{"id":189399,"date":"2021-07-26T12:02:35","date_gmt":"2021-07-26T11:02:35","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=189399"},"modified":"2021-07-24T04:29:16","modified_gmt":"2021-07-24T03:29:16","slug":"about-the-pegasus-project","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2021\/07\/about-the-pegasus-project\/","title":{"rendered":"About the Pegasus Project"},"content":{"rendered":"
\n
\n
\n
\n

18 Jul 2021 – An unprecedented leak of more than 50,000 phone numbers selected for surveillance by the customers of the Israeli company NSO Group<\/span> shows how this technology has been systematically abused for years. The Forbidden Stories consortium and Amnesty International had access to records of phone numbers selected by NSO clients in more than 50 countries since 2016.<\/em><\/p><\/blockquote>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

\"\"<\/a><\/p>\n

\n
\n
\n
\n

NSO Group asserts that the product it sells to government clients\u00a0\u2013 most commonly referred to as Pegasus<\/b>\u00a0\u2013 is intended to \u201ccollect data from the mobile devices of specific individuals, suspected to be involved in serious crime and terror.\u201d Pegasus has extensive capabilities: the spyware can be installed remotely on a smartphone without requiring any action from its owner. Once installed, it allows clients to take complete control of the device<\/b>, including accessing messages from encrypted messaging apps like WhatsApp and Signal, and turning on the microphone and camera.<\/p>\n

The Forbidden Stories consortium discovered that, contrary to what NSO Group has claimed for many years, including in a recent transparency report, this spyware has been widely misused<\/b>. The leaked data showed that at least 180 journalists<\/b> have been selected as targets in countries like India, Mexico, Hungary, Morocco and France, among others. Potential targets also include human rights defenders, academics, businesspeople, lawyers, doctors, union leaders, diplomats, politicians and several heads of states<\/b>.<\/p>\n

In a letter shared with Forbidden Stories and its partners, NSO Group contended that the consortium\u2019s reporting was based on \u201cwrong assumptions\u201d and \u201cuncorroborated theories.\u201d NSO Group insisted that the analysis of the data by journalists who were part of the Pegasus Project relied on a \u201cmisleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers targets of Pegasus or any other NSO products.\u201d<\/p>\n

httpv:\/\/www.youtube.com\/watch?v=mMxZhdfiN7E<\/p>\n

HLR refers to Home Location Register \u2013 a database that is essential to operating cellular phone networks. A person with direct knowledge of NSO\u2019s systems, speaking on the condition of anonymity, told journalists from the Pegasus Project that an HLR lookup is a key step of determining certain characteristics of a phone, such as whether it is turned on or in a country that allows Pegasus targeting.<\/p>\n

Asked about those findings by Forbidden Stories, NSO Group denied and said \u201cit will continue to investigate all credible claims of misuse and take appropriate action based on the results of these investigations.\u201d<\/p>\n

The consortium met with victims from all over the world whose phone numbers appeared in the data. The forensic analyses of their phones\u00a0\u2013 conducted by Amnesty International\u2019s Security Lab and peer-reviewed by the Canadian organization Citizen Lab\u00a0\u2013 was able to confirm an infection or attempted infection with NSO Group\u2019s spyware in 85% of cases<\/b>, or 37 in total. Such a rate is remarkably high given the state-of-the-art spyware is supposed to be undetectable on the device in compromises.<\/p>\n

Journalists from the Pegasus Project\u00a0\u2013 more than 80 reporters from 17 media organizations in 10 countries coordinated by Forbidden Stories<\/b> with the technical support of Amnesty International\u2019s Security Lab\u00a0\u2013 sifted through these records of phone numbers and were able to take a peak behind the curtain of this surveillance weapon, which had never been possible to this extent before.<\/p>\n

Among the victims were several journalists from the Pegasus Project<\/b>, such as Siddarth Varadarajan, an Indian investigative journalist and founder of the news site The Wire, who was hacked in 2018 and Szabolcs Panyi, an investigative reporter for Direkt36 in Hungary whose phone was compromised during a seven-month period in 2019.<\/p>\n

