Researchers map all known victims of the spyware ‘Pegasus’

Researchers have mapped all known victims of the NSO group’s spyware ‘Pegasus’. This is made possible through an interactive online platform created by the research agency Forensic Architecture. This initiative is in collaboration with Amnesty International and the internet watchdog group Citizen Lab. Pegasus spyware was created by Israeli cybersecurity firm NSO Group.  

Titled “Digital violence: How the NSO group enables State Terror” the website shows, for the first time, geographic areas in which Pegasus spyware has been deployed worldwide. The researchers “scoured dozens of reports from human rights groups, carried out open-source research, and interviewed dozens of victims themselves. This was done to reveal over a thousand data points which including device infections. This shows relations and patterns between digital surveillance carried out by NSO’s government customers, and the real-world intimidation, violence, and harassment that victims are also subjected to.”  

Cybersecurity firm NSO created ‘Pegasus’, which is a malware that was sold to governments to enable the remote infection and surveillance of private smartphones.  

Amnesty International’s statement  

Human rights organization, Amnesty International said, “The company’s Pegasus spyware has been used in some of the most insidious digital attacks on human rights defenders, When Pegasus is surreptitiously installed on a person’s phone, an attacker has complete access to a phone’s messages, emails, media, microphone, camera, calls, and contacts.” 

Legal Battle 

NSO Group is currently involved in a legal battle with Facebook. Facebook accuses that NSO’s Pegasus infected 1400 WhatsApp accounts. Most of them were celebrities, journalists, and Human rights activists. Last year Tech giants Google, Microsoft, Cisco, and Dell also joined Facebook in this battle.  Most notably, the spyware was implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in 2018.  

Victims of Pegasus Spyware  

The Digital Violence platform presents visual timelines of how victims are targeted by both spyware and physical violence as part of government campaigns to target their most outspoken critics. 

Omar Abdulaziz, a Saudi video blogger, and activist living in exile in Montreal had his phone hacked in 2018 by spyware. After Saudi diplomats tried to convince Abdulaziz to return, his phone was hacked. Weeks later, two of his brothers in Saudi Arabia were arrested and his friends were detained.  

Mexican Journalist Carmen Aristegui is another known victim. His phone was hacked several times between 2015-16 likely by the Mexican government. The Citizen Lab of the University of Toronto also found that her minor son Emilio’s phone was also targeted with this spyware.  In an interview with journalist and filmmaker Laura Poitras, Aristegui said, “It’s malware that activates your camera, your microphone, all that which forms an integral part of your life.” Eyal Weizman, Director of Forensic Architecture said, “NSO Group’s Pegasus spyware needs to be thought of and treated as a weapon developed, like other products of Israel’s military-industrial complex, in the context of the ongoing Israeli occupation. It is disheartening to see it exported to enable human rights violations worldwide.”  

NSO Group’s Stance  

NSO group recently published its first “Transparency and Responsibility report.” Many human rights groups and security researchers criticized this report. Amnesty International said the report reads “more like a sales brochure.”  

In a statement, NSO Group said it cannot comment on research it has not seen, but claimed it “investigates all credible claims of misuse, and NSO takes appropriate action based on the results of its investigations.” In addition, it said, that its technology “cannot be used to conduct cyber surveillance within the United States, and no customer has ever been granted technology that would enable them to access phones with U.S. numbers.”

It declined to name any of its government customers. NSO has repeatedly declined to name its customers but reportedly has government contracts in at least 45 countries. It includes Rwanda, Israel, Bahrain, Saudi Arabia, Mexico, and the United Arab Emirates. All of these countries are accused of human rights abuses. Some western nations are also present in the list like Spain.  

---

Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.