic users. It "selected" 15,000 of the 50,000 numbers recovered in the data leak. This doesn't mean 15,000 successful deployments but it does mean the Mexican government -- which has no shortage of local criminals to target -- also apparently tried to infect phones owned by journalists.

NSO's hands are far from clean. Its list of clients isn't as selective as it likes to pretend. And while it may tell purchasers the spyware should only be used to target criminals and terrorists, it doesn't yank licenses from governments that choose to target journalists, academics, religious figures, and others.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: activists, governments, journalists, malware, snooping tools, spyware, surveillance
Companies: nso group


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    LACanuck (profile), 19 Jul 2021 @ 9:43am

    Am I the only one expecting that Hannity tonight will include a 10-minute rant on this fake news? And it has to be fake since Fox isn't on the list 'of the world’s most prestigious media organisations'?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Jul 2021 @ 9:47am

      Re:

      Does Fox have any actual reporters, or do they employ script writers instead?

      link to this | view in chronology ]

      • identicon
        Michael, 19 Jul 2021 @ 11:17am

        Re: Re:

        I have no idea of Fox has real reporters, but I DO know that, during the early years of the Iraq War they were the only news network to not have a presence on the ground in Iraq. But at the same time they DID have a whole team on the ground in Aruba for a year to report on missing-pretty-white girl Natalee Holloway.

        Priorities, you know?

        link to this | view in chronology ]

      • icon
        Bloof (profile), 19 Jul 2021 @ 12:27pm

        Re: Re:

        They used to have a straight news department to act as a figleaf to the propaganda side of things, so they could go 'Nuh huh, this guy on at a time nobody is watching still has credibility.' but the election rattled them. They made calls that Trumpworld did not like so they're working tirelessly to make sure that never happens again, purging the few journalists they have left and focussing more on hiring alt-right bloggers who get their news from pol, reddit and infowars.

        link to this | view in chronology ]

  • icon
    Koby (profile), 19 Jul 2021 @ 10:35am

    Follow The Money

    Something tells me that this company isn't in business just to serve the Mexican government in its effort to snoop on drug lords. While learning of the targets is interesting, I really want to know where the bulk of the money is coming from.

    link to this | view in chronology ]

  • identicon
    MightyMetricBatman, 19 Jul 2021 @ 10:47am

    A bunch of these countries are banned by Israel from engaging in commerce due to being in a state of war. I can only imagine that Prime Minister Netanyahu or someone of high rank may have had a hand here in allowing these sales.

    I hope the new government cracks down on NSO Group because this behavior is at all acceptable.

    link to this | view in chronology ]

    • icon
      MightyMetricBatman (profile), 19 Jul 2021 @ 10:49am

      Re:

      *not at all acceptable.

      link to this | view in chronology ]

    • icon
      Koby (profile), 19 Jul 2021 @ 11:36am

      Re:

      Some of the "state of war" thing is just a smokescreen. For example, the Israelis and Saudis are effectively allies now in opposition to Iran. Imagine, however, that a country could "leak" some of its technical expertise to private industry, then a private company (NSO in this case) performs the mercenary hacking, the information gets shared with the originating nation, and then everyone claims plausible deniability. It seems too convenient.

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 19 Jul 2021 @ 11:39am

    "It says it only sells the software to a "select group" of "vetted" government agencies."

    Newspeak for... Their check cleared & they paid us the 'look the other way' extra fee.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 19 Jul 2021 @ 5:02pm

      Re:

      Was just about to comment the same thing in that their idea of 'vetting' seems to be 'can pay the amount asked for'.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jul 2021 @ 4:52pm

    And while it may tell purchasers the spyware should only be used to target criminals and terrorists, it doesn't yank licenses from governments that choose to target journalists, academics, religious figures, and others.

    The obvious conflict of interest: because the purchasers are governments, they get to define the term "criminals". Even if NSO changed "should" to "shall", and enforced that, it wouldn't make a difference.

    link to this | view in chronology ]

  • icon
    Tanner Andrews (profile), 19 Jul 2021 @ 11:22pm

    yanking licenses

    it doesn't yank licenses from governments that choose to target journalists, academics, religious figures, and others.

    Realistically, how would this work? Perhaps underpants gnome economics would apply, where NSO would

    1. give the money back
    2. go through all the computers of the offending entity to remove their software and its fruits
    3. ???
    4. profit!

    I'll wait here while you hold your breath until these things happen.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2021 @ 1:23am

    Israel's hands are far from clean.

    -there, fixed it for ya.

    link to this | view in chronology ]

  • identicon
    Paul, 20 Jul 2021 @ 5:49am

    What a difference a customer makes

    Interesting, MEGA (and other companies) have been prosecuted and shut down because of widespread misuse of their product even though there was lists of evidence of legal use.

    No one seems to be even raising this issue in this case. Why? Why not sue them as was done with MEGA and try to put them out of business?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2021 @ 11:47am

      Re: What a difference a customer makes

      MEGA was "infringing copyright."

      NSO is just snooping. However, if it came out that they were somehow facilitating copyright infringement (intentionally or not) then doors would be broken down as we speak.

      link to this | view in chronology ]

  • icon
    vadim (profile), 20 Jul 2021 @ 5:55am

    Out of jail ticket

    So now any person convicted for possession of pedopornography in his iPhone can claim that the images were planted by Pegasus.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.