Australia & World

Guardian Jointly Wins EU Award for Pegasus Spyware Exposure | Survey Journalism

The European Parliament has jointly awarded major journalism awards to a consortium of 17 media, including the Guardian. Pegasus spyware scandal revelation.

In a series of summer stories, Israeli surveillance firm NSO Group’s global clients talk to key politicians, including human rights activists, journalists, lawyers, and French President Emmanuel Macron. Phone hacking software..

A group of 17 media organizations, led by the Paris-based non-profit journalism group Forbidden Stories, featured the inauguration. Daphne Kahlua Anagalitzia € 20,000 (£ 17,000) for journalism, advised by independent judges of media and civil society members from 27 EU member states and representatives of major European journalism associations.

Karana Galicia was one of Malta’s most prominent and stubborn research journalists.she was Assassinated by a car bomb Near her house on October 16, 2017.

David Sassoli, President of the European Parliament, said:Recent examples such as Pandora PapersDemonstrated the unique power of bold and determined journalism, especially when implemented in the context of an international consortium.

“By creating transparency, investigative journalism allows voters to make informed decisions. The protection and support of journalists is in the grave interest of a democratic society.”

A study of the Pegasus Project, technically assisted by Amnesty International, found that the phone numbers of individuals in 50 countries appear in a database that appears to contain potential monitoring targets.

Quick guide

What is included in the Pegasus Project data?

show

What is included in the data breach?

Data Leakage is a list of over 50,000 phone numbers believed to have been selected as the phone numbers of interested people by NSO Group government clients selling surveillance software since 2016. The data also includes the date and time the number was selected or entered into the system. Forbidden Stories and Amnesty International, Paris-based non-profit journalism organizations, initially accessed the list and shared access with 16 media organizations, including the Guardian. Over 80 journalists have worked together for several months as part of the Pegasus Project. The project’s technical partner, Amnesty International’s Security Lab, conducted a forensic analysis.

What does the leak indicate?

The consortium believes that the data represent potential targets for NSO government clients identified prior to possible monitoring. The data is intent, but even if the data contains numbers, you can tell if you tried to infect the phone with spyware such as the company’s signature monitoring tool Pegasus, or if the attempt was successful. not. The presence of very few landline and US number data, which NSOs say is “technically impossible” to access with tools, has some targets, even if they couldn’t infect Pegasus. Indicates that it was selected by the NSO client. However, a forensic study of a small sample of mobile phones with numbers on the list found a close correlation between the date and time of the numbers in the data and the start of Pegasus activity. In some cases it takes only a few seconds.

What did the forensic analysis reveal?

Amnesty investigated 67 smartphones suspected of being attacked. Of these, 23 were successfully infected and 14 showed signs of an attempted invasion. For the remaining 30, the test was not definitive in some cases due to the replacement of mobile phones. The 15 phones were Android devices, but none showed evidence of a successful infection. However, unlike the iPhone, phones using Android do not log the kind of information needed for Amnesty International’s detective work. Three Android smartphones showed signs of targeting, such as SMS messages linked to Pegasus.

Amnesty shared a “backup copy” of the four iPhones with Citizen Lab, a research group specializing in Pegasus research at the University of Toronto, and confirmed that it showed signs of Pegasus infection. Citizen Lab also conducted a peer review of Amnesty International’s forensic methods and found them to be healthy.

Which NSO client was selecting the number?

The data is organized into clusters and shows individual NSO clients, but not the NSO client responsible for selecting a particular number. The NSO claims to sell the tools to 60 clients in 40 countries, but refuses to identify them. By scrutinizing the patterns of targeting of leaked data by individual clients, media partners were able to identify 10 governments that appear to be responsible for target selection: Azerbaijan, Bahrain, Kazakhstan. , Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and United Arab Emirates. Citizen Lab also found evidence that all 10 were NSO clients.

What does NSO Group say?

NSO Group Complete statement here.. The company has always said that it doesn’t have access to the customer’s target data. Through a lawyer, the NSO said the consortium had made “wrong assumptions” about which clients were using the company’s technology. He said the number of 50,000 was “exaggerated” and the list could not be a list of numbers “targeted by the government using Pegasus.” Lawyers said the list accessed by the consortium was “not a list of numbers targeted by governments using Pegasus, but part of a larger list of numbers that NSO Group customers may have used for others. It’s possible, “he said, with a reason for the NSO to believe. Purpose”. They said it was a list of numbers that anyone could search on an open source system. After asking further questions, the consortium “is based on a misleading interpretation of leaked data from accessible and obvious basic information such as the HLR lookup service, which has nothing to do with the list of targets for Pegasus and other customers.” Said the lawyer. NSO Products … No correlation has yet been found between these lists and those related to the use of NSO Group technology. After publication, they explained that they considered the “target” to be the phone that was the target of a successful or attempted (but unsuccessful) infection by Pegasus, and the list of 50,000 phones was too large to represent the “target.” I repeated what I couldn’t do. “For Pegasus. They said the fact that the numbers appeared in the list did not indicate whether it was selected for surveillance using Pegasus.

What is HLR lookup data?

The term HLR, or home location register, refers to a database that is essential to the operation of a mobile network. Such registers keep records in the telephone user’s network and its common locations, along with other identifying information routinely used for calling and text routing. Telecommunications and surveillance experts say that HLR data may be available in the early stages of surveillance attempts when determining whether a phone can be connected. The consortium understands that NSO clients have the ability to perform HLR lookup queries through the interface of the Pegasus system. It is unclear if the Pegasus operator needs to perform an HRL lookup query through the interface in order to use the software. NSO sources emphasized that the reason clients perform HLR lookups through the NSO system can be different regardless of Pegasus.

Thank you for your feedback.

The investigation included a forensic analysis of the telephone and 50,000 leaks, including Macron and Charles Michel, President of the European Council, and the number of other heads of state, government officials, diplomats and military personnel in 34 countries. It was based on database analysis.

Last month, Hungarian data protection officials announced that they had begun an official investigation into allegations by the Hungarian government regarding the use of Pegasus software.

At least five Hungarian journalists have appeared on the leak list reviewed by the Pegasus Project Consortium.Also on the list Number of Opposition politician György Gémesi, mayor of the town of Geddelley and head of the United States Conference of Mayors.

In a statement, the EU Parliament said, “The unprecedented leak of over 50,000 phone numbers selected by customers of the Israeli company NSO Group to monitor has been systematically abused by this technology for years. It shows that. “

NSO Israeli surveillance company Regulated by the Ministry of Defense of the country, it approves the sale of spyware technology to clients of government agencies around the world.

According to the company, it is only sold to military, law enforcement and intelligence agencies in 40 unnamed countries for terrorist and criminal investigations. He also claims to scrutinize the customer’s human rights records before permitting the use of spy tools.

“We don’t have a system to sell to scrutinized government customers and we don’t have access to customer target data,” the NSO said.

Eve Geddy, director of Amnesty International’s European office, said:

Guardian Jointly Wins EU Award for Pegasus Spyware Exposure | Survey Journalism

Source link Guardian Jointly Wins EU Award for Pegasus Spyware Exposure | Survey Journalism

Related Articles

Back to top button