Investigation reveals Pegasus spyware used to track over 50,000 people

An investigation found that Pegasus spyware, used to track and kill journalist Jamal Kashoggi, has been revealed to be active across the globe – with atleast 50,000 people on the list

In 2019, the Pegasus spyware was found to be responsible for the murder of journalist, Jamal Kashoggi.

Two years ago, the NSO Groups’ cybersurveillance tool was found to be targeting atleast 24 human rights defenders in Mexico, journalists and parliamentarians in Mexico; an Amnesty employee; Saudi activists Omar Abdulaziz, Yahya Assiri, Ghanem Al-Masarir, and award-winning Emirati human rights campaigner Ahmed Mansoor – who is currently locked up in the UAE. 

Now, that number has increased from less than a hundred people to 50,000. According to a joint investigation by Forbidden Stories, Amnesty International, and the Pegasus project, the spyware is still being used across the globe.

The NSO website says that products are “used exclusively by government intelligence and law enforcement agencies” in the attempt to “fight crime and terror.”

However, the Israel-based group have been selling their Pegasus spyware to various Governments – who use it to track and target journalists, activists, politicians, and their families.

Mexico, UAE and Morocco are top Pegasus users

The NSO client with the most tracked phone numbers was Mexico, at well over 15,000 in their database. It is unclear which numbers have been infected with the spyware and which are about to be – but this raises questions about how such powerful technology can be regulated when it is already, legally, in the hands of the Government.

Analysis by the Pegasus project suggests that Morocco and the UAE selected 10,000 numbers each, suggesting an imminent crack-down on perceived dissent in each country.

‘Ludicrous falsehood’ that spyware is only used on terrorists

While attacks in 2019 required the phone-owner to click a malicious link sent via WhatsApp, new updates to NSO tech mean that there is no need to click anything for a phone to be taken over.

Once a persons’ phone has been infiltrated, the Pegasus operator can then access all existing data – including activating the camera, recording calls, and accessing all contacts.

“NSO claims its spyware is undetectable and only used for legitimate criminal investigations. We have now provided irrefutable evidence of this ludicrous falsehood,” said Etienne Maynier, a technologist at Amnesty International’s Security Lab.