Project Fintech Adalah

What is The Pegasus Project, and how did it come about?

The Pegasus Project is a collaborative investigation into NSO Group, an Israeli “cyber intelligence” company that sells sophisticated spyware to governments around the world.

NSO Group insists that its mobile phone surveillance software, called Pegasus, is meant to help its clients combat crime and terrorism. But it has also been used to spy on journalists, activists, opposition politicians, and dissidents.

After years of criticism, the secretive company has recently become more communicative, publicizing its commitment to human rights and even publishing a “Transparency and Responsibility Report” in June 2021.

But the spyware intrusions haven’t stopped. That’s why more than 80 journalists, representing 17 media organizations around the world, have come together to produce this investigation.

It began when journalism nonprofit Forbidden Stories and human rights group Amnesty International gained access to a set of more than 50,000 leaked phone numbers believed to be a list of targets of NSO Group’s phone hacking software. As the coordinator of the project, Forbidden Stories then invited OCCRP, the Washington Post, the Guardian, and 13 other partners to help investigate.

In the course of the project, we identified hundreds of individuals who owned these phones. Sixty-seven of them were subject to forensic analysis to determine whether they had been infected, and 37 showed signs of Pegasus activity. This reporting, supplemented by additional databases, internal documents, interviews, court documents, and other sources, formed the basis of the Pegasus Project, an unprecedented effort to understand who has been targeted by the users of NSO Group’s software — and what happens to them next.

Who are the clients?

Based on the geographical clustering of the numbers on the leaked list, reporters identified potential NSO Group clients from more than 10 countries, mostly (but not always) one per country.

These countries include:

NSO Group insists that it sells its software only to governments, suggesting that the clients in these countries represent intelligence services, law enforcement agencies, or other official bodies.

Keterampilan yang harus dimiliki

We use cookies per our

to make your experience better.

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_userfeedback_surveys' doesn't exist] SELECT id,title,questions,settings,type FROM wp_userfeedback_surveys WHERE (status = 'publish' AND publish_at is null) OR (status = 'publish' AND publish_at < '2024-12-15 12:01:55') ORDER BY wp_userfeedback_surveys.id DESC

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_users' doesn't exist]SELECT * FROM wp_users WHERE ID = '1' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '556' AND `object_type` = 'post' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '556' AND `object_type` = 'post' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]INSERT INTO `wp_yoast_indexable` (`object_type`, `object_id`, `object_sub_type`, `permalink`, `primary_focus_keyword_score`, `readability_score`, `inclusive_language_score`, `is_cornerstone`, `is_robots_noindex`, `is_robots_nofollow`, `is_robots_noimageindex`, `is_robots_noarchive`, `is_robots_nosnippet`, `open_graph_image`, `open_graph_image_id`, `open_graph_image_source`, `open_graph_image_meta`, `twitter_image`, `twitter_image_id`, `twitter_image_source`, `primary_focus_keyword`, `canonical`, `title`, `description`, `breadcrumb_title`, `open_graph_title`, `open_graph_description`, `twitter_title`, `twitter_description`, `estimated_reading_time_minutes`, `author_id`, `post_parent`, `number_of_pages`, `post_status`, `is_protected`, `is_public`, `has_public_posts`, `blog_id`, `schema_page_type`, `schema_article_type`, `object_last_modified`, `object_published_at`, `version`, `permalink_hash`, `created_at`, `updated_at`) VALUES ('post', '556', 'page', 'https://iprorena.com/upvc/', '51', '60', '0', '0', NULL, '0', NULL, NULL, NULL, 'http://iprorena.com/wp-content/uploads/2020/07/9-1.jpg', NULL, 'first-content-image', NULL, 'http://iprorena.com/wp-content/uploads/2020/07/9-1.jpg', NULL, 'first-content-image', 'jasa pemasangan pintu jendela upvc', NULL, 'Spesialis UPVC | Pintu UPVC | Jendela UPVC %%page%% %%sep%% %%sitename%%', 'Beli pintu upvc dan jendela upvc di Project Arena. Pembayaran mudah dan pengerjaan cepat. Terdapat banyak pilihan bentuk dan tipe.', 'upvc', NULL, NULL, NULL, NULL, '10', '1', '0', NULL, 'publish', '0', NULL, NULL, '1', NULL, NULL, '2023-05-26 07:01:02', '2020-07-28 08:50:06', '2', '26:7d2d3591bc2f1753a6c67e77ef793eb2', '2024-12-15 12:01:55', '2024-12-15 12:01:55')

