What we know about Pegasus spyware so far

Pegasus can let spies record conversations made on or near a phone, use its cameras and locate the whereabouts of its users. PHOTO: REUTERS

NEW YORK (NYTIMES, BLOOMBERG) - A sophisticated cyber surveillance tool developed by an Israeli company has allegedly been used to spy on prominent journalists, democracy advocates, corruption fighters and lawyers from countries including Azerbaijan, France, Hungary, India and Morocco.

Dubbed Pegasus, the software has escalated concerns of government abuses against detractors, with as many as 50,000 mobile numbers from more than 50 countries targeted, according to a leaked list of surveillance targets.

Here's what we know so far:

What is Pegasus?

Developed by Israeli firm NSO Group, Pegasus can allow spies to gain access to an infected phone's hard drive and view photos, videos, e-mails and texts, even on applications that offer encrypted communication, such as Signal.

The software can also let spies record conversations made on or near a phone, use its cameras and locate the whereabouts of its users.

No information on an infected device is safe. Pegasus can access files. SMS and encrypted messaging service chats, address books, call history, calendars, e-mails and Internet browsing histories.

How does it infect a phone?

Earlier versions of the software utilised spear-phishing attacks in order to gain access to a phone. But it has since been made far more efficient, and is able to infect a device even if nothing is clicked on - a so-called "zero-click" capability.

In order to infect a phone, the modus operandi is to first create a fake Whatsapp account, which is then used to make video calls. When an unsuspecting users' phone rings, a malicious code is transmitted that installs the spyware on the phone. The software is installed even if the call is not answered.

The NSO has apparently begun exploiting vulnerabilities in Apple's iMessage software as well, putting millions of iPhones at risk of being hacked.

According to researchers, attacks have been conducted as recently as this month. When Pegasus is installed on a phone, it is able to gain administrative privileges on a device, allowing it to do even more things than the owner of the device.

Security researchers have speculated that newer versions of Pegasus only occupy a phone's temporary memory, rather than its hard drive. Consequently, once the phone is turned off, all traces of the software disappear.

How was the spyware discovered?

NSO has attracted scrutiny since 2016, when the company's software was said to be used against a rights activist in the United Arab Emirates and a journalist in Mexico.

Since then, The New York Times has reported that the software was deployed against journalists, rights campaigners and policymakers in Mexico and Saudi Arabia.

New reports that appeared on Sunday suggest that the firm's software has been used against more people in more countries than had previously been reported.

Among other actions, Pegasus appears to have been used to attempt to hack at least 37 smartphones owned by journalists from countries including Azerbaijan, France, Hungary, India and Morocco. Separately, a person familiar with NSO contracts said that NSO systems were sold to the governments of Azerbaijan, Bahrain, India, Mexico, Morocco, Saudi Arabia and the UAE.

A journalist consortium, led by the Paris-based not-for-profit Forbidden Stories, linked NSO to a leaked list of more than 50,000 mobile numbers from more than 50 countries that it said appeared to be proposed surveillance targets for the company's clients.

Who has been targeted?

The media alliance said the list contained the numbers of hundreds of journalists, media proprietors, government leaders, opposition politicians, political dissidents, academics and rights campaigners.

The list was first obtained by Amnesty International, a human rights watchdog, and Forbidden Stories, a group that focuses on free speech. They then shared the list with the journalists.

The consortium said the numbers on the list include those of the editor of The Financial Times, Ms Roula Khalaf; people close to slain Saudi dissident Jamal Khashoggi; a Mexican reporter who was gunned down on the street, Cecilio Pineda Birto; and journalists from CNN, The Associated Press, The Wall Street Journal, Bloomberg News and The New York Times.

The New York Times journalists whose numbers are said to be on the leaked list include Mr Azam Ahmed, a former Mexico City bureau chief who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself; and Mr Ben Hubbard, The New York Times' bureau chief in Beirut, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman.

Two of the targeted phones were owned by Mr Szabolcs Panyi and Mr Andras Szabo, investigative reporters in Hungary who regularly cover government corruption. Another belonged to Mr Khashoggi's fiancee, Ms Hatice Cengiz, whose phone was penetrated in the days after his murder.

Indian investigative news website The Wire reported that 300 mobile phone numbers used in India - including those of government ministers, opposition politicians, journalists, scientists and rights activists - were on the list.

The numbers included those of more than 40 Indian journalists from major publications such as the Hindustan Times, The Hindu and the Indian Express, as well as two founding editors of The Wire, it said.

The Washington Post reported that some of the phones suspected to be infected were in Singapore. However, this does not mean that a country's government is a client.

More on this topic

What are the implications?

Activists say that without access to surveillance-free communications, journalists will no longer be able to contact sources without fear of exposing them to government retaliation. And rights campaigners will be unable to freely communicate with victims of state-led abuses.

"The sort of surveillance being reported is an appalling violation of press freedoms and we strongly condemn it," said a Bloomberg News spokesperson.

"Stop what you're doing and read this," tweeted Edward Snowden, the whistle-blower who leaked large numbers of classified information from the National Security Agency in 2013. "This leak is going to be the story of the year."

Join ST's Telegram channel and get the latest breaking news delivered to you.