Revealed: leak uncovers global abuse of cyber-surveillance weapon

[Ocean]

Revealed: leak uncovers global abuse of cyber-surveillance weapon​

Revealed: leak uncovers global abuse of cyber-surveillance weapon

Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests

www.theguardian.com

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware. Illustration: Guardian Design
Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.



Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.

The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.

Quick Guide

What is in the Pegasus project data?​

Show
Forensics analysis of a small number of phones whose numbers appeared on the leaked list also showed more than half had traces of the Pegasus spyware.

The Guardian and its media partners will be revealing the identities of people whose number appeared on the list in the coming days. They include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.

The list also contains the numbers of close family members of one country’s ruler, suggesting the ruler may have instructed their intelligence agencies to explore the possibility of monitoring their own relatives.

The disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in the data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press and Reuters.

The phone number of a freelance Mexican reporter, Cecilio Pineda Birto, was found in the list, apparently of interest to a Mexican client in the weeks leading up to his murder, when his killers were able to locate him at a carwash. His phone has never been found so no forensic analysis has been possible to establish whether it was infected.

NSO said that even if Pineda’s phone had been targeted, it did not mean data collected from his phone contributed in any way to his death, stressing governments could have discovered his location by other means. He was among at least 25 Mexican journalists apparently selected as candidates for surveillance over a two-year period.

 

[Ca.]

Revealed: leak uncovers global abuse of cyber-surveillance weapon

https://twitter.com/x/status/1417572769886183424

The Moroccan government used Israeli malware to spy on French President Emmanuel Macron’s phone calls, Le Monde has reported. More than a dozen other French politicians were reportedly targeted in a scheme denied by Morocco.

Hours after Paris prosecutors launched an investigation into allegations that Morocco’s intelligence agencies used Israeli malware to hack the phones of several French journalists, Le Monde reported that Macron was also targeted by Rabat’s agents in 2019, along with former Prime Minister Edouard Philippe and 14 other ministers.

The use of the ‘Pegasus’ malware, developed by Israeli firm NSO, to snoop on the phone communications of politicians, journalists, activists and business figures was revealed by Amnesty International and Forbidden Stories, a French investigative organization. These NGOs obtained a leaked list of 50,000 phone numbers, some of which were allegedly breached by the Pegasus malware, and shared the data with 17 media outlets. Le Monde was one of these outlets, which began publishing stories of the security breaches on Sunday.

If the facts are true, they are obviously very serious,” Macron’s office told Le Monde on Tuesday, promising that “all light will be shed on these revelations.”

On Monday, the Moroccan government denied any use of the Israeli spyware, calling the accusations by Le Monde and others “unfounded and false.”

Morocco "never acquired computer software to infiltrate communication devices,” read a statement from the government, which denied that it had "infiltrated the phones of several national and international public figures and heads of international organisations through computer software.”

NSO has downplayed the leak, and accused the media of peddling “wrong assumptions and uncorroborated theories.” The firm insisted that it only sold the malware to state clients for counterterrorist operations and criminal investigations, and that not all 50,000 numbers on the list were targeted. Researchers have lent this explanation some credence, with a source telling the Guardian that NSO’s 45 customers targeted an average of 112 phone numbers each.

Macron isn’t the only high-level political figure allegedly surveilled. Mexican President Andres Manuel Lopez Obrador was reportedly spied on by the administration of his predecessor, President Enrique Peña Nieto. According to media reports, Hungarian Prime Minister Viktor Orban also potentially used Pegasus to spy on a political opponent, as did Indian Prime Minister Narendra Modi.

French prosecutors open probe into alleged media spying using Israeli software

Investigation will focus on allegations that Moroccan intelligence services used NSO Group's Pegasus malware to spy on several journalists in France

www.timesofisrael.com

By Agencies and TOI staff Today, 2:49 pm
Investigation will focus on allegations that Moroccan intelligence services used NSO Group’s Pegasus malware to spy on several journalists in France

Prosecutors in Paris said Tuesday they had opened a probe into allegations that Moroccan intelligence services used the Israeli malware Pegasus to spy on several French journalists.

The investigation will examine 10 charges, including whether there was a breach of personal privacy, fraudulent access to personal electronic devices, and criminal association.

Investigative website Mediapart filed a legal complaint on Monday, and investigative newspaper Le Canard Enchaine is set to follow suit, over the spying claims, which Morocco has denied.

