“The list of 50,000 phone numbers has nothing to do with us,” the founder and CEO of the cyberespionage firm NSO Group told an Israeli financial daily on Wednesday. The comments by NSO’s Shalev Hulio came after a week that saw the publication of a massive international investigation called Project Pegasus.
The project, led by an organization called Forbidden Stories together with Amnesty International and a consortium of newspapers and journalists across the world, was based on leaked data and revealed a long list of high-profile individuals that were selected as potential targets for the firm’s Pegasus spyware by its clients.
The aforementioned quote by Hulio is part of NSO’s wider response to the publication of the investigation over the past week. NSO made similar comments in recent days, writing in response to reports that the leaked database of phone numbers had nothing to do with them. The database, NSO said, was tantamount to “randomly picking numbers from the phonebook to compile a list of 50,000 numbers that were selected arbitrarily and writing baseless headlines based on it.”
Hulio made the comment to the Israeli daily Calcalist that ran the story under a headline that claimed that Amnesty International, which was in charge of conducting forensic analysis for the project, denied the numbers were linked directly to NSO, seemingly rolling back previous statements.
However, an official English translation of the Amnesty International statement, made by their local Israeli representatives, denies NSO’s claim and actually doubles down on its support for the Project Pegasus investigation.
Read more >> The Israeli cyber weapon used against 180 journalists ■ Khashoggi’s fiancee, son targeted by NSO tech, investigation reveals ■ How NSO's Pegasus is used to spy on journalists ■ Analysis: How Israeli spy-tech became dictators' weapon of choice ■ India’s Gandhi and Pakistan’s Khan tapped as targets in Israeli NSO spyware scandal ■ Israel's cyber-spy industry helps dictators hunt dissidents and gays
"Amnesty International categorically stands by the findings of the Pegasus Project, and that the data is irrefutably linked to potential targets of NSO Group’s Pegasus spyware,” they said in the English statement published Thursday.
“The false rumours being pushed on social media are intended to distract from the widespread unlawful targeting of journalists, activists and others that the Pegasus Project has revealed," they said in response to the reports from Wednesday.
Indeed, NSO’s response can be seen as a form of spin in their attempt to do damage control at the end of what was undoubtedly a bad week for the firm, which is hoping to go public later this year.
In their full Hebrew statement from Wednesday, which was not published in English and was translated from the original Hebrew by Haaretz for this report, said: “NSO is focusing its responses to Project Pegasus on claims that were never actually made against it. This is part of an attempt to divert attention and shift anger from them in wake of the international investigation into them that reveals misuse of the spyware it created.”
- Where Netanyahu went, NSO followed: How Israel pushed cyberweapon sales
- France’s Macron tapped as potential target for NSO spyware, investigation reveals
- Pegasus Project: Israel will review defense export regulation after NSO allegations, lawmaker says
Regarding the list, Amnesty said in Hebrew on Wednesday that: “This is a list of numbers that were selected as being of interest to NSO’s clients, which are different nations from around the world. The list shows what interests the firm’s clients, who want to spy on journalists, human rights activists, political opponents, lawyers and more. These are not just suspected pedophiles, serious criminals and terrorists,” they said.
Amnesty also blasted Israel for its wider offensive cyber industry, writing that NSO is only "the tip of the iceberg."
It is important to note that the list the investigation (which Haaretz also took part in) was based on was not a database of people who were necessarily targeted or even infected by the spyware, but rather a wishlist of sorts of potential targets.
Two facts are worth noting in this regards: Of the mobile devices that were examined in the investigation’s forensic analyses - the actual iPhones used by potential victims during the time their number was selected as a potential target - a solid majority had signs of the Pegasus software. This does not mean they were actually infected, but can indicate that at least those numbers were actually targeted, even if unsuccessful.
Secondly, the timestamps noted in the database, which NSO claims has nothing to do with them, do also coincide with the time the phones examined were actually targeted. At times, it is a matter of a few seconds from the time a number was added to the database and the time the actual phone examined was targeted.
‘Enough is enough’
Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International had access to a leak of more than 50,000 records of phone numbers that NSO clients selected for possible surveillance. The leak was shared with Haaretz and 16 other news organizations worldwide that have worked collaboratively to conduct further analysis and reporting over the past months. Forbidden Stories oversaw the investigation – the Pegasus Project - and Amnesty International provided forensic analyses and technical support.
According to an analysis of these records, more than 180 journalists were selected in 21 countries by at least 12 NSO clients. The potential targets and clients hail from Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.
On it’s official website, NSO published a harshly worded response to the Pegasus Project investigation on Wednesday. Titled “Enough is enough,” the firm said: “In light of the recent planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”
Reiterating it’s position on the database and leak, they said: “The list is not a list of targets or potential targets of Pegasus.
“The numbers in the list are not related to NSO group.
“Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false.”
Vowing to investigate, NSO also said that, “TheNSO is a technology company. We do not operate the system, nor do we have access to the data of our customers, yet they are obligated to provide us with such information under investigations.”
“NSO will thoroughly investigate any credible proof of misuse of its technologies, as we always had, and will shut down the system where necessary.
“NSO will continue its mission of saving lives, helping governments around the world prevent terror attacks, break up pedophilia, sex, and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones.”