Illustration: Trent Joaquin/Axios
In the latest bit of fallout from investigations into the impact of Israeli company NSO's Pegasus spyware published last week, the leader of Facebook's WhatsApp stepped forward to support some aspects of the investigation's findings.
Why it matters: The Pegasus Project consortium of newsrooms and human rights organizations found evidence suggesting that the spyware is used by authoritarian governments to surveil their enemies, other governments' officials, activists and journalists.
Details: The Pegasus Project worked from a leaked list of 50,000 phone numbers that, its members concluded, represented likely targets of surveillance by NSO's Pegasus product. NSO says the investigation is wrong and such a list of phone numbers can't exist.
- "There should not be a list like this at all anywhere. Our customers have an average of 100 targets a year," NSO told the BBC. "Since the beginning of the company, we didn't have 50,000 targets total."
Yes, but: In an interview in the Guardian, Will Cathcart, the head of Facebook-owned WhatsApp, said the Pegasus Project reports matched what WhatsApp found when it investigated a single 2019 attack and found 1400 users were hit.
- "That tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high,” Cathcart told the Guardian.
The other side: NSO says its smartphone-hacking tools are used only by governments, armed forces, and intelligence and law enforcement agencies, and if its tools were abused, its customers are at fault.
Go deeper:
- In 2019 Axios reported NSO was implementing a new set of human rights protections it claimed would prevent abuse of Pegasus.
- Axios' Dan Primack looks at the series of private-equity funders who have backed NSO.
- For a thorough look at the issues and questions surrounding the list of phone numbers at the heart of the Pegasus Project investigation, read this article by cybersecurity journalist and Zero Day newsletter author Kim Zetter.