Leaked Data Shows NSO Group's Malware Was Used To Target Journalists, Activists, And World Leaders
from the not-your-usual-bad-guys dept
A massive data leak has confirmed what's been suspected (and reported by security researchers like Citizen Lab) for a long time: Israeli malware developer NSO Group's powerful cellphone snooping tools have been used to target journalists, activists, and dissidents all over the world.
The Guardian and 16 other media outlets have dug into the data leak and uncovered some pretty disturbing info about NSO's Pegasus malware, which allows those deploying the spyware to extract messages, record phone calls, and surreptitiously activate microphones.
Who's in the list of phone numbers seen by the Guardian? Lots and lots and lots of journalists.
The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.
[...]
The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.
Here's who's included in this first revelation by the Guardian:
[J]ournalists who were selected as possible candidates for surveillance by NSO’s clients work for some of the world’s most prestigious media organisations. They include the Wall Street Journal, CNN, the New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, Associated Press, Le Monde, Bloomberg, Agence France-Presse, the Economist, Reuters and Voice of America.
Also found on the list was the number of Mexican reporter Cecilio Pineda Birto, who was murdered while waiting for his pickup to finish being cleaned at a local car wash. This followed weeks of death threats that began after his reporting accused state police and local government officials of colluding with crime lords.
It's not just journalists being targeted by NSO's powerful malware. The list also includes numbers linked to religious figures, executives of private companies, union officials, high-ranking government officials, and NGO employees.
NSO, for its part, continues to insist it's not the bad guy here. It says it only sells the software to a "select group" of "vetted" government agencies. Unfortunately, that list of approved governments includes notorious human rights violators like the Saudi government (which killed Washington Post reporter Jamal Khashoggi) and agencies in the UAE, Bahrain, and Kazakhstan.
The government of Mexico is one of NSO's most enthusiastic users. It "selected" 15,000 of the 50,000 numbers recovered in the data leak. This doesn't mean 15,000 successful deployments but it does mean the Mexican government -- which has no shortage of local criminals to target -- also apparently tried to infect phones owned by journalists.
NSO's hands are far from clean. Its list of clients isn't as selective as it likes to pretend. And while it may tell purchasers the spyware should only be used to target criminals and terrorists, it doesn't yank licenses from governments that choose to target journalists, academics, religious figures, and others.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: activists, governments, journalists, malware, snooping tools, spyware, surveillance
Companies: nso group
Reader Comments
Subscribe: RSS
View by: Time | Thread
Am I the only one expecting that Hannity tonight will include a 10-minute rant on this fake news? And it has to be fake since Fox isn't on the list 'of the world’s most prestigious media organisations'?
[ link to this | view in chronology ]
Re:
Does Fox have any actual reporters, or do they employ script writers instead?
[ link to this | view in chronology ]
Re: Re:
I have no idea of Fox has real reporters, but I DO know that, during the early years of the Iraq War they were the only news network to not have a presence on the ground in Iraq. But at the same time they DID have a whole team on the ground in Aruba for a year to report on missing-pretty-white girl Natalee Holloway.
Priorities, you know?
[ link to this | view in chronology ]
Re: Re:
They used to have a straight news department to act as a figleaf to the propaganda side of things, so they could go 'Nuh huh, this guy on at a time nobody is watching still has credibility.' but the election rattled them. They made calls that Trumpworld did not like so they're working tirelessly to make sure that never happens again, purging the few journalists they have left and focussing more on hiring alt-right bloggers who get their news from pol, reddit and infowars.
[ link to this | view in chronology ]
Follow The Money
Something tells me that this company isn't in business just to serve the Mexican government in its effort to snoop on drug lords. While learning of the targets is interesting, I really want to know where the bulk of the money is coming from.
[ link to this | view in chronology ]
A bunch of these countries are banned by Israel from engaging in commerce due to being in a state of war. I can only imagine that Prime Minister Netanyahu or someone of high rank may have had a hand here in allowing these sales.
I hope the new government cracks down on NSO Group because this behavior is at all acceptable.
[ link to this | view in chronology ]
Re:
*not at all acceptable.
[ link to this | view in chronology ]
Re:
Some of the "state of war" thing is just a smokescreen. For example, the Israelis and Saudis are effectively allies now in opposition to Iran. Imagine, however, that a country could "leak" some of its technical expertise to private industry, then a private company (NSO in this case) performs the mercenary hacking, the information gets shared with the originating nation, and then everyone claims plausible deniability. It seems too convenient.
[ link to this | view in chronology ]
Re: Re:
Two words: "Five Eyes".
[ link to this | view in chronology ]
"It says it only sells the software to a "select group" of "vetted" government agencies."
Newspeak for... Their check cleared & they paid us the 'look the other way' extra fee.
[ link to this | view in chronology ]
Re:
Was just about to comment the same thing in that their idea of 'vetting' seems to be 'can pay the amount asked for'.
[ link to this | view in chronology ]
The obvious conflict of interest: because the purchasers are governments, they get to define the term "criminals". Even if NSO changed "should" to "shall", and enforced that, it wouldn't make a difference.
[ link to this | view in chronology ]
yanking licenses
Realistically, how would this work? Perhaps underpants gnome economics would apply, where NSO would
I'll wait here while you hold your breath until these things happen.
[ link to this | view in chronology ]
Israel's hands are far from clean.
-there, fixed it for ya.
[ link to this | view in chronology ]
What a difference a customer makes
Interesting, MEGA (and other companies) have been prosecuted and shut down because of widespread misuse of their product even though there was lists of evidence of legal use.
No one seems to be even raising this issue in this case. Why? Why not sue them as was done with MEGA and try to put them out of business?
[ link to this | view in chronology ]
Re: What a difference a customer makes
MEGA was "infringing copyright."
NSO is just snooping. However, if it came out that they were somehow facilitating copyright infringement (intentionally or not) then doors would be broken down as we speak.
[ link to this | view in chronology ]
Out of jail ticket
So now any person convicted for possession of pedopornography in his iPhone can claim that the images were planted by Pegasus.
[ link to this | view in chronology ]