Heads of state on NSO spyware potential target list include Macron, Khan
Among potential targets found on a list of 50,000 phone numbers leaked to Amnesty and nonprofit Forbidden Stories include Presidents Emmanuel Macron of France, Imran Khan of Pakistan, Cyril Ramaphosa of South Africa and Barham Salih of Iraq.
French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious Israeli spyware firm NSO Group.
“The unprecedented revelation ... should send a chill down the spine of world leaders," Amnesty International Secretary General Agnes Callamard said in a statement.
Potential targets found on a list of 50,000 phone numbers leaked to Amnesty and the Paris-based journalism nonprofit Forbidden Stories include Presidents Cyril Ramaphosa of South Africa and Barham Salih of Iraq.
King Mohammed VI of Morocco and three current prime ministers — Imran Khan of Pakistan, Mustafa Madbouly of Egypt and Saad Eddine El Othmani of Morocco — are also on the list, The Washington Post and Guardian reported.
READ MORE: Israeli company sold malware to spy on journalists, activists – report
The Post said none of the heads of state would offer their smartphones for forensic testing that might have detected whether they were infected by NSO's military-grade Pegasus spyware.
Thirty-seven phones identified in the investigation were either breached or shows signs of attempted infection, it reported.
The Post and 16 other members of a global media consortium were granted access to the leaked list. Another member, the French daily Le Monde, determined that 15 members of the French government may have been among potential targets with Macron in 2019.
Following first reports by consortium members on Sunday, the Paris prosecutor’s office said it was investigating the suspected widespread use of NSO's military-grade Pegasus spyware to target journalists, human rights activists and politicians in multiple countries.
READ MORE: Tech giants join legal battle against Israeli hacking firm NSO
NSO using US hosting services
Also Sunday, Amnesty released a forensic analysis of the alleged targeting that showed Amazon Web Services was hosting NSO infrastructure.
In response, Amazon said it shut down NSO accounts that were “confirmed to be supporting the reported hacking activity.” Amazon said the accounts had violated its terms of use.
Another US company identified by Amnesty as hosting NSO servers was DigitalOcean.
When contacted by The Associated Press, DigitalOcean neither confirmed nor denied whether it had identified or cut off such servers.
"All of the infrastructure outlined in the Amnesty report is no longer on DigitalOcean," it said on Tuesday, without elaborating, in an emailed statement.
The consortium's findings significantly widen the scope of alleged abuses in which NSO Group has been implicated since 2016.
Those include the surveillance of friends and relatives of journalist Jamal Khashoggi, who was killed inside the Saudi consulate in Istanbul in 2018 — and highlight what critics call the urgent need to regulate global sales of commercial hacking tools.
NSO denies targeting Macron
Le Monde said the phone numbers for Macron and the then-government members were among thousands allegedly selected by NSO clients for potential surveillance.
In this case, the client was an unidentified Moroccan security service, according to Le Monde.
Consortium members said they were able to link more than 1,000 numbers in 50 countries on the list with individuals, including more than 600 politicians and government officials and 189 journalists. The largest share were in Mexico and the Middle East, where Saudi Arabia is reported to be among NSO clients.
Also on the list were phone numbers in Azerbaijan, Kazakhstan, Pakistan, Morocco and Rwanda, as well as ones for several Arab royal family members, the consortium reported.
An official in Macron's office said authorities would investigate Le Monde's report, and if the targeting is proven, it would be “extremely grave.”
Le Monde quoted NSO as saying the French president was never targeted by its clients.
NSO Group has denied that it ever maintained “a list of potential, past or existing targets.”
It called the Forbidden Stories report “full of wrong assumptions and uncorroborated theories.”
The source of the leak — and how it was authenticated — has not been disclosed.
While a phone number’s presence in the data does not mean an attempt was made to hack a device, the consortium said it was confident the data indicated potential targets of NSO’s government clients.
The Paris prosecutor’s office said in a statement Tuesday that it opened an investigation into a raft of potential charges, including violation of privacy, illegal use of data and illegally selling spyware.
As is common under French law, the investigation doesn’t name a suspected perpetrator but is aimed at determining who might eventually be sent to trial. It was prompted by a legal complaint by two journalists and French investigative website Mediapart.
Multiple lawsuits by alleged victims have been filed against NSO Group including by Facebook over the Israeli firm's alleged hacking of its WhatsApp application.
READ MORE: How NSO spyware became a favourite espionage tool for autocratic regimes