Leaked Data Shows NSO Group's Malware Was Used To Target Journalists, Activists, And World Leaders

from the not-your-usual-bad-guys dept

A massive data leak has confirmed what's been suspected (and reported by security researchers like Citizen Lab) for a long time: Israeli malware developer NSO Group's powerful cellphone snooping tools have been used to target journalists, activists, and dissidents all over the world.

The Guardian and 16 other media outlets have dug into the data leak and uncovered some pretty disturbing info about NSO's Pegasus malware, which allows those deploying the spyware to extract messages, record phone calls, and surreptitiously activate microphones.

Who's in the list of phone numbers seen by the Guardian? Lots and lots and lots of journalists.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.


The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.

Here's who's included in this first revelation by the Guardian:

[J]ournalists who were selected as possible candidates for surveillance by NSO’s clients work for some of the world’s most prestigious media organisations. They include the Wall Street Journal, CNN, the New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, Associated Press, Le Monde, Bloomberg, Agence France-Presse, the Economist, Reuters and Voice of America.

Also found on the list was the number of Mexican reporter Cecilio Pineda Birto, who was murdered while waiting for his pickup to finish being cleaned at a local car wash. This followed weeks of death threats that began after his reporting accused state police and local government officials of colluding with crime lords.

It's not just journalists being targeted by NSO's powerful malware. The list also includes numbers linked to religious figures, executives of private companies, union officials, high-ranking government officials, and NGO employees.

NSO, for its part, continues to insist it's not the bad guy here. It says it only sells the software to a "select group" of "vetted" government agencies. Unfortunately, that list of approved governments includes notorious human rights violators like the Saudi government (which killed Washington Post reporter Jamal Khashoggi) and agencies in the UAE, Bahrain, and Kazakhstan.

The government of Mexico is one of NSO's most enthusiastic users. It "selected" 15,000 of the 50,000 numbers recovered in the data leak. This doesn't mean 15,000 successful deployments but it does mean the Mexican government -- which has no shortage of local criminals to target -- also apparently tried to infect phones owned by journalists.

NSO's hands are far from clean. Its list of clients isn't as selective as it likes to pretend. And while it may tell purchasers the spyware should only be used to target criminals and terrorists, it doesn't yank licenses from governments that choose to target journalists, academics, religious figures, and others.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: activists, governments, journalists, malware, snooping tools, spyware, surveillance
Companies: nso group

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    That One Guy (profile), 19 Jul 2021 @ 5:02pm


    Was just about to comment the same thing in that their idea of 'vetting' seems to be 'can pay the amount asked for'.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.