iPhones belonging to nearly three dozen journalists, activists, human rights lawyers and civil society members in Jordan were targeted by NSO Group’s Pegasus spyware, according to joint findings from Access Now and Citizen Lab.
Nine of the 35 people were publicly confirmed as being targeted, whose devices had been compromised with the mercenary surveillance tool. The infections are estimated to have occurred from at least 2019 through September 2023.
“In some cases, offenders posed as journalists, seeking an interview or quote from victims, embedding malicious links to Pegasus spyware in and between their messages,” Access Now said.
“A number of victims were re-infected with Pegasus spyware multiple times, demonstrating the relentless nature of this targeted surveillance campaign.”
The Israeli company has been under the radar for failing to implement rigorous human rights protections before selling its cyber intelligence technology to government and law enforcement clients to “prevent and investigate terrorism and serious crimes.”
NSO Group, in its 2023 Transparency and Accountability Report, touted a “significant decrease” in reports of product misuse during 2022 and 2023, attributing the decline to its due diligence and review process.
“Cyber intelligence technology enables government intelligence and law enforcement agencies to carry out their critical tasks to prevent violence and safeguard the public,” the company noted.
“Importantly, it allows them to thwart the widespread deployment of end-to-end encryption applications by terrorists and criminals without engaging in mass surveillance or gaining backdoor access to all users’ devices.”
He also sought to “dispel falsehoods” about Pegasus, saying it is not a mass surveillance tool, that it is licensed to legitimate, vetted intelligence and law enforcement agencies, and that it cannot take control of a device or penetrate computer networks, desktops or laptops. operating systems.
“It is technologically impossible for Pegasus to add to, alter, delete, or otherwise manipulate data on targeted mobile devices, or perform any other activity beyond viewing and/or extracting certain data,” NSO Group said.
Despite these assurances, invasive spyware attacks against members of Jordanian civil society underline the ongoing pattern of abuse that runs counter to the company’s claims.
Access Now said that victims’ devices were infiltrated with both zero-click and one-click attacks using Apple iOS exploits such as FORCEDENTRY, FINDMYPWN, PWNYOURHOME, and BLASTPASS to breach security barriers and deliver Pegasus via social engineering attacks.
The attacks were characterized by the propagation of malicious links to victims via WhatsApp and SMS, with the attackers posing as journalists to increase the campaign’s chances of success.
The nonprofit also said that enabling Lock Mode on iPhones likely prevented some devices from being re-infected with spyware. It also called on world governments, including that of Jordan, to suspend the use of such tools and impose a moratorium on their sale until appropriate countermeasures are taken.
“Surveillance technologies and cyber weapons such as NSO Group’s Pegasus spyware are used to target human rights defenders and journalists, to intimidate and dissuade them from their work, to infiltrate their networks, and to gather information for use against others goals,” Access Now said.
“Targeted surveillance of individuals violates their rights to privacy, freedom of expression, association and peaceful assembly. It also creates a chilling effect, forcing individuals to self-censor and cease their activism or journalistic work, for fear of retaliation” .