Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests

Revealed: leak uncovers global abuse of cyber-surveillance weapon

Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.

The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.

What is in the Pegasus project data?

Forensics analysis of a small number of phones whose numbers appeared on the leaked list also showed more than half had traces of the Pegasus spyware.

The Guardian and its media partners will be revealing the identities of people whose number appeared on the list in the coming days. They include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.

The list also contains the numbers of close family members of one country’s ruler, suggesting the ruler may have instructed their intelligence agencies to explore the possibility of monitoring their own relatives.

The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.
….

What is the Pegasus project?

The Pegasus project is likely to spur debates over government surveillance in several countries suspected of using the technology. The investigation suggests the Hungarian government of Viktor Orbán appears to have deployed NSO’s technology as part of his so-called war on the media, targeting investigative journalists in the country as well as the close circle of one of Hungary’s few independent media executives.

The leaked data and forensic analyses also suggest NSO’s spy tool was used by Saudi Arabia and its close ally, the UAE, to target the phones of close associates of the murdered Washington Post journalist Jamal Khashoggi in the months after his death. The Turkish prosecutor investigating his death was also a candidate for targeting, the data leak suggests.

The company sells only to military, law enforcement and intelligence agencies in 40 unnamed countries, and says it rigorously vets its customers’ human rights records before allowing them to use its spy tools.

The Israeli minister of defence closely regulates NSO, granting individual export licences before its surveillance technology can be sold to a new country.

Not much left to read but fair use….so read the rest.

There are many websites covering this news.

Palette cleanser:

Share
up
19 users have voted.

Comments

mimi's picture

as well.

up
16 users have voted.

https://en.wikipedia.org/wiki/Pegasus_(spyware)

Pegasus is spyware that can be covertly installed on mobile phones (and other devices) running some versions of Apple's mobile operating system iOS, and Android. It was developed by the Israeli cyberarms firm NSO Group, which states that it provides "authorized governments with technology that helps them combat terror and crime" has published sections of contracts requiring customers only to use its products for criminal and national security investigations, and stated that it has an industry-leading approach to human rights.[2] The spyware is named after the mythical winged horse Pegasus—it is a Trojan horse that can be sent "flying through the air" to infect phones.[3]

Discovered (other than by its developers and customers) in August 2016 after a failed attempt at installing it on an iPhone belonging to a human rights activist, an investigation revealed details about the spyware, its abilities, and the security vulnerabilities it exploited. Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracking location, accessing the target device's microphone and camera,[4] and harvesting information from apps.

Apple released version 9.3.5 of its iOS software to fix the vulnerabilities. News of the spyware caused significant media coverage. It was called the "most sophisticated" smartphone attack ever, and was the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected.[1]

On August 23, 2020, according to intelligence obtained by the Israeli newspaper Haaretz, the NSO Group was reported to have sold Pegasus spyware software for hundreds of millions of US dollars to the United Arab Emirates and other Gulf States, for surveillance of anti-regime activists, journalists and political leaders from rival nations, with Israeli government encouragement and mediation.[5]

Al Jazeera investigation show The Tip of the Iceberg, Spy partners, on December 20, 2020, showed exclusive footage about Pegasus and its penetration into the phones of media professionals and activists, used by Israel to eavesdrop on its opponents and even its allies

up
18 users have voted.
zed2's picture

@humphrey @humphrey @humphrey Governments all around the world are ramping up surveillance because of a global restructuring that is going on to ake governments and consumers conform to the new global economic governance organizations, like the WTO and their Draconian rules and priorities, which often frustrate to wishes of voters. For example, more than a decade ago the people of South Africa voted overwhelmingly to set up a public healthcare system, however before they departed the previous apartheid government had acted in ways which resulted in the country being locked in to the commitments the apartheid government had made,

See:
https://www.policyalternatives.ca/publications/reports/gats-and-south-af...

The committments were similar
to the ones the US government made in the negotiations for the Marrakesh Agreement Establishing the World Trade Organization, (the Uruguay Round) in 1993-1994.

By serving a pivotal role in the creation of the WTO which completely remade the economic role and vastly increased the role of internaional law in peoples lives by extending its reach into everything that affects trade in services, and services are 80% of any modern economy. See this UN course on WTO and dispute settlement for an idea of how wide the scope is, it effects almost everything governments do, at all levels.

