Citizen Lab researcher Bill Marczak discovered women’s rights activist Loujain al-Hathloul’s phone had been hacked, unfolding several legal actions against the Israeli NSO Group.

Citizen Lab researchers were able to identify over a thousand web addresses used to deliver Pegasus spyware to the phones of targets in 45 countries. Pegasus, developed by Israel’s NSO Group, claims it is used against terrorists and criminals, but an analysis by Bill Marczak found evidence of Pegasus spyware on a phone belonging Jamal Khashoggi’s inner circle.

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

New York Times journalist and bureau chief, Ben Hubbard, discusses working with the Citizen Lab and discovering that he had been hacked several times by operators using NSO Group’s Pegasus spyware. 

Ron Deibert joins Al Jazeera to discuss the history of NSO Group’s Pegasus technology and why the expansive commercial spyware market deserves closer scrutiny and regulatory oversight. 

Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe, and is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments, enabling us to identify Circles deployments in at least 25 countries.

New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.

As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.

Given Novalpina Capital’s recent acquisition of NSO Group and the obvious human rights concerns raised by NSO Group’s business practices, Citizen Lab’s Ronald Deibert seeks a response from the South Yorkshire Pensions Authority regarding how its investment in Novalpina is consistent with the Authority’s Policy and what measures were taken by the Authority to inform and educate pension fund contributors and members regarding NSO Group.

A recently discovered security vulnerability on WhatsApp, currently used by over 1.5 billion people worldwide, has been found to have been exploited by NSO Group developed spyware.