A collaborative investigation by The Washington Post, The Guardian, Le Monde and other media outlets, based on a leaked list of 50,000 phone numbers, claimed Monday that spying worldwide using the malware from the NSO Group had been far more extensive than previously thought.

Mediapart revealed that the phones of its founder Edwy Plenel and one of its journalists were among those targeted by Moroccan intelligence services.

Other journalists working for French media companies were allegedly targeted by Moroccan security services, including employees of Le Monde and Agence France-Presse.

Morocco denied the claims, saying it “never acquired computer software to infiltrate communication devices.”

Israel’s Defense Ministry said Monday that if it finds that the NSO Group violated the terms of its export licenses, it will “take appropriate action.”

Pegasus is a spyware tool sold by NSO that it says is being used by dozens of governmental clients. The software installs itself on a phone without requiring users to click a link, and gives the hacker complete access to the entire contents of the phone, as well as the ability to use its cameras and microphone undetected.

On the leaked list of phone numbers were people targeted by the governments of Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates.

It included 189 journalists, 85 human rights activists and several heads of state. Among the journalists were employees of The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.

NSO refuses to reveal which countries have purchased the software, and it has denied the majority of the claims made in the reporting.

Last year, an Israeli court dismissed an Amnesty lawsuit seeking to strip NSO of its export license, citing insufficient evidence.

‘Hotel Rwanda’ activist’s daughter said targeted by Israeli spyware

Carine Kanimba's cell number reportedly on the list of targets tied to NSO Group; Rwanda claims it does not possess the technical capability to use such software

www.timesofisrael.com

Carine Kanimba’s cell number reportedly on the list of targets tied to NSO Group; Rwanda claims it does not possess the technical capability to use such software

Opinion's:
Edward Snowden on spyware: 'This is an industry that should not exist'
Jul 19, 2021

The NSA whistleblower Edward Snowden reacts to the Pegasus project disclosures about widespread abuse of NSO Group's spyware by governments around the world

How Does Pegasus Enter Your Phone? | FYI
Jul 19, 2021

Pegasus, considered the most sophisticated among all such products available in the market, can infiltrate iOS, Apple's mobile phone operating system, and Android devices. But how does Pegasus enter your phone, FYI decodes. About Us: NDTV brings you unbiased and comprehensive coverage of news and entertainment programmes in India and abroad. NDTV delivers reliable information across all platforms: TV, Internet and Mobile.

 

[Possibility of Being]

Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.

It's good to see a validation of the findings coming from Citizen Lab

Independent Peer Review of Amnesty International's Forensic Methods for Identifying Pegasus Spyware - The Citizen Lab

Citizen Lab's peer review of Amnesty International's forensic techniques to identify Pegasus spyware concludes they are sound.

citizenlab.ca

That article is quite technical, so in short:

On July 18, non-profit journalism organization Forbidden Stories released a major new investigation into NSO Group. The investigation exposes widespread global targeting with Pegasus spyware. The investigation also includes results from the forensic examination of a number of devices that their technical partner, Amnesty International, assessed to be infected.

Forbidden Stories and Amnesty International requested that the Citizen Lab undertake an independent peer review of a sample of their forensic evidence and their general forensic methodology. We were provided with iTunes backups of several devices and a separate methodology brief. No additional context or information about the devices or the investigation was provided to us.

We independently validated that Amnesty International’s forensic methodology correctly identified infections with NSO’s Pegasus spyware within four iTunes backups. We also determined that their overall methodology is sound. In addition, the Citizen Lab’s own research has independently arrived at a number of the same key findings as Amnesty International’s analysis. [...]

Conclusion
Amnesty International’s core forensic methods for analyzing devices to determine that they have been infected with NSO Group spyware are sound.

Further information about the Citizen Lab’s own investigations into NSO Group can be found here.

 

[Ocean]

UK financier loses latest round in fight over future of NSO Group

British investor Stephen Peel in ongoing dispute with partners over Luxembourg company linked to spyware firm

www.theguardian.com

UK financier loses latest round in fight over future of NSO Group​

​

British investor Stephen Peel in ongoing dispute with partners over Luxembourg company linked to spyware firm

Novalpina Capital’s fund owns a majority stake in NSO Group, an Israeli surveillance company. Photograph: Daniella Cheslow/AP



A British financier’s voting rights at a Luxembourg company linked to Novalpina Capital, whose fund owns a majority stake in the spyware firm NSO Group, will remain suspended, a Luxembourg court has ruled.

