Blog

The Guardian, Washington Post and 15 other media reports are based on leaked tens of thousands of phone numbers that appear to have been targeted by Pegasus. While the devices associated with the numbers on the list were not necessarily infected with spyware, the media was able to use the data to establish that journalists and activists in many countries were victims of attacks and, in some cases, were successfully hacked.

The leaks point to the extent of what reporters and cybersecurity experts have said over the years: while NSO Group claims its spyware is designed to target criminals and terrorists, its actual use is much broader. (The company issued a statement in response to the investigation, denying the breach of its data and that any of the reports received were true.)

My colleague Patrick Howell O’Neill has for some time reported claims against the NSO Group, which “were related to cases such as the assassination of Saudi journalist Jamal Khashoggi, attacks on scientists and campaigners for political reform in Mexico, and the Spanish state oversight of Catalan separatist politicians, ”he wrote in August 2020. The NSO has denied these allegations in the past, but has also stated more broadly that it cannot be held accountable if governments abuse the technology that is sold to them.

At the time, we wrote that the company’s main argument was that it was “common among arms manufacturers.” Namely: “The company is the creator of technology that governments use, but does not attack anyone, so it cannot be held accountable.”