The spyware giant NSO Group claimed that a list of 50,000 phone numbers, which is the basis of a series of explosive stories about alleged abuses by its customers, has nothing to do with the company or its customers.
“We will state again: The list is not a list of targets or potential targets of Pegasus. The numbers in the list are not related to NSO group. Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false," an NSO spokesperson said.
In the last few days, a group of news outlets from all over the world, including The Washington Post and the Guardian have published several stories detailing new alleged abuses of NSO's spyware in several countries, including India, Hungary, Rwanda, and others. These stories are based on a leaked list of more than 50,000 phone numbers, which are alleged to be people of interest to NSO's customers.
Amnesty's security lab analyzed 37 smartphones included in the list, and found evidence that they were either hacked or targeted with NSO's spyware.
The news organizations, with the help of French nonprofit Forbidden Stories and Amnesty International, combed through this list and identified several journalists, activists and politicians. It's still a bit unclear exactly what this list is, how it was compiled, and by whom. And that's exactly what NSO is focusing on in its latest denial.
“Enough is enough!" a company spokesperson wrote in a statement emailed to news organizations. “In light of the recent planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign."
NSO has not responded to Motherboard's repeated requests for comment and for an interview.
Do you work or have worked for NSO Group, or a similar company? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
NSO has throughout the years repeatedly attacked reporting on the company, which has repeatedly shown that its customers include authoritarian regimes who target journalists, activists, dissidents, and others.
Motherboard's own reporting has shown that NSO has powerful hacking capabilities and that those hacking capabilities have been abused both within the company and by its clients. Articles published over the weekend by the consortium of reporters constitute the largest dump of data about NSO to date, which is why the reports have gotten so much attention. But there is still some uncertainty about where the information used in the latest round of reporting came from and what the list of phone numbers shows.
In the statement, the company repeats the usual point that NSO does not operate surveillance infrastructure, and has no visibility into what customers do, or who they hack. The company also said it does routinely investigate allegations of abuse. In its recent transparency report, the company said it cut ties with five customers since 2016 "following an investigation of misuse."
But the company did not name the customers nor the specific circumstances. Its latest statement follows a similar strategy: deny without giving details of how the company has reached the conclusion that the accusations are false.
John Scott-Railton, a senior researcher at the Citizen Lab, a digital rights watchdog housed at the University of Toronto's Munk School that has investigated NSO for years, said that "NSO has fallen into a familiar pattern: come out swinging, but when their denials ring hollow, try to retreat back into the shadows."
Subscribe to our cybersecurity podcast CYBER, here.