Forensic Architecture's investigation Digital Violence maps the surveillance of journalists and human rights activists worldwide by state clients of the spyware company NSO Group (all images courtesy Forensic Architecture)

In 2018, the world was horrified to learn that the Saudi journalist and political dissident Jamal Khashoggi was brutally assassinated and dismembered at his country’s consulate in Istanbul, Turkey. Released earlier this year, a report by US intelligence agencies concluded that the assassination was personally authorized by Saudi Crown Prince Mohammed bin Salman, who continues to deny any direct involvement. Two months after the gruesome murder in 2018, an associate of Khashoggi, Montreal-based Saudi dissident Omar Abdulaziz, filed a lawsuit against the Israeli spyware company NSO Group, claiming that it helped Saudi intelligence services hack his mobile phone device to spy on his communications with the slain journalist. The case brought increased attention to the surveillance firm, which has faced multiple accusations of enabling oppressive regimes worldwide to target journalists, dissenting government officials, and human rights activists.

Scrutiny over NSO has reached new levels this month with two separate investigations probing the company’s global surveillance activity. The first was Digital Violence, a comprehensive platform by the London-based research collective Forensic Architecture (FA), unveiled on July 3 in a group exhibition at Berlin’s Haus der Kulturen der Welt (HKW).

It was followed on July 18 by the Pegasus Project, a massive data leak of 50,000 phone numbers released by a consortium of media outlets including the Guardian, Washington Post, Die Zeit, Süddeutsche Zeitung, and Le Monde. Both projects examined the use of NSO’s flagship spyware Pegasus, which was allegedly used by governments not just to target dissenters and journalists but also to surveil heads of states, including French president Immanuel Macron. (NSO denied the allegations in a comment to the Guardian).

FA’s multifaceted project includes an interactive database tracking the global use of NSO’s malware against journalists and activists over the years; video investigations narrated by NSA whistleblower Edward Snowden; and a digital diagram mapping NSO’s corporate affiliations. The comprehensive project is designed to be used as evidence in future legal cases, according to the group.

In addition, FA has enlisted musician and human rights advocate Brian Eno to compose a “data sonification” piece. The sound work is featured in a new album on the Arabic music website Ma3azef. (Proceeds will go to the nonprofits Medical Aid for Palestine and Grassroots Al-Quds.) Furthermore, a behind-the-scenes short film by Laura Poitras, who also directed the documentary Citizenfour about Snowden, is currently on view at n.b.k gallery in Berlin and was screened at the 2021 Cannes Film Festival.

“Our investigation revealed patterns in how Pegasus is used worldwide, and how digital violence is interlaced with serious physical consequences for those targeted,” Shourideh C. Molavi, FA’s lead researcher in Digital Violence, told Hyperallergic in email. Drawing a distinction between her group’s investigation and the data revealed in the Pegasus Project, Molavi wrote, “The people we interviewed in our Pegasus Stories videos were not targeted as individuals, but rather as networks of collaboration. The forensic cases of this recent incredible leak shows exactly the same patterns.”

In an email to Hyperallergic, a spokesperson for NSO called the allegations in FA’s investigation “Recycled claims filled with inaccuracies and half-truths.” The spokesperson noted that the company has started implementing a new “compliance and human rights policy,” which “investigates all credible claims of misuse, and takes appropriate action based on the results of its investigations.”

“This includes shutting down a customer’s system — a step NSO has taken several times in the past, and will not hesitate to take again if a situation warrants,” the spokesperson added. Responding to Hyperallergic’s question about the company’s alleged involvement in the murder of Khashoggi, the representative wrote:

As we have stated previously, NSO’s technology was not used or associated in any way with the heinous murder of Jamal Khashoggi. NSO conducted a thorough investigation into this matter, as the company does with claims of misuse, and found the allegations to be unfounded. As part of the licensing contract with NSO, customers are required to comply fully with any investigation, which they did in this inquiry.

