A sweeping investigation by 17 media outlets found that NSO Group’s Pegasus software was used in hacking attempts on 37 smartphones belonging to human rights activists and journalists, The Washington Post reported. The phones were on a leaked list of numbers discovered by Paris journalism nonprofit Hidden Stories and human rights group Amnesty International, according to the Post. The numbers on the list were singled out for possible surveillance by countries who are clients of NSO, the report states, which markets its spyware to governments to track potential terrorists and criminals.
Pegasus can extract all of a mobile device’s data, and activate the device’s microphone to listen in on conversations surreptitiously, as The Guardian notes. The list of journalists dates back to 2016, the Post reports, and includes reporters from the Post, CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde, the Financial Times, and Al Jazeera.
In a statement emailed to The Verge on Sunday, an NSO spokesperson denied the claims in the report, saying it was “full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources,” and questioned the sources that supplied the information.
“After checking their claims, we firmly deny the false allegations made in their report,” the statement continues. The company is considering a defamation lawsuit according to its statement, because it says “these allegations are so outrageous and far from reality.”
It’s not the first time NSO’s Pegasus spyware has been accused of being part of a larger surveillance campaign. Between July and August 2020, research organization Citizen Lab found that 36 phones belonging to Al Jazeera journalists had been hacked using Pegasus technology, possibly by hackers working for governments in the Middle East. In 2019, WhatsApp sued NSO, claiming Pegasus was used to hack users of WhatsApp’s encrypted chat service.