The United Nations’ human rights chief voiced alarm Monday over the reported use of military-grade malware from Israel-based NSO Group to spy on journalists, human rights activists and political dissidents.
U.N. High Commissioner for Human Rights Michelle Bachelet’s comments came after an investigation by a global media consortium based on leaked targeting data provided further evidence of the malware’s use.
“Revelations regarding the apparent widespread use of the Pegasus software to spy on journalists, human rights defenders, politicians and others in a variety of countries are extremely alarming, and seem to confirm some of the worst fears about the potential misuse of surveillance technology to illegally undermine people’s human rights,” Bachelet said in a statement released in Geneva.
Given that that software and others “enable extremely deep intrusions into people’s devices, resulting in insights into all aspects of their lives, their use can only ever be justified in the context of investigations into serious crimes and grave security threats,” she said.
“If the recent allegations about the use of Pegasus are even partly true, then that red line has been crossed again and again with total impunity.”
From a list of more than 50,000 cellphone numbers obtained by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International and shared with 16 news organizations, journalists were able to identify more than 1,000 individuals in 50 countries who were allegedly selected by NSO clients for potential surveillance.
They include 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists and several heads of state, according to The Washington Post, a consortium member. The journalists work for organizations including The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.
Amnesty also reported that its forensic researchers had determined that NSO Group’s flagship Pegasus spyware was successfully installed on the phone of Post journalist Jamal Khashoggi’s fiancee, Hatice Cengiz, just four days after he was killed in the Saudi Consulate in Istanbul in 2018. The company had previously been implicated in other spying on Khashoggi.
NSO Group denied that it ever maintained “a list of potential, past or existing targets.” It called the Forbidden Stories report “full of wrong assumptions and uncorroborated theories.”
Bachelet said that “companies involved in the development and distribution of surveillance technologies are responsible for avoiding harm to human rights” and that governments have a duty to protect people from abuses of their right to privacy by companies. She called for better regulation of the sale, transfer and use of surveillance technology.
Related: Pegasus Scandal Shows Risk of Israel’s Spy-tech Diplomacy: Experts
Related: EXPLAINER: Target List of Israeli Hack-for-Hire Firm Widens
