New ‘digital violence’ platform identifies dozens of victims of NSO Group spyware
For the first time, the researchers mapped all known targets, including journalists, activists and human rights defenders, whose phones were hacked by Pegasus, spyware developed by NSO Group.
Forensic Architecture, an academic unit of Goldsmiths, University of London which investigation of human rights violations, went through dozens of reports from human rights groups, performed open source research and interviewed dozens of victims themselves to reveal more than a thousand data points, including infections of devices, which show the relationships and patterns between digital surveillance performed by NSO’s government clients, and the real-world bullying, harassment and violence to which victims are also subjected.
By mapping these data points on a tailor-made platform, researchers can show how nation states, which use Pegasus to spy on their victims, also often target other victims in their networks and are embroiled in assaults, arrests and disinformation campaigns against the targets but also their families. , friends and colleagues.
While the 1,000+ data points show only a portion of overall government use of Pegasus, the project aims to provide researchers and investigators with the tools and data from NSO activities around the world, which the spyware maker strives to keep it out of the public eye.
Pegasus “activates your camera, your microphone, whatever is integral to your life.” Mexican journalist Carmen Aristegui
Israeli group NSO is developing Pegasus, spyware that allows its government clients to gain almost unimpeded access to a victim’s device, including their personal data and location. NSO has repeatedly refused to name its clients, but is said to have government contracts in at least 45 countries, including Rwanda, Israel, Bahrain, Saudi Arabia, Mexico and the United Arab Emirates – all of which have been accused of violations human rights – as well as Western nations, like Spain.
Forensic Architecture researcher Shourideh Molavi said the new findings reveal “how the digital realm in which we live has become the new frontier for human rights violations, a site for surveillance and monitoring. state intimidation that allows physical violations in real space “.
The platform presents visual timelines of how victims are targeted by both spyware and physical violence as part of government campaigns to target their most vocal critics.
Omar Abdulaziz, a Saudi video blogger and activist living in exile in Montreal, saw his phone hacked in 2018 by the Pegasus malware. Shortly after Saudi emissaries tried to convince Abdulaziz to return to the kingdom, his phone was hacked. A few weeks later, two of his brothers in Saudi Arabia were arrested and his friends detained.
Abdulaziz, a confidant of Washington Post journalist Jamal Khashoggi whose murder has been approved by the Saudis de facto Crown Prince Mohammed bin Salman, also had information on his Twitter account obtained by a “state sponsored” actor, who later turned out to be a Saudi spy employed by Twitter. It was this stolen data, which included Abdulaziz’s phone number, that helped the Saudis break into his phone and read his messages with Khashoggi in real time, Yahoo News reported this week.
Omar Abdulaziz is one of dozens of known victims of digital surveillance by a nation-state. Blue dots represent digital intrusions and red dots indicate physical events, such as harassment or violence. (Image: Forensic Architecture / provided)
Another known victim is Mexican journalist Carmen Aristegui, whose phone was repeatedly hacked in 2015 and 2016 by a government client of Pegasus, presumably in Mexico. The Citizen Lab at the University of Toronto discovered that his son, Emilio, a miner at the time, had his phone targeted while living in the United States. The timeline of the digital intrusions against Aristegui, his son and his colleagues shows that hacking efforts intensified following the exposure of corruption by then Mexican President Enrique Peña Nieto.
“It’s malware that activates your camera, your microphone, whatever is an integral part of your life,” said Aristegui in an interview with journalist and filmmaker Laura Poitras, who contributed to the project. Speaking of his son whose phone was targeted, Aristegui said: “Knowing that a child who just goes about his life and goes to school tells us about the types of abuse a state can exert without a counterbalance. ” (NSO has repeatedly claimed that it does not target phones in the United States, but offers similar technology to Pegasus, dubbed Phantom, through its U.S. subsidiary Westbridge Technologies.)
“Phenomenal damage is done to journalistic accountability when the state – or whoever – uses these systems of ‘digital violence’,” Aristegui said. “It ends up being a very damaging element for journalists, which affects a society’s right to keep informed.”
The timeline also shows the digital targeting (in blue) of Carmen Aristegui, her family and colleagues, embroiled in office break-ins, bullying and disinformation campaigns (in red). (Image: Forensic Architecture / provided)
The platform also builds on recent findings from an Amnesty International investigation into the corporate structure of the NSO Group, which shows how NSO spyware has proliferated in states and governments using a complex network of companies to hide its customers and activities. Forensic Architecture’s platform has been following the trail of private investment since NSO’s founding in 2015, which “likely enabled” the sale of spyware to governments that NSO would not normally have access to due to restrictions on spyware. Israeli export.
“NSO Group’s Pegasus spyware should be viewed and treated as a developed weapon, like other products of Israel’s military-industrial complex, in the context of the ongoing Israeli occupation. It is disheartening to see it exported to allow human rights violations around the world. Said Eyal Weizman, director of Forensic Architecture.
The platform was launched shortly after NSO this week released its first so-called transparency report, which human rights defenders and security researchers called lacking in any meaningful detail. Amnesty International said the report read “more like a sales brochure”.
In a statement, NSO Group said it could not comment on research it had not seen, but claimed it “is investigating all credible allegations of abuse and that NSO is taking appropriate action by depending on the results of its investigations “.
NSO Group argued that its technology “cannot be used for cyber surveillance in the United States, and no customer has ever received technology that would allow them to access phones with US numbers,” and refused to name one of its government clients.
You can securely tip via Signal and WhatsApp at +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.