Pegasus Project (investigation)

The Pegasus spyware was developed by the Israeli cyberarms company NSO Group. It can be covertly installed on mobile phones (and other devices) running most^[3] versions of iOS and Android. The spyware is named after the mythical winged horse Pegasus—it is a Trojan horse that can be sent "flying through the air" to infect phones.^[4] Usages of the Pegasus spyware have been monitored for years. Amnesty has argued that the digital invasion is correlated with real-life consequences for spied targets, via psychological or physical damages.^[5]

The NSO Group exports are overseen by the Israeli Ministry of Defense's Defense Exports Control Agency (DECA).^[6]

Origins and members

In 2020, a list of over 50,000 phone numbers believed to belong to individuals identified as "people of interest" by clients of the Israeli cyberarms firm NSO Group was leaked to Amnesty International and Forbidden Stories, a media nonprofit organisation based in Paris, France.This information was passed along to 17 media organisations under the umbrella name "The Pegasus Project". Over several months, over 80 journalists from The Guardian (United Kingdom), Le Monde and Radio France (France), Die Zeit, Süddeutsche Zeitung, WDR and NDR (Germany), The Washington Post and Frontline (United States),^[7] Haaretz (Israel), Aristegui Noticias and Proceso (Mexico), Knack and Le Soir (Belgium), The Wire (India), Daraj (Syria),^[8] Direkt36 (Hungary),^[9] and OCCRP investigated the spying abuses.

Investigative methodology

The leaked list of targeted phone numbers provides an indication of being a "person of interest" and a first indication of possible hacking, to be confirmed via direct forensic examination of the phone. According to Amnesty, "The Citizen Lab at the University of Toronto independently peer-reviewed a draft of their forensic methodology outlined in Forensic Methodology Report: How to catch NSO Group's Pegasus.^[10][3] Amnesty also published various tools or data from this investigation, including a Mobile Verification Toolkit (MVT)^[3] and a GitHub repository listing indicators of NSO/Pegasus compromised devices.^[3][11] Some emerging unverified online services claim to be able to assess an infection by Pegasus, but their usage is discouraged as possible scams themselves.^[12] Amnesty and Forbidden Stories received numerous queries for checking devices but were not able to satisfy the demand for assistance.^[12]

Findings

The investigation suggested that Pegasus continued to be widely used by authoritarian governments to spy on human rights activists, journalists and lawyers worldwide, although NSO claims that it is only intended for use against criminals and terrorists.^[1][13]

A French journalist noted that "in a matter of cyber-surveillance, we observe that abuse is de facto the rule".^[14] Forbidden Stories argues the Pegasus software and its usages de facto constitute a global weapon to silence journalists.^[15]

Forensic Architecture and the Pegasus Project lead a data analysis and built a data visualisation plotting attempt hacking of dissidents together with real-life intimidations, threats or violence. They have argued that Pegasus has become a key tool for states to repress their own people.^[16]

Targets include known criminals as well as human rights defenders, political opponents, lawyers, diplomats, heads of state and nearly 200 journalists from 24 countries.^[17] The Guardian mentioned 38 journalists in Morocco, 48 journalists in Azerbaijan, 12 journalists in the United Arab Emirates and 38 journalists in India as having been targeted.^[18] Some of the targets whose names have been revealed are listed below; the list is non-exhaustive.

Heads of state and government

According to an analysis by the German newspaper Die Zeit and others, the following incumbent and former heads of state and government have been targeted,^[19][20] implying possible full access to their mobile phones' data:

• Abdelaziz Bouteflika, former President of Algeria^[21]
• Noureddine Bedoui, former Prime Minister of Algeria
• Mostafa Madbouly, Prime Minister of Egypt
• Charles Michel, former Prime Minister of Belgium and current President of the European Council
• Emmanuel Macron, President of France
• Édouard Philippe, former Prime Minister of France
  • Édith Chabre, wife of Édouard Philippe
  • Most French ministers
  • Numerous French diplomats
• Barham Salih, President of Iraq
• Bakhytzhan Sagintayev, former Prime Minister of Kazakhstan
• Saad Hariri, Prime Minister of Lebanon
• Mohammed VI, King of Morocco
• Saadeddine Othmani, Prime Minister of Morocco
• Imran Khan, Prime Minister of Pakistan
• Cyril Ramaphosa, President of South Africa
• Ruhakana Rugunda, former Prime Minister of Uganda
• Ahmed Obeid bin Daghr, former Prime Minister of Yemen

Azerbaijan

• Fatima Movlamli, an Azerbaijani civil society activist and journalist opposed to local authoritarian government. Intimate photographs of her were leaked on Facebook in 2019 when she was only 18.^[18]

Hungary

Used against opposition journalists, opposition leaders and critics.

