For the first time, researchers have been able to map all known targets (journalists, activists and human rights defenders) whose phones have been hacked by Pegasus, a spyware developed by NSO Group
Forensic Architecture, an academic unit at Goldsmiths from the University of London investigating human rights abuses, conducted an open source survey and interviewed dozens of victims to uncover more than a thousand points showing relationships and patterns between digital surveillance. carried out by NSO government clients and the real world of bullying, harassment and violence suffered by victims.
By mapping these points, researchers show how nation-states use it Pegasus to spy on their victims, they also often target other victims in their networks and engage in attacks, arrests and misinformation campaigns against targets but also their families, friends and colleagues.
Although the thousands of points represent only a fraction of the total use of Pegasus by governments, the project aims to provide researchers with the tools and data of NSO operations worldwide.
Η NSO Group Israel-based developer Pegasus, a spyware that allows client governments to have almost unlimited access to a victim's device. NSO has repeatedly denied naming its clients, but reportedly has government contracts in at least 45 countries, including Rwanda, Israel, Bahrain, Saudi Arabia, Mexico and the United Arab Emirates - all of which have been indicted. for human rights violations - as well as Western nations, such as Spain.
Forensic Architecture researcher Shourideh Molavi said the new findings reveal "the extent to which the digital world we live in has become the new frontier of human rights abuses, an area of state surveillance and intimidation that allows for natural abuses."
The platform presents visual timelines for how victims of both spyware and physical violence are targeted as part of government campaigns targeting anti-government critics.
Omar Abdulaziz, a Saudi blogger and activist living in exile in Montreal, saw his phone being hacked in 2018 by Pegasus malware. When some Saudi envoys tried to persuade Abdulaziz to return to the kingdom, his phone was lost. Weeks later, two of his brothers and friends in Saudi Arabia were arrested.
Abdulaziz, a confidant of Washington Post journalist Jamal Khashoggi, whose assassination was approved by the de facto governor of Saudi Arabia, Prince Mohammed bin Salman, saw his Twitter account being breached by someone who later turned out to be a Saudi spy. .
Abdulaziz's phone number was also on the stolen data. So the Saudis managed to break into his phone and read his messages with Khashoggi in real time, like Reported Yahoo News this week.
Mexican journalist Carmen Aristegui is another known victim, whose phone was breached several times in 2015 and 2016 by a government client of the NSO Group. The Citizen Lab at the University of Toronto found that her son, Emilio, a minor at the time, also had a broken phone while living in the United States. The timing of the digital attacks on Aristegui, her son and her colleagues shows that efforts intensified following a post about corruption by then-Mexican President Enrique Peña Nieto.
"It's malicious software that activates your camera, your microphone, everything that is an integral part of your life," Aristegui said in an interview with journalist and director Laura Poitras. Speaking about her son, Aristegui said:
"You know that your child who just goes to school accepts all kinds of abuse that a state can inflict." (NSO has repeatedly claimed that it does not target phones in the United States, but offers a similar technology to Pegasus, called Phantom, through its US-based Westbridge Technologies subsidiary.)
The platform was also based on recent findings from an Amnesty International investigation into the NSO Group's corporate structure, which shows how NSO spyware has multiplied across states and governments and used a complex network of companies to hide customers and businesses. of.
The Forensic Architecture platform follows in the footsteps of private investment since the founding of NSO in 2015, which "probably allowed" the sale of spyware to governments it could not normally access due to Israel's export restrictions.
"NSO Group's Pegasus spy software should be considered and treated as a weapon developed, like other products of the Israeli military industry. "It is frustrating to see it exported to allow for human rights abuses worldwide," said Eyal Weizman, director of Forensic Architecture.
In a statement, the NSO Group said it could not comment on an investigation it had not seen, but claimed it was "investigating all credible allegations of abuse and taking appropriate action based on the results of its investigations".
The NSO Group argued that its technology "could not be used to conduct cyber surveillance in the United States and that no customer had ever received technology that would allow them to access US numbers."
Of course, she refused to name any of her government clients.