A lengthy report has just been released by the folk at the Washington Post, detailing that an Israeli Spyware has been licensed by governments and is being used to hack into phones of various journalists and activists worldwide. The spyware in question is a military-grade spyware licensed to be only used in surveillance of terrorists and major criminals. If this spyware has been used to hack into the phones of journalists then it’s in sharp conflict with the stated purpose of spyware.
The details came from a list of more than 50,000 numbers which was shared by Forbidden Stories, Paris-based journalism nonprofit, and Amnesty International, a human rights group. They shared the list with Washington Post and other news organizations. The numbers on the list were mostly located in countries that are known to be in surveillance of their citizens and also known to have been clients of the Israeli firm, NSO Group. The NSO Group is a worldwide leader in the private spyware industry. Their Pegasus spyware is known to be only licensed to vetted governments.
After a length investigation by reporters, more than 1000 numbers on the list were identified. The 1000 numbers were identified to belong to several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials. Government officials included cabinet ministers, diplomats, and military and security officers. This might have been the highest-profile hack to date.
Of the 189 Journalists that were hacked, many were part of leading news organizations. The list even included members from CNN, Voice of America, the New York Times, the Associated Press, the Wall Street Journal, Bloomberg News, Le Monde in France, the Financial Times in London, and Al Jazeera in Qatar. All of this was analyzed and investigated by the Pegasus Project, a media consortium tasked with finding out just the deep the rabbit hole goes.
The NSO Group called out on the allegations and said that the findings were exaggerated and baseless. NSO Chief Executive, Shalev Hulio, talked with the Washington Post and said that “The company cares about journalists and activists and civil society in general. We understand that in some circumstances our customers might misuse the system and, in some cases like we reported in [NSO’s] Transparency and Responsibility Report, we have shut down systems for customers who have misused the system”. He further added that “Every allegation about the misuse of the system is concerning me. t violates the trust that we give customers. We are investigating every allegation”.
The problem is that NSO’s customers are usually governments and government-sanctioned investigation agencies. So if a hack did occur, then it means that it was the work of some government agency. Or maybe the NSO is hiding the fact that they may have sold the spyware to some shady group.
According to the Israeli defense establishment “As a matter of policy, the State of Israel approves the export of cyber products exclusively to governmental entities, for lawful use, and only for the purpose of preventing and investigating crime and counterterrorism, under end-use/end-user certificates provided by the acquiring government”. So the question now is that which government agency was it?