Skip to main content

Israeli firm NSO Group tied to high-level hacks

A sweeping investigation found the names of world leaders, human rights defenders and journalists included on a leaked list of 50,000 alleged surveillance targets.
JACK GUEZ/AFP via Getty Images

Military-grade spyware developed by Israeli cyber-surveillance company NSO Group has been used to successfully hack the smartphones of journalists, politicians, activists and business leaders, an investigation by a consortium of international media outlets said Sunday. 

Using a leaked list of more than 50,000 cell phone numbers, journalists at 17 media outlets identified over 1,000 people across more than 50 countries who were selected as potential targets by NSO Group’s clients. They include more than 180 journalists from outlets including CNN, The Associated Press, The Wall Street Journal and The New York Times, according to the media probe, which was published in coordination with Paris-based nonprofit Forbidden Stories and Amnesty International. 

The report notes that without analyzing the devices, it’s impossible to know which of the 50,000 cell phone numbers were hacked with NSO Group’s Pegasus software, which researchers say gives customers access to a phone’s contents and the ability to remotely access the camera and microphone. The investigation was able to confirm the attempted and successful hacks of 37 smartphones that appeared on the list. 

The Israeli surveillance firm says it will investigate the potential human rights abuses revealed Sunday, but told The Assiciated Press that it has never maintained “a list of potential, past or existing targets.” 

NSO Group says it licenses Pegasus and other surveillance tools on the condition that governments use them to fight terrorism and other crime. Its customers reportedly include the governments of Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia and the United Arab Emirates. 

On Monday, a liberal party in Israel’s governing coalition said it would discuss NSO Group exports during a meeting with Defense Minister Benny Gantz. 

The sweeping investigation published Sunday adds to the wave of criticism against NSO Group, which is facing an array of lawsuits filed by Facebook and alleged victims. Amid the fresh scrutiny of NSO Group, here’s a look at other alleged hacks linked to the firm’s highly sophisticated spyware. 

Moroccan journalist Omar Radi 

Amnesty International accused the Morrocan government of using NSO Group’s Pegasus spyware to hack the phone of Moroccan journalist Omar Radi, who was sentenced on Monday to six years in prison in a trial slammed by rights groups. 

Amnesty previously alleged that Radi’s phone was subjected to a series of attacks using “a sophisticated new technique” that installed the software on his device without him knowing. Hacks in 2019 and 2020 reportedly gave the attacker full access to the phone’s camera, microphone and data, including emails and messages. 

UAE rights campaigner Ahmed Mansoor 

Award-winning Emirati human rights defender Ahmed Mansoor’s cell phone was reportedly targeted in 2016. According to Citizen Lab, a digital watchdog and research organization at the University of Toronto, Mansoor received text messages on his iPhone promising “new secrets” about alleged torture in the United Arab Emirates’ jails — if he clicked on a link included in the messages. 

He didn’t click and instead sent the messages to Citizen Lab researchers, who determined the links were part of an exploit infrastructure tied to NSO Group. Mansoor, 51, is currently serving a 10-year sentence in the UAE over what rights groups say is retaliation for his peaceful criticism of the government. 

Saudi dissidents before Khashoggi murder

Several associates of slain Washington Post columnist Jamal Khashoggi, including Yahya Assiri, Omar Abdulaziz and Ghanem Al Masari, were reportedly hacked with NSO’s software, security researchers say. Abdulaziz, a Canada-based dissident, filed a lawsuit in Israel charging that Saudi intelligence operatives infected his phone with Pegasus in order to spy on his conversations with Khashoggi.  

Just four days after his murder, Pegasus was installed on the phone of Khashoggi’s fiancée Hatice Cengiz, the consortium of media organizations said Sunday. His son Abdullah was also selected as a target, likely by the Emirati government, the analysis of leaked data showed. 

Asked about Khashoggi’s murder, Shalev Hulio, NSO Group’s chief executive, told CBS’ "60 Minutes" in March 2019 that the Israel-based company had “nothing to do with this horrible murder.”

Amazon founder Jeff Bezos 

In January 2020, a group of United Nations rights experts called for an immediate investigation into the hacking of Jeff Bezos’ phone, which they concluded was likely conducted using Pegasus or similar malware

Bezos’ security adviser concluded that Saudi Arabia was behind the hack and had gained access to the billionaire’s private information. A forensic analysis of the Washington Post owner’s phone in 2019 assessed with “medium to high confidence" it was exploited through a WhatsApp exchange with Saudi Crown Prince Mohammed bin Salman. 

The Israeli firm denied its technology was used to target Bezos’ phone and said it was “shocked and appalled” by the allegation. 

Mexican government critics

In Mexico, a number of journalists, human rights lawyers and activists have reportedly been targeted with Pegasus, including the widow of murdered journalist Javier Valdez Cardenas. According to Citizen Lab, NSO Group’s spyware tried to gain access to her phone within a week of his death in May 2017. 

Former Mexican President Enrique Pena Nieto acknowledged in 2017 that his government had purchased Pegasus, but denied using the malware to spy on critics.

Start your PRO membership today.

Join the Middle East's top business and policy professionals to access exclusive PRO insights today.

Join Al-Monitor PRO Start with 1-week free trial