Global Spyware Scandal: Exposing Pegasus Part One (full documentary) | FRONTLINE

Transcript

[Music] Pegasus Pegasus Pegasus which has been used to Monitor and track journalists human rights activists and dissidents across the globe in collaboration with forbidden films a two-part investigation we immediately realized that this story would be huge NSO was established with the ambition to make the world a safer Place into powerful spyware it's a military weapon used against civilians this is extremely serviceful democracies used around the world there is no control over how countries use it and they have been using it in the worst way you could imagine now on front line part one of global spyware Scandal exposing [Music] Pegasus our phone are not just our phones we call them phones but they're not phones they're computers and they're like extensions of our body they're with us all of the time and if they are turned into a surveillance device I don't think it's an exaggeration to say this was something that even George Orwell in 1984 couldn't [Music] imagine it's beyond science fiction [Music] [Music] brief Pegasus this technology is so far ahead of government regulation and even of public understanding of what's happening out [Music] there all of us suspected that if NSO group was giving authoritarian and repressive regimes such a powerful instrument of surveillance that it was pretty likely that this technology would be abused but none of have been able to prove it on a systemic [Music] scale a joint investigation by 17 news outlets activists lawyers and journalists are reportedly among those who've been targeted by the phone phone numbers belonging to some bigname politicians the device that you have in your pocket could be a spy that is spying on your life [Music] cont for [Music] the list doesn't have any names you have phone numbers Area country code some time stamps as well and it's a list that is about 50,000 phone numbers from 2016 to 2020 we can't explain where the list is coming from we can't of course reveal who is whole Source officially the Pegasus py is not working on any plus one US fund numbers it's not possible the numbers they are mostly in 10 countries and most of these governments are known to be clients of NSO group who make Pegasus Pegasus designed to infect phones like iPhones or Androids and once in the phone it can extract and access everything from the device the phone books geolocation the messages the photos even the encrypted messages sent by signal or Whatsapp it can even access the mic or the camera of your phone remotely it's like a person over your shoulder a person who will see what what you are seeing a person who will watch what you are watching your emails your encrypted communication everything so once you are infected you're trapped hello can you hear me I can hear you I don't see you hello hello hello hi Dana Hi how are you hi Dana good and you we decided to reach out to some Partners the Weston post the garden and many other ones we wanted to tell you about some information we have and about a new project we are starting we had no names attached to the numbers we needed more journalists we needed reporters on the ground who could reach out to some victims we need people with tech expertise uh we still have to identify some numbers many of them actually haven't been identified yet so we'll need your help on this the moment they mention the numbers of phone numbers that they had the quantity of phone numbers tens of thousands I mean my Geor just hit the floor there is a lot that concern India some people in Mexico information about Hungary aan and Kazakhstan if forbidden stories have got data that can identify not just who the customers of NSO are but potentially point in the direction of who the targets are as well this is a game Cher this could be transformative in terms of our understanding of the whole cyber surveillance industry I specialize in National Security reporting so surveillance is part of my beat so to speak you could see patterns starting to emerge and you could almost like touch okay that might be a story you know here's something that's happening in aeran that might be a story okay I see what the Moroccan story might be it's like watching a photo emerge in a dark CR we will shortly be arriving at elephant castle change here for and we at the guardian we been reporting about NSO for a long time we thought it was really important to hold this company to account Israel has become the world leader in this industry and exports these tools all over the world and if you like NSO group was in many ways you know the jewel in the crown the NSO group was recently valued as $1 billion it is one of the most successful companies in Israel's startup space NSO says they sell the software to governments around the world for legitimate purposes fighting terrorism or violating local laws here was a company founded by three guys in 2010 that claimed to have 40 countries around the world buying its technology that made bold claims about its technology being used to solve serious crimes and help facilitate National Security inquiries this was a big [Music] [Music] deal I can tell you on the last 10 years we only found three cases of misuse and we took very serious action that uh we are always uh taking and these serious actions meant that we shut down the system completely we only sell it to governments or to entities that we know or we want to believe that they will not misuse the tools and this is how we check the customer this is how we diligence them we have all the mechanism to make sure that they are not misusing the systems [Music] in the middle of Paris in the middle of this big covid crisis we got everyone together to plan the investigation thank you sorry about that I'm Dana priest at the Washington Post and this is uh Craig timberg who's joining me here is car arasan from arist notias this is uh Paul Lewis from the guardian and Steph many of you will know writes a lot about NSO this is the Leon Corner this is Martin Kristoff and I'm Daman usually we see reporters