Washington Post: Pegasus investigation finds Israeli-designed spyware was used to hack journalists, activists and two women connected to Jamal Khashoggi

The Post reported Sunday that the phones were “on a list of more than 50,000 numbers that are concentrated in countries known to engage in surveillance of their citizens” and are understood to be customers of the business, NSO Group, whose Pegasus spyware is seemingly certified to track terrorists and significant bad guys.

The paper reported that through the examination, which was likewise performed with the aid of Amnesty International and Forbidden Stories, a Paris-based journalism not-for-profit, the outlets “were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents: several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials — including cabinet ministers, diplomats, and military and security officers. The numbers of several heads of state and prime ministers also appeared on the list.”

The telephone number of press reporters working overseas for CNN, The Associated Press, Voice of America, The New York City Times, The Wall Street Journal, Bloomberg News, France’s Le Monde, the UK’s Financial Times and Qatar’s Al Jazeera are amongst the numbers that appear on the list, which dates to 2016, according to the Post. The paper did not call the press reporters in its story. The Post reported that “the list does not identify who put the numbers on it, or why, and it is unknown how many of the phones were targeted or surveilled.”

CNN has actually not separately confirmed the findings of the Pegasus Job examination, which was arranged by Forbidden Stories.

In a prolonged declaration to CNN on Sunday, NSO Group highly rejected the examination’s findings, stating in part that it offers its “technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts.”

“NSO does not operate the system and has no visibility to the data,” the business stated, stating it will continue to examine “all credible claims of misuse and take appropriate action based on the results” of such examinations.

NSO likewise stated its systems “are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones.”

The Post reported that while a number of the numbers on the list remained in the Middle East, consisting of Qatar and the UAE, “the greatest number was in Mexico, where more than 15,000 numbers, including those belonging to politicians, union representatives, journalists and other government critics, were on the list.”

Other nations, consisting of India, Pakistan, Azerbaijan, Kazakhstan, France and Hungary, are likewise represented on the list, according to the paper.

The examination discovered that the “numbers of about a dozen Americans working overseas were discovered on the list, in all but one case while using phones registered to foreign cellular networks,” the Post stated. “The consortium could not perform forensic analysis on most of these phones.”

The paper kept in mind that NSO “has said for years that its product cannot be used to surveil American phones” and included that the probe “did not find evidence of successful spyware penetration on phones with the US country code.”

The spyware, which was established a years earlier with the aid of Israeli ex-cyberspies, is developed to quickly prevent common smart device personal privacy steps, “like strong passwords and encryption,” according to the Post, which stated it can “attack phones without any warning to users” and “read anything on a device that a user can, while also stealing photos, recordings, location records, communications, passwords, call logs and social media posts.” The Post likewise kept in mind that “spyware also can activate cameras and microphones for real-time surveillance.”

The Pegasus spyware can start the attack in a variety of various methods, the paper stated, consisting of through “a malicious link in an SMS text message or an iMessage.” Some spyware business utilize “zero-click” attacks, according to the Post, which provide spyware merely by sending out a message to a user’s phone that produces no alert.” “Users,” the Post reported of such attacks, “do not even require to touch their phones for infections to start.”

In the case of Khashoggi, the newspaper said the spyware had targeted the two women closest to the late Washington Post journalist, who was killed in October 2018.

“The phone of his fiancée, Hatice Cengiz, was effectively contaminated throughout the days after his murder … and (his) spouse, Hanan Elatr, whose phone was targeted by somebody utilizing Pegasus in the months prior to his killing. Amnesty was not able to identify whether the hack achieved success,” the Post said.

NSO denied in its statement that its technology was used in connection with Khashoggi’s murder, saying “our innovation was not utilized to listen, keep an eye on, track, or gather info concerning him or his member of the family pointed out in the query.”

Jobber Wiki author Frank Long contributed to this report.