This means we are in the midst of a huge restructuring of our country's most important aspects to people, jobs, money and health care and all kinds of regulation effecting it all. - the ways it interacts economically with our people. (because this might "affect trade in sevices' which is broken down into four modes of supply)

creating and then joining the WTOThese commitments basically took most of the things the government would have been able to do to make healthcare affordable to all off the table, and modifying or withdrawing them is made potentially so expensive, basically the country would need to buy its freedom back, by making equivalent commitments in other sectors. Now its more than a decade later and there still has been no progress on implementing the voters wishes.
In a sense what has happened globally is a silent restructuring of power relations that has the effect of taking the unpredictable voters an most significantly, their problems and concerns totally out of the picture globally in issues of economic value to investors. In a different case, in a different forum, something somewhat similar happened. in 2006 the Slovak Republic , after signing a restrictive trade partnership with Holland, two years of commercial for profit insurance voted for single payer and the candidate who wanted to switch back to a single payer system won by a large margin of votes.

What happened? Immediately before the law was even passed, Slovakia was sued by the Dutch insurer Eureko, (soon to be renamed, Achmea) Beginning a long chain of legal battles that ended up in the highest European court after all of the parties (the countries involved) had joined the European Union.his resulted in a decision that totally did not speak to the issue of whether a countries voters wishes matter at all when deciding issues that conflict with trade agreements.

This document has a factual summary that illustrates the gap between the worlds of voters and investors about what issues were at play It starts I think on Page 13.

; See what I mean about them living in two different worlds, which dont understand one another at all?

http://www.italaw.com/sites/default/files/case-documents/italaw3207.pdf

Instead the case revolved around legal technicalities revolving around the competence of various courts to settle suits between them. It became clear that the issues that matter to most of us were not even at issue. Slovakia likely would have lost had these other issues not resolved in their favor. The entire investment community were all abuzz and I suspect fearful of a decision that went to the issue of whether such agreements had the right to overrule the wishes of an entire country's voters even when rights that were alleged to have become corporate property were involved.

The insurers brought several legal cases - which attempted to recover the profits they claimed entitlement to. Slovakia had attempted to limit their profits, (a numerical limit likely forbidden by Article XVI of GATS A different treaty, but a very important one as it binds practically all WTO Members although they have made different levels of commitments especially in very sensitive service sectos like health, few countries have made them. Financial services like health insurance are actually the sector thats the most important. This is why British voters can be deceived easily by their politicians. They dont think of their NHS as a financial service, but it is because of the likeness rule..Their NGHS will run into problems because they also sell insurance, which is usually only bought by rich British people. But tht means that the NHS itself likely can no longer be subsidized after they leave the EU with its carve out for "public utilities". Or so I suspect.). See this Note from the WTO Secretariat, Page 11, which seems to remove all ambiguity. It also makes it clear that we canot have a single payer or other affordable public healthcare system with tax money as long as we remain in GATS with our commitments active. Those commitments actually commit us to the international globalization of our health care (subsidies may be limited to only those not more burdensome than necessary to ensure the quality of the service. see Skala) We are not allowed to devalue their market as the UK has done.

As it was, the main problem for the Dutch insurers case was that they sued Slovakia (for indirect expropriation, which is basically for enacting laws that stole the insurers property by attempting to limit their profits. But they had not done that yet.) The insurer sued too early, before they had even begun to switch over their health insurance system. This worked in Slovakia's favor. But the ruling also said thathad they waited until Slovakia had actually enacted the law, I think that the insurer likely would have won, bringing the real issue of whether thety had the right to completely nullify the voters wishes intothe case in an unavoidable way. I think they really wanted to avoid that, because public opinion was strongly against voters power being totally usurped by corporate interests, even though that is what is happening.

