Israeli Firm’s Spyware Found on Phones Worldwide, Post Says

The Israeli NSO Group company offices in Herzliya, Israel. (Photographer: Daniella Cheslow/AP Photo)

Israeli Firm’s Spyware Found on Phones Worldwide, Post Says


Israeli company NSO Group Ltd.’s Pegasus spyware was used in attempted and successful hacks of 37 smartphones belonging to journalists, activists and business executives worldwide, according to an investigation by The Washington Post and its media partners.

Among the findings is that the spyware was used to target the smartphones of both the wife and the fiance of murdered Saudi columnist Jamal Khashoggi. Their phone numbers appeared on a list of more than 50,000 numbers, which the consortium said were possible targets for surveillance by governments using Pegasus.

Also on the list are phone numbers of overseas journalists for news organizations, including CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde in France, the Financial Times and Al Jazeera in Qatar.

“The sort of surveillance being reported is an appalling violation of press freedoms and we strongly condemn it,” said a Bloomberg News spokesperson.

Hungarian opposition parties demanded a parliamentary inquiry after Prime Minister Viktor Orban’s critics, including a media tycoon, an opposition politician, lawyers and journalists, were reported to have been targets of the spyware.

The government in Budapest neither confirmed nor denied the reports but said any surveillance was done legally, according to the Washington Post.

The media consortium, led by the Paris-based not-for-profit Forbidden Stories, said it was revealing evidence extracted from the phones through digital forensic analysis by Amnesty International’s security lab.

Following publication of the investigation, Amazon Web Services said it shut down “relevant infrastructure and accounts” related to the Pegasus software. NSO Group primarily used European data centers run by American hosting companies, including AWS, to operate much of the attack infrastructure for its customers, according to Amnesty International.

Pegasus, sold to select governments and law enforcement agencies, can hack into mobile phones through a link and secretly record emails, calls and text messages. In some cases, it can activate itself without the victim clicking on the link, the Post said. It’s unknown how many of the phones on the list were targeted or surveilled, the Post said.

In response to the consortium, NSO denied that its technology was used against Khashoggi and said the investigation contained flawed assumptions and factual errors.

Last month, NSO Group published its first annual “Transparency and Responsibility Report,” which said its products have been used by states to thwart major terrorist attacks and dismantle drug trafficking rings.

More findings from the investigation will be rolled out in the next three days, the Post said.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.