NSO Group was founded in 2010 by former members of the Israeli Intelligence Corps. Its powerful flagship software Pegasus is reportedly capable of penetrating and collecting data from smartphone devices — contact lists, text messages, GPS location, emails, calendar appointments, and more — through malicious spyware. It also allows customers to listen to calls, track keystrokes, and activate the targeted phone’s camera and microphone for real-time surveillance, all without leaving any digital traces.

One of NSO’s hacking tactics has been to send convincing personal text messages to targets. Several journalists and activists who were interviewed by FA said they received text messages promising them exclusive scoops related to their investigations. Once they clicked on links provided in these messages, their phones were infected with Pegasus. But according to the Guardian‘s report, new updates to Pegasus allow “zero-click” attacks, meaning they don’t require a user to click on a link for their phone to be infected.

An infectious text message sent to Mexican journalist Carmen Arestigui using NSO Group’s Pegasus spyware, according to the Digital Violence project

Carmen Arestigui, a Mexican journalist who was interviewed by FA, said that she was tricked into opening deceptive messages designed to appear as if sent by friends and acquaintances reporting the death of individuals who were still alive. “There were many messages that were based on information about our family, our friends, our home address in Mexico City,” the journalist said. “By including the name of your friend or the person who would have died … well, you couldn’t not open it.” Aristegui, a journalist known for investigating cases of government corruption and fraud in her country, added that the Mexican authorities later targeted the phones of her son and several of her colleagues.

In 2016, Apple issued a critical software update to patch security flaws in its iPhone operating system after Pegasus was used to spy on dissidents’ iPhones in the United Arab Emirates, Business Insider reported. The following year, an investigation by Citizen Lab revealed that the company operates in at least 45 countries, from the United States to Kazakhstan and Mexico. An Amnesty International report from 2018 charged the company of enabling the Saudi government of hacking and monitoring mobile devices of dissenters, including its own staff members. The human rights organization filed a petition in an Israeli court in May of 2019, demanding to stop export licenses for Pegasus. The case was dismissed in 2020 for “insufficient evidence.” Also in 2019, the messaging company WhatsApp filed suit in a California state court against NSO Group, alleging that the company had hacked WhatsApp’s servers to plant Pegasus on 1,400 user devices worldwide. WhatsApp also claimed that members of its legal team who challenged NSO in court were also attacked with the malware.

A Pegasus-infected text message sent to Maati Monjib, a Morrocan historian and human rights activists, according to the Digital Violence project

“NSO Group’s Pegasus spyware needs to be thought of and treated as a weapon developed, like other products of Israel’s military industrial complex, in the context of the ongoing Israeli occupation,” said FA’s director Eyal Weizman in a statement. “It is disheartening to see it exported to enable human rights violations worldwide.”

The Israeli government licenses the export of NSO’s products to foreign states and maintains close coordination with the company. As a result of the recent revelations, the Israeli government formed a task force to try to prevent a diplomatic crisis with countries like France and others and announced a commission to examine the possible misuse of NSO’s surveillance software.

NSO’s digital attacks often overlap with physical violence against activists, according to FA’s investigation. Victims report break-ins, harassment, intimidation, and in some cases, murder. In the case of Arestigui, the hacks led to a police raid of her publication’s offices. The journalist and her team were later fired by the publication and sued for damages, according to FA’s investigation.

FA’s analysis of the data recognized certain patterns in NSO’s activity. For example, the group found that digital infections do not target civil society actors as individuals, but rather networks of collaboration. The investigation also found that digital targeting extends the reach of state power to include human rights dissenters in exile, while also physically targeting their colleagues and families in their home country.

“It’s exactly as if you were put in front of people and stripped naked and forbidden from protecting your nudity,” said Father Pierre Marie-Chanel Affognon, a Togolese priest who says he was targeted by Pegasus. “It’s a violence, it’s a violence,” he repeated.

Hakim Bishara is a Senior Editor at Hyperallergic. He is a recipient of the 2019 Andy Warhol Foundation and Creative Capital Arts Writers Grant and he holds an MFA in Art Writing from the School of Visual...