According to combined findings from Access Now and the Citizen Lab, almost thirty journalists, activists, human rights attorneys, and members of Jordan's civil society had their iPhones infiltrated by NSO Group's Pegasus spyware. Nine out of the 35 people have had their targeting confirmed in the public eye; these people's machines were hacked using the mercenary surveillance ware program. According to estimates, the infections happened from September 2023 and at least 2019 in the year 2023.
"In some cases, perpetrators posed as journalists, seeking an interview or a quote from victims, while embedding malicious links to Pegasus spyware amid and in between their messages. Many victims were reinfected with Pegasus spyware multiple times — demonstrating the relentless nature of this targeted surveillance campaign." Access Now stated.
The Israeli corporation has come under fire for not putting strong human rights safeguards in place before selling its cyber intelligence equipment to law enforcement and government clients for "preventing and investigating serious crimes and terrorism."
In its 2023 Transparency and Responsibility Report, NSO Group reported a "significant decrease" in product misuse reports between 2022 and 2023, citing their due diligence and review procedure as the reason for the decline.
"Cyber intelligence technology enables government intelligence and law enforcement agencies to carry out their basic duties to prevent violence and safeguard the public. Importantly, it allows them to counter the widespread deployment of end-to-end encryption applications by terrorists and criminals without engaging in mass surveillance or obtaining backdoor access to the devices of all users." the company said.
Additionally, it aimed to "dispel falsehoods" regarding Pegasus by claiming that it is not a tool for mass surveillance, that respectable, vetted intelligence and law enforcement agencies are licensed to use it, that it cannot take over a device, and that it cannot infiltrate computer networks or desktop or laptop operating systems.
"It is technologically impossible for Pegasus to add, alter, delete, or otherwise manipulate data on targeted mobile devices, or perform any other activities beyond viewing and/or extracting certain data," NSO Group noted.
Despite these guarantees, the company's promises are contradicted by the intrusive spyware attacks that target members of Jordan's civil society. According to Access Now, Pegasus was delivered by social engineering techniques on the victims' devices with zero-click and one-click assaults that leveraged Apple iOS exploits such as FORCEDENTRY, FINDMYPWN, PWNYOURHOME, and BLASTPASS to get past security measures.
To boost the campaign's chances of success, the attackers pretended to be journalists while spreading malicious links to victims over WhatsApp and SMS. According to the non-profit, turning on Lockdown Mode for the iPhones probably stopped some of the devices from getting re-infected with spyware. Additionally, it demanded that all governments around the globe, including Jordan's, stop using these instruments and put a stop to their sales until suitable alternatives are developed.
"Human rights advocates and journalists are the targets of surveillance technologies and cyber weapons which are intended to frighten and deter them from their work, enter their networks, and get information for use against other targets. Individuals' rights to privacy, freedom of expression, association, and peaceful assembly are all violated by the targeted surveillance of those individuals. Additionally, it has a chilling effect, making people stop their activism or journalistic endeavors out of self-censorship and fear of retaliation." stated Access Now.