• Szabolcs Panyi, a Hungarian investigative journalist for Direkt36 [hu], hacked in 2019.^[22] Panyi joined the Pegasus Project investigation.^[22]
• András Szabó, a Hungarian investigative journalist.^[23]
• Dávid Dercsényi, a Hungarian investigative journalist (HVG).^[9]
• György Gémesi, a right-wing opposition politician, mayor of Gödöllő and president of the Alliance of Hungarian Local-Governments.^[24]
• János Bánáti [hu], president of the Hungarian Bar Association, and nine other lawyers.^[25]
• Zoltán Varga [hu], a businessman and owner of Central Media Group, which publish opposition press products (24.hu).^[9]
• Attila Chikán, a former economy minister in the first cabinet of Viktor Orbán, currently a vocal critic of Orbán's politics.^[9]

India

Used against opposition leaders, union ministers, journalists, administrators such as Election Commissioner and heads of the Central Bureau of Investigation (CBI) and minority leaders.

• Rahul Gandhi, an Indian politician and main rival of Indian Prime Minister Narendra Modi, was targeted on two of his cellphones.^[26] He would go on to claim that "all [his] phones are tapped".^[27]
  • Five close friends and other Indian National Congress party officials were in the leaked list of potential targets.^[26]
• Prashant Kishor, a political strategist and tactician, who is linked with several of Prime Minister Narendra Modi's rivals,^[28] was also targeted.^[29] Some opposition politicians such as Mamata Banerjee even claimed that Pegasus was used to keep track of the meetings between the two.^[30]
• Ashok Lavasa, an ex-Election Commissioner of India who flagged Prime Minister Narendra Modi's poll code violation in the 2019 Indian general election was targeted.^[31]
• Alok Verma, who was ousted as the head of the Central Bureau of Investigation (CBI) by Prime Minister Narendra Modi in 2018 was a target.^[32]
• Numerous Indian politicians including Deputy Chief Minister of Karnataka G. Parameshwara, as well as close aides of then Chief Minister H. D. Kumaraswamy and senior Congress leader Siddaramaiah.^[33][34][35]
• Abhishek Banerjee, a West Bengal politician of the All India Trinamool Congress, and the nephew of incumbent Chief Minister of West Bengal Mamata Banerjee.^[36]
• Siddharth Varadarajan, a New Delhi–based, American investigative journalist and founder of The Wire. Varadarajan joined the Pegasus Project investigation.^[22]
• Umar Khalid, a left-wing student activist and leader of the Democratic Students' Union, was added to the list in late 2018, then charged with sedition. He was arrested in September 2020 for organising the Delhi riots; the provided evidence was taken from his phone. He is currently in jail awaiting trial.^[18]
• Stan Swamy, an Indian Jesuit father and activist. Swamy died on 5 July 2021 at the age of 84 after contracting COVID-19 in prison.^[18]
  • Collaborators Hany Babu, Shoma Sen and Rona Wilson were also in the project's list of alleged targets.^[18]
• Ashwini Vaishnaw, Minister of Electronics and Information Technology who assumed office less than 3 weeks before the investigation was revealed.^[37]
• The inner circle to the 14th Dalai Lama Tenzin Gyatso, the 17th Karmapa Ogyen Trinley Dorje and other Tibetan figures, including:^[38]
  • Tempa Tsering, the Dalai Lama's envoy to Delhi^[38]
  • Tenzin Taklha, the Dalai Lama's senior aide^[38]
  • Chhimey Rigzen, the Dalai Lama's senior aide^[38]
  • Lobsang Tenzin, the 5th Samdhong Rinpoche, who is responsible for the selection of the Dalai Lama's successor^[38]
  • Lobsang Sangay, former president of the Tibetan government-in-exile^[38]
  • Penpa Tsering, president of the Tibetan government-in-exile^[39]

Italy

• Romano Prodi, former Prime Minister of Italy and former President of the European Commission, was spied on while he was working as the UN Special Envoy to Sahel.^[40]

Mexico

Used against anti-corruption journalists, opposition leaders and a judge.

