After the storm unleashed by revelations regarding the software’s targets, Israel restricted sales of Pegasus software. Companies are now only allowed to export cybersecurity and surveillance software to 37 countries instead of the previous 102, according to the Israeli trade publication “ Calcalist ».
This change might have consequences for the maker of the controversial Pegasus surveillance software, the NSO Group. Because according to various reports, countries from all continents are or were among NSO’s customers. According to its own transparency report, NSO not only exports its products from Israel, but also from Bulgaria and Cyprus…
According to the Israeli newspaper haaretz digital forensics groups such as Amnesty International and the University of Toronto’s Citizen Lab have revealed many potential targets with traces of spyware on their phones. Last summer, Project Pegasus – run by the Parisian NGO Forbidden Stories with the help of Amnesty’s Security Lab – organized an international consortium of journalists, to investigate thousands of additional potential targets selected for possible surveillance by NSO Group customers all over the world.
→ Read also: Pegasus: the Paris Criminal Court rules Morocco’s complaint inadmissible
According to the source, so far targets have been found around the world with high profile casualties.
There were reportedly more than 450 alleged cases of hacking, revealed “ haaretz which believes that this list, which was compiled with the help of Amnesty’s Security Lab, only includes cases in which infections have been confirmed either by Amnesty or another digital forensics group such as Citizen Lab (who also helped build this list). It also includes a few cases where official bodies like French intelligence agencies or private companies like Apple or WhatsApp have publicly confirmed attacks.
However, the Israeli outlet insists the list does not include people believed to be targeted – for example, Amazon’s Jeff Bezos, who allegedly received the spyware via a WhatsApp message.
NSO Group, which refuses to confirm the identities of its clients and says it has no knowledge of their targets, has denied most of these cases and says digital forensic analysis cannot fully identify its software.