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable_hierarchy' doesn't exist]DELETE FROM `wp_yoast_indexable_hierarchy` WHERE `indexable_id` = '0'

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '1' AND `object_type` = 'user' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '1' AND `object_type` = 'user' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_users' doesn't exist]SELECT * FROM wp_users WHERE ID = '1' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_users' doesn't exist]SELECT * FROM wp_users WHERE ID = '1' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_seo_links' doesn't exist]SELECT `target_post_id` FROM `wp_yoast_seo_links` WHERE `url` = 'http://iprorena.com/wp-content/uploads/2020/07/9-1.jpg' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_seo_links' doesn't exist]SELECT `target_post_id` FROM `wp_yoast_seo_links` WHERE `url` = 'http://iprorena.com/wp-content/uploads/2020/07/9-1.jpg' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_users' doesn't exist]SELECT * FROM wp_users WHERE ID = '1' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_type` = 'home-page' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_type` = 'home-page' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]INSERT INTO `wp_yoast_indexable` (`object_type`, `title`, `breadcrumb_title`, `permalink`, `blog_id`, `description`, `is_robots_noindex`, `open_graph_title`, `open_graph_image`, `open_graph_image_id`, `open_graph_description`, `open_graph_image_source`, `open_graph_image_meta`, `object_published_at`, `object_last_modified`, `version`, `permalink_hash`, `created_at`, `updated_at`) VALUES ('home-page', '%%sitename%% %%page%% %%sep%% %%sitedesc%%', 'Home', 'https://iprorena.com/', '1', 'Interior & Exterior Solution', '0', '%%sitename%%', '', '0', '', NULL, NULL, '2020-10-03 03:26:36', '2024-05-17 14:18:18', '2', '21:1db8a2639465694cca983b698d3ba495', '2024-12-15 12:01:55', '2024-12-15 12:01:55')

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '30' AND `object_type` = 'post' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '30' AND `object_type` = 'post' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]INSERT INTO `wp_yoast_indexable` (`object_type`, `object_id`, `object_sub_type`, `permalink`, `primary_focus_keyword_score`, `readability_score`, `inclusive_language_score`, `is_cornerstone`, `is_robots_noindex`, `is_robots_nofollow`, `is_robots_noimageindex`, `is_robots_noarchive`, `is_robots_nosnippet`, `open_graph_image`, `open_graph_image_id`, `open_graph_image_source`, `open_graph_image_meta`, `twitter_image`, `twitter_image_id`, `twitter_image_source`, `primary_focus_keyword`, `canonical`, `title`, `description`, `breadcrumb_title`, `open_graph_title`, `open_graph_description`, `twitter_title`, `twitter_description`, `estimated_reading_time_minutes`, `author_id`, `post_parent`, `number_of_pages`, `post_status`, `is_protected`, `is_public`, `has_public_posts`, `blog_id`, `schema_page_type`, `schema_article_type`, `object_last_modified`, `object_published_at`, `version`, `permalink_hash`, `created_at`, `updated_at`) VALUES ('post', '30', 'page', 'https://iprorena.com/', '27', '90', '0', '0', NULL, '0', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'jasa renovasi rumah & bangunan', NULL, 'Jasa Renovasi Rumah & Bangunan %%page%% %%sep%% %%sitename%%', 'Project Arena Perusahaan Jasa Renovasi Rumah & Bangunan Terbaik | Call : (061) 80011340 / 0811-6360-333 . Interior & Exterior Solution.', 'Beranda', NULL, NULL, NULL, NULL, '1', '1', '0', NULL, 'publish', '0', NULL, NULL, '1', NULL, NULL, '2024-03-01 14:02:03', '2020-04-13 11:18:54', '2', '21:1db8a2639465694cca983b698d3ba495', '2024-12-15 12:01:55', '2024-12-15 12:01:55')

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '1' AND `object_type` = 'user' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable' doesn't exist]SELECT * FROM `wp_yoast_indexable` WHERE `object_id` = '1' AND `object_type` = 'user' LIMIT 1

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable_hierarchy' doesn't exist]SELECT `ancestor_id` FROM `wp_yoast_indexable_hierarchy` WHERE `indexable_id` = '0' ORDER BY `depth` DESC

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_yoast_indexable_hierarchy' doesn't exist]SELECT `ancestor_id` FROM `wp_yoast_indexable_hierarchy` WHERE `indexable_id` = '0' ORDER BY `depth` DESC

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_usermeta' doesn't exist]SELECT user_id, meta_key, meta_value FROM wp_usermeta WHERE user_id IN (1) ORDER BY umeta_id ASC

