Reports from the Guardian, the Washington Post, and 15 other media rely on a leak of tens of thousands of phone numbers that appear to have been targeted by Pegasus. While the devices associated with the numbers on the list were not necessarily infected with spyware, the media were able to use the data to establish that journalists and activists in many countries were being targeted.and in some cases successfully hacked.
The leaks indicate the extent of what journalists and cybersecurity experts have been saying for years: While NSO Group claims its spyware is designed to target criminals and terrorists, its actual applications are much broader. (The company issued a statement in response to the investigation, denying that his data was leaked and that any of the resulting reports were true.)
My colleague Patrick Howell O’Neill has been reporting for some time on the complaints against the NSO group, which “have been linked to cases such as the murder of Saudi journalist Jamal Khashoggi, the targeting of scientists and campaigners pushing for political reform in Mexico, and Spanish government surveillance of Catalan separatist politicians ”, he wrote in August 2020. In the past, NSO has denied these accusations, but it has also argued more broadly that it cannot be held responsible if governments abuse the technology it sells to them.
The company’s central argument, we wrote at the time, is “a common argument among arms manufacturers.” Namely: “The company is the creator of a technology that governments use, but it does not attack anyone itself, so it cannot be held responsible.