The Forbidden Stories Campaign
DISCUSSION – THE FORBIDDEN STORIES CAMPAIGN
The Forbidden Stories Media campaign was a collaboration between over 30 international media organizations launched in October 2019 to investigate the use of NSO Group’s Pegasus malware. The non-profit organization Forbidden Stories organized the campaign, which aims to continue the work of journalists who have been killed or imprisoned while reporting on sensitive topics.
The campaign began with a report by the Canadian Citizen Lab, LINK
which revealed that Pegasus had been used to target a prominent human rights lawyer in Mexico. This was followed by The New York Times investigation, which found that Pegasus had been used to target journalists, political opponents, and civil society activists in several countries, including Mexico, the UAE, Saudi Arabia, and Morocco.
The campaign then revealed that Pegasus had been used to target Omar Abdulaziz, a Saudi dissident and close associate of the murdered journalist Jamal Khashoggi. The investigation found that the Saudi government had used Pegasus to track Abdulaziz’s communications with Khashoggi in the months following his murder. This was followed by an investigation by The Guardian, which revealed that Pegasus had been used to target Amnesty International’s staff in the UAE.
In November 2019, two additional investigations were conducted by BBC Arabic and Der Spiegel, which revealed that Pegasus had been used to target human rights defenders and political activists in Bahrain and Morocco, respectively. In the same month, a joint report by France 24, Le Monde, and the Canadian media organization IRIS revealed that Pegasus had been used to target individuals in several countries across the Middle East, Africa, and Latin America.
Other participating media included Norway’s NRK, Spain’s El Mundo and El Pais, Netherlands NRC Handelsblad, and India’s The Economic Times.
In December 2019, the campaign shifted focus and attention to the company itself with an investigation by the Financial Times, which revealed that the NSO group had been accused of failing to vet its clients properly. And an investigation by the Czech Center for Investigative Journalism revealed that the Czech government had used Pegasus to spy on political opponents, including the country’s President, Miloš Zeman.
The campaign also involved a series of articles by the Canadian Broadcasting Corporation (CBC), which revealed the company’s close ties to the Canadian government and its role in developing a cyber espionage tool known as “IPN.”
The campaign continued in 2020 with an investigation by the New York-based Committee to Protect Journalists, which revealed that Pegasus had been used to target journalists covering sensitive issues in various countries worldwide.
In 2020, the NGO Privacy International LINK, in collaboration with several media partners and Citizen Lab, revealed the scale of the Pegasus abuse by the NSO group, with over 45 countries identified as clients of the company.
US INTEREST
There have been several attempts by U.S. companies to acquire NSO Company and its Pegasus spyware, and the Israeli government has blocked it every time.
One example was L3Harris, a U.S. defense contractor, who was in talks to acquire NSO Group. L3Harris reportedly had the backing of U.S. intelligence agencies in undertaking the acquisition negotiations. After months of talks, the words were scuttled after they were made known to the public by the news media in June 2021, with the U.S. government publicly rebuking the acquisition attempt.
THE FBI
In 2017, the FBI considered using Pegasus and obtained a license from a third-party vendor to use Pegasus and was considering using it to track suspects in counterterrorism or counterintelligence investigations. Which is what it is advertised for – allegedly. However, the FBI ultimately decided not to use it. This decision was made partly due to the ethical concerns surrounding such technology, as there were fears that the system had been used to target journalists and political dissidents in other countries. In addition, the FBI was concerned about the potential legal implications of using Pegasus, as the U.S. Department of Justice had not approved it. Furthermore, the FBI was aware that using Pegasus would likely be met with significant criticism from the U.S. government, the public, and civil liberties groups due to its intrusive nature. Thus, in October 2017, the FBI decided to terminate their plans.
APPLE INC.
Apple Inc filed a lawsuit against NSO Group in November 2021 and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. LINK
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a few of our customers, we take any attack on our users very seriously. We’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe”.
The Lawsuit continues.
On 29 October 2019, WhatsApp, which Facebook owns, released a statement alleging spyware produced by the Israeli company NSO Group was used to hack the phone systems of 1,400 users between April 2019 and May 2019 in 20 different countries. Of the 1,400 users, at least 100 were human rights defenders, journalists, and other members of civil society across the globe. It filed a lawsuit on this date.
The lawsuit also alleges that the defendant companies violated the U.S. Computer Fraud and Abuse Act and the California Computer Data Access and Fraud Act. The lawsuit is seeking damages for the victims of the attack, as well as an injunction to prevent the companies from engaging in similar activities in the future. The lawsuit also seeks to hold the companies accountable for their actions and ensure they are held to the highest privacy and security standards. The lawsuit is essential in holding companies responsible for their actions and ensuring that users’ data is protected. It is also a reminder that companies must take responsibility for their actions and ensure that their products and services are secure.
The Lawsuit continues.
CONCLUSIONS
The Forbidden Stories Media campaign was a collaborative effort involving more than 30 international media organizations to investigate the misuse of NSO Group’s Pegasus malware. The campaign was organized by the non-profit organization Forbidden Stories. The investigations revealed that Pegasus had been used to target journalists, human rights activists, political opponents, and civil society activists in several countries across the globe, raising concerns about human rights abuses and the erosion of privacy. The campaign also revealed that NSO Group had been accused of failing to vet its clients and its close ties to governments properly and was partially successful in its objectives.
The news of NSO and Pegasus has sparked outrage worldwide, with many governments and organizations condemning such technology. The United Nations has called for an investigation into the matter, and the European Union has called for a ban on the sale of Pegasus. The Department of Justice has launched an investigation into the matter in the United States, and the Senate Intelligence Committee has held hearings on the issue. As described above, several tech companies, including Apple and Google, have also taken steps to protect their users from Pegasus. This is a positive step towards protecting citizens from the misuse of powerful spyware, and it is a reminder that governments and tech companies must take responsibility for the security of their products.
Now many High-Tech companies are looking closely at their users for signs of penetration by Pegasus and other spyware products. The Genie is out of the bottle.
Pegasus may have a limited shelf life.