Though this may not be permanent, the decision appears to mark a setback for the financier, Stephen Peel, a former Olympic rower, in a bitter legal dispute that has erupted between him and his two longtime business partners, Stefan Kowski and Bastian Lueken.

At stake is the future ownership and control of one of Novalpina’s key investments: NSO Group, an Israeli surveillance company whose technology is alleged to have been used against journalists, activists and human rights defenders around the world.

Leaked WhatsApp messages seen by the Guardian show that the increasingly fractious battle appeared to have started in August 2019.

Disagreements between the partners over a legal claim against the Guardian, which was brought against the newspaper by Peel’s wife, Yana Peel, appeared to set off an argument about Novalpina’s complex corporate structure.

According to the messages the heart of the disagreement was Peel’s contention that a Luxembourg entity called Novalpina Capital Group Sarl (NCG Sarl) ought only to be used moving forward as a “passive investment vehicle in deals/funds”.

Requests by Peel to reorganise the structure of the company against the backdrop of the litigation , the messages suggest, created tensions between the three men, and ultimately led Peel to conclude that the firm ought to be wound up.

In the WhatsApp messages on 20 August 2019 to his two business partners, Peel said: “Pls no emails re Sarl. We have litigation with Guardian around it and it could be subject to disclosure.”

He later wrote: “Bastian, pls tell (chief financial officer) to delete the email about the Sarl being the forup [sic] holding co and having 100% control.” The term “forup” is believed by the Guardian to refer to “formal holding company”.

It is not known if any action was taken.

“It doesn’t work for me having the Sarl owning vehicles in which it has any role except passive investment. We need another solution,” Peel wrote.

Stephen and Yana Peel. Photograph: David M Benett/Getty Images for The Old Vic Theatre

Lueken pushed back on Peel. “I think we also need to discuss the Sarl,” he wrote. “You probably know there are agreements in place that describe exactly how the Sar [sic] is actively managing the Novalpina group. It simply isn’t a passive investment vehicle, as a plain matter of fact.”

He continued and said, in reference to the Guardian litigation: “With all the evidence in the articles and agreements, etc. that the Sarl is not a passive investment vehicle and was never intended to be, I simply don’t understand where you are going with this.”

When the chat turned to ways to possibly restructure the organisation of the company, which has entities in the UK and Luxembourg and other jurisdictions, Lueken appeared initially to reject a suggestion that the partners create a new entity in the Cayman Islands in order to fulfill Peel’s call to use the “Sarl” only as a passive investment vehicle.

Public records in the Cayman Islands show that an entity called Novalpina Vision Limited was created a few weeks after the exchange, on 16 September 2019.

The Guardian put a series of questions to the Peels about the WhatsApp conversation. Lawyers for Yana Peel said that she was not a recipient or author of the exchanges and had no knowledge of them, nor of any emails or messages exchanged between Peel and his partners.

The lawyers said the WhatsApp messages seen by the Guardian were “highly ambiguous excerpts” of “supposed exchanges”. They questioned whether the messages were sent and said Stephen Peel did not have a record of them.

They also said any suggestion that he had breached or interfered with any disclosure obligation was false and grossly defamatory.

The Guardian reported this year that hundreds of thousands of euros of Yana Peel’s legal bills were expensed to the NSO Group by her husband – another move that apparently angered his partners.

Stephen Peel’s lawyers said at that time that the “manner” in which the legal fees were paid had been approved by Kowski and Lueken, and he strongly disputed the suggestion that the payment of the expense claims was a source of disagreement between the partners.

Peel, Lueken and Kowski are all now involved in a legal dispute over the future ownership of the firm they created.

In January 2021 six voting managers at NCG Sarl, including Kowski and Lueken, suspended Peel’s voting rights. The action was taken, a document seen by the Guardian stated, in light of an alleged “breach” of Peel’s contractual obligations and alleged actions “against the company’s interests”. Lawyers for Peel said any allegations against him were “entirely without merit”.

This week, after Peel initially won an injunction to block the suspension of his rights, a court in Luxembourg agreed for the injunction to be repealed, effectively allowing the suspension to stand, while proceedings between the partners continued in the court. That litigation could take years.

In a letter to the limited partners of Novalpina Capital Partners sent after the decision, Kowski and Lueken wrote that the court order would not affect Peel’s “decision rights” in his capacity as a managing member of the investment advisers.

Lawyers for Peel said: “The judgment simply relays the position of each of the parties and ultimately makes a finding about the procedure followed by Mr Peel.”

