Leaked Data Shows NSO Group's Malware Was Used To Target Journalists, Activists, And World Leaders
from the not-your-usual-bad-guys dept
A massive data leak has confirmed what’s been suspected (and reported by security researchers like Citizen Lab) for a long time: Israeli malware developer NSO Group’s powerful cellphone snooping tools have been used to target journalists, activists, and dissidents all over the world.
The Guardian and 16 other media outlets have dug into the data leak and uncovered some pretty disturbing info about NSO’s Pegasus malware, which allows those deploying the spyware to extract messages, record phone calls, and surreptitiously activate microphones.
Who’s in the list of phone numbers seen by the Guardian? Lots and lots and lots of journalists.
The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.
The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.
Here’s who’s included in this first revelation by the Guardian:
[J]ournalists who were selected as possible candidates for surveillance by NSO’s clients work for some of the world’s most prestigious media organisations. They include the Wall Street Journal, CNN, the New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, Associated Press, Le Monde, Bloomberg, Agence France-Presse, the Economist, Reuters and Voice of America.
Also found on the list was the number of Mexican reporter Cecilio Pineda Birto, who was murdered while waiting for his pickup to finish being cleaned at a local car wash. This followed weeks of death threats that began after his reporting accused state police and local government officials of colluding with crime lords.
It’s not just journalists being targeted by NSO’s powerful malware. The list also includes numbers linked to religious figures, executives of private companies, union officials, high-ranking government officials, and NGO employees.
NSO, for its part, continues to insist it’s not the bad guy here. It says it only sells the software to a “select group” of “vetted” government agencies. Unfortunately, that list of approved governments includes notorious human rights violators like the Saudi government (which killed Washington Post reporter Jamal Khashoggi) and agencies in the UAE, Bahrain, and Kazakhstan.
The government of Mexico is one of NSO’s most enthusiastic users. It “selected” 15,000 of the 50,000 numbers recovered in the data leak. This doesn’t mean 15,000 successful deployments but it does mean the Mexican government — which has no shortage of local criminals to target — also apparently tried to infect phones owned by journalists.
NSO’s hands are far from clean. Its list of clients isn’t as selective as it likes to pretend. And while it may tell purchasers the spyware should only be used to target criminals and terrorists, it doesn’t yank licenses from governments that choose to target journalists, academics, religious figures, and others.