This is the web version of our subscriber-only Weekly Wrap-Up newsletter, which uses relevant WPR coverage to provide background and context to the week’s top stories. Subscribe to receive it by email every Saturday. If you’re already a subscriber, adjust your newsletter settings to receive it directly to your email inbox.
Explosive revelations this week from the Pegasus Project detailed the widespread use of the Pegasus surveillance software program by repressive governments and three democracies—Hungary, India and Mexico—to spy on their own citizen activists and journalists, but also on foreign journalists and even heads of government. The software, developed and sold by the Israeli cybersecurity company NSO Group, can reportedly gain access to targeted smartphones without the owner taking any action, like clicking on a malevolent link or downloading an infected app. Once inside, it provides the user with full access to the device’s microphone and camera for eavesdropping, as well as to incoming and outgoing calls and messages, even via encrypted apps.
The Pegasus Project’s accusations are based on a leaked list of over 50,000 phone numbers from over 50 countries; the media outlets and human rights organizations that participated in the investigation believe it is a master list of the phone numbers that NSO Group’s customers used the spyware to hack. The investigators were able to identify the owners of 1,000 of those phone numbers, many of whom checked out as profiles that would be of interest to their governments, whether due to their dissident activities or reporting. Only 67 phones were forensically examined; of them, 23 were found to be hacked and 14 showed signs of attempted targeting, often very closely after those phone numbers were entered into the master list. NSO Group disputes the investigation’s findings, as have most of the 10 governments identified in the report.