An Israeli company’s spyware was used in attempted and successful hacks of 37 smartphones belonging to journalists, government officials and human rights activists around the world, according to an investigation by 17 media organizations published on Sunday.
One of the organizations, The Washington Post, said the Pegasus spyware licensed by Israel-based NSO Group also was used to target phones belonging to two women close to Jamal Khashoggi, a Post columnist murdered at a Saudi consulate in Turkey in 2018, before and after his death.
The Guardian, another of the media outlets, said the investigation suggested “widespread and continuing abuse” of NSO’s hacking software, described as malware that infects smartphones to enable the extraction of messages, photos and emails; record calls; and secretly activate microphones.
The investigation, which Reuters agency did not independently confirm, did not reveal who attempted the hacks or why.
NSO said its product is intended only for use by government intelligence and law enforcement agencies to fight terrorism and crime.
The company issued a statement on its website denying the reporting by the 17 media partners led by the Paris-based journalism nonprofit Forbidden Stories.
“The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the ‘unidentified sources’ have supplied information that has no factual basis and are far from reality,” the company said in the statement.
“After checking their claims, we firmly deny the false allegations made in their report,” the statement said.
NSO said its technology was not associated in any way with Khashoggi’s murder. NSO representatives were not immediately available to provide additional information to Reuters on Sunday.
In India, the numbers of a variety of activists were found in the data.
Umar Khalid, a student activist at Jawaharlal Nehru University in Delhi and the leader of the Democratic Students’ Union, was selected ahead of a possible targeting in late 2018, shortly before sedition charges were filed against him. He was arrested in September 2020 on charges of organising riots, and police claimed the evidence against him included more than 1m pages of information gleaned from his mobile phone, without making it clear how the information was obtained. He is in jail awaiting trial.
The Guardian said the numbers of more than 180 journalists were listed in the data, including reporters, editors and executives at the Financial Times, CNN, New York Times, the Economist, Associated Press and Reuters.
“We are deeply troubled to learn that two AP journalists, along with journalists from many news organizations, are among those who may have been targeted by Pegasus spyware,” said Director of AP Media Relations Lauren Easton.
“We have taken steps to ensure the security of our journalists’ devices and are investigating,” she added.
Reuters’ spokesman Dave Moran said, “Journalists must be allowed to report the news in the public interest without fear of harassment or harm, wherever they are. We are aware of the report and are looking into the matter.”
The other media organizations could not be immediately reached for comment on Sunday.