at other news organizations as our Rivals we compete against them we never want to share information with them because you know we want to keep our stories to ourselves and this is just a different way of operating this is seeing other journalist t as partners we are really one group one group with one goal publishing those complex stories and we worked with more than 80 journalists and we set up a publication date of July 2021 that gave us about a year to investigate the list we even in order to protect the source that's clearly something that is the main task for Earth and from all the partners was to identify the names behind the phone numbers that was crucial with phone numbers only we can do nothing the data is the beginning of the project we need to find sources we need to go on the field this project is about who is spying on who in many countries and those countries most of them are very dangerous so we had a colliders scape of potential victims we have the data but how do we prove that Pegasus was on the phones and that was always going to be the hardest thing about this project which was we had data which is a very good indication of who the Persons of Interest were to the government clients of NSO but we couldn't know whether a phone had been hacked unless we conducted forensics on it claudo gareri is the head of Amnesty International Security lab he worked on creating a methodology a platform that we could use during our investigation to have phones analyzed he's a key element of that investigation without his expertise nobody in our team would have been able to detect traces of Pegasus in a phone it's a piece of code that look very similarly to all the others that you're running on your phone it just designed to do something that it shouldn't Pegasus access some files on the device certain records on the device being from WhatsApp being from uh the SMS uh that on the database that you have on the phone or access the GPS of the device record the audio access the webcam these kinds of things apple and companies like it try to create as many layers of complication as possible for an attacker but the unfortunate reality is that against capabilities like those that uh Pegasus customers have there's not much you can do from a digital security perspective you can't really stop them meaningfully you can only try to make it more complicated we have to justify why we chose these governments not others we cancern we only chose governments at some point we discover very crucial information an information that changed entirely the project for years we heard rumors about the Pegasus spare might have been used against Jamal kuki who was killed in 2018 in the Consulate of the Saudis in [Music] Istanbul the minute we found out about this list the first thing we all did was to check for any numbers related to Jamal kosi or anyone we knew who was associated with him and right away we found two numbers associated with the two women closest to him in his [Music] life Jamal kogi's murder really in the history of the Pope post stands out he was an opinion writer for the Washington Post very gentle softspoken man his voice became very important because he was the single most important dissident writing about the Saudi regime Jamal let me start with you you've compared your Crown Prince to Putin to Iran's supreme leader you've said he's creating quote an interesting form of dictatorship how so I still see him as a reformer but he is gathering all power within his hand as we speak today there are Saudi intellectuals and journalists jailed his murder was so coldblooded and we we still don't have the whole story Jamal went to the counsil in istable and then he disappeared senior Turkish officials have reported that he is in fact in the building and he is still here his close friends and family are still trying to figure out what the situation is there's waiting on an official statement I spoke to his fiance who was also here who told us that they came here to issue a number of documents so they could marry they dispatched an assassination team that landed in a plane and this in the airport and came in cars with tools to to hack him up hack his bones and carry him out in a suitcase or suitcases pretty soon after his murder people started asking was Pegasus used against Jamal the word is that you sold Pegasus to them and then they turned it around to get kogi Kashi murder is horrible really horrible and therefore when H I first heard there are accusations that our technology been used on Jamal Kashi or on his relatives I started an immediate check about it and I can tell you very clear we had nothing to do with this horrible murder I'm hoping that hatie kogi's fiance who we'd all gotten to know on television because she was outside the counsel when he didn't reappear I'm hoping that hatie will let us do forensics on her phone to see for certain whether she was targeted and maybe if we get lucky whether we can see what they took out of her phone [Music] [Music] pH they kill my future they kill my life I felt inside me something changed and broke do you feel like your phone is doing anything strange do you think it could be hacked we can test it so we could do that if if you wanted to do it we okay you can do that okay that would be great we just need to plug your phone into our computer okay so maybe we do that great hello Claudia hi it's Dana Hi how are you I don't know you tell me so I checked both the uploads the new one seems clean the old one however has some traces on the 6th of October of 2018 seems to had been a first compromise which was followed by some additional traces on the 9th and then on the 12th there's also an additional record in June of 2019 but that seems to be probably a failed attempt and I don't see anything following that okay the analysis proved that the phone belonging to Jamal kogi's fiance had been infected with Pegasus then we find out the date which is 4 days after his murder when she's still trying to figure out what's happening and it just seemed like such a ballsy move to surveil the