Peel strenuously denies that he ever acted contrary to the companies’ interests.

Kowski declined to comment on the WhatsApp exchange and the shareholder dispute. Lueken did not respond to a request for comment.

 

[Ocean]

Peel Holdings (Pegasus) Limited | ICIJ Offshore Leaks Database

Peel was very connected to the Paradise Papers
This was one connection that popped up
Rebranded

Companies matching 'Peel Holdings (Pegasus) Limited' :: OpenCorporates

Free And Open Company Data On Companies matching 'Peel Holdings (Pegasus) Limited'

opencorporates.com

UK financier loses latest round in fight over future of NSO Group

British investor Stephen Peel in ongoing dispute with partners over Luxembourg company linked to spyware firm

www.theguardian.com

From PEEL HOLDINGS (PEGASUS) LIMITED to PEEL INVESTMENTS DSA (IOM) LIMITED
Owned by
www.ocorian.com

Some of the companies from the paradise papers listing for him are verified through UK records here

Stephen Mark PEEL - Personal Appointments (free information from Companies House)

The Marigold Foundation Inc. | ICIJ Offshore Leaks Database

The Marigold Foundation also came up with his name - a charitable organization ran out of Malta connected to a casino company
Welcome to World Class Entertainment

Global Witness also came up in the Paradise papers under his name

Institute for New Economic Thinking
confirms he was on the board there
He was also on the advisory board of

Open Contracting Partnership
until 2019 from meeting notes but when opening the search results he seems to have been "written out" of some including the one where he is replaced

You searched for Stephen Peel - Open Contracting Partnership

www.open-contracting.org

Similar to Epstein he seemed to be helping investors hide money in tax shelters

He's also showing up in some of the Russian wikileaks files

The Global Intelligence Files - Russia 110421
(once open do a search for Stephen Peel) for his work with TGP

offshoreleaks.icij.org (Peel Holdings (Pegasus) Limited | ICIJ Offshore Leaks Database)
Peel Holdings (Pegasus) Limited | ICIJ Offshore Leaks Database
Paradise Papers - Appleby Entity: Peel Holdings (Pegasus) Limited

 

[Ocean]

Stephen Peel was with TPG from 2004 - 2007

TPG was accused of being a front for the CIA

TPG hits lull in Europe after deals sour

Investors fear group has pulled back from region after pioneering run of successful buyouts

www.ft.com

In France, TPG was accused of being a front for the CIA, seeking to steal the country’s technology after it purchased a minority stake in Gemplus, a French smart card maker, during the tech bubble of two decades ago. At the time, TPG dismissed the claims as ridiculous. Like other private equity groups some of TPG’s winning deals were fuelled by cheap debt available in the run-up to the 2008 financial crash. At the height of the boom years, TPG raised close to $20bn for its flagship fund, helped by growing investor demand for private equity.

But following its record pre-crisis fundraising, TPG was behind some of the worst leveraged buyouts in the history of private equity — many in the US — including TXU, the Texas utility company; Harrah’s, the gaming corporation renamed Caesars; Washington Mutual, a bank; and Aleris, an aluminium processor.

TPG’s flagship funds raised in 2006 and 2008 produced returns at the bottom quarter of funds by performance in their peer group, according to research group Preqin. But TPG’s sixth flagship fund has returns that place it above the median in the second quartile, according to both Cambridge and Pitchbook data. The $15.4bn raised in 2006 produced a multiple of 1.38 times, placing it in the bottom quartile while the $18.9bn raised in 2008 at the onset of the financial crisis was also a poor performer returning a 1.54 multiple compared with an average of 1.72 times investors’

 

[Possibility of Being]

Hi @Ocean, you can find some stuff about Peel in this article of 2019:

After Buying Major Stake in Israeli Cyber-Attack Firm, NSO Group, Global Witness Director Quits Board – Tikun Olam תיקון עולם إصلاح العالم

Exposing secrets of the Israeli national security state

www.richardsilverstein.com

More names and connections in the follow-up: video, transcript

And here is his latest one on the current scandal; seems more detailed than you can find in mainstream sources:

NSO Group Targets 50,000 Cell Phone Numbers in 50 Countries: Presidents, Prime Ministers, US Diplomat, Security Officials – Tikun Olam תיקון עולם إصلاح العالم

Exposing secrets of the Israeli national security state

www.richardsilverstein.com

 

[Ca.]