You can read an interesting summary of the case on the web site italaw dot com. Search on Slovak Republic, Achmea, or Eureko. There are a huge number of legal journal articles on the Achmea case but very few discuss this underlying legal issue. However quite a few touch on an underlying issue which is described with the word "Intra-EU BITS or "intraEUBITS" This subject is worth reading about because these IntraEUBits are about the large number of terrile trade agreements that were in many ways forced on the Eastern European nations after the fall of Communism. The agreements tended to be very disadvantageous to the former Eastern Bloc countries and represent some of the worst aspects of trade and investment agreements. They eventually, with EU guidance signed an agreement terminating all of the IntraEUBITS.

See: EU Member States sign an agreement for the termination of intra-EU bilateral investment treaties- https://ec.europa.eu/info/publications/200505-bilateral-investment-treat...

up
10 users have voted.

"authoritarian regimes used spyware" -- as to where this story will go. Another clue, The Guardian and a consortium of news organizations (and 80 journalists) are working on this leak. Just like the Panama Papers and to a lesser extent the Snowden files. It's where leaks go except for the bits that can indict "authoritarian regimes."

Possibly not the intent of Forbidden Stories. However, take note of this from its Wikipedia page:

After the murder of Miroslava Breach, Forbidden Stories continues her investigation of human rights violations, drug trafficking, and government corruption[11] in cooperation with Bellingcat[12] and the Latin American Center for Investigative Journalism

Why would any investigative org collaborate with Bellingcat? And what interest/assets would Bellingcat bring to an investigation in Mexico?

Not trying to be a wet blanket but doubt this will go further than whatever "authoritarian regimes" they can nab and that won't even include KSA or Israel.

up
17 users have voted.
The Liberal Moonbat's picture

I'm afraid to hope they're somehow getting their soul back...sad thing is, even if they were, I'd be hesitant to trust them ever again after the last few years (especially their preoccupation with a Silicon Valley culture I don't recognize - I'm sick of people who didn't grow up there telling me about my home; others can vouch for how truly different a place it is and it's not just nostalgia or patriotism, and if it's really even remotely how they describe it now, that would be a whole other thing to be even angrier about).

up
4 users have voted.

In the Land of the Blind, the One-Eyed Man is declared mentally ill for describing colors.

Yes Virginia, there is a Global Banking Conspiracy!

CB's picture

The US spooks now saying they have "high confidence" that the Chinese have hired "criminal groups" to do their hacking for them.

U.S. Formally Accuses China of Hacking Microsoft
July 19, 2021

WASHINGTON — The Biden administration on Monday formally accused the Chinese government of breaching Microsoft email systems used by many of the world’s largest companies, governments and military contractors, as the United States joined a broad group of allies, including all NATO members, to condemn Beijing for cyberattacks around the world.

The United States accused China for the first time of paying criminal groups to conduct large-scale hackings, including ransomware attacks to extort companies for millions of dollars, according to a statement from the White House. Microsoft had pointed to hackers linked to the Chinese Ministry of State Security for exploiting holes in the company’s email systems in March; the U.S. announcement on Monday morning was the first suggestion that the Chinese government hired criminal groups to hack tens of thousands of computers and networks around the world for “significant remediation costs for its mostly private sector victims,” according to the White House.
...
China’s effort was not as sophisticated, but it took advantage of a vulnerability that Microsoft had not discovered and used it to conduct espionage and undercut confidence in the security of systems that companies use for their primary communications. It took the Biden administration months to develop what officials say is “high confidence” that the hacking of the Microsoft email system was done at the behest of the Ministry of State Security, the senior administration official said, and abetted by private actors who had been hired by Chinese intelligence.

up
5 users have voted.

@CB
no wonder they are hacked.

up
9 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

CB's picture

@The Voice In the Wilderness
The point is that the US Deep State is now pivoting to China as the Enemy Du Jour:

The Enemy Du Jour Is Always Hacking

Three pieces in the same leading newspaper show how little changes with "hacking" stories when the powers-that-are decide that some country is now the "enemy."
...
The first piece was published on January 17 2003, the country is Iraq and the leader is Saddam Hussein.

The second piece was published on May 29 2014, the country is Iran.

The third piece was published on July 29 2016, the country is Russia and the leader is Vladimir Putin.

up
10 users have voted.
zed2's picture

@CB North Korea is really horrible to people. It doesnt get much worse than the Kim regime. We need to understand them a lot better, as almost no Americans have a clue about the DPRK. Its worth learning about because one learns lot about human nature and government. Also its stranger than fiction. It doesn't get much stranger than them.

up
4 users have voted.
zed2's picture

@CB @CB @CB This shows the danger of having your own companies write and install backdoors in your own companies hardware.