• Cecilio Pineda Birto (died 2 March 2017), a Mexican investigative and anti-corruption journalist. His phone was added as a Pegasus target just weeks before his assassination.^[22]
• Eduardo Ferrer Mac-Gregor Poisot [es], a Mexican judge, former president of the Inter-American Court of Human Rights.^[18]
• Alejandro Solalinde, a Catholic priest and champion of migrants' rights. Believed to be targeted due to his support to opposition politicians.^[18]

Morocco

Used against opposition, Western Sahara–friendly journalists in Morocco and France, and more than 6,000 Algerian politicians, high-ranking military officials, heads of intelligence, civil servants, diplomats and activists.^[21]

• Edwy Plenel, a French journalist, co-founder and publishing editor at opposition newsroom Mediapart, hacked in 2019 by Morocco.^[41]
• Lénaïg Bredoux [fr], a French journalist also at Mediapart, hacked in 2020 by Morocco.^[41]
• Ignacio Cembrero [es], a Spanish journalist specialising in the Maghreb. He reported that he was hacked by the Moroccan government after learning that in June a Moroccan newspaper "picked up two WhatsApp conversations he had had with senior officials of the Spanish administration".^[42][43]
• Ahmed Gaid Salah, former Chief of Staff of the Algerian People's National Armed Forces^[21]
• Ali Haddad, Algerian businessman and supporter of former President Abdelaziz Bouteflika^[21]
• Abdelkader Messahel, former Minister of Foreign Affairs of Algeria^[21]

Poland

In July 2017, Prime Minister Beata Szydło agreed with Benjamin Netanyahu to buy Pegasus licenses.^[44] Michał Woś, deputy minister of justice, requested a parliamentary committee to divert funds from a ministry-run fund to "combat crime."^[45][46] Once approved, the Central Anticorruption Bureau (CBA) purchased the licenses for PLN 33.4 million.^[47] The transaction with NSO Group was camouflaged with unrelated invoices.^[45][48] The contract for 40 licenses to be used over three years was mediated by Matic, a company established by former Militia and Security Service associates.^[49] The spyware was first deployed in November 2017.^[47]

In 2018, Citizen Lab suspected that an operator codenamed "ORZELBIALY" (Polish for "white eagle," a reference for the coat of arms of Poland) was spreading Pegasus through mobile network operators.^[50] In 2020, Rzeczpospolita reported that the bulk of evidence in a corruption case against former Civic Platform politician Sławomir Nowak was obtained using Pegasus. The CBA denied ever buying the license, still the government assured it had court permission.^[51]

In December 2021, Citizen Lab announced to have found multiple hacks into phones of prominent opposition figures during the 2019 parliamentary elections that the right-wing populist party Law and Justice (PiS) of Jarosław Kaczyński won by a slim margin, which lead to a further erosion of judicial independence and press freedom.^[52] As of January 25, 2022, the reported victims include:

• Roman Giertych, a lawyer representing top opposition politicians, and the deputy prime minister in 2006–2007 Kaczyński's Cabinet,^[52]
• Ewa Wrzosek, a prosecutor who challenged the PiS government's attempts to purge the judiciary,^[52]
• Krzysztof Brejza, an attorney and at the time, a Civic Platform MP who ran the Civic Coalition campaign, and won his Senate seat.^[53] The hack against Brejza was later confirmed by Amnesty International.^[54][55]
• Michał Kołodziejczak, a farmer and leader of the social movement Agrounia,^[56]
• Tomasz Szwejgiert, a journalist and alleged former associate of the CBA, hacked while co-authoring a book about Mariusz Kaminski, head of the CBA.^[56]
• Adam Hofman, former PiS spokesman,^[49]
• Dawid Jackiewicz, former PiS treasury minister in the Cabinet of Beata Szydło,^[49]
• Mariusz Antoni Kamiński [pl], former PiS MP,^[49]
• Bartłomiej Misiewicz [pl], former head of the PiS cabinet and former spokesman of the Ministry of National Defence,^[57]
• Katarzyna Kaczmarek, wife of Tomasz Kaczmarek [pl] (referred to as "agent Tomek"), former policeman and former CBA officer, later a PiS MP.^[49]

On February 7, 2022, the Supreme Audit Office (NIK) revealed that between 2020 and 2021, 544 of its employees' devices were under surveillance in over 7,300 attacks. According to NIK experts, three of the phones could be infected with Pegasus.^[58]

On January 17, 2024, the Polish Parliament established a commission of inquiry into operational and exploratory activities involving Pegasus. The scope of the commission's work will cover the period from November 16, 2015 to November 20, 2023.^[59]

Saudi Arabia

Used against an opposition journalist and a women's rights activist since 2018.

