France’s cybersecurity agency has confirmed the mobile phones of two French journalists from the investigative news outlet Mediapart were hacked with the Pegasus spyware, the first instance of such surveillance being detected by a government agency.
The hacking of the phones of Lénaïg Bredoux and Edwy Plenel, the two journalists from Mediapart, was earlier detected by Amnesty International’s security lab as part of the reporting by an international consortium of journalists on the targeting of 50,000 phone numbers around the world by clients of the Isreali firm NSO Group, which developed Pegasus.
The hacking of their phones with Pegasus was confirmed by IT specialists from the Agence Nationale de la Securite des Systemes d’Information (ANSSI) on Thursday, Mediapart reported. In both cases, the specialists reached the same conclusions as Amnesty International’s security lab regarding the “Pegasus infection, its modalities, dates and duration”, the report said.
The phones of the two journalists were checked at the Paris headquarters of ANSSI by specialists from the central office for the fight against crime related to information and communication technologies (OCLCTIC). This was part of a preliminary investigation launched on July 20 by the public prosecutor of Paris, Rémy Heitz, a day after Mediapart filed a formal complaint.
“This confirmation was recorded during the hearings, during which our two journalists explained why both the technical evidence and the chronological contexts designated the Moroccan intelligence services as the operators of this espionage,” Mediapart said in its report in French.
France opened a probe into the matter after it emerged that French President Emmanuel Macron was among those targeted for surveillance, apparently at the behest of Moroccan government agencies.
NSO Group, currently at the centre of a global controversy over misuse of its Pegasus spyware to hack phones of journalists and politicians, has temporarily blocked several government clients from using its technology, an unnamed company told NPR on Thursday.
The move came a day after Israeli authorities conducted an inspection of NSO Group’s office over the reports of misuse of Pegasus around the world.
An international media consortium last week began publishing reports based on what is believed to be a leaked list of 50,000 phone numbers worldwide that were targeted by NSO’s customers for surveillance. Evidence of the Pegasus spyware was found on 37 of 67 phones examined by forensic experts, including in India.
NSO says its software is sold only to government customers after vetting by Israeli authorities. The Indian government has denied all wrong-doing and has also not confirmed or denied acquiring the Pegasus spyware.