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_users' doesn't exist]SELECT * FROM wp_users WHERE ID IN (1)

Galat basis data WordPress: [Table 'rorh9166_wp539.wp_users' doesn't exist]SELECT * FROM wp_users WHERE ID = '1' LIMIT 1

Investigative methodology

The leaked list of targeted phone numbers provides an indication of being a "person of interest" and a first indication of possible hacking, to be confirmed via direct forensic examination of the phone. According to Amnesty, "The Citizen Lab at the University of Toronto independently peer-reviewed a draft of their forensic methodology outlined in Forensic Methodology Report: How to catch NSO Group's Pegasus.[10][3] Amnesty also published various tools or data from this investigation, including a Mobile Verification Toolkit (MVT)[3] and a GitHub repository listing indicators of NSO/Pegasus compromised devices.[3][11] Some emerging unverified online services claim to be able to assess an infection by Pegasus, but their usage is discouraged as possible scams themselves.[12] Amnesty and Forbidden Stories received numerous queries for checking devices but were not able to satisfy the demand for assistance.[12]

The investigation suggested that Pegasus continued to be widely used by authoritarian governments to spy on human rights activists, journalists and lawyers worldwide, although NSO claims that it is only intended for use against criminals and terrorists.[1][13]

A French journalist noted that "in a matter of cyber-surveillance, we observe that abuse is de facto the rule".[14] Forbidden Stories argues the Pegasus software and its usages de facto constitute a global weapon to silence journalists.[15]

Forensic Architecture and the Pegasus Project lead a data analysis and built a data visualisation plotting attempt hacking of dissidents together with real-life intimidations, threats or violence. They have argued that Pegasus has become a key tool for states to repress their own people.[16]

Targets include known criminals as well as human rights defenders, political opponents, lawyers, diplomats, heads of state and nearly 200 journalists from 24 countries.[17] The Guardian mentioned 38 journalists in Morocco, 48 journalists in Azerbaijan, 12 journalists in the United Arab Emirates and 38 journalists in India as having been targeted.[18] Some of the targets whose names have been revealed are listed below; the list is non-exhaustive.

What does it mean to get infected by Pegasus?

Many people targeted by Pegasus have reported receiving text messages attempting to trick them into clicking on an accompanying link. The experience can be frightening and extremely invasive, even before any infection occurs.

Carmen Aristegui, a Mexican investigative journalist, received dozens of messages impersonating the U.S. Embassy in Mexico, her colleagues, and even her bank and phone company.

“Carmen my daughter has been missing for 5 days, we are desperate, I would be grateful if you help me by sharing her photo,” read one message, accompanied by a malicious link.

Aristegui’s son, then a minor, also received such texts, including a “warning” that his social media account had been compromised. “Friend, there is a pseudo account on fb and twitter identical to yours check it out so you can report it,” it read.

Such “phishing attempts,” as they are widely known, have become so commonplace that many people have learned to be on their guard.

But the Pegasus software has gradually become more sophisticated, with the most recent versions able to gain entry to a target’s mobile phone without requiring them to click on a link, or take any action at all.

Once installed, Pegasus can extract data, conversations, contacts, and call logs from the victim’s phone. It can even switch on microphones and cameras to silently record live audio and video.

For a fuller explanation of what Pegasus can do, read OCCRP’s explainer.

How do we know it was NSO Group?

The process of identifying Pegasus infections begins with one fortunate fact: Years ago, NSO Group was not as careful at hiding its traces as it is today.

In setting up a Pegasus attack against Ahmed Mansoor, a dissident from the United Arab Emirates who was hacked in 2016, NSO Group left several references to the name “Pegasus” in the malware that infected his phone. The network infrastructure used to conduct the attacks also left a trail that led researchers back to NSO Group servers.

Researchers say that NSO Group’s software has become more clever at hiding its traces in recent years, including intentionally altering system files to hide evidence of infection.

However, when Amnesty International carried out forensic audits of dozens of phones belonging to people whose numbers appeared on the newly leaked lists, they identified uniquely configured web servers that matched the ones identified in 2016.

Also connected to the same Pegasus network infrastructure are iOS “processes” — small programs not necessarily visible to the user — that appeared on infected phones and did not match any legitimate code released by Apple.

“There’s a sequence that shows a website was being visited, an application crashed, some files were modified, and all of these processes executed in a matter of seconds or even milliseconds,” said Claudio Guarnieri, head of Amnesty International’s Security Lab. These processes, he said, were the same ones found in previously known Pegasus infections.