Israeli spyware

The Israeli regime is in hot water over a major scandal.

www.presstv.ir

Video / 04:32
The Israeli regime is in hot water over a major scandal triggered by revelations that an Israeli-made spyware has been sold to some governments to target journalists, dissidents and political leaders.

https://twitter.com/x/status/1419524290815332355

 

[Mari]

EU found evidence employee phones compromised with spyware -letter​

July 27 (Reuters) - The European Union found evidence that smartphones used by some of its staff were compromised by an Israeli company's spy software, the bloc's top justice official said in a letter seen by Reuters.

In a July 25 letter sent to European lawmaker Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple had told him in 2021 that his iPhone had possibly been hacked using Pegasus, a tool developed and sold to government clients by Israeli surveillance firm NSO Group.

The warning from Apple triggered the inspection of Reynders’ personal and professional devices as well as other phones used by European Commission employees, the letter said.

Though the investigation did not find conclusive proof that Reynders' or EU staff phones were hacked, investigators discovered "indicators of compromise" – a term used by security researchers to describe that evidence exists showing a hack occurred.

Reynders’ letter did not provide further detail and he said "it is impossible to attribute these indicators to a specific perpetrator with full certainty." It added that the investigation was still active.

Messages left with Reynders, the European Commission, and Reynders' spokesman David Marechal were not immediately returned.

An NSO spokeswoman said the firm would willingly cooperate with an EU investigation.

"Our assistance is even more crucial, as there is no concrete proof so far that a breach occurred," the spokeswoman said in a statement to Reuters. "Any illegal use by a customer targeting activists, journalists, etc., is considered a serious misuse."

NSO Group is being sued by Apple Inc (AAPL.O) for violating its user terms and services agreement.

LAWMAKERS' QUESTIONS​

Reuters first reported in April that the European Union was investigating whether phones used by Reynders and other senior European officials had been hacked using software designed in Israel. Reynders and the European Commission declined to comment on the report at the time.

Reynders' acknowledgement in the letter of hacking activity was made in response to inquiries from European lawmakers, who earlier this year formed a committee to investigate the use of surveillance software in Europe.

Last week the committee announced that its investigation found 14 EU member states had purchased NSO technology in the past.

Reynders' letter – which was shared with Reuters by in 't Veld, the committee’s rapporteur – said officials in Hungary, Poland and Spain had been or were in the process of being questioned about their use of Pegasus.

In 't Veld said it was imperative to find out who targeted the EU Commission, suggesting it would be especially scandalous if it were found that an EU member state was responsible.

The European Commission also raised the issue with Israeli authorities, asking them to take steps to "prevent the misuse of their products in the EU," the letter said.

A spokesperson for the Israeli Ministry of Defense did not immediately respond to a request for comment.

Apple's alerts, sent late last year, told targeted users that a hacking tool, dubbed ForcedEntry, may have been used against their devices to download spyware. Apple said in a lawsuit that ForcedEntry had been the work of NSO Group. Reuters also previously reported that another, smaller Israeli firm named QuaDream had developed a nearly identical tool.

In November, the administration of U.S. President Joe Biden gave NSO Group a designation that makes it harder for U.S. companies to do business with them, after determining that its phone-hacking technology had been used by foreign governments to "maliciously target" political dissidents around the world.

NSO, which has kept its client list confidential, has said that it sells its products only to "vetted and legitimate" government clients.

 

[Possibility of Being]

Nov 2022
EU Parliament's spyware investigation on Spain continues to spur controversy

A Parliamentary hearing on Spain’s involvement in the Pegasus spyware scandal, scheduled for Tuesday (29 November), has drawn controversy after accusations against two speakers led to one being uninvited from the panel.

Following a leak of the planned programme for the hearing, a letter was sent last week to lawmakers on the European Parliament’s Pegasus Committee by Pegasus victims, experts and civil society actors including Access Now, ARTICLE19 and the Digital Rights Foundation

The letter raised concerns about two speakers who had been invited to attend the hearing, which will focus on allegations that the Spanish government used spyware to surveil figures linked to the Catalan independence movement. ....

More: EP's Pegasus spyware inquiry targeted by disinformation campaign

July 2023
Spain: ‘Lack of cooperation’ from Israel on Pegasus spyware firm highlights impunity

Responding to reports that a Spanish investigation into Israeli company NSO Group’s Pegasus spyware, that had allegedly targeted the phones of Spain’s Prime Minister and other ministers, has faltered due to a ‘lack of cooperation’ from Israel, Donncha Ó Cearbhaill, Head of the Security Lab at Amnesty Tech, said:

“This reported lack of cooperation by the Israeli authorities with the Spanish criminal investigation is symptomatic of the impunity surrounding the misuse of spyware and cyber-surveillance technology. The Israeli authorities simply not even engaging with Spain’s highest criminal court shows the complete inadequacy of supposed avenues for redress related to violations by the spyware industry. ...

