Spyware Scandal: Amnesty Stands by Its Pegasus Project Findings
Amnesty International has released the full technical details of its Security Lab’s in-depth forensic investigations as part of the Pegasus Project.
Update: July 22, 2021
Spyware Scandal: Amnesty Stands by Its Pegasus Project Findings
The authoritarian governments which have been caught using Pegasus spyware are now manipulating social media to create confusion about the revelations of their snooping scandals.
In order to dismiss any misgivings about its findings, Amnesty International said today (July 22) that it stands by its reporting. In response to false allegations on social media and inaccurate media stories in relation to the Pegasus Project, Amnesty International issued the following statement:
“Amnesty International categorically stands by the findings of the Pegasus Project, and that the data is irrefutably linked to potential targets of NSO Group’s Pegasus spyware. The false rumours being pushed on social media are intended to distract from the widespread unlawful targeting of journalists, activists and others that the Pegasus Project has revealed.”
Amnesty categorically stands by #PegasusProject data set https://t.co/iWWRX3cB9B
— amnestypress (@amnestypress) July 22, 2021
The story dated July 19 follows.
How Authoritarian Regimes Use Spyware to Target Opponents
Massive data leak reveals that a number of authoritarian rulers are secretly using Israeli NSO Group’s spyware to target activists, journalists, and political leaders globally.
The spyware has been used to facilitate human rights violations around the world on a massive scale, according to a major investigation into the leak of 50,000 phone numbers of potential surveillance targets. These include heads of state, activists and journalists, including murdered journalist Jamal Khashoggi’s family.
The Pegasus Project is said to be a ground-breaking collaboration of more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, which conducted forensic tests on mobile phones to identify traces of the spyware.
“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” said Agnès Callamard, Secretary General of Amnesty International in its report released on July 18.
In a written response to Forbidden Stories and its media partners, NSO Group said it “firmly denies… false claims” in the report. It wrote that the consortium’s reporting was based on “wrong assumptions” and “uncorroborated theories” and reiterated that the company was on a “life-saving mission”.
At the centre of this investigation is NSO Group’s Pegasus spyware which, when surreptitiously installed on victims’ phones, allows an attacker complete access to the device’s messages, emails, media, microphone, camera, calls, and contacts.
Over the next week, according to Amnesty, media partners of The Pegasus Project – including The Guardian, Le Monde, Süddeutsche Zeitung and The Washington Post – will run a series of stories exposing details of how world leaders, politicians, human rights activists, and journalists have been selected as potential targets of this spyware.
From the leaked data and their investigations, Forbidden Stories and its media partners identified potential NSO clients in 11 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates (UAE).
Amnesty says that the NSO Group has not taken adequate action to stop the use of its tools for unlawful targeted surveillance of activists and journalists, despite the fact that it either knew, or arguably ought to have known, that this was taking place.
“As a first step, NSO Group must immediately shut down clients’ systems where there is credible evidence of misuse. The Pegasus Project provides this in abundance,” said Agnès Callamard.
Amnesty International has also released the full technical details of its Security Lab’s in-depth forensic investigations as part of the Pegasus Project. The Lab’s methodology report documents the evolution of Pegasus spyware attacks since 2018, with details on the spyware’s infrastructure, including more than 700 Pegasus-related domains.
“NSO claims its spyware is undetectable and only used for legitimate criminal investigations. We have now provided irrefutable evidence of this ludicrous falsehood,” said Etienne Maynier, a technologist at Amnesty International’s Security Lab.
There is nothing to suggest that NSO’s customers did not also use Pegasus in terrorism and crime investigations, and the Forbidden Stories consortium also found numbers in the data belonging to suspected criminals.
“The widespread violations Pegasus facilitates must stop. Our hope is the damning evidence published over the next week will lead governments to overhaul a surveillance industry that is out of control,” said Etienne Maynier.
According to a report by The Guardian, the disclosures began on July 18, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.