New Delhi: Telephone numbers linked to least 14 heads of states and governments, including French President Emmanuel Macron, Pakistani Prime Minister Imran Khan and South African President Cyril Ramaphosa are among the 50,000 numbers on a leaked database that includes some people whose phones were targeted for hacking by Pegasus spyware.
NSO Group, which counts some 36 governments around the world as its customers, denies the database has anything to do with the company, its spyware or its clients.
However, a forensic examination of a cross-section of phones by the Pegasus Project – an international media consortium comprising 17 news organisations, including The Wire – found traces of the deadly spyware on 37 phones on the leaked list.
In a fresh statement put out on Tuesday evening in response to a list of names submited to it by the Pegasus Project, NSO said “at least three names” identified – Macron, Morocco’s King Mohammed VI and the director of the WHO – “are not, and never have been, targets or selected as targets of NSO Group customers”.
The leaked database was accessed by French journalism non-profit, Forbidden Stories and shared with members of the consortium, who then worked collaboratively to identify and verify the numbers on the list. The forensic analysis of phones was conducted by Amnesty International’s Security Lab.
So far, forensic tests conducted by the Pegasus Project have shown that the deadly spyware was used to spy on murdered Saudi journalist Jamal Khashoggi’s wife and fiancee, a prominent opposition political actor in India, Prashant Kishor, and Rwandan dissidents, besides journalists in India and elsewhere
However, the latest names to emerge from the list indicate that the world’s highest political officer-bearers may have been persons of interest to government clients in other countries.
While it is accepted that foreign countries would attempt to eavesdrop on high-level conversations, diplomatic controversy usually erupts when it is publicly aired – like when Germany took umbrage over the US reportedly snooping on Angela Merkel.
As mentioned at the launch of the Pegasus Project, The Wire will not be revealing the identity of those numbers which seem to be subject to counter-terrorism or state-to-state espionage. But, along with its partners, it has made an exception for current and former heads of states and governments.
The phone numbers on the leaked database include at least one king, Morocco’s Mohammed VI, three presidents – France’s Emmanuel Macron, Iraq’s Barham Salih and South Africa’s Cyril Ramaphosa – and three prime ministers – Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly and Morocco’s Saad-Eddine El Othmani – who are still in office.
There are seven former leaders who were selected when they were still in office. They include Lebanon’s Saad Hariri, Uganda’s Ruhakana Rugunda, Algeria’s Noureddine Bedoui and Belgium’s Charles Michel.
NSO’s Pegasus spyware is touted to be highly sophisticated, military-grade technology which can access files, photos, call records, messages and any other data from smartphones. Pegasus us activated either through malicious code that can be clicked in links attached to messages or can be also delivered through ‘zero-click’ attacks. The spyware can also turn on the cameras and microphones of infected smartphones for eavesdropping.
In statement to detailed questions from the Pegasus Project, NSO denied any connection to the leaked database and stated that it “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets”.
NSO has repeatedly stated that its spyware is only used against terror and crime and has described its services as a “life-saving mission”.
The Israeli firm has also stated that it does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets.
It is not possible to confirm whether a phone has been infected with Pegasus software unless it is forensically analysed. None of the phones of the top leaders could be physically checked, which means it cannot be established whether any of the agencies which took an interest in these heads of state or government attempted to deliver Pegasus to their devices.
However, the existence of a phone number in the database does indicate that the number was likely of interest to the government that placed it there.
Amongst the world leaders identified in the data, Prime Minister Imran Khan was the only foreign leader with two listed phone numbers.
French President Emmanuel Macron also figured in a list dominated by more than 10,000 Moroccan targets just before he embarked on a trip to Africa in 2019. This was around the time that he was travelling to Africa with stops in Djibouti and Ethiopia, key countries in Morocco’s north African location.
The other numbers which figure in this sub-group include the World Health Organisation’s director general, Tedros Adhanom Ghebreyesus.
Inexplicably, a number of Morocco’s King Mohammed VI, as well as Prime Minister Al-Othmani, was also discovered in this smaller subset, which was apparently selected by Moroccan security forces.