• Jamal Khashoggi (died 2 October 2018), a Saudi-American investigative and opposition journalist, a contributor to The Washington Post, assassinated by Saudi operatives. Khashoggi, his wife Hanan El-Atr and phones of other people close to him have been targeted before and after his assassination.^[60]
  • Hatice Cengiz [ar], Khashoggi's partner, was infected with Pegasus with forensic evidence of the spyware found on 6, 9 and 12 October 2018, a few days after Khashoggi's assassination.^[61]
  • Khashoggi's contacts Yasin Aktay, Yahya Assiri, Hanan El-Atr, Abdullah Khashoggi, Madawi al-Rasheed, and Azzam Tamimi were also targeted.^[62]
  • İrfan Fidan [tr], Turkey's Istanbul chief prosecutor in charge of the Khashoggi murder's investigation, who later charged 20 Saudi operatives, is on the list of leaked targets.^[63]
• Loujain al-Hathloul, a prominent Saudi women's rights activist, selected in 2018, likely by the United Arab Emirates (an ally of Saudi Arabia), before her abduction and return to Saudi Arabia for arrest and possibly torture. She was released from prison in February 2021, but her freedom of movement is still limited.^[18]
• Madawi al-Rasheed, a British citizen of Saudi origin and a professor of social anthropology.^[64]

United Arab Emirates

Used against human rights activists, local leaders and local nobility and Sheikh Maktoum family members. With more than 10,000 people of interest linked to Dubai, it was one of the most extensive uses of Pegasus.^[65][66] The targets were mainly from the UAE and Qatar, but also included people from Egypt, Lebanon, Iraq, Yemen, and Saudi Arabia.^[65] In 2020,^[67] the NSO Pegasus license was stripped from Dubai due to human rights concerns^[68] and spying on Sheikh Maktoum family members.^[67]

• Princess Haya bint Hussein, the ex-wife of Sheikh Maktoum of Dubai, self-exiled in London.^[68][69] The list of "people of interest" includes her phone number as well as the phone number of 8 of her closest aides, advisers and friends, including personal assistant, security staffs, one of her lawyers advising her in her custody and divorce dispute with Sheikh Maktoum.^[68]
  • Security firm Quest's staffs: Martin Smith, CEO; its director of investigations; Shimon Cohen, its communications adviser.^[68]
  • John Gosden, a British horse racing trainer and friend.^[68]
• Sheikha Latifa bint Mohammed Al Maktoum, the daughter of Sheikh Maktoum of Dubai, attempted to escape to Goa, India. From there, she hoped to travel to the United States, where she planned to seek asylum, only to be caught by Indian special forces.^[70][67] Her phone number had appeared on 25 February 2018, one day after her escape, but the phone was already discarded in a café bathroom and replaced with a brand-new phone with new SIM cards.^[67] Phones used by Latifa's friends and family were soon added to the system. It is suspected that UAE Pegasus surveillance of her friends' phones helped Dubai to track Latifa's escape, and abduct her back near Goa.^[67]
  • Christian Elombo, a French soldier and friend of Latifa, and his girlfriend^[67]
  • Juan Mayer, a skydiving photographer and friend^[67]
  • Lynda Bouchiki, a skydiver and friend, events manager. Latifa chatted via phone with Bouchiki while fleeing.^[67]
  • Sioned Taylor, a Briton skydiver and friend, maths teacher. Latifa chatted via phone with Taylor while fleeing.^[67]
  • David Haigh, a British national previously detained and tortured in UAE prison, human rights campaigner and lawyer campaigning to free Latifa.^[71][72]
• Alaa al-Siddiq (died 19 June 2021), an Emirati human rights activist, executive director of the human rights organisation ALQST and the daughter of Muhammad al-Siddiq, one of the UAE-94 pro-democracy political prisoners.^[65] She was documenting violences by Gulf governments on prisoners.^[73] Following the 2011 Arab Spring, Alaa al-Siddiq was self-exiled to Qatar then the UK since 2012.^[65] All of her family members were stripped of their UAE nationality. Following her death in a car accident in 2021 in the UK, the UAE refused her body to be taken back to the country for burial.^[65] Citizens Lab found traces of Pegasus surveillance on her phone.^[73]
• Ahmed Mansoor, an Emirati human rights and reformist blogger, confirmed hacked by Pegasus.^[65] Arrested in 2011, pardoned, then arrested again in 2017 with 10 years sentences. Detained in dire conditions.
• Over 3,000 Qataris.^[65]
• European, Asian human rights activists supporting rights in the Gulf countries.^[65]

