The manufacturers of the powerful commercial spyware Pegasus argued in a Friday court filing that it is appropriate for its global clients to target any high-ranking government or military official with the technology because their jobs categorically make them “legitimate intelligence targets.” The statement is a revelatory admission from the typically tight-lipped Pegasus manufacturer, NSO Group, regarding who it believes can justifiably be targeted with its zero-click and all-seeing surveillance product. It surfaced in court documents related to a lawsuit WhatsApp has brought against NSO Group for allegedly infecting about 1,400 of its users’ devices with the technology. The hacks were discovered in 2019. NSO Group clients include or have included repressive regimes such as Hungary, the United Arab Emirates and Saudi Arabia. Pegasus technology was allegedly used to track journalist Jamal Khashoggi in the months before he was murdered by the Saudi government. The Israeli company’s statement comes as digital forensic researchers are increasingly finding Pegasus infections on phones belonging to activists, opposition politicians and journalists in a host of countries worldwide. NSO Group says it only sells Pegasus to governments, but the frequent and years-long discoveries of the surveillance technology on civil society phones has sparked a public uproar and led the U.S. government to crack down on the company and commercial spyware manufacturers in general. Friday’s court filing centers on a fight between NSO Group, WhatsApp and digital forensic researchers from Citizen Lab, whose experts helped research many of the Pegasus infections documented in the case. NSO Group wants Citizen Lab to turn over information about additional victim identities and how it made its analysis. The debate focuses on lists Citizen Lab produced classifying Pegasus infections as affecting either top government and military officials — referred to in the filing as the VIP list — or civil society leaders. NSO says the list of individuals Citizen Lab classified as VIPs includes 93 people the company describes as “high-ranking government or military officials.” “The VIP list is almost entirely comprised of persons who, by virtue of their positions in government or military organizations, are the subject of legitimate intelligence investigations,” an attorney for NSO Group wrote in the filing. “All the VIPs are legitimate intelligence targets.” The company accessed the lists through discovery because Citizen Lab worked with WhatsApp to help identify and alert civil society victims when the hacks were first found in 2019. Not all of the approximately 1,400 total victims are identified or classified in the lists obtained by NSO Group, which is seeking the additional names and classifications. An NSO Group spokesperson could not immediately be reached for comment on this story, but told Recorded Future News last week that it “complies with all laws and regulations and sells only to vetted intelligence and law enforcement agencies.” “Our customers use these technologies daily to prevent crime and terror attacks,” they said. The company does not disclose its client list, but the spokesperson noted it doesn’t work with Russia or its allies. NSO Group also appeared to suggest in court filings that opposition politicians can be legitimately surveilled with Pegasus. This assertion comes as Polish officials investigate what they have described as a Pegasus-enabled coordinated campaign by the country’s former majority to track hundreds of opposition party politicians and those aligned with them. “Citizen Lab appears to have drawn a distinction between politicians whose parties are in power (VIPs) versus politicians belonging to opposition parties (civil society),” the NSO Group lawyer wrote. “For purposes of determining whether an individual was legitimately surveilled (eg, as part of an intelligence operation) using Pegasus, defendants submit that this distinction is unjustified and all senior political operatives should be classified as VIPs.” Poland is far from the only country where Pegasus has targeted minority party officials and civil society leaders. In 2022, Citizen Lab published a report documenting that Pegasus was used to target at least 63 Catalan government officials and activists following a 2017 bid for independence. A spate of Pegasus infections targeting Indian journalists — whose most recent victims were made public in December by Amnesty International — is also cited by the NSO lawyer, who said that a “supposed” Indian journalist included on Citizen Lab’s list was sentenced to life imprisonment for “sedition and waging war against the nation.” Calling the journalist and some others Citizen Lab classified as civil society victims “criminals,” the lawyer suggests their inclusion on the list shows Citizen Lab has “hugely overreached… in an effort to further its agenda that the use of Pegasus against civil society targets is widespread.” The Indian government was found to have bought Pegasus from Israel in 2017. Multiple news reports have suggested that Indian Prime Minister Narendra Modi's government has used Pegasus to spy on and potentially even jail its critics. A forensic analysis of a device belonging to imprisoned Indian activist and Modi critic Rona Wilson found evidence that it was infected with Pegasus between 2017 and March 2018. In June 2018 Wilson was arrested on terror-related charges. The Citizen Lab lawyer argued in the filing that NSO Group has no standing to compel it to turn over information on Pegasus targets or its analysis. NSO Group is seeking a so-called letter rogatory to force disclosures from Citizen Lab. Letters rogatory are typically used to obtain evidence if permitted by the laws of the foreign country involved in a lawsuit. NSO Group is based in Israel, Citizen Lab in Canada and Meta, which owns WhatsApp, is in the U.S. “The core rationale for defendants’ request — their disagreement with The Citizen Lab’s categorization of listed individuals — is irrelevant,” the digital freedom research institute’s lawyer asserts. In order to compel material from Citizen Lab, NSO’s defense must show that individuals were “lawfully targeted by a U.S. law enforcement or intelligence agency,” the lawyer asserted. WhatsApp and Citizen Lab did not respond to requests for comment. In March, a California federal judge ordered NSO Group to turn over its closely guarded secret code as part of discovery in the years-long lawsuit, a decision seen as a major win for WhatsApp. Opposition ‘VIPs’
'Lawfully targeted'
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.