Reports from The Guardian,, Washington Postand 15 other media organizations are based on the leak of tens of thousands of phone numbers that appear to have been targeted by Pegasus. Although the devices associated with the numbers on the list are not necessarily infected with spyware, outlets were able to use the data to determine that journalists and activists were being targeted in many countries –and in some cases successfully hacked.
The leaks point to the extent of what reporters and cybersecurity experts have been saying for years: yes, although the NSO Group claims that spyware is designed to target criminals and terrorists, its actual applications are much broader. (The company issued a statement in response to the investigation, denying that his data was leaked and that any reporting from it was true.)
My colleague Patrick Howell O’Neill has been reporting for some time on lawsuits against the NSO Group, which is “related to cases including the murder of Saudi journalist Jamal Khashoggi, targeting scientists and activists advocating political reform in Mexico and Spanish government oversight of Catalan separatist politicians,” he wrote in August 2020. In the past, the NSO has denied these allegations, but has also argued more broadly that it cannot be held accountable if governments misuse the technology by which they sell them.
The central argument of the company, as we wrote at the time, is that “which is common among arms manufacturers.” Namely: “The company is the creator of the technology used by governments, but it does not attack anyone on its own, so it cannot be held responsible.”