‘NSO Group’ Leak Reveals Details About Pegasus Spyware Deployment

• A data leak that ended up in the hands of a large coalition of journalists reveals tens of thousands of Pegasus targets.
• Some of those included in the list are investigative journalists who were murdered for their revealing stories.
• Both the NSO and the governments who are exposed in the story flatly deny the validity of the leaked data.

The Pegasus spyware, created and sold by the Israeli software vendor known as the ‘NSO Group,’ has found itself on news headlines numerous times, and not for a positive reason. We have previously discussed how it is deployed against journalists in the Middle East and human rights activists in India, the signs of its presence in 45 countries, and how its vendor has found itself on the wrong side of history. Now, an apparent data leak revealed more about the spyware’s use, which again refutes the firm’s claims about ethical deployment.

According to what is mentioned in the news section of Amnesty International, which dived deep into the leaked data with the help of another 17 media organizations, Pegasus is used to spy on 50,000 phone numbers. This mass surveillance operation includes heads of state, activists, and 180 journalists from CNN, the New York Times, Al Jazeera, and AFP. Other targets mentioned in the leaked data include the Mexican journalist Cecilio Pineda Brito who was murdered in 2017, and Jamal Khashoggi’s family, as well as other people close to the assassinated Saudi Arabian journalist.

The NSO Group has responded to this data leak and the findings that accompany it, saying that the reliability of the sources and the very basis of the story are highly doubtful. The Israeli firm told the investigative collective of journalists that the information that supposedly comes from them has no factual basis and no supporting documentation either. Also, commenting on the figure of 50,000 phone numbers, NSO finds it greatly exaggerated in the context of government surveillance and maintains that if the list is real, it would obviously be used for other purposes.

As for the responses from governments that are presented as abusers of the Pegasus tool, Rwanda and Hungary denied using the particular software, Morocco claimed failure to understand the context and waits for more evidence from Amnesty International, while India ruled out the possibility of any interception having occurred illegally.

The IT Minister of India stated that if spyware was used against anyone, it would be in accordance with the rules and provisions of section 5(2) of Indian Telegraph Act, 1885 and section 69 of the Information Technology (Amendment) Act, 2000, and to investigate cases of national security. Finally, the government of India characterized the Amnesty International story as “crafted,” bereft of facts, and filled with pre-conceived conclusions.

No matter what the surveillance tools developer or its clients claim, everyone in the global free speech community agrees that having no oversight and/or regulation on this shady industry can no longer continue. Tech tools like the Pegasus spyware may be abused to commit serious human rights violations even if the NSO Group really has safeguards in place. It has been proven that software like Pegasus can be used as a deadly weapon, so the need to have them all tightly regulated and scrutinized is urgent.