NSO Group's response

Vetting and licence contract

NSO Group did not deny the presence of its spyware, responding to the report by stating they rigorously vetted its customers' human rights records before allowing them to use its spy tools.^[1] It says military-grade Pegasus is only supposed to be used to prevent serious crime and terrorism. NSO stated its purchasing client governments are bidden by a signed contract and licence, agreeing to terms of uses, and contractually limited to legitimate criminal or terrorist targets.^[68] Once sold, NSO Group says it does not know nor can see how its client governments use its spyware.^[68]

Involvement denial and deresponsibilisation

NSO Group stated: "NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers' targets. NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers. Due to contractual and national security considerations, NSO cannot confirm or deny the identity of our government customers, as well as the identity of customers of which we have shut down systems."^[74]

The CEO of NSO Group categorically claimed that the list in question is unrelated to them, the source of the allegations can not be verified as a reliable one. "This is an attempt to build something based on a crazy lack of information... There is something fundamentally wrong with this investigation."^[75] The owner of the company that developed the Pegasus spyware categorically refutes all allegations, stating that the list of the phone numbers in question has nothing to do with the Pegasus spyware.^[75] NSO denied "false claims" about its clients' activities, but said it would "continue to investigate all credible claims of misuse and take appropriate action".^[1]

Journalists/NGOs

Journalists around the world have expressed outrage at the use of anti-criminality tools against non-criminals, journalists, opposition representatives, and other civilians. Edward Snowden has called for governments to impose a global moratorium on the international spyware trade in order to avoid ubiquitous violation of privacy and associated abuses.^[76]

Haaretz argued such invasive monitoring technology is the weapon of choice for autocratic governments, allowing continuous monitoring of opponents, preventing protests from the beginning before they are organised, and discouraging sources to share information with journalists.^[77] This technology should, therefore, be shared only with countries with independent and solid rule of law.^[77]

The Committee to Protect Journalists called for a critical reform of the surveillance software industry and market.^[78]

The International Press Institute, an international press freedom network, denounced the abuse of spying on journalists, calling formal investigations and accountability.^[79]

Tamer Almisshal, an investigative journalist for Al Jazeera Arabic, said, "[The hacking of the Al Jazeera staffers' and journalists' phones is] a crime against journalism. Based on this spyware, journalists have been arrested, disappeared, or even killed. Khashoggi is just one example".^[80]

In a statement, the National Association of Hungarian Journalists [hu] said they were "shocked" by the revelations and also stated: "If this is the case, it is unacceptable, outrageous and illegal, full information must be disclosed to the public immediately".^[81]

In a tweet, the Press Club of India (PCI) issued a statement:

This is the first time in the history of this country that all pillars of our democracy — judiciary, Parliamentarians, media, executives & ministers — have been spied upon. This is unprecedented and the PCI condemns unequivocally. The snooping has been done for ulterior motives. What is disturbing is that a foreign agency, which has nothing to do with the national interest of the country, was engaged to spy on its citizens. This breeds distrust and will invite anarchy. The Govt should come out clean on this front and clarify.^[82]

Similarly, the Editor's Guild of India also released a statement directed against the alleged spying made by the Indian government, saying:

This act of snooping essentially conveys that journalism and political dissent are now equated with 'terror'. How can a constitutional democracy survive if governments do not make an effort to protect freedom of speech and allows surveillance with such impunity?