person who has become the public face of his disappearance we learned that Jamal had a complicated personal life Hanan atar is probably the least known character in Jamal kogi's life she's actually his wife and most people have not heard of her he had seen secretly married in the United States in an Islamic ceremony what I discovered is Hanan is living in hiding in the United States while she waits for her political Asylum case she was a flight attendant for Emirate Airlines and so she flew all over the world and she was communicating with him on forign in phones he was so happy and they was so happy as well this is in his birthday in the restaurant in Washington and his friend Maggie behind us the one she made the birthday party this all of his friends around us this last birthday in his life he was careful but he didn't realize maybe my device is much dangerous and I didn't know as well he suspect but he's not sure and I'm not sure as well she allowed me to download her phone to send a copy to clao and to bill marzac at citizen lab who also conducts forensic analysis what I did is I analyzed all the available data on uh two Android phones and and one laptop belonging to Hanan on one of the phones uh it appears that there were two separate uh links to the Pegasus spyware that were actually opened that shows that that she was before Jamal's murder Hanan had been detained and interrogated in the United Arab Emirates which is of course a close Ally of Saudi Arabia they took me to office in the airport then they took me to my house they searched the whole house they take my devices my family devices they have the password I was in investigation for 17 hours until I got tired I slept in a floor what Bill discovered was when she was detained at this at the UAE Airport somebody who took her phone then opened a browser on her phone and then typed in a URL that then directed the phone to a website known to Citizen lab as being a pegasus website that activates the infection the link to Pegasus was actually typed into the web browser character by character they made a couple typos actually while they were doing it which tells me it was done manually we have the Smoking Gun from hanan's phone which is the traces of the spyware you know almost certainly the SP was installed and exfiltrated information from from her phone so she was uh in my view monitored he was telling me what he's doing and what his connection what his moving what is his state of mind so you were communicating with him a lot they track my husband through me long time back before they kill him because he was telling me only me everything I didn't know this much they track him through me all the time MH yeah why this all come in my life they did track Jamal and kill him through me long time back [Music] [Music] [Music] getting evidence on the device of Anan on the device of ATI all of that was breaking The Narrative of the CEO of NSO group who told to the press that that SP were never used against the Jamal or the relatives of [Music] Jamal in the list we saw more than 50 ,000 Mexican numbers Mexico was among the very first customers of logu one of Mexico's best known journalist is Carmen arisi and she was part of our investigation she has maybe more followers than the president of Mexico and uh we needed to understand who those phone numbers in Mexico belongs [Music] to mhm okaye aleandro politicos diplomaticos AOS periodistas activist Flores [Music] we knew from a previous investigation that cens fun was heavily targeted with Pegasus in 2015 and 2016 so from that date she is still investigating NSO group the Pegasus Spyro all the agents and operators while using that in Mexico [Music] okay for [Music] for [Music] for for [Music] [Music] [Music] [Music] [Music] a for [Music] WhatsApp for e [Music] [Music] [Music] all the time during this investigation we try every day to identify the person behind that phone number this is what all the partners and forbiddance team were doing most of the time basically the Consortium had access to a list so of of potential um targets they included exactly to be sure that he was indeed infected or surveil we would have to run forensic analysis when I hear this from you I was little bit um not sure to talk and I I don't know if by giving a cod to you it will help me I don't know because I don't trust the government anymore so I do not want to put myself or my family under risk I I reach the stage I realize sorry no this country TR if you will ask me I am very of course of course I saw one number in the list that belonged to a friend a journalist in aaban her name is kadya isova she's an award-winning investigative reporter and an outspoken critic of the government renowned for her exposes of corruption at the hands of the country's president aaban you have a lot of oil and gas it's a dictator ship and the dictator's name is ilam malv and this person and this state is extremely violent against dissidents political opponents journalists I first met Kadija isova in aeran in about 2006 2007 Kadija isova relentlessly kept on exposing the wrongdoing and the corruption of the aliev regime she showed how you know they were having their hands into a big chunk of the azerbaijani economy she was showing how they were you know taking money in a covert way how they were stealing money basically from the [Applause] people and she kept on doing what she was doing and she got arrested she got thrown Behind [Music] Bars after after all this investigative reporting Kadija became a prime target for the government in Baku and for the alvs I don't know how to to proceed with Kadija because I don't want us to put Kadija in danger the thing that is quite difficult is how to get in touch with Kadija uh without communicating on electronic device this is very sensitive right this is very very sensitive especially for her cuz she's basically on probation that's going to be a risk anyway we learned that Kadija was about to go to Turkey uh for some personal reasons and so we set up immediately a team who went to Turkey to meet Kadija once she land