Human rights activists, journalists, lawyers, and other people of interest around the world have been targeted with malicious phone malware sold to authoritarian governments by an Israeli surveillance firm, media reports say.
A list of some 50,000 phone numbers of people believed to be of interest to clients of the company, NSO Group, has been leaked to major news outlets, the BBC reports.
It is not yet clear where the list came from or how many phones have the malware installed.
NSO denies any wrongdoing, saying that the software’s intended use was against criminals and terrorists, and that it was made only available to law enforcement and intelligence agencies from countries with good human rights records.
It said the original investigation which led to the reports, by Paris-based NGO Forbidden Stories and the human rights group Amnesty International, was "full of wrong assumptions and uncorroborated theories,” adding that it would "continue to investigate all credible claims of misuse and take appropriate action.”
The allegations about the use of the software, known as Pegasus, were released Sunday by the The Pegasus Project, a collaboration of news outlets including the Washington Post, the Guardian, Le Monde, and 14 other media organizations around the world.
The software infected iPhones and Android devices, allowing operators to extract emails, messages, photos, record phone calls, harvest GPS data, and even activate microphones and cameras without the victim knowing.
Media outlets said they had identified over 1,000 people in over 50 countries whose numbers were on the list, which includes politicians, heads of state, activists, business executives, and several Arab royal family members. On the list were over 180 journalists, some of whom work at organizations such as CNN, the New York Times, and Al Jazeera.
When contacted by outlets, spokespeople for countries named in the report denied that they were clients of NSO or that they had abused their power of surveillance.