If your adversaries find them all similar hardware is vulnerable.

These interfaces between corporations and the surveillance state are most likely pervasive, but they present real and huge dangers to peoples security.

The more generic your setup is the more likely it is to already be compromised.

up
6 users have voted.

The warning signs are everywhere now and blinking on alert.

Sirens are going off continuosly.

imho Caucus 99 is giving a masterful class on documenting our collapse into a police controlled, authoritarian criminal enterprise state.

Thank you, snoop, and contributors, for this alarming info.

"Whatever you wish to keep, you'd better grab it fast..."

up
13 users have voted.

NYCVG

It all depends if you are the US or one of its allies.

up
6 users have voted.

@humphrey hacks and ransomware attacks are coming out of the birthplace of computer hacking? Have the techies in China and Russia surpassed the skills of US and EU techies who can no longer compete? (Indian techies aren't slouches but may lack that requisite devious and avaricious gene.) Or are Americans and Europeans too lazy to work this hard?

Don't know if it's a load of US NatSec codswallop, US NatSec false flags, or geeks around the world playing games trying to collect some of that free cybercurrency to purchase some porn.

up
6 users have voted.
zed2's picture

>The company sells only to military, law enforcement and intelligence agencies in 40 unnamed countries, and says it rigorously vets its customers’ human rights records before allowing them to use its spy tools.

Ha..

Smartphones are becoming little machines to spy on owners. I personally dont use one.

Use cash, people should avoid using all the surveillance systems. Also boycott Amazon.

If you use a computer get one that is compatible with the open coreboot bios and run an secure open source OS on it. Not OSX or Windows.

up
4 users have voted.

than I did (but we both noted the same patterns), and took it to a logical conclusion:

US Takes Down Israeli Spy Software Company

up
5 users have voted.
snoopydawg's picture

@Marie

I just posted this without comment just so people knew about it, but I have no idea if any of it is true or something to be concerned about. B makes sense tho because it’s weird that mainstream media was reporting on it. We will find out soon one way or ta-nuther. GWTW saying…I too love the story and especially when Linda put such great effort into performing it. Lots of smiles in her voice.

up
6 users have voted.

Which AIPAC/MIC/pharma/bank bought politician are you going to vote for? Don’t be surprised when nothing changes.

@snoopydawg @snoopydawg this story, but I don't know where it is. The Guardian's breathless reporting on it (no different from it's latest breathless reporting on Russiagate) gave me mega-pause. NSO Group's Pegasus phone spying ability is one of those open secrets. So, is this a leak or plant with the phone numbers of a few targeted journalists? Superficially, it looks like a leak to bring NSO to heel. (As if any Israeli cyper-operation is completely independent of USG and HMG.)

A faux leak works better because USG and HMG know that a leak is catnip for journalists and publications. Also if the leak is massive enough, it quickly exhausts the investigating news consortium which ends up dropping it. So, what was accomplished? Doubt it was intended to burn Pegasus, but if it ends up as collateral damage, USG/HMG don't care. What I see at this point is: 1) Biden/USG made a big stink about how this is unacceptable. IOW, hey guys, we don't do this and nobody else should. That this story broke simultaneously with new USG allegations of PRC hacking and ransomware is difficult to read as coincidental.* 2) Publicized Freedom Stories as the new place for authentic leakers to submit materials. Yeah, for any dumb leakers that want to get nabbed and the material "lost." "They" (USG, corporations, etc.) know that they're at risk for potential leaks even as the number of potential leakers is extremely small. Wikileaks was their worst nightmare, but they've done an excellent job of making it a not attractive place for leakers.

Let's watch this for further developments.

*A couple interesting comments at MOA. If the tech is correct (and it's nothing that I can evaluate), the Intel chips have a built-in back door that can be exploited. That's what Pegasus did, but surely the NSA, etc. were way ahead of them (but we don't do that sort of thing). The Huawei chips, not yet in full production, (they've relied completely on US chips) don't have the backdoor feature and reportedly refuse to install one.

up
5 users have voted.
zed2's picture

Who gave governments the right to install this spyware on peoples property to spy on them, and why?

