Military-grade spyware reportedly found on phones of journalists, activists

Phones linked to murdered Saudi journalist Jamal Khashoggi were also attacked, an investigation finds.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Nicole Cozma/CNET

Military-grade spyware licensed by an Israeli firm was used in attempted and successful hacks of smartphones belonging to journalists and human rights activists, according to an investigation by The Washington Post and 16 media partners.

In all, 37 phones, including those belonging to two women close to murdered Saudi journalist Jamal Khashoggi, were attacked with spyware licensed by the Israeli firm NSO Group to governments for tracking terrorists and criminals, the investigation found. The phones were included on a list of more than 50,000 numbers concentrated in countries known to conduct surveillance on their citizens.

The list was shared with news organizations by Forbidden Stories, a Paris-based journalism nonprofit, and human rights group Amnesty International. The investigation, called the Pegasus Project, included a forensic analysis of the phones. The numbers on the list are unattributed, but investigators were able to identify more than 1,000 across more than 50 countries.

"The Pegasus Project lays bare how NSO's spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril," Agnès Callamard, secretary general of Amnesty International, said in a statement.

"While the company claims its spyware is only used for legitimate criminal and terror investigations, it's clear its technology facilitates systemic abuse," Callamard said.

Amnesty International analyzed 67 phones that were suspected targets,  23 of which were found to be infected and 14 showed evidence of attempted penetration, according to the investigation.

The list, which dates back to 2016, includes reporters working overseas for several leading news organizations, including a small number from CNN, the Associated Press, the Voice of America, The New York Times, The Wall Street Journal, Bloomberg News, Le Monde in France, the Financial Times in London and Al Jazeera in Qatar.

Heads of state and prime ministers were also reportedly on the list.

NSO Group said the Forbidden Stories report contained "false accusations" and "misleading accusations."

"The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources," an NSO Group spokesperson said in a statement. "It seems like the 'unidentified sources' have supplied information that has no factual basis and are far from reality."

NSO Group has been implicated by previous reports and lawsuits in other hacks, including a reported hack of Amazon founder Jeff Bezos in 2018. A Saudi dissident sued the company in 2018 for its alleged role in hacking a device belonging to journalist Khashoggi, who had been murdered inside the Saudi embassy in Turkey that year.

Journalists and activists from Mexico and Qatar have also sued the company for providing tools that hacked their devices. A Citizen Lab report from January said a New York Times journalist writing about a Saudi dissident received a link containing an NSO Group hacking tool on his phone in 2018.