Leaked Data Shows NSO Group's Malware Was Used To Target Journalists, Activists, And World Leaders

from the not-your-usual-bad-guys dept

A massive data leak has confirmed what’s been suspected (and reported by security researchers like Citizen Lab) for a long time: Israeli malware developer NSO Group’s powerful cellphone snooping tools have been used to target journalists, activists, and dissidents all over the world.

The Guardian and 16 other media outlets have dug into the data leak and uncovered some pretty disturbing info about NSO’s Pegasus malware, which allows those deploying the spyware to extract messages, record phone calls, and surreptitiously activate microphones.

Who’s in the list of phone numbers seen by the Guardian? Lots and lots and lots of journalists.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

[…]

The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.

Here’s who’s included in this first revelation by the Guardian:

[J]ournalists who were selected as possible candidates for surveillance by NSO’s clients work for some of the world’s most prestigious media organisations. They include the Wall Street Journal, CNN, the New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, Associated Press, Le Monde, Bloomberg, Agence France-Presse, the Economist, Reuters and Voice of America.

Also found on the list was the number of Mexican reporter Cecilio Pineda Birto, who was murdered while waiting for his pickup to finish being cleaned at a local car wash. This followed weeks of death threats that began after his reporting accused state police and local government officials of colluding with crime lords.

It’s not just journalists being targeted by NSO’s powerful malware. The list also includes numbers linked to religious figures, executives of private companies, union officials, high-ranking government officials, and NGO employees.

NSO, for its part, continues to insist it’s not the bad guy here. It says it only sells the software to a “select group” of “vetted” government agencies. Unfortunately, that list of approved governments includes notorious human rights violators like the Saudi government (which killed Washington Post reporter Jamal Khashoggi) and agencies in the UAE, Bahrain, and Kazakhstan.

The government of Mexico is one of NSO’s most enthusiastic users. It “selected” 15,000 of the 50,000 numbers recovered in the data leak. This doesn’t mean 15,000 successful deployments but it does mean the Mexican government — which has no shortage of local criminals to target — also apparently tried to infect phones owned by journalists.

NSO’s hands are far from clean. Its list of clients isn’t as selective as it likes to pretend. And while it may tell purchasers the spyware should only be used to target criminals and terrorists, it doesn’t yank licenses from governments that choose to target journalists, academics, religious figures, and others.

Filed Under: , , , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Leaked Data Shows NSO Group's Malware Was Used To Target Journalists, Activists, And World Leaders”

Subscribe: RSS Leave a comment
17 Comments
Michael says:

Re: Re: Re:

I have no idea of Fox has real reporters, but I DO know that, during the early years of the Iraq War they were the only news network to not have a presence on the ground in Iraq. But at the same time they DID have a whole team on the ground in Aruba for a year to report on missing-pretty-white girl Natalee Holloway.

Priorities, you know?

Bloof (profile) says:

Re: Re: Re:

They used to have a straight news department to act as a figleaf to the propaganda side of things, so they could go ‘Nuh huh, this guy on at a time nobody is watching still has credibility.’ but the election rattled them. They made calls that Trumpworld did not like so they’re working tirelessly to make sure that never happens again, purging the few journalists they have left and focussing more on hiring alt-right bloggers who get their news from pol, reddit and infowars.

MightyMetricBatman says:

A bunch of these countries are banned by Israel from engaging in commerce due to being in a state of war. I can only imagine that Prime Minister Netanyahu or someone of high rank may have had a hand here in allowing these sales.

I hope the new government cracks down on NSO Group because this behavior is at all acceptable.

Koby (profile) says:

Re: Re:

Some of the "state of war" thing is just a smokescreen. For example, the Israelis and Saudis are effectively allies now in opposition to Iran. Imagine, however, that a country could "leak" some of its technical expertise to private industry, then a private company (NSO in this case) performs the mercenary hacking, the information gets shared with the originating nation, and then everyone claims plausible deniability. It seems too convenient.

Anonymous Coward says:

And while it may tell purchasers the spyware should only be used to target criminals and terrorists, it doesn’t yank licenses from governments that choose to target journalists, academics, religious figures, and others.

The obvious conflict of interest: because the purchasers are governments, they get to define the term "criminals". Even if NSO changed "should" to "shall", and enforced that, it wouldn’t make a difference.

Tanner Andrews (profile) says:

yanking licenses

it doesn’t yank licenses from governments that choose to target journalists, academics, religious figures, and others.

Realistically, how would this work? Perhaps underpants gnome economics would apply, where NSO would

  1. give the money back
  2. go through all the computers of the offending entity to remove their software and its fruits
  3. ???
  4. profit!

I’ll wait here while you hold your breath until these things happen.

Paul says:

What a difference a customer makes

Interesting, MEGA (and other companies) have been prosecuted and shut down because of widespread misuse of their product even though there was lists of evidence of legal use.

No one seems to be even raising this issue in this case. Why? Why not sue them as was done with MEGA and try to put them out of business?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...