Behind the Mercenary Spyware Industry
Recently, Amnesty International and Forbidden Stories, a French journalism nonprofit, obtained a list of 50,000 phone numbers that were potentially targeted by Pegasus, the now infamous spyware created by NSO Group, an Israeli technology firm. Amnesty and Forbidden Stories shared that list with a group of 17 news organizations, and reporters then started tracking down who the numbers belonged to.
They identified about 1,000 people by phone number, and more than 60 agreed to hand over their phones for forensic examination. Of those phones, 37 showed some evidence of an attempted or successful hack. They belonged to journalists, human rights activists, two women who were very close to Jamal Khashoggi, the murdered Washington Post columnist. The original list of 50,000—and we don’t know if these people were hacked—included numbers belonging to French President Emmanuel Macron as well as Rahul Gandhi, a very prominent opponent to India’s prime minister.
On Friday’s episode of What Next: TBD, I spoke with John Scott-Railton—a researcher at the University of Toronto’s Citizen Lab who has tracked NSO since 2016—about the dangers of the NSO Group, the vulnerabilities in our technology, and what, if anything, can be done to protect it.