The advocacy group Human Rights Watch (HRW) said on Sunday that cellphones of staffers from the Palestine Human Rights Organization had been infected with spying software designed to collect data on journalists, activists and politicians.
The report published by HRW comes amid speculation of increased spying after Yahoo said in December it had suffered a major breach that affected roughly 1 billion users. News reports that Russian operatives had used such programs to target U.S. politicians and campaign officials last year were expected to add to concerns about security vulnerabilities.
The “Committee to Protect Journalists’ mobile app” reported that a friend’s iPhone had been infected after an app from a developer named Pegasus was downloaded to the phone after the friend messaged the app developer in July.
The app says it helps users connect with developers or “is about services or features developers might need to build better tools to protect users, and help build better tools for developers to distribute.” It includes a section under “Dark Web and Leverage in the Digital Revolution.”
Also Sunday, the Electronic Frontier Foundation, a digital civil liberties group, said that the software had likely been leaked. On Sunday night, the New York Times reported that several staffers for HRW had been targeted by government intelligence agencies.
Jody Williams, the president of HRW, told the Times the attack on her organization’s employees did not amount to a serious espionage operation.
“We’ll disclose it when we see the strength of the evidence,” she said. “We’re not going to play games with it.”
According to a LinkedIn profile for Ken, the chief technical officer of Pegasus International, his services include “customer support, product releases and tracking reports” for “two of the largest mobile operating systems in the world.”
Ken and Pegasus’s other chief technical officer, Marcos Correa, did not immediately respond to emailed requests for comment. Correa has worked on various other spyware platforms, including Blackphone, according to previous media reports.
Earlier this month, Yahoo disclosed a large data breach in 2018 that affected more than half a billion users. The financial information of roughly 1 billion Yahoo users was accessed between late 2014 and July 2017.
Yahoo has not identified what information might have been accessed.
The Israeli spyware was invented by Raphael Kolko, the founder of Israeli firm Mifare, and installed on phones. Kolko allegedly founded Pegasus, its creators say, to steal confidential data and attack clients for personal gain. Kolko, Kolko says, invented the information-stealing ability before he sold the company. He did not respond to several requests for comment.
TechCrunch is a website which focuses on technology, mobile phones, cryptocurrency, and other emerging technology topics.