The mobile phones of dozens of staff at a leading Palestinian rights group were infected with spyware, revealing what appear to be the precise workings of the new Pegasus malware developed by Israel’s intelligence services, Israeli and Palestinian rights groups say.
It is feared that other government agencies are likely to be operating Pegasus as it began spreading rapidly in 2015, after the discovery by the Tor project that it targeted activists and journalists at Hamas in Gaza. The software has targeted similar groups in Egypt, Israel and Jordan.
Palestinian rights groups: officials met spies in Turkey Read more
Tareq Alhaj, the head of the Palestinian Centre for Human Rights (PCHR), said 30 employees of his organisation in the West Bank and Israel had all their phones infected, despite the fact that they work for him and not for any government agency.
A joint research project by the Centre for the Investigation and Combating of Terrorism (Cisl) and Amnesty International Middle East research documented the security breach of PCHR’s staff, both Palestinians and Israelis. PCHR has offices in Jerusalem, Ramallah, Bethlehem and Gaza.
Alhaj said Israeli intelligence agency Shin Bet approached him and asked him whether he was using the Pegasus spyware, but that he told them: “I don’t use that.”
He also said he was told by Shin Bet “to look for ways to use its content to catch Palestinian activists”.
There has been no comment from the Israeli military on the use of spyware against Palestinians.
Some of the PCHR staff apparently had their phones infected in 2013, with spies covertly monitoring the internet data on them as well as messages and private calls.
“It was clearly a deliberate move to target the human rights centre,” said Zachariah Lahat, a senior Cisl researcher. “It was their staff that were targeted – there was no doubt they were the intended target.”
The researchers also found numerous samples of Pegasus. “In our view, the military had spent a lot of money to develop this,” Lahat said.
Earlier this month, Shin Bet admitted that it used the Pegasus spyware against activists, which is a criminal offence in Israel, though the agency declined to comment on whether this included PCHR.
Western observers have reported similar patterns among Israelis, with Israeli lawyers in Jerusalem and Tel Aviv claiming that government officials paid private firms to install Pegasus on their computers.
The security analysis firm FireEye said it discovered that Pegasus had been used to surveil over 1,000 Palestinian and Israeli activists in Gaza and the West Bank, and Hamas officials in 2014.
The Israeli-Israeli security firm CEDIS, which uncovered the use of Pegasus against the Palestinian rights organisations Israeli human rights organisation B’Tselem. If true, it is the first time that Pegasus has been detected in Israel.
In 2015, human rights groups – including Amnesty International – were listed as targets of an Israeli spyware programme on WhatsApp, a suspected reference to Pegasus.