Pegasus Project |Many countries use the Israeli spy software Pegasus to target their own citizens: activists, lawyers, politicians and journalists. Revelations of a consortium of journalists created by Forbidden Stories, including Radio France’s investigative unit. This is probably the most important cyber-espionage case since the Snowden case. In 2013, it was discovered, stunned, in the post-September 11 context, that the NSA had implemented a global data monitoring system. But the revelations that Forbidden Stories and its partners, with the technical assistance of Amnesty International’s Security Lab, are able to make today seem even more serious. Because they show that this surveillance is not the prerogative of a country with deviant practices, however great it may be, but that it is widespread and concerns all types of nations.
Mexico, India, Morocco, Indonesia, Saudi Arabia, the United Arab Emirates, Kazakhstan, Azerbaijan, Togo, Rwanda and even Hungary, a member of the European Union, government agencies are targeting their own citizens, as well as personalities outside their countries. The only harm of the latter: being lawyers, journalists, diplomats, doctors, sportsmen, trade unionists, simple activists or politicians, including ministers and 13 heads of state or government (including three Europeans as we will specify in the coming days).” What we see with the Pegasus project is very different and even more worrying than what we saw in the Snowden case, believes Laurent Richard, the director of Forbidden Stories.
Here we are dealing with a private company that sells highly intrusive software to states known for their repressive human rights policies and against journalists. And it is clear that these states are diverting this tool to use against these populations.” The spyware in question has the very evocative name of “Pegasus”. It is marketed only to states or government agencies, with the approval of the Israeli government, by a company called NSO, which employs 750 employees in Herzliya, in the suburbs of Tel Aviv, but also in Cyprus and Bulgaria. Officially, its purpose is to help the intelligence services in the fight against crime.
On its website, NSO states that it “creates technologies that help government agencies to prevent and investigate terrorism and crimes, to save thousands of lives around the world”. For this, Pegasus enters smartphones, whether they run under the operating system of Apple, iOS (including in its latest version) or that of Google, Android. He then has access to everything: contacts, photos, passwords. It can read emails, track conversations, even on encrypted messengers, geolocate the device, and activate microphones and cameras to turn the smartphone into a real bug.
“We are committed to verifying the correct use of our technology (…) and investigating any credible claims of misuse of our products,” says NSO on its website.And it is true that the company has set up an email address dedicated to whistleblowers who would have information on a possible misuse of its software. A consortium to investigate However, reality seems far removed from this official discourse. Our colleagues at Forbidden Stories quickly understood this when they had access to a list of over 50,000 phone numbers entered by 12 NSO customers into the system that activates Pegasus. They then shared this list, which runs for several years after 2016, with an international consortium they formed with 16 media, including: the Washington Post in the United States, the Guardian in Britain, the Süddeutsche Zeitung in Germany, Radio France’s investigative unit and the newspaper Le Monde in France. For several months, nearly 80 journalists analysed these telephone numbers and identified many of their owners in some 50 countries. Some have agreed to give us their phones, because being selected as a target does not necessarily mean being attacked or infected. Amnesty International’s Security Lab, the technical partner of the project and specialist in the analysis of this type of infection, was able to establish that out of 67 expertized phones, 37 showed signs of attack or infection by the Pegasus software.
Pegasus targets: journalists
Among the numbers selected as a target, we were able to count more than 180 journalists. And if we were to establish a ranking of the most active countries with Pegasus, Mexico would probably be in the lead. There, nearly 15,000 telephone numbers were selected as potential targets for a spyware attack. Among them was Cecilio Pineda, a journalist who was murdered in March 2017, a few weeks after his number appeared on the list. There are also about 20 members of the capital Mexico City’s main media outlets (including El Tiempo, El Mundo and national television), as well as journalists from local publications, a Bloomberg columnist and a CNN producer.
In India, 30 journalists, including five investigative journalists, ten international news officers and eight political specialists, were selected among the targets of the spyware. Is there a causal link? Some of them had investigated the controversial contract of 36 Rafales aircraft sold by France to the Indian government in 2016. They were being pursued by major industrial groups close to the Indian Prime Minister, Narendra Modi, including Reliance Industrie, Dassault’s partner suspected of being involved in a corruption case in connection with the sale of the Rafales.