All shared a general sense of powerlessness when informed about the cyber attacks they had suffered. \u201cWe\u2019ve been recommending each other this tool or that tool, how to keep [our phones] more and more secure from the eyes of the government,\u201d Azerbaijani journalist Khadija Ismayilova said. \u201cAnd yesterday I realized that there is no way. Unless you lock yourself in [an] iron tent, there is no way that they will not interfere into your communications.\u201d<\/p>\n

Amnesty International\u2019s Security Lab also identified new ways through which Pegasus can be installed on a phone, such as through a security flaw in iPhones that has been frequently used since 2019 and was still detected as recently as in July 2021. Well-informed sources shared concerns about countless vulnerabilities linked to Apple\u2019s messaging service iMessage<\/b>, a problem they say has gotten worse over the years.<\/p>\n

The leaked data suggests that the spyware is used much more carelessly than advertised. In the transparency report published in June 2021, the Israeli company stressed that Pegasus was \u201cnot a mass surveillance technology\u201d and was \u201cused only where there [was] a legitimate law enforcement or intelligence-driven reason.\u201d Yet, more than 10,000 phone numbers were selected for surveillance by NSO Group\u2019s Moroccan client alone over a two-year period<\/b>.<\/p>\n

The project shines a harsh light on the business of NSO Group, which, despite claiming it vets its clients based on their human rights track records, decided to sell its product to authoritarian regimes such as Azerbaijan, the United Arab Emirates and Saudi Arabia. Insiders disclosed the important role played by the Israeli Ministry of Defense when it came to picking NSO Group\u2019s clients<\/b>. Multiple sources corroborated the fact that Israeli authorities pushed for Saudi Arabia to be added to the list of customers despite NSO Group\u2019s hesitations. The company\u2019s lawyer denied \u201cNSO Group takes governmental direction regarding customers.\u201d<\/p>\n

The revelations stemming from this international collaborative investigation throw into question the safeguards put in place to prevent misuse of cyber weapons like Pegasus<\/b> and, more specifically, NSO Group\u2019s commitment to creating \u201ca better, safer world.\u201d<\/p>\n

*********************<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n
\n
\n

The Pegasus Project media partners:<\/em><\/p>\n

The Guardian, Le Monde, The Washington Post, S\u00fcddeutsche Zeitung, Die Zeit, Aristegui Noticias, Radio France, Proceso, OCCRP, Knack, Le Soir, Haaretz\/TheMarker, The Wire, Daraj, Direkt36, PBS Frontline.<\/b><\/em><\/p>\n

<\/b>With the technical support of Amnesty International\u2019s Security Lab.<\/b><\/em><\/p><\/blockquote>\n

\n

The Pegasus Project | All the articles<\/a><\/h2>\n

Go to Original – forbiddenstories.org<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

18 Jul 2021 – Journalists from the Pegasus Project\u00a0\u2013 more than 80 reporters from 17 media organizations in 10 countries coordinated by Forbidden Stories with the technical support of Amnesty International\u2019s Security Lab\u00a0\u2013 sifted through these records of phone numbers and were able to take a peak behind the curtain of this surveillance weapon, which had never been possible to this extent before.<\/p>\n","protected":false},"author":4,"featured_media":189407,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[197],"tags":[910,1082,958,2607,1017,125,88,378,234,2608,2606,1220,1277,1109,911],"class_list":["post-189399","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-special-feature","tag-big-brother","tag-cellphones","tag-control","tag-forbidden-stories","tag-freedom-of-information","tag-freedom-of-the-press","tag-israel","tag-journalism","tag-media","tag-nso","tag-pegasus-project","tag-privacy","tag-privacy-rights","tag-spying","tag-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/189399","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=189399"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/189399\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media\/189407"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=189399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=189399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=189399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}