It asked for a Supreme Court monitored enquiry into the matter, and further demanded that the inquiry committee should include people of impeccable credibility from different walks of life—including journalists and civil society—so that it can independently investigate the facts around the extent and intent of snooping using the services of Pegasus.^[83][84]

Companies

Amazon's cloud computing subsidiary AWS stated they had terminated "relevant infrastructure and accounts" linked to NSO Group, following an investigation by Amnesty International that discovered Amazon CloudFront was being used to infect targets with the Pegasus malware.^[85]

The CEO of WhatsApp, Will Cathcart, called for a global moratorium on the use of unaccountable surveillance technology and defended the use of end-to-end encryption following the reports.^[86][87]

National governments

Algeria

In a statement released, Algeria's public prosecutor has ordered an investigation into the reports that the country may have been a target of the Pegasus spyware.^[88]

France

After the revelations of the Pegasus Project investigation, in which it was revealed that the French president Emmanuel Macron was targeted,^[20] France launched an investigation into the matter.^[89] In the aftermath of these revelations, Macron changed his telephone number and replaced his phone. Furthermore, he ordered an overhaul in security procedures.^[90]

Macron reportedly contacted Israel's prime minister Naftali Bennett to discuss Israel's internal investigation and express concern that his data appeared on the list of potential targets and urged Bennett to conduct an inquiry.^[91]

French intelligence (ANSSI) confirmed that Pegasus spyware had been found on the phones of three journalists, including a journalist of France 24, in what was the first time an independent and official authority corroborated the findings of the investigation.^[92]

Hungary

A statement from the office of Viktor Orbán in Hungary stated that they were not aware of any alleged data collection.^[93] On 22 July, the Prosecution Service of Hungary announced that it would open an investigation to determine whether there was an illegal data collection.^[94][95]

On November 4, 2021, Lajos Kósa, Member of Parliament and Vice President of Fidesz, member of the Parliamentary Defence and Law Enforcement Committee, admitted that the Ministry of Interior had purchased and used the Pegasus software.^[96]

India

The government has not denied the usage of Pegasus spyware in their response so far.^[97][98] The government has also denied the request for investigation or an independent Supreme Court inquiry by the opposition into the matter.^{[99][100][101]}

The official response of the Government of India to The Washington Post stated that "[t]he allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever" and that such news reports were an attempt to "malign the Indian democracy and its institutions". They further stated that each case of interception, monitoring and decryption is approved by the Union Home Secretary and that there exists an oversight mechanism in the form of a review committee headed by the Union Cabinet Secretary and that any such interceptions have been done under the due process of law.^[93]

The former IT minister of India Ravi Shankar Prasad asked, "If more than 45 nations are using Pegasus as NSO has said, why is only India being targeted?"^[102]

The Indian IT Minister Ashwini Vaishnaw in a statement in parliament stated that the reports were "highly sensational" and that they had "no factual basis". He further stated that NSO themselves had rubbished the claims. He stated that the existence of numbers in a list was not sufficient evidence to indicate that the spyware was used and said that the report itself stated the same and without the physical examination of the phone such claims cannot be corroborated.^[103]

The Minister of Home and Internal Security Amit Shah in a statement on his blog insinuated that this was an attempt to disrupt the monsoon session of the parliament and that the opposition parties were "jumping on a bandwagon" and were trying to "derail anything progressive that comes up in Parliament". He stated that the report was an attempt to "derail India's development trajectory through their conspiracies".^[97][104]

Replying to allegations from the opposition, Minister of State in Ministry of Home Affairs Ajay Kumar Mishra said that there is no reason for a probe and the people who made the allegations are "political failures".^[27]

Israel

The Israeli government denied having access to the information gathered by NSO's clients.^[105]

In the aftermath of the revelations by the investigations of the Pegasus Project, the head of the Israeli parliament's Foreign Affairs and Defence Committee announced a commission to investigate the allegations of misuse of Pegasus for surveillance and hacking.^[106]

In December 2021, the Israeli Defense Ministry imposed new restrictions on the export of cyber warfare tools as a result of the scandals involving NSO.^[107]

Kazakhstan

In the revelations made by the investigation, it came to light that the Kazakhstan's former Prime Minister, Bakhytzhan Sagintayev, could have been targeted.^[20] Furthermore, it has been reported that Kassym-Jomart Tokayev, the president of Kazakhstan, was also targeted.^[108]