Morocco seems to have also chosen Robert Malley, a former chief negotiator on the US-Iran deal, as a person of interest in 2019. NSO has claimed that its government clients are not technically allowed to spy on US phone numbers.
Overall, the leaked database contains phone numbers of over 600 governments officials and politicians in 34 countries.
Denying all claims, Morocco expressed “great astonishment” at the publication of “erroneous allegations … that Morocco has infiltrated the telephones of several national and foreign public figures and officials of international organizations”.
“Morocco is a State governed by the rule of law, which guarantees the secrecy of personal communications by the force of the Constitution,” said the statement.
From India’s neighbourhood, there is only one name on the list – that of Pakistani premier Imran Khan. As per a review of the leaked database, his number was added by an unidentified agency in mid-2019, in a batch that included hundreds of Indian telephone numbers for the period 2017-2019. The Indian government has denied conducting surveillance on any of the numbers which figure in the leaked database.
It had been a sensitive time as India and Pakistan had conducted retaliatory air strikes earlier in 2019, which had spiked tensions and led to the downgrading of diplomatic relations. Indian Air Force planes struck an alleged terror camp in Khyber Pakhtunkhwa’s Balakot on February 26, with the Pakistanis conducting a foray into Indian territory a day later.
With alarm bells ringing around the world over the military clash between two nuclear neighbours, there had been heightened interest and even intervention from the United States, United Kingdom and key Gulf countries, including Saudi Arabia and UAE, to deescalate the situation.
Iraq’s President Barham Salih was inserted into the leaked database in 2018 and 2019 in two separate groupings dominated by UAE and Saudi numbers each. There has been no response from either of the two Arab countries to queries from the Pegasus Project.
Similarly, South African President Cyril Ramaphosa was in a batch dominated by Rwandan phone numbers.
In a response, Rwanda had denied that it has ever used Pegasus software. “These false accusations are part of an ongoing campaign to cause tensions between Rwanda and other countries, and to sow disinformation about Rwanda domestically and internationally. This is libel, and enough is enough,” said a statement from the Rwandan government to the Pegasus Project.
Besides these names, the Pegasus Project has also identified the numbers of six former prime ministers and presidents who were placed on the list while they were in office. These include Belgium’s Charles Michel, Lebanon’s Saad Hariri and Algeria’s Noureddine Bedoui.
There was also a substantial number of former leaders who could have been potential targets for surveillance after they demitted office.
However, journalists have only been able to verify the numbers of Azerbaijan’s former prime minister Panah Huseynov and former Mexican president Felipe Calderon, who were persons of interest to a Pegasus operator in their own country.
In the case of Mexico’s 63rd president Calderon, he was possibly listed in connection with his wife’s brief presidential bid. She eventually withdrew her candidature.
In a response to a Pegasus Project partner, Calderon said that while he was not surprised, it was an “unjustifiable violation of the most elemental elements of liberty and privacy, and other elemental guarantees of human dignity”.
“It’s unacceptable, in any case, an ominous and oppressive sign that suggests a dictatorial and antidemocratic vocation. It’s not the first time, and I fear it won’t be the last, that I suffer espionage. On another occasion, the so-called Wikileaks revealed that I had been the object of espionage by the United States,” he stated.
This article was reported by the following Pegasus Project team members: Charles Timberg, Michael Birnbaum, Karen DeYoung, Mary Beth Sherridan, Reed Albergotti, Drew Harwell, John Hudson and Dana Priest from The Washington Post, Dan Sabbagh, Michael Safi and David Pegg for The Guardian, Sam Sole of South Africa’s amaBhungane, Damien Leloup and Martin Untersinger of Le Monde, Bastian Obermayer and Frederik Obermaier of Süddeutsche Zeitung, Kristof Clerix of Knack, Joël Matriche of Le Soir, Hala Nasreddine, Alia Ibrahim and Hazem Amine of Daraj, Miranda Patrucic, Vyacheslav Abramov and Peter Jones of the Organized Crime and Corruption Reporting Project, Holger Stark of Die Zeit, Jacques Monin of Radio France, and Sandrine Rigaud of Forbidden Stories.
Read The Wire’s coverage as part of the Pegasus Project here.