Private Spyware Was Used To Hack Cellphones Of Journalists, Activists Worldwide
A MARTINEZ, HOST:
A global media investigation that's been underway for months has found that spyware was used to track unsuspecting journalists, activists and politicians worldwide. The hacking software known as Pegasus is licensed by an Israeli firm and is typically used to track terrorists and criminals. The investigation by a consortium of 17 news organizations dug into a list of more than 50,000 cellphone numbers, given to them by Amnesty International and the journalism nonprofit Forbidden Stories. There were numbers belonging to heads of state, business executives and two women with close ties to the murdered Washington Post columnist Jamal Khashoggi.
Joining us is Washington Post reporter Craig Timberg, who was one of the 80 journalists investigating this. Craig, what can you tell us about the people who were targeted by this Pegasus spyware?
CRAIG TIMBERG: It's really an extraordinary list of people and country after country who were in, you know, both interesting spots and vulnerable spots, right? We're talking about business executives and academics and human rights activists and journalists who it's easy to understand why a spy would want to know what they know.
TIMBERG: And they also were, frankly, a lot more vulnerable than they knew they were because, you know, we conduct so much of our lives on our smartphones. I'm talking to you on my iPhone right now.
TIMBERG: And people were really (laughter) - they didn't realize how much they were potentially inadvertently sharing.
MARTINEZ: Craig, just wondering - were you on that list?
TIMBERG: I was not on that list, happily. Americans seem to be a little bit of a separate category.
TIMBERG: But quite a few of the journalists who are working on the project discovered they were on the list or that family members of theirs were on the list as they were working on the project.
MARTINEZ: Wow. That's terrifying. So what exactly can this spyware do? And how did it get on these cellphones?
TIMBERG: It can do anything you can do, right? It can look up your - it can look up files and pictures and recordings and emails and social media posts. It can locate you. It also can turn on your microphone and your camera, you know, in real time and listen in on you at the moment you're speaking to somebody. And it arrives usually by a text message or by an iMessage on your device. And sometimes you don't even know anything strange has happened, you know, and it just takes over the machine itself.
MARTINEZ: It's like someone's invited into your life. Do we know who's behind the hack?
TIMBERG: We know that there are customers of this company, NSO, that - you know, that use this kind of technology. And - but we have to be very careful here for all sorts of reasons. But, yeah, the universe of countries that use this kind of system is pretty well known to us.
MARTINEZ: You also found on that list several Saudi royal family members and the wife and fiancee of Jamal Khashoggi, the Saudi Washington Post journalist who was murdered at the Saudi Consulate in Turkey in 2018. What were you able to conclude from this?
TIMBERG: This is a really tricky situation. So we had numbers for both Jamal Khashoggi's wife and his fiancee, who, as you will discern, are not the same people. And we were able to run forensics on their devices. And in one case, we found evidence that an iPhone that was used had been actually infected by Pegasus, and then another - which is the software produced by this company. And in another case, we were able to determine that there was an attempt to infect the phone using SMS text messages.
MARTINEZ: Now, in your reporting, you say that many of the phone numbers were found in clusters in at least 10 countries, including Hungary, Mexico, Rwanda, Saudi Arabia, the United Arab Emirates. What did the consortium's deeper analysis find about that?
TIMBERG: We spent a lot of time trying to discover who did what to whom, if that makes sense. And so what I can tell you is that in lots of these countries, you know, we knew that there were clusters that were affiliated with certain clients of the spyware company, and we knew, you know - and we knew that there were concentrations in particular countries that had particular contracts with NSO.
MARTINEZ: NSO Group - how have they responded?
TIMBERG: Yeah, they've responded differently at different times. They were - you know, they were extremely unhappy with us, and we got angry letters from their lawyer as we got close to publication. All of the - or most of the members of the consortium did. But yesterday, the chief executive of NSO, Shalev Hulio, called me on my cellphone, which caught me completely by surprise. I had actually personally never spoken to him before. But he had things he wanted to share. And one of the things he wanted to share is, well, first of all, he thinks we're wrong. He thinks the reports in their bulk are wrong. But he also expressed very concrete concern about some of the stuff he had read and said he was going to investigate every allegation that we all had unearthed and published.
TIMBERG: He particularly...
TIMBERG: ...Was very concerned about the surveilling of journalists.
MARTINEZ: Craig, really quick, I mean, should people be worried that their cellphones are vulnerable to spyware?
TIMBERG: We all need to be worried all the time that our cellphones are vulnerable to hacking. You know, whether you're vulnerable to this kind of thing really depends on who you are and where you are.
TIMBERG: So all of your listeners don't need to worry about this. But some of them do (laughter).
MARTINEZ: Yeah. Washington Post reporter Craig Timberg. Craig, thanks a lot.
TIMBERG: You're welcome.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.