35 Jordanian Lawyers, Journalists, and Activists Infected by Pegasus Spyware

No less than 35 political activists, journalists, and human rights lawyers in Jordan have had their mobile devices infected by NSO Group’s Pegasus spyware, according to a joint investigation published by Access Now.

Cellphone MalwareThe latest victims of the Pegasus spyware include activists, journalists, and lawyers from Human Rights Watch, Amnesty International, and OCCRP. (Photo: Blogtrepreneur, Flickr, License)In collaboration with Citizen Lab and international partners, the investigation uncovered that yet another country has had its press freedoms and rights to privacy violated by the Israeli intelligence firm’s malware only governments can purchase.

Classified by Israel's Ministry of Defense as a weapon, Pegasus was supposedly designed to allow governments to spy on criminals and terrorists.

However, the latest victims of the malware—which does not require any input or authorization from the phone’s user in order to successfully infect and control it—include activists, journalists, and lawyers belonging to Human Rights Watch, Amnesty International, and OCCRP.

Some of those targeted also faced multiple attacks and, over a period between 2019 and 2023, had their phones reinfected up to nine times, Access Now said.

The surveillance campaign went unnoticed until March 2021, when it was discovered that a Jordanian human rights lawyer’s phone had been hacked. By early 2022, Citizen Lab confirmed that senior level personnel at Human Rights Watch had their phones infected by Pegasus in a zero-click attack.

The attack occurred exactly two weeks after the advocacy group published a report on increasing levels of government repression in Jordan.

Two OCCRP journalists in Jordan similarly endured multiple infiltration attempts.

Rana Sabbagh, senior editor for the Middle East and North Africa (MENA) region, had her phone compromised by the spyware between February and April 2021. Lara Dihmis, a MENA investigative reporter, was also hacked by Pegasus infiltrators.

Dihmis first became aware her phone was infected in November 2021, when Apple notified her that “state-sponsored attackers may be targeting your iPhone.” She has since received the same notification three additional times, the latest in October 2023.

Apple filed a lawsuit against NSO Group in November 2021, in an effort to ban the intelligence firm’s spyware from carrying out any further interference against its products and services.

Hackers have also resorted to social engineering as a means to successfully bring a target’s phone under their control. Screenshots provided to Access Now by victims show that their perpetrators posed as journalists seeking interviews.

Embedded within the hackers’ messages, however, were malicious links that allowed the Pegasus spyware to breach its target’s security protocols. This subsequently gave them control over the phone’s camera, microphone, and complete access to any sensitive files, emails, or communications.

The timeline of the 35 attacks coincide with Jordanian authorities ramping up their repression of citizens’ rights, freedom of expression and peaceful assembly. In 2021, civil society group Civicus reclassified Jordan’s civic space as “repressed”; while in 2023, the democratic advocacy group Freedom House rated Jordan as “Not Free” in its Global Freedom Report.

Between March and April 2022, Jordanian police arrested hundreds of journalists, politicians, and activists under vague stipulations of the country’s 1960 penal code, Access Now said.

In 2020, the Jordanian Teachers Syndicate, the country’s largest union, was forcibly dissolved following a month-long teachers’ strike in 2019. Police arrested roughly 1,000 teachers who protested their union’s dissolution; authorities issued a gag order on the case, forbidding any coverage by local media.

Deprived of its anonymity following the release of the Pegasus Project in 2021, it was revealed that NSO Group has been selling its spyware to governments and then leaving them alone to use it how they please; the Israeli intelligence firm has admitted it does not keep tabs on whether its clients actually use Pegasus to combat organized crime or terrorism.

Victims of NSO Group’s clientele include citizens of Mexico, Kazakhstan, Azerbaijan, and Hungary, to name but a few of the nearly 50 countries targeted, across more than 50,000 phone numbers. It was even deployed against French president Emmanuel Macron and an exiled Russian journalist who dared to be critical of Vladimir Putin’s regime.

The Israeli intelligence firm claims its signature software is only meant to go after terrorists and criminals and has denied any wrongdoing; the firm has insisted that it is ultimately not responsible for how its clients use its spyware.

Apparently in disagreement, the U.S. blacklisted NSO Group in November 2021 for enabling “foreign governments to conduct transnational repression.”

When asked for comment on the latest attacks in Jordan, an NSO Group Spokesperson told OCCRP that the company “complies with all laws and regulations and only sells to vetted intelligence and law enforcement agencies.”

“Our customers use these technologies to prevent crime and terror attacks daily,” the spokesperson added.

They also told OCCRP that NSO Group “initiated and implements the industry’s leading compliance and human rights program, which protects against misuse by government entities and is investigating all credible claims of misuse.”