Our investigations also took us to Saudi Arabia. The Israeli newspaper Haaretz had already revealed that the kingdom had bought the Pegasus software in 2017, just before Mohammed Ben Salmane began a purge among nearly 500 of his opponents. But our investigations show that part of the entourage and family of journalist Jamal Khashoggi, who was murdered at the Saudi consulate in Istanbul on 2 October 2018, was selected as one of his potential targets after the murder, including his fiancée, his lawyer, one of his children and even the prosecutor in charge of the investigation in Istanbul. Al Jazeera is also on the list of journalists.
In Hungary, a member of the European Union, the same is true. The numbers of ten lawyers were entered into the Pegasus system, as well as those of numerous personalities, including Zoltan Varga, the boss of a large independent media group, and two journalists from Direkt36, an independent investigative website in Budapest.
Of the French targeted
France is not a customer of NSO. But several journalists from France are among the selected numbers. This is the case for two Mediapart journalists, including its founder, Edwy Plenel. Among these selected numbers are also those of Dominique Simonnot, the current General Controller of Places of Deprivation of Liberty (CGLPL), who until 2020 was a journalist at the Canard enchaîné, or Bruno Delport, the director of TSF Jazz, who applied in 2019 for the presidency of Radio France. There are still colleagues from Le Monde, France 2, France 24, Rosa Moussaoui de l’Humanité, a former head of AFP’s Rabat office, as well as Figaro journalist Eric Zemmour.
Analysis of the data we had access to showed that these telephone numbers had been entered into the Pegasus system by Morocco, sometimes in view of their positions considered hostile to the regime or their proximity to Moroccans perceived as opponents, but in other cases for unknown reasons. Amnesty’s Security Lab had already found traces of infection with Pegasus software on the mobile phone of Omar Radi, a journalist with the independent news website The Desk, officially accused of rape and interference with the internal security of the State and imprisoned in Morocco since July 2020. However, the same laboratory was able to demonstrate that Edwy Plenel’s phone was also infected, after he participated in the Essaouira cultural festival in June 2019, at the invitation of the Desk, where he pleaded for the release of prisoners from the Rif, incarcerated after protests in 2016.
In addition to his duties as head of the media, Bruno Delport also chairs the board of directors of Solidarité Sida, an association that started prevention projects with prostitutes and drug addicts in Morocco when his phone was attacked. In total, we were able to establish that at least 35 numbers of journalists were selected as targets by Morocco. And in two years, all professions combined, the user of the NSO software in this country has entered the system, of which nearly 1,000 correspond to French citizens.
In response to our questions, the Embassy of Morocco sent us the following reply: “The Moroccan authorities do not understand the context of the referral by the International Consortium of Journalists (Forbidden Stories) seeking answers and clarification from the Moroccan government on the digital surveillance tools of the NSO group.”
Referring to the case of Omar Radi, she adds: “The Moroccan authorities have been waiting since 22 June 2020 for material evidence from Amnesty International which has been unable to prove any relationship between Morocco and NSO.”
NSO argues in good faith
By October 2019, NSO had already been compromised for making it possible to hack 1,400 phones, exploiting a WhatsApp encrypted messaging vulnerability. Around 100 journalists and human rights activists were targeted. Facebook, the parent company of WhatsApp, had filed a complaint with Google, Microsoft and other computer companies. In December 2020, our Guardian colleagues revealed that traces of Pegasus had been found on the mobile phones of a dozen journalists from the Qatari TV station Al Jazeera. And in December 2020, the Cartel project, already led by Forbidden Stories with Radio France’s investigative unit, had documented Pegasus’s misfortune in Mexico.
In response to our questions, NSO reaffirms its mission to save lives. We are doing this with determination, despite repeated attempts to discredit ourselves on the basis of false information,’ the group says.
Given what we are revealing, can he continue to ignore the fact that many countries are diverting his technology for purposes other than the prevention of organized crime and terrorism? In its response, the company adds: “_NSO Group will continue to investigate any allegations of misuse (of Pegasus), and we will make decisions based on the results of these investigations. This can go as far as shutting down our system access to our customers … We have done this many times in the past and we will not hesitate to do it again if necessary.” _
Source : France Culture