Activists, journalists and politicians around the world have been spied on using mobile phone malware developed by a private Israeli firm, reports said over the weekend, igniting fears of widespread privacy and rights abuses.
The use of the software, called Pegasus and developed by Israel's NSO group, was reported on by The Washington Post, The Guardian, Le Monde and other news outlets who collaborated on an investigation into a data leak.
The leak was of a list of up to 50,000 phone numbers believed to have been identified as people of interest by clients of NSO since 2016, the reports said.
Not all of those numbers were subsequently hacked, and the news outlets with access to the leak said more details about those who were compromised would be released in coming days.
Among the numbers on the list are those of journalists for media organisations around the world including newspapers, websites and agencies including Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, France 24, Radio Free Europe, Mediapart, El País, the Associated Press, Le Monde, Bloomberg, The Economist, Reuters and Voice of America, The Guardian reported.
The use of the software to hack the phones of Al-Jazeera reporters and a Moroccan journalist has been reported previously by Citizen Lab, a research center at the University of Toronto, and Amnesty International.
Among the numbers found on the list were two belonging to women close to Saudi-born journalist Jamal Khashoggi, who was murdered by a Saudi hit squad in 2018.
The list also included the number of a Mexican freelance journalist who was later murdered at a carwash. His phone was never found and it was not clear if it had been hacked.
The Washington Post said numbers on the list also belonged to heads of state and prime ministers, members of Arab royal families, diplomats and politicians, as well as activists and business executives.
The list did not identify which clients had entered the numbers on it. But the reports said many were clustered in 10 countries – Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.
The Guardian wrote that the investigation suggests "widespread and continuing abuse" of Pegasus, which NSO says is intended for use against criminals and terrorists.
Amnesty International and Forbidden Stories, a Paris-based media non-profit organisation, initially had access to the leak, which they then shared with media organisations.
NSO, a leader in the growing and largely unregulated private spyware industry, has previously pledged to police for abuses of its software.
It called the allegations exaggerated and baseless, according to The Washington Post, and would not confirm its clients' identities.
Citizen Lab reported in December that dozens of journalists at Qatar's Al-Jazeera network had their mobile communications intercepted by sophisticated electronic surveillance.
Amnesty International reported in June of last year that Moroccan authorities used NSO's Pegasus software to insert spyware onto the cellphone of Omar Radi, a journalist convicted over a social media post.