However, top officials have claimed that these reports and allegations of the president being spied on were "without evidence". Furthermore, the deputy head of Kazakhstan's presidential administration Dauren Abaev said the list of targets was "rather intriguing information without any evidence".^[108]

Morocco

In a statement, the Moroccan government denied claims of using Pegasus and dismissed them as "unfounded and false allegations, as it has done with previous similar allegations by Amnesty International".^[93] In an interview given to Jeune Afrique, foreign minister Nasser Bourita stated it was "important to shed light on the facts, far from controversy and slander", and claimed that certain figures within the Pegasus consortium "serve agendas well known for their primary hostility towards Morocco and are ulcerated by its successes under the leadership of His Majesty King Mohammed VI."^[109] The then-Moroccan ambassador to France, Chakib Benmoussa, also denied reports that his country's authorities had spied on French President Emmanuel Macron.^[110]

Morocco later sued Amnesty International and Forbidden Stories for defamation, with lawyer Olivier Baratelli [fr], acting on behalf of the government, saying that the Moroccan state "wants all possible light cast on these false allegations", and that it "does not intend to let the multiple lies and fake news spread these past few days go unpunished".^[111] It also issued defamation citations against Le Monde, Mediapart and Radio France on 28 July 2021, and filed an injunction request against the German newspaper Süddeutsche Zeitung on 2 August.^[112]

Pakistan

The Prime Minister of Pakistan, Imran Khan, whose name was revealed to be in the list,^[20] has called on the United Nations for an investigation on the Indian use of Pegasus.^[113][114]

Rwanda

Rwanda, through a statement by Vincent Biruta, Minister of Foreign Affairs and International Cooperation, denied using Pegasus and claimed that "false accusations" of the country using Pegasus were "part of an ongoing campaign to cause tensions between Rwanda and other countries, and to promote disinformation about Rwanda domestically and internationally."^[93]

Saudi Arabia

Saudi Arabia's official Saudi Press Agency has denied all allegations of its use of Pegasus spyware on journalists and human rights activists as "baseless". The allegations were dismissed as "untrue".^[115][116]

United Arab Emirates

A statement released by the UAE's foreign minister stated that the allegations of use of the Pegasus spyware by the UAE on journalists and individuals were "categorically false" and that such allegations had no evidentiary basis and they denied all allegations.^[88][116] This despite ample material evidences of UAE dissidents being targeted.

Other reactions

In India the Indian National Congress accused Prime Minister Narendra Modi of "treason" and compromising national security following the release of the reports and called for the removal of Minister of Home and Internal Security Amit Shah and an investigation of the role of Prime Minister Narendra Modi into the affair.^[117][118]

The Indian IT minister made a statement that similar claims were made in the past regarding Pegasus for WhatsApp which had no factual basis and was even denied by the Supreme Court of India.^[119] However, many of the statements made by the Indian IT minister were verified by the Internet Freedom Foundation and were not found to be accurate.^[120]

West Bengal Chief Minister Mamata Banerjee alleged that the central government intends to "turn India into a surveillance state" where "democracy is in danger".^[121][122] On July 26, 2021, The West Bengal Chief Minister announced a commission of inquiry into the alleged surveillance of phones using Pegasus. Retired Supreme Court judge Justice Madan B Lokur, and former Chief Justice of Calcutta High Court, Justice (retd) Jyotirmay Bhattacharya, have been appointed as members of the commission.^[123]

In India, some news articles were released making claims that Amnesty never claimed that the leaked phone numbers were of NSO's Pegasus spyware list.^[124] However, these reports were later proven to be false, and Amnesty issued a statement stating that it categorically stands by the findings of the investigation and that the data is irrefutably linked to potential targets of Pegasus.^[125]

The European Parliament awarded the 2021 Daphne Caruana Galizia journalism prize to the Pegasus Project.^[126]

Government investigations

On 20 July 2021, it was reported that French prosecutors would investigate allegations that Moroccan intelligence services used Pegasus to spy on French journalists.^[127]

France's national agency for information systems security (ANSSI) identified digital traces of Pegasus on three journalists' phones and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking.^[92]

Wikiquote has quotations related to Pegasus Project.

• NSO Group
• DarkMatter (Emirati company)
• SCL Group
• WhatsApp snooping scandal
• Facebook–Cambridge Analytica data scandal
• Facebook abuses campaigns by governments
• Edward Snowden
• Pegasus Project revelations in India