in the airport [Music] no I'm nervous I'm nervous too I cannot stand still yeah it's good size open window we can take it off right not too long so we have about 1,000 number from aan and you among them oh and then we also have some people who are your friends okay um and what does that program do so what the program does is it basically without you knowing um it it it installs things on your phone and then it allows even if I didn't click on anything yes see so the the the secrecy of this it's called Pegasus and the secrecy of it is that you don't actually see or you you you don't do anything so before you had you had to click on something to be infected in this case it all happens in the background and you have no idea that you're infected and when you're infected it's transmitting your messages your images this everything that's happened on your phone including on Signal because they have the phone itself and it's legal to sell it yes so um we what we know is that most likely sometimes in 2018 the government got it okay and we have a lot of data from 2019 um and you know that was a big year of protest you were on a hunger strike with other people uh you guys had a woman March you were leading the March it's kind of the most like in the country so one way for us to verify that you know what exactly you know was done in your case would be to do forensic on your phone yeah why not is there any way to avoid this surveillance yes we will set you up with a new device um that you will be able to use but I mean on a on a phone balcony always be some way you know to to do it but there are other ways to communicate yeah it's like it makes you to want to leave in the bubble but then like so no one can enter like in some sort of then like living like leaving in the inside the condom but then you cannot reproduce [Music] this is her [Music] phone you don't need any cables nope okay [Music] do you um know if she still has the backup of yes she does yes she does well right now I'm trying to jailbreak the phone hopefully it works so right now I am navigating through the phone so I'm looking for things that might have executed network activity that is connectable to the company any leftovers of malicious executions um accounts that we know of anything essentially that tells me the history of this phone that's interesting it's not something I've seen before we see processes that we know are connected to to Pegasus we see some my message accounts that um that are connected to thex cuz this might indicate what was the entry point oh was Apple music what the oh really that's weird so they might have started using Apple music to exploit it um I have to do some more digging on this because I need to look up like what specifically these applications are he's definitely among the ones most targeted it's important to rectify this story which is that these Technologies are exclusively used for good purposes and for Fighting Evil and for fighting crime and terrorism and all that okay so no khad is coming hi Cloud okay hi so now tell me how bad it is okay um there are definitely some records uh that that indicate various points where the phone seemed to have been compromised mhm so I started feeling like I play doctor in the 1300 I'm basically kind of just keeping the death count I'm contributing to creating a trauma here and I can see it in many cases like I can see it that they are right now they're going to a traumatic moment and I'm like that person in the room that is breaking it um there are also some more recent records from even as recent as early May of this year so until a couple of weeks ago um but all in all it seems like this probably extended between 2019 and 2020 2020 at the very least I've been told that you will not know what exactly had been uh monitored or uh recorded with this kinds of kind of monitoring technology the point where they have that level of access to the device virtually everything is possible so yeah thank you have a good day bye-bye Bye by that's not great news [Music] all night I've been thinking about what did I do with my phone and I feel guilty I feel guilty to for the messages I've sent I've feel guilty for the information sources that who sent me thinking that some encrypted messaging ways are secure they did it and they didn't know that my phone is infected I mean my family members are uh also victimized the the sources are victimized everyone I mean people I've been working with people who told me their private secrets are victimized everyone I mean it's not just me I I put so many people in danger and and I'm angry I again I'm angry I'm angry with the government I'm angry with the companies that produce all these tools and sell it to the bad guys like Ali regime it's it's it's really it's despicable it's heos [Music] kadna is not a terrorist kadish is not a criminal she's a journalist that is taking a lot of risk to write some stories to make sure people will get access to Independent information so that was one more evidence of the global misuse of that spym [Music] powerful governments manag to retain their power by seeing off threats from people who are campaigning for democracy or holding them to account telling the truth and you know here is a company that gave them a tool to do that it's a military weapon used against civilians and the civilians they don't have any mechanism to help them in Seeking Justice any mechanism to find some traces any mechanisms to know that at least they are the target you got a real sense that it was freefor all right there is no control over how countries use it and they have been using it in the worst way you could imagine even after months of investigating we kept discovering new things new names from the list politicians heads of state even a princess hello my name is Latif Alum and I'm making this video because it could be the last video I make yeah [Music] [Music] for more on this and other Frontline programs visit our website at pbs.org [Music] Frontline front Lin's Global spyware Scandal exposing Pegasus is available on Amazon Prime video [Music]