French President Emmanuel Macron heads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious Israeli spyware firm NSO Group, Amnesty International said on Tuesday.
"The unprecedented revelation... should send a chill down the spine of world leaders," Amnesty's secretary-general, Agnes Callamard, said in a statement.
Among potential targets found on a list of 50,000 phone numbers leaked to Amnesty and the Paris-based journalism, nonprofit Forbidden Stories include Presidents Cyril Ramaphosa of South Africa and Barham Salih of Iraq.
King Mohammed VI of Morocco and three current prime ministers — Imran Khan of Pakistan, Mustafa Madbouly of Egypt, and Saad Eddine El Othmani of Morocco — are also on the list, The Washington Post reported.
French government targeted
The newspaper said none of the heads of state would offer their smartphones for forensic testing that might have detected whether they were infected by NSO's military-grade Pegasus spyware.
Thirty-seven phones identified in the investigation were either breached or shows signs of attempted infection, it has been reported.
The Washington Post and 16 other members of a global media consortium called Forgotten Stories were granted access to the leaked list.
Another member of the group, the French daily Le Monde, determined that 15 members of the French government may have been among potential targets with Macron in 2019.
Following first reports by consortium members on Sunday, the Paris prosecutor’s office said it was investigating the suspected widespread use of NSO's military-grade Pegasus spyware to target journalists, human rights activists, and politicians in multiple countries.
On Tuesday Morocco’s government denied reports that their security forces may have used Pegasus spyware to eavesdrop on the French president.
"The Kingdom of Morocco strongly condemns the persistent false, massive and malicious media campaign,” a statement said.
"We reject these false and unfounded allegations, and challenges their peddlers ... to provide any tangible and material evidence in support of their surreal stories."
Amazon hosting NSO accounts
Also on Sunday, Amnesty released a forensic analysis of the alleged targeting that showed Amazon Web Services was hosting NSO infrastructure. In response, Amazon said it shut down NSO accounts that were "confirmed to be supporting the reported hacking activity".
Another US company identified by Amnesty as hosting NSO servers was DigitalOcean. When contacted by The Associated Press, DigitalOcean neither confirmed nor denied whether it had identified or cut off such servers.
"All of the infrastructure outlined in the Amnesty report is no longer on DigitalOcean," it said on Tuesday, without elaborating, in an emailed statement.
The consortium's findings significantly widen the scope of alleged abuses in which NSO Group has been implicated since 2016.
Family of Jamal Khashoggi surveilled
These include the surveillance of friends and relatives of journalist Jamal Khashoggi, who was killed inside the Saudi consulate in Istanbul in 2018 — and highlight what critics call the urgent need to regulate global sales of commercial hacking tools.
Le Monde said the phone numbers for Macron and the then-government members were among thousands allegedly selected by NSO clients for potential surveillance. In this case, the client was an unidentified Moroccan security service, according to Le Monde.
Consortium members said they were able to link more than 1,000 numbers in 50 countries on the list with individuals, including more than 600 politicians and government officials and 189 journalists. The largest share was in Mexico and the Middle East, where Saudi Arabia is reported to be among NSO clients.
Also on the list were phone numbers in Azerbaijan, Kazakhstan, Pakistan, Morocco, and Rwanda, as well as ones for several Arab royal family members, the consortium reported.
An official in Macron's office said authorities would investigate Le Monde's report, and if the targeting is proven, it would be "extremely grave".
Le Monde quoted NSO as saying the French president was never targeted by its clients.
NSO Group has denied that it ever maintained "a list of potential, past or existing targets". It called the Forbidden Stories report "full of wrong assumptions and uncorroborated theories".
The source of the leak — and how it was authenticated — has not been disclosed. While a phone number’s presence in the data does not mean an attempt was made to hack a device, the consortium said it was confident the data indicated potential targets of NSO’s government clients.
The Paris prosecutor’s office said in a statement on Tuesday that it opened an investigation into a raft of potential charges, including violation of privacy, illegal use of data and illegally selling spyware.
As is common under French law, the investigation doesn’t name a suspected perpetrator but is aimed at determining who might eventually be sent to trial. It was prompted by a legal complaint by two journalists and the French investigative website Mediapart.
Multiple lawsuits by alleged victims have been filed against NSO Group including by Facebook over the Israeli firm's alleged hacking of its WhatsApp application.