Israeli cybersurveillance firm NSO Group is currently under the gun for allegedly selling spying software to shady governments around the world, although it’s not certain just how many people were hacked.

NSO has been accused of selling the malware, named “Pegasus,” to authoritarian governments, which in turn used it to spy on journalists, lawyers, opposition politicians, and anyone else those governments deem a threat. On its website, NSO claims to only offer its services to aid the fight against “crime and terror.”

The reports first surfaced thanks to a Paris-based NGO named Forbidden Stories and human rights group Amnesty International, which then relayed the news to a number of well-known media outlets, including The Washington Post and the Guardian.

In a report, the Guardian called Pegasus “ the most powerful piece of spyware ever developed.” It’s said that once it is on a person’s phone, running iOS or Android, it can activate the camera or the microphone. On top of that, it can trace a person’s movements, copy their sent and received messages and collect phone call data.

What’s even more frightening to many is that phone users do not have to interact with their device for the spyware to gain entry, which makes social engineering savviness redundant. Such “zero-click attacks” can mean spyware is installed on a device just by injecting code when a phone sends a message or makes a call over a wireless connection.

Reports state that some 50,000 devices were on a kind of hit list comprised of ISO’s clients, or at least that’s the number of phone numbers that were leaked. Some people on that list were heads of state, while others belonged to Arab royal family members. More than 180 journalists were also on the target list, working for media including The New York Times, CNN and Al Jazeera.

In Mexico alone, it’s reported that 15,000 people may have their devices compromised. They included the family, aides and doctor of Mexican President Andrés Manuel López Obrador. According to investigations, from 2016 to 2017, other Mexican surveillance targets were academics, activists, doctors, diplomats, judges, journalists, lawyers, prosecutors and even teachers. One person on the list was the murdered Mexican journalist Cecilio Pineda Birto, whose phone has remained missing.

“The Pegasus Project revelations must act as a catalyst for change,” Amnesty said in a statement. “The surveillance industry must no longer be afforded a laissez-faire approach from governments with a vested interest in using this technology to commit human rights violations.” NSA whistleblower Edward Snowden echoed those sentiments, calling for a global ban on the spyware trade.

“We firmly deny the false allegations made in their report,” NSO said in a statement about the initial Forbidden Stories report. “Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims. In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.”

Photo: Marco Verch/Flickr