Forbidden Stories が Amnesty International と The Washington Post など世界中の 17の報道機関と協力し、イスラエルの NSO Group のスパイウェア “Pegasus” の活動実態についての調査結果を公開 (The Pegasus Project)
Forbidden Stories and Amnesty International had access to a leak of more than 50,000 records of phone numbers that NSO clients selected for surveillance. According to an analysis of these records by Forbidden Stories and its partners, the phones of at least 180 journalists were selected in 20 countries by at least 10 NSO clients. These government clients range from autocratic (Bahrain, Morocco and Saudi Arabia) to democratic (India and Mexico) and span the entire world, from Hungary and Azerbaijan in Europe to Togo and Rwanda in Africa. As the Pegasus Project will show, many of them have not been afraid to select journalists, human rights defenders, political opponents, businesspeople and even heads of state as targets of this invasive technology.
The Pegasus attacks detailed in this report and accompanying appendices are from 2014 up to as recently as July 2021. These also include so-called “zero-click” attacks which do not require any interaction from the target. Zero-click attacks have been observed since May 2018 and continue until now. Most recently, a successful “zero-click” attack has been observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July 2021.
On July 18, non-profit journalism organization Forbidden Stories released a major new investigation into NSO Group. The investigation exposes widespread global targeting with Pegasus spyware. The investigation also includes results from the forensic examination of a number of devices that their technical partner, Amnesty International, assessed to be infected.
Forbidden Stories and Amnesty International requested that the Citizen Lab undertake an independent peer review of a sample of their forensic evidence and their general forensic methodology. We were provided with iTunes backups of several devices and a separate methodology brief. No additional context or information about the devices or the investigation was provided to us.
We independently validated that Amnesty International’s forensic methodology
correctly identified infections with NSO’s Pegasus spyware within four iTunes backups. We also determined that their overall methodology is sound. In addition, the Citizen Lab’s own research has independently arrived at a number of the same key findings as Amnesty International’s analysis.
The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the “unidentified sources” have supplied information that has no factual basis and are far from reality.
After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims.
In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.