Seems like lots of journalists have been the victims of this company's data theft software, why aren't they being brought to court as an accessory to murders, such as Mr. Kashoggi's

Why aren't there international laws against things like this? No journalist is safe until there are.

up
7 users have voted.
zed2's picture

Sorry, this is a bit scrambled and its too hot here right now for me to be able to straighten it out.

There are international laws but they are creating new security problems

Watch this video.

https://www.youtube.com/watch?v=-tIK3Fk-bLA

A huge threat to individuals and businesses is IOT devices and spyware that watches people and uploads what they are saying or doing to servers elsewhere.

by big Internet companies that are joining with governments and corporations to take over the entire world and control peoples money on a vast global cloud. Takig a cut of every transaction. They want cashless world where eveything people do is recorded for some reason. For example the privatized roads will collect tolls right? And record your location to prevent fraud and protct you from Covid Wrong.. thats impossible Its impossible for them to be accurate enough right now if you are indoors.
But they wont admit that because they want all that control..
But it will record your location every few seconds. every few seconds. Really. You'll ned a job and direct deposits so that you transactions dont bounce and leave you paying ever growing penalties.

They want to know more about you both to sell the information and to manipulate peoples lives and finances. These companies are getting a huge payff of free money from governments in exchange for doing what they demand.. Free money.

They are trying to force us all down this path.GATS starteed it It also blocks most financial regulation. Which is what brought us the 2008 crisis. Havent they learn their lesson.. NO.
Here is Dani Rodrik again. These are all good. Note what he says about the conflict between mass politics and the Golden Straitjacket.

https://www.youtube.com/watch?v=bsy349k3zds

A captured government can deliver up a lot of wealth to corporations if it can maintain total control. Thats what Biden is telling the global corporations.

He's telling them They dont want freedom of speech, particularly now. Because people are being squeezed between the corporations demands. They cant let people vote their way out of this straitjacket. Trillions of dollars in free money -big profits are to be made in free money for them. And also control.

People used to be much more free.
Before Google, Facebook, Amazon and even Apple, of course. Now everything is being monetized, especially the governments surveillance needs.

Are they legitimate? Well, its good that you asked that because actually there is a huge democratic deficit. First, since youre being told to watch out for disinformation. I would like you to know about the political trilemma of the global economy. This is why we're losing democracy in the sense that voters can really change the important things for them. Like health insurance.

You've probably heard me or Public Citizen, mention that there is a now a "standstill" on Financial services. Ho did that happen? the US put lot of pressure on a bunch of countrie to sign on to something called the Understanding on Commitments in Financial Services, on February 26, 1998.

Something very few Americans would have been happy with because it locks in a really terrible healthcare system.

But of course that system is also making a lot of already rich people much richer too. And bankrupting many more.

Please watch a bit about Rodrik's trilemma.

. This is why we no longer have democracy. It gets in the way of the global investors, they just think it creates too much risk to have people voting and have it actually work. So they put democracies in a Golden straitjacket (called so because investors are getting really rich because its making all US laws ("measures") help only them) The big losers are the other, little people of the entire world. they consider us to be "barbarians" I think they are the barbarians because what they are pushing us into, is barbaric. Dani Rodrik seems to feel this way it the video in this (closest) link, too.

The tech firms are not promoting well functioning markets. Nor do the governments we have today.
There is a big problem of overreach

https://www.youtube.com/watch?v=LRDIejhdtYk

https://www.youtube.com/watch?v=ffpwG6hi-Eg

https://www.youtube.com/watch?v=lXafFoUhems

Also hyper-globalization is being promoted very dishonestly, it seems that the most orthodox globalists view lying so much as necessary to their agenda.

up
6 users have voted.
mimi's picture

@zed2
as they are real ones. They killed my former husband. Now are you a real one or just fooling around ?

Be careful. The real ones are really dangerous and play hardball.

Sorry I read your nick name description of who you are, I am allergic to witch doctors for very real reasons. Consider changing it. I would sleep better and be more inclined to read your stories. Thank you.

up
2 users have voted.