Journalists File US Lawsuit Against Pegasus Spyware Producer
Investigative journalists on Wednesday filed suit against the Israel-based surveillance company NSO Group in a U.S. court for allegedly designing and deploying the spyware Pegasus to infiltrate the phones of at least 22 members of El Faro, a leading source of independent news in Central America and a partner organization of the OCCRP.
Once Pegasus infects a phone, it gives its operator full control of the device. The attackers can remotely access images and videos, contact lists, calendar entries, instant messages, emails, search histories, geolocations, or even the camera and microphone.
According to the Knight First Amendment Institute, which filed the case on behalf of the plaintiffs, “NSO Group’s spyware has been used by authoritarian and rights-abusing regimes around the world” as a weapon against “journalists, human rights activists, and political dissidents.”
El Faro director Carlos Dada, who says his phone was infected with Pegasus for at least 167 days, said they are filing this lawsuit to defend their “right to investigate and report,” as well as “to protect other journalists around the world.”
Members of El Faro only learned they might have been targeted by “state-sponsored attackers” when Apple notified a small number of users that they might have been hacked. On that list were 12 journalists of the Salvadoran news outlet.
The notification was emailed on Nov. 23, 2021, on the same day that Apple filed its own suit against the NSO Group, accusing the firm’s employees of being “notorious hackers” and “amoral 21st century mercenaries” for their role in state-sponsored Pegasus spyware.
A Dublin-based human rights watchdog released a statement last January denouncing the attacks and decrying “the lack of accountability for such egregious conduct by public authorities and private companies allows the surveillance culture to flourish and destroy human rights.”
According to the suit brought by the journalists, between June 2020 and November 2021 El Faro member’s devices “were accessed remotely and surreptitiously, their communications and activities monitored, and their personal data accessed and stolen.”
“Many of these attacks occurred when they were communicating with confidential sources, including U.S. Embassy officials, and reporting on abuses by the Salvadoran government,” it added.
According to Dada, these attacks “were an attempt to silence our sources and deter us from doing journalism.” When Apple warned the users who might have been hacked it said, “attackers are likely targeting you individually because of who you are or what you do.”
This suit appears to be the first of its kind filed by journalists against NSO Group in a U.S. court, a news release from the Knight Institute stated.
The actions by NSO Group allegedly violated the Computer Fraud and Abuse Act and the California Comprehensive Computer Data Access and Fraud Act by developing spyware and deploying it against El Faro’s journalists.
Carrie DeCell, the senior staff attorney with the Knight institute, believes that the U.S courts “must ensure that spyware manufacturers are held accountable for their actions where those actions violate U.S. law.”
The journalists want NSO Group to identify, return, and then delete all information it obtained through the attacks, prohibit the firm from deploying Pegasus again against the plaintiffs, and order them to reveal the client that purchased the software.