Private spy software sold by an Israeli company has been found on the mobile phones of journalists and politicians around the world. Pegasus – possibly the most potent piece of spyware ever developed – has been found on mobile phones worldwide. A major investigation is alleging that the malware was used to hack the phones of politicians, activists, and prominent news editors worldwide. The hacking software – or spyware – is marketed and licensed to governments by Israeli company NSO Group. French-based non-profit media organization Forbidden Stories has shared access to a leaked list that contains more than 50,000 phone numbers.
Military-grade spyware is used by governments to track terrorists and criminals.
It’s alleged the malware was used to successfully hack the smartphones of journalists, human rights activists, business executives, and the two women closest to murdered Saudi journalist Jamal Khashoggi, The Washington Post reports. Earlier versions of Pegasus used spear-phishing – targeted emails used to deploy malicious software. It is now capable of so-called “zero-click” attacks. These exploit “zero-day” vulnerabilities.
That means a simple WhatsApp call can infect devices with malicious code – even if the target doesn’t pick up the phone. NSO Group and its spyware have been in the headlines since at least 2016, when researchers accused it of helping spy on a dissident in the United Arab Emirates.
Sunday’s revelations raise privacy and rights concerns and reveal the far-reaching extent to which the private Israeli company’s software may be being used by its clients internationally.
The extent of the use of Pegasus was reported by The Washington Post, the Guardian, Le Monde, and other news outlets, which collaborated on an investigation into a data leak.
The leak was of a list of more than 50,000 smartphone numbers believed to have been identified as people of interest by clients of NSO since 2016, the media outlets said.
The Post said the total number of phones on the list that was actually targeted or surveilled is unknown.
It said 15,000 of the numbers on the list were in Mexico and included politicians, union representatives, journalists, and government critics.
The list reportedly included the number of a Mexican freelance journalist who was murdered at a car wash. His phone was never found, and it was not clear if it had been hacked.