July 18, 2021- 7:40 p.m.
Hanan Elatr’s phone number was found on a leaked list of over 50,000 alleged to have been identified as potential targets for governments using the military-grade spyware.
Presidents, prime ministers, human rights activists, business leaders and journalists, including the editor of the Financial Times, were said to have been included on the list.
The Guardian reported the data leak suggests ‘widespread and continuing abuse’ of spyware. Mr Khashoggi, 59, who was highly critical of Saudi Arabia’s royal family, was killed after he walked into the Saudi consulate in Istanbul in 2018. It was claimed he was murdered by a hit squad and dismembered inside the building.
His Egyptian wife, 52, was reportedly among those whose phones were targeted. A United Nations investigation concluded Saudi Arabia was responsible for his death and there was ‘credible evidence’ to warrant an investigation into Crown Prince Mohammed bin Salman and his top officials.
The Pegasus spyware can infect phones if a target clicks on a malicious link, which can be disguised in a text message from a contact. If the phone is infected, all the information it contains can be accessed, including messages, emails, photos and chats on apps such as WhatsApp, Telegram and Signal.
The phone’s microphone and camera can also be switched on to spy on the targets. Forensics analysis of a small number of phones whose numbers appeared on the leaked list showed more than half allegedly had traces of the Pegasus spyware. Indian news website The Wire reported analysis of a phone belonging to Mr Khashoggi’s wife found malicious links were sent to it in 2017 and early 2018, disguised in text messages supposedly from her sister. Researchers were unable to determine if her phone was successfully infected.
Amnesty International and Paris-based media organisation Forbidden Stories gained access to the leaked list of phone numbers and shared access with media partners, including The Guardian and The Wire. The outlets are expected to name other possible victims of the software in the next week. The Guardian said analysis suggested at least ten governments had entered names on to the list.
It reported that Mexico, Morocco and the United Arab Emirates had entered the most numbers. Hungary was also named along with Bahrain, Saudi Arabia, Azerbaijan, Kazakhstan, Rwanda, and India. NSO sells its software to military, law enforcement and intelligence agencies in 40 countries.
Morocco, Hungary, Rwanda and India denied they had used Pegasus to hack phones. Saudi Arabia, Mexico, the UAE, Azerbaijan, Bahrain and Kazakhstan did not comment. Amnesty’s Agnes Callamard said: ‘NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril.’