One process called “BH” or “BridgeHead,” identified after an analysis of Mansoor’s phone in 2016, kept appearing throughout the more recently analyzed phones as well. It appears to be a key component of the Pegasus toolkit.

“There's no doubt in my mind that what we're looking at is Pegasus,” Guarnieri said. “The characteristics are very distinct and all of the traces that we see confirm each other, essentially. There are no contradictory forensic traces that we have seen.”

Along with this project, Amnesty International is publishing the full technical analysis that allowed their researchers to reach these conclusions. It was independently reviewed by Citizen Lab, a research center at the University of Toronto that has years of experience investigating NSO Group. The Citizen Lab researchers concurred with Amnesty International’s analysis.

What does “selected for targeting” mean? Were these people actually hacked?

A key part of the Pegasus Project is a list of over 50,000 phone numbers in nearly 50 countries, which is believed to be a list of numbers that have been “selected for targeting” by NSO clients.

This is a characterization that NSO Group has rejected. (See question 10 below for more on NSO Group’s response to the data, which can be read here in more detail.)

However, reporting by The Pegasus Project builds a case that the list indeed contains cell phone numbers selected by NSO Group clients for targeting with Pegasus. There is no evidence or suggestion that the company itself compiled or had any knowledge of these numbers.

The list does not include identifying information, but reporters were able to independently identify the owners of over 1,000 numbers. OCCRP focused on identifying numbers from Azerbaijan, Kazakhstan, and Rwanda.

In many of these cases, the phone numbers identified were consistent with persons of interest to governments, including both legitimate security threats like terrorists and hundreds of independent journalists, dissidents, and members of the political opposition.  Furthermore, some of these numbers appeared on the list during time periods corresponding to real world events — such as elections, arrests, or the release of compromising private information — in ways that suggest a correlation with the data.

Pegasus Project partners spoke with off-the-record industry insiders who corroborated key issues, found that court documents from WhatsApp’s suit against NSO Group contained some of the same numbers as on the leaked list, and confirmed other details that further corroborated the Pegasus Project’s understanding of the data.

The strongest indication that the list really does represent Pegasus targets came through forensic analysis.

Amnesty International's Security Lab examined data from 67 phones whose numbers were in the list. Thirty-seven phones showed traces of Pegasus activity: 23 phones were successfully infected, and 14 showed signs of attempted targeting. For the remaining 30 phones, the tests were inconclusive, in several cases because the phones had been replaced.

Fifteen of the phones in the data were Android devices. Unlike iPhones, Androids do not log the kinds of information required for Amnesty’s detective work. However, three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

In a subset of 27 analyzed phones, Amnesty International researchers found 84 separate traces of Pegasus activity that closely corresponded to the numbers’ appearance on the leaked list. In 59 of these cases, the Pegasus traces appeared within 20 minutes of selection. In 15 cases, the trace appeared within one minute of selection. This strongly suggests the list represents the selection of numbers for targeting by state actors.

There is still much we can’t prove about the list: how it was compiled, who compiled it, or how it was used. Just because a number was included does not necessarily mean it was compromised. The list may include phone numbers where an attempted infection was unsuccessful, or where no attempt was made.

Was Pegasus ever used for its stated purpose of targeting terrorists and criminals?

Yes. Numbers belonging to known criminals appeared on the leaked list for some countries. However, these are naturally harder to identify than the numbers of journalists and politicians. Tens of thousands of the leaked numbers remain unidentified, and the true proportion of criminals in the data may never be fully known.

Government investigations

On 20 July 2021, it was reported that French prosecutors would investigate allegations that Moroccan intelligence services used Pegasus to spy on French journalists.[127]

France's national agency for information systems security (ANSSI) identified digital traces of Pegasus on three journalists' phones and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking.[92]

Peran utama dalam perencanaan, pelaksanaan, pemantauan, pengendalian dan penutupan proyek

What’s new here? What does the Pegasus Project add to what’s known about NSO Group?

Years of reporting by investigative journalists and digital rights advocates has led to the identification of many victims of NSO Group’s software on an ad hoc basis. But those cases depended on the targets coming forward themselves after receiving a suspicious message or otherwise having reason to think their phones were breached.

The Pegasus Project approached the topic from the other direction, identifying potential victims from a leaked list of numbers believed to be selected as targets by NSO Group’s clients.

This allowed reporters not only to identify many new victims, but also to leverage the list as a basis for examining the accuracy of long-held contentions that Pegasus is systematically used to target journalists, activists, and other non-criminal figures. The reporting found widespread additional evidence that this is the case, painting the most complete picture to date of what Pegasus does around the world.