Human rights activists, journalists and lawyers have been targeted by spyware sold to authoritarian governments by the Israeli technology firm NSO Group, according to media reports.
An investigation into a data leak by human rights group Amnesty International and NGO Forbidden Stories revealed a list of more than 50,000 phone numbers that may have been hacked since 2016. They are believed to be people of interest to clients of NSO.
The probe suggests widespread and continuing abuse of NSO’s software Pegasus, which enables the remote surveillance of smartphones.
Pegasus allows operators to secretly extract data including messages, emails and photos, activate microphones and record calls. Forensic analyses on some of the mobile phones included on the list have indicated traces of the malware.
NSO denies any wrongdoing. The Tel Aviv-based surveillance company has said its software is intended to be used against criminals and terrorists by government agencies from countries with good human rights records.
On Sunday, 17 media organisations including The Guardian and Washington Post reported on the leaked records as part of the Pegasus project, an international collaborative investigation.
The list is said to include 180 journalists around the world, as well as heads of state and business executives, who are under possible surveillance.
The origin of the list and scale of actively targeted phone numbers remains unknown. The reports show the extent of potential cyber-surveillance in a context in which the market for invasive spy tools remains unregulated.