The Pegasus Project: What Is It?

The Pegasus Project is a collaborative investigation exploring the scope and scale of the NSO Group surveillance data leak. Forbidden Stories, a non-profit organization, coordinates the project with 17 media organizations and more than 80 journalists across 10 countries. Amnesty International’s Security Lab provides technical support.

Recently the Pegasus Project has come into the limelight because of its shocking revelations on how governments use spyware applications and tracking technologies to keep tabs on journalists, activists, politicians, diplomats and other prominent figures.

The list of affected people includes three sitting presidents from France, Iraq and South Africa, three prime ministers from Pakistan, Egypt and Morocco, several former prime ministers, 85 human rights activists, 189 journalists, 65 corporate executives, and more victims.

An image featuring surveillance data leak concept with a person wearing a hoodie and representing a hacker and is using his pc

Read on to learn more about the project, its key findings and global impact.

The Pegasus Project Reports on the Surveillance Impacts of the Pegasus Spyware

An image featuring surveillance concept

The project’s name references the Pegasus software, a powerful spyware application developed by Israeli security firm NSO Group. 

The company sold this hacking tool to various governments around the world, which used it to spy on their adversaries. Amnesty International, Forbidden Stories and its partners gained access to over 50,000 records of phone numbers that NSO clients had under surveillance in different countries.

NSO Group has disputed much of what the Pegasus Project has found through its investigations. The company has said it will launch its own investigation into the claims of misuse before taking any corrective measures. Officially, though, NSO maintains that it only sells its products to governments, and the intended purpose of its products is to simply collect data from individuals—more specifically, their mobile devices—who are suspects in various cases of terror and crime.

An image featuring surveillance concept

Looking at the capabilities that the Pegasus software affords to its users, it’s easy to see how and why governments and other major actors would want to use it for more than catching criminals.

The Pegasus spyware app is able to install itself on a smartphone device without any input from the device’s owner. Once any given device is infected with Pegasus, the NSO client has complete control of it. Crucially, they can access communications from both default messaging apps and encrypted platforms like Signal and WhatsApp.

What’s more, Pegasus can also control the camera and microphone on the target device.

NSO Group’s Response

An image featuring the logo of NSO Group on a phone on top of a laptop

That’s according to Forbidden Stories and the investigation it led. As mentioned above, the Israeli NSO Group always maintained that there were no major reports about the misuse of its products. But Forbidden Stories found that governments and other actors had misused the spyware application for years.

The leaked information that the investigative team accessed had information on more than 180 journalists belonging to countries such as France, Morocco, Hungary, Mexico and India.

That means some governments or other actors had selected them as targets when they bought privileges to use Pegasus.

The Pegasus Project report also mentions potential other targets, such as:

  • Academics
  • Human rights activists
  • Business leaders
  • Lawyers
  • Head of states
  • Politicians
  • Diplomats
  • Union leaders
  • Doctors
An image featuring surveillance concept

NSO Group disputes these findings. In a letter sent to Forbidden Stories and its partners, the company argued that the reporting was not consistent and came to conclusions based on uncorroborated theories and inaccurate assumptions. The company continues to insist Pegasus Project journalists did not practice good judgment when analyzing the data.

According to the company, journalists working as part of the Pegasus group did not interpret the leaked data correctly and relied on overt basic information.

NSO Group also mentioned that journalists made use of HLR Lookup services that didn’t have any bearing on the list of targets NSO Group customers spied on using its products.


An image featuring mobile surveillance concept

Journalists working on the Pegasus Project met with victims in different parts of the world, finding them through the leaked phone numbers. The Pegasus Project also carried out forensic analyses of the victims’ phones with help from Amnesty International’s Security Lab, which published a comprehensive report on its forensic methodology. Citizen Lab, a unit of the University of Toronto, also peer-reviewed their results.

The journalists also managed to study the surveillance weapon, a novel opportunity of its kind. Through those studies, the Pegasus Project came to an understanding of how the spyware infected different smartphone devices.


Things the Pegasus Spyware Can Do
The security firm Kaspersky Labs mentions that the spyware can:

  • Read messages
  • Scan emails
  • Listen to the infected device’s calls
  • Take photos
  • Record keystrokes
  • Read browser history
  • Access contacts

As mentioned, the spyware can hijack a given device’s camera and microphone at any time. Hence, it can transform a device from a simple smartphone to a surveillance device that works in real-time.

Judging by the complexity of the tasks Pegasus can take on, it is safe to assume that if you don’t have a high-level and public position, you are likely safe from Pegasus.

When Was the First Time Someone Caught Pegasus?
Around 2016, researchers discovered an iOS version of Pegasus. Then, they found some on Android phones. Back then, it was simple enough to require the user of a given device to click on a link sent through an SMS text to install itself on the phone.

However, it evolved. And the latest version requires no click on any link. This type of spyware is known in the cybersecurity community as a zero-click exploit.

Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment