More than 50,000 smartphone numbers appear on a list of phones concentrated in countries known to monitor their citizens and also known to have been customers of the NSO Group, the investigation revealed.
The leaked database of numbers was accessed by Forbidden Stories and Amnesty International, a Paris-based non-profit organization, and shared with various news organizations as part of a collaborative investigation called ‘Pegasus project‘.
The Amnesty Security Laboratory examined 67 smartphones where attacks were suspected. Of these, 23 were successfully infected and 14 showed signs of attempted penetration.
For the remaining 30, the tests were inconclusive, in several cases because the phones had been replaced.
The list includes more than 300 verified Indian mobile phone numbers
According to The Wire, which was part of the investigations, the list includes more than 300 verified Indian mobile phone numbers, including those used by ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, activists from rights and others.
Forensic testing conducted as part of this project on a small representative sample of phones associated with these numbers revealed clear signs of guidance from Pegasus spyware on 37 phones, of which 10 are Indian.
The numbers of those in the database include more than 40 journalists, three important opposition figures, a constitutional authority, two serving ministers in the Narendra Modi government, current and former heads and officials of security organizations, and dozens of entrepreneurs, The Wire report said.
‘Attempt to smear Indian democracy and its institutions’
The Center, in its reaction to the report, said that the allegations about government surveillance of specific individuals have no concrete basis or associated truth at all.
Similar claims have been made in the past regarding the use of Pegasus in WhatsApp by the Indian state. Those reports also had no factual basis and were categorically denied by all parties, including WhatsApp in the Supreme Court of India.
This report, therefore, also appears to be a similar fishing expedition, based on conjecture and exaggeration to smear Indian democracy and its institutions, the government said in its response.
‘Reporters identify more than 1,000 people in more than 50 countries’
Numbers on the list are not attributed, but reporters were able to identify more than 1,000 people in more than 50 countries through research and interviews on four continents.
On the list are several members of the Arab royal family, at least 65 business executives, 85 human rights activists, 189 journalists and more than 600 politicians and government officials, including cabinet ministers, diplomats, and military and security officials. The numbers of various heads of state and prime ministers also appeared on the list.
The media consortium analyzed the list through interviews and forensic analysis of the phones, and compared the details with previously reported information on NSO. The Amnesty Security Laboratory examined 67 smartphones where attacks were suspected. Of these, 23 were successfully infected and 14 showed signs of attempted penetration.
NSO Group Response
In response to detailed questions from media organizations, NSO said in a statement that it did not operate the spyware it licensed to customers and that it did not have regular access to the data they collected.
The NSO called the investigation’s findings exaggerated and unsubstantiated. It also said that it does not operate licensed spyware for its clients and “has no knowledge” of its specific intelligence activities.
NSO describes its clients as 60 intelligence, military and law enforcement agencies in 40 countries, though it will not confirm the identities of any of them, citing the client’s confidentiality obligations.