The phone of a prominent British human rights lawyer and close associate of Princess Latifa of Dubai was infected by NSO's Pegasus software, an Amnesty International forensic analysis revealed on Monday, in what was the first confirmed targeting of a U.K. number by the Israeli-made spyware.
Amnesty International has been working together with a global consortium of media outlets – including the Washington Post and The Guardian – to physically examine mobile phone devices for traces of the spyware developed by the Israeli cyberespionage firm NSO Group.
The forensic effort was based on a leak of more than 50,000 records of phone numbers that NSO clients selected for surveillance. According to an analysis of these records by Amnesty and by the consortium, made public two weeks ago, more than 180 journalists were selected in 21 countries by at least 12 NSO clients. These government clients span the entire world, from Hungary and Azerbaijan in Europe to Togo and Rwanda in Africa.
The leaked list was initially described as a "wish list" of potential targets of NSO's various clients – state intelligence services across the world – and the firm has denied any connection to it. But since the story broke, 45 devices associated with numbers on the list were confirmed to have been either successfully compromised by Pegasus or targeted by it, further lending credence to the international investigation that NSO has sought to discredit.
According to the Washington Post, David Haigh, a human rights lawyer, LGBTQ activist and vocal critic of the United Arab Emirates offered his device of his own volition to Amnesty International, believing it had been hacked. Though his phone did not appear on the leaked list of phone numbers, a forensic analysis revealed that the device was indeed compromised by the Pegasus software.
Haigh, who had been jailed in the United Arab Emirates in the past, is famous for representing Princess Latifa, a daughter of the ruler of Dubai. Project Pegasus and the Washington Post revealed two weeks ago that NSO technology may have been used for the princess' recapture by Dubai authorities after her escape from the kingdom.
- Where Bibi Went, NSO Followed: How Israel Pushed Cyberweapon Sales
- Gantz in Paris to Discuss Spyware Scandal as Israeli Officials Inspect NSO Offices
- As NSO Scandal Proves, Israel’s Red Line Is the ‘White’ Man
The infection of Haigh's phone marked the first positive identification of a successful Pegasus attack on a U.K. phone number, the Washington Post and the Guardian reported. Furthermore, a source familiar with NSO operations told the Post that the firm blocked phone numbers with the U.K. country code (+44) from being targeted by its software about six months ago. NSO has long said that certain country codes – for example, the U.S.'s +1 – cannot be hacked by their software. It had made no similar announcement regarding Britain.
Read more >> The Israeli cyber weapon used against 180 journalists ■ Khashoggi’s fiancee, son targeted by NSO tech, investigation reveals ■ How NSO's Pegasus is used to spy on journalists ■ Analysis: How Israeli spy-tech became dictators' weapon of choice ■ India’s Gandhi and Pakistan’s Khan tapped as targets in Israeli NSO spyware scandal ■ Israel's cyber-spy industry helps dictators hunt dissidents and gays ■ Amnesty ‘stands by findings,’ rejects NSO's claims ■ Israel's NSO and Pegasus Are a Danger to Democracy Around the World
According to the Post, four additional phones were confirmed to have been infected or showed signs of the Pegasus spyware. Among them was another U.K. number which the paper said belonged to a Muslim activist; the others belonged to a journalist in Hungary, a legal official in India and Turkish journalist Ragip Soylu from the Middle East Eye, whose phones were targeted a number of times.
The Project Pegasus revelations sparked widespread criticism against Israel around the world – specifically in France, which has since confirmed that journalists and even possibly the phone of President Emmanuel Macron were actually targeted, leading to an urgent visit in France by Israeli defense minister, Benny Gantz.
France has demanded Israel to require NSO to add phone numbers with the French country code (+33) to the list of numbers blocked from being targeted by its software, L'Opinion reported Monday evening. NSO has repeatedly said that Pegasus cannot target American numbers, and the French report noted that similar limits apply to British numbers, and may also be in force regarding China and Russia.
According to French media, at least three journalists were targeted by the Israeli software: a reporter and a senior editor at the investigative outlet Mediapart and a reporter at France 24.
NSO hasn't responded to requests for comments in a week. At the beginning of last week, the firm said the leaked list was part of an “international conspiracy.”
“The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the ‘unidentified sources’ have supplied information that has no factual basis and is far from reality,” the company said in the statement.
“The numbers in the list are not related to NSO Group, and they never were – stating that they are is fabricated information. It is not a list of targets or potential targets of NSO's customers, and your repeated reliance on this list and association of the people on this list as potential surveillance targets is false and misleading."