The Guardian reported Tuesday [10/07/2023] that a Spanish judge investigating the Israeli company NSO Group’s Pegasus spyware hacking of phones belonging to senior Spanish government officials including Prime Minister Pedro Sánchez, and other ministers, had provisionally closed his investigation due to a “complete” lack of cooperation from Israel.

This was in May 2023
Researchers say they found spyware used in war for the first time | TechCrunch

Researchers say they found spyware used in war for the first time

Security researchers and digital rights organizations believe the government of Azerbaijan used spyware produced by NSO Group to target a government worker, journalists, activists and the human rights ombudsperson in Armenia as part of a years long conflict that has at times broken out into an all-out war.

The cyberattacks may be the first public cases where commercial spyware was used in the context of a war, according to Access Now, a digital rights group that investigated some of the cases. The hacks happened between November 2021 and December 2022. The skirmish between Armenia and Azerbaijan — known as the Nagorno-Karabakh conflict — has been going on for years, and it flared up again in May 2021, when Azerbaijani soldiers crossed into Armenia and occupied parts of its territory.

“While a number of infected individuals are also members of the Armenian opposition or are otherwise critical of the current government, the infections took place at critical times in the Nagorno Karabakh conflict and a deep political crisis caused by the conflict, which resulted in a significant uncertainty over the future of the country’s leadership and its position on Karabakh,” Natalia Krapiva, the tech legal counsel at Access Now, told TechCrunch. “Some of the victims worked closely in or with [Armenia’s] Nikol Pashinyan’s administration and were directly involved in the negotiations or investigation of human rights abuses committed by Azerbaijan in the conflict.” ...

According to Access Now, the victims include Kristinne Grigoryan, the top human rights defender in Armenia; Karlen Aslanyan and Astghik Bedevyan, two Radio Free Europe/Radio Liberty’s (RFE/RL) Armenian Service journalists; two unnamed United Nations officials; Anna Naghdalyan, a former spokesperson of Armenia’s Foreign Ministry (now an NGO worker); as well as activists, media owners and academics....

Samvel Farmanyan, the former co-founder and host of an opposition television in Armenia, told TechCrunch that the hack he suffered “is a form of terror.”

In the case of Armenia’s top human rights defender Grigoryan, Access Now said that her phone “was infected not long after she shared her phone number with her Azerbaijani counterpart.”

In any case, it’s unclear whether using spyware such as Pegasus in the context of an armed conflict constitutes a violation of international law, according to Anna Pagnacco, a cybersecurity policy researcher at Oxford Information Labs.

“International law is silent on the topic of peacetime espionage, which is broadly criminalized at the national level; yet all states still conduct espionage. Intelligence activities carried out by members of a belligerent party’s armed forces in uniform during international armed conflict are legitimate — i.e. spying is not a war crime,” Pagnacco told TechCrunch.

More: Hacking in a war zone: Pegasus spyware in the Azerbaijan-Armenia conflict

Content note: The following post contains references to alleged murder and war crimes.

A joint investigation between Access Now, CyberHUB-AM, the Citizen Lab at the Munk School of Global Affairs at the University of Toronto (the Citizen Lab), Amnesty International’s Security Lab, and an independent mobile security researcher Ruben Muradyan, has uncovered hacking of civil society victims in Armenia with NSO Group’s Pegasus spyware. The Armenia spyware victims include a former Human Rights Defender of the Republic of Armenia (the Ombudsperson), two Radio Free Europe/Radio Liberty (RFE/RL) Armenian Service journalists, a United Nations official, a former spokesperson of Armenia’s Foreign Ministry (now an NGO worker), and seven other representatives of Armenian civil society. Circumstantial evidence suggests that the targeting is related to the military conflict in Nagorno-Karabakh (also referred to as the Republic of Artsakh in Armenia) between Armenia and Azerbaijan. This is the first documented evidence of the use of Pegasus spyware in an international war context.

• The investigation
• Case studies of the Armenia spyware victims
• Who is behind the hacking?
• NSO Group sends its dangerous spyware to the bloody conflict
• All stakeholders: let’s disarm spyware globally