The mobile phones of more than 30 people in Jordan, including journalists, lawyers and activists, were hacked with the Israeli-made Pegasus spyware over several years, a new investigation has found.
The joint investigation, conducted by the Access Now internet advocacy group, the Citizen Lab rights group and other partners, highlighted on Thursday at least 35 cases of people who were targeted with the software, which is made by Israel’s NSO Group. Most of the cases dated from 2020 to late 2023.
Keep readinglist of 3 items
“We believe this is just the tip of the iceberg when it comes to the use of Pegasus spyware in Jordan, and that the true number of victims is likely much higher,” Access Now said.
While its report refrained from accusing Jordan’s government of deploying the spyware, it signalled that its use coincided with a dialling up of repression of “citizens’ rights to freedom of expression, association and peaceful assembly”.
The Jordanian government had no immediate comment on the report.
‘Pegasus much more intrusive’
Pegasus, which can seize control of a phone’s microphone and camera and access documents, made headlines when a 2021 leak suggested there were about 50,000 potential victims of the malware around the world, many of them dissidents, journalists and activists.
Those targeted in Jordan include two Human Rights Watch employees: Adam Coogle, deputy director for Middle East and North Africa, and Hiba Zayadin, senior researcher for Jordan and Syria. Both had received threat notifications from Apple in August that state-sponsored attackers had attempted to compromise their iPhones.
Access Now said Coogle’s phone was hacked in October 2022, just two weeks after the publication of a report documenting the persecution of citizens organising peaceful political dissent.
According to the report, many of those targeted had either worked on or covered a monthlong teachers’ strike in 2019, which prompted the authorities to arrest hundreds of teachers and dissolve their union.
The report also said about half of those found to have been targeted – 16 in all – were journalists or media workers.
Among them was Daoud Kuttab, a Palestinian-American journalist, who had his phone hacked three times in 2022 and 2023 and faced a further seven failed attempts.
He said most journalists working in the Middle East expect their phones to be tapped, adding he had learned not to click on links in messages purporting to be from legitimate contacts.
“In the past, it was only people overhearing what you say, but Pegasus is much more intrusive,” he was quoted as saying by The Associated Press news agency, expressing fears that bad actors could get access to his contacts.
“I don’t want to burn my contacts, I don’t want to hurt them,” he said.
NSO Group faces multiple lawsuits from Apple and others, but it continues to sell its products to governments around the world, claiming that it sells the spyware only to vetted intelligence and law enforcement agencies in the interests of peace.
But cybersecurity researchers who have tracked its use in 45 countries have documented dozens of cases of politically motivated abuse of the spyware – from Mexico to Thailand and Poland to Saudi Arabia.
In 2021, the United States blacklisted NSO Group, accusing it of developing and supplying the spyware to foreign governments “that used these tools to maliciously” target a range of actors, including journalists and activists.
Access Now’s regional policy director Marwa Fatafta said there was generally no oversight of companies offering such spying software, allowing the surveillance sector to continue its “secretive and shady” manner of business.
“Governments are feverishly purchasing their technologies to spy on their citizens and to crack down on civil society,” Fatafta said.
The NGO reiterated its call for an outright ban on any spyware that enables rights abuses.