LONDON — Researchers say a notorious brand of Israeli surveillance software is being used further afield than previously known, with possible infections detected around the globe.
The internet watchdog Citizen Lab says it has used an internet survey technique to identify suspected spyware infections linked to the private Israeli company NSO Group in 45 countries, including the United States, Britain, France, India and Turkey.
“Our findings paint a bleak picture of the human rights risks of NSO’s global proliferation,” Citizen Lab said in its report.
Citizen Lab said the Pegasus software marketed by the company was being used by a number of countries “with dubious human rights records and histories of abusive behavior by state security services.”
“We have also found indications of possible political themes within targeting materials in several countries, casting doubt on whether the technology is being used as part of ‘legitimate’ criminal investigations,” Citizen Lab said.
NSO Group said Citizen Lab’s list of nations had several inaccuracies.
The company said in a statement Tuesday that its software was “specifically designed” to not operate in the United States, one of the countries where the researchers said they had found traces of the malware.
The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has rejected responsibility in cases where it was allegedly used for civil rights abuses.
But two new lawsuits being brought against the company have uncovered documents that assert the company and its affiliates have actively engaged in illegal activities for clients.
The lawsuits have been filed by a Qatari individual — who claims to have been targeted by the UAE — as well as by Mexican human rights activists who say the government spied on them using Pegasus. If indeed the NSO Group sold Pegasus to the UAE, the company would have had to receive the express permission of Israel’s Defense Ministry, as such software is considered a weapon.
One of the Mexican plaintiffs, childhood anti-obesity campaigner Alejandro Calvillo, drew global attention last year when he was revealed to have been targeted using the Israeli company’s spyware. The NSO Group’s programs have since been implicated in a massive espionage scandal in Panama. Earlier this year, respected human rights organization Amnesty International accused the company of having crafted the digital tools used to target one of its staffers.
Pegasus infects individuals by sending them text messages tempting them to click an attached link. In the case of the UAE, the NSO affiliate allegedly suggested texts with messages such as: “Ramadan is near — incredible discounts,” as well as “Keep your car tires from exploding in the heat.”
The company has defended itself by arguing that it “does not operate the software for its clients, it just develops it.”
Israeli companies have been criticized in the past for selling software to monitor internet and phone communication to regimes with poor human rights records, including in Uzbekistan and Kazakhstan, as well as Colombia, Trinidad and Tobago, Uganda, Panama and Mexico, according to the NGO Privacy International.