For the first Time, researchers mapped all known targets, including journalists, activists and human rights defenders, whose phones were hacked by Pegasus, spyware developed by NSO Group.
Forensic Architecture, an academic unit at Goldsmiths, University of London that investigates human rights abuses, has gone through dozens of reports from human rights groups, conducted open source research and interviewed dozens of victims themselves to reveal over a thousand data points, including the device infections, which show the relationships and patterns between digital surveillance performed by NSO’s government clients, and bullying, harassment and real-world violence to which victims are also subjected.
By mapping these data points on a bespoke platform, researchers can show how nation states, which use Pegasus to spy on their victims, also often target other victims in their networks and become embroiled in assaults, arrests and disinformation campaigns against the targets but also their families, friends and colleagues.
While the 1,000+ data points show only a portion of overall government use of Pegasus, the project aims to provide researchers and investigators with the tools and data from NSO’s activities around the world, which the spyware maker strives to keep it out of the public eye.
Pegasus “activates your camera, your microphone, whatever is integral to your life.” Mexican journalist Carmen Aristegui
Israeli group NSO is developing Pegasus, spyware that allows its government clients to gain almost unimpeded access to a victim’s device, including their personal data and location. NSO has repeatedly refused to name its clients, but is said to have government contracts in at least 45 countries, including Rwanda, Israel, Bahrain, Saudi Arabia, Mexico and the United Arab Emirates – all of which have been accused of violations rights – as well as Western nations, like Spain.
Forensic Architecture researcher Shourideh Molavi said the new findings reveal “how the digital realm in which we live has become the new frontier for human rights violations, a site for surveillance and monitoring. state intimidation that allows physical violations in real space “.
The platform presents visual timelines of how victims are targeted by both spyware and physical violence as part of government campaigns to target their most vocal critics.
Omar Abdulaziz, a Saudi video blogger and activist living in exile in Montreal, saw his phone hacked in 2018 by the Pegasus malware. Shortly after Saudi emissaries tried to convince Abdulaziz to return to the kingdom, his phone was hacked. A few weeks later, two of his brothers in Saudi Arabia were arrested and his friends detained.
Abdulaziz, a confidant of Washington Post journalist Jamal Khashoggi whose murder has been approved by Saudi Arabia de facto Crown Prince Mohammed bin Salman also had information on his Twitter account obtained by a “state-sponsored” actor, who was later revealed to be a Saudi spy employed by Twitter. It was this stolen data, which included Abdulaziz’s phone number, that helped the Saudis penetrate his phone and read his messages with Khashoggi in real time, Yahoo News reported this week.
Another known victim is Mexican journalist Carmen Aristegui, whose phone was repeatedly hacked in 2015 and 2016 by a government client of Pegasus, presumably in Mexico. The Citizen Lab at the University of Toronto discovered that her son, Emilio, a miner at the time, also had his phone targeted while living in the United States. The timeline of the digital intrusions against Aristegui, his son and his colleagues shows that hacking efforts intensified following the exposure of corruption by then Mexican President Enrique Peña Nieto.
“It’s malware that activates your camera, your microphone, whatever is an integral part of your life,” said Aristegui in an interview with journalist and filmmaker Laura Poitras, who contributed to the project. Speaking of his son whose phone has been targeted, Aristegui said: “Knowing that a child who just goes about his or her life and goes to school tells us about the types of abuse a state can do without a counterbalance. ” (NSO has repeatedly claimed that it does not target phones in the United States, but offers similar technology to Pegasus, dubbed Phantom, through its U.S. subsidiary Westbridge Technologies.)
“Phenomenal damage is done to journalistic accountability when the state – or whoever – uses these systems of ‘digital violence’,” Aristegui said. “It ends up being a very damaging element for journalists, which affects a society’s right to keep informed.”
The platform also builds on recent findings from an Amnesty International investigation into the corporate structure of the NSO Group, which shows how NSO spyware has proliferated in states and governments using a complex network of companies to hide its customers and activities. Forensic Architecture’s platform has been following the trail of private investment since NSO’s founding in 2015, which “likely enabled” the sale of spyware to governments that NSO would not normally have access to due to restrictions on spyware. Israeli export.
“NSO Group’s Pegasus spyware should be viewed and treated as a developed weapon, like other products of Israel’s military-industrial complex, in the context of the ongoing Israeli occupation. It is disheartening to see it exported to allow human rights violations around the world, ”said Eyal Weizman, director of Forensic Architecture.
The platform was launched shortly after NSO this week released its first so-called transparency report, which human rights defenders and security researchers have deemed to be devoid of any meaningful detail. Amnesty International said the report read “more like a sales brochure”.
In a statement, NSO Group said it could not comment on the research it had not seen, but claimed it “is investigating all credible allegations of abuse and that NSO is taking appropriate action by depending on the results of its investigations “.
NSO Group argued that its technology “cannot be used for cyber surveillance in the United States, and no customer has ever obtained technology that would allow them to access phones with US numbers,” and declined to name one of its government clients.
You can securely tip via Signal and WhatsApp at +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.