Palestinian NGOs dubbed terrorist were hacked with Pegasus spyware

November 10, 2021

Investigation by Front Line Defenders finds NGO employees’ phones were infiltrated months before Israel designated them as ‘terrorist organisations’

Phones of Palestinians working for human rights organisations recently designated by Israel as “terrorist organisations” [see: https://humanrightsdefenders.blog/2021/10/23/assault-by-israel-on-palestinian-human-rights-ngos/] were hacked using the Israeli-made spyware at the heart of a global surveillance scandal. [see: https://humanrightsdefenders.blog/2021/07/21/nsos-pegasus-spyware-now-really-in-the-firing-line/]

Dublin-based Front Line Defenders (FDL) examined 75 phones belonging to Palestinian human rights workers and detected that six were infected with Pegasus spyware between July 2020 and April 202. Four out of the six phones belong to staff members at NGOs that were blacklisted last month for alleged ties to a group labelled by some states as a “terrorist organisation”, a move that has sparked international condemnation.

Those alleged to have been hacked include US citizen Ubai al-Aboudi, who heads the Bisan Center for Research and Development, and French national Salah Hammouri, a researcher at Addameer. 

At a press conference in Ramallah on Monday, representatives of the six organisations called for the international community to take action. “We call on the United Nations to launch an investigation to disclose the party that stood behind using this programme on the phones of human rights activists, a move that put their lives at risk,” Tahseen Elayyan, a legal researcher with Al-Haq, told Reuters.

FDL’s findings, which were reviewed and confirmed by Citizen Lab and Amnesty International Security Lab, will raise further concerns about Pegasus, the controversial spyware alleged to have been used to hack heads of state, journalists and activists in a series of explosive stories published this summer.

NSO Group, the Israeli-based tech firm behind Pegasus, only licences the product to sovereign states or the law enforcement or intelligence agencies of those states.

Haaretz reported on Monday that the export licence issued by the Israeli defence ministry to NSO Group only permits Israeli security services to monitor Israeli phone numbers.

An FDL spokesperson told Middle East Eye on Monday that the organisation does not know which state was behind the hacking it uncovered, but believes that the timeline of events over the past month may be critical in answering that question.

On 16 October, three days before the organisations were designated, Al-Haq approached FDL, suspecting that a staff member’s phone had been hacked. The same day, an FDL investigator found initial traces of Pegasus on the phone.

The following day, on 17 October, FDL said it held a meeting with all six organisations to inform them of the initial findings and see if others would want their phones investigated. NSO Group: US blacklists Israeli firms for harming ‘national security interests’.

On 18 October, Israel’s interior ministry notified Hammouri of its decision to revoke his permanent residency in Jerusalem and deport him on the basis of his alleged “breach of allegiance to the State of Israel”.

Then on 19 October, Israeli Defence Minister Benny Gantz designated all six organisations which had gathered with FDL as “terrorist organisations.”

At this point, the organisations were reportedly only considered “terrorist” groups in Israel. But on 3 November – just ahead of the release of FDL’s findings –  Israel’s commander-in-chief of the Central Command issued an order to outlaw the organisations in the West Bank.

“It seems to us that [Israeli officials] were slow to react to what was transpiring and they were unprepared,” FDL spokesperson Adam Shapiro told MEE. “It suggests we caught them doing something they didn’t want us to.”

However, Shapiro emphasised that FDL could not say definitively what state was behind the hacking, a comment echoed by Addameer’s director, Sahar Francis.

“We don’t have evidence. We can’t accuse a certain party since we don’t have yet enough information about who carried out that action,” she told Reuters, calling on the UN to launch an investigation.

Israeli officials have not made a public statement yet about FDL’s findings. NSO Group told Reuters the company “does not operate the products itself … and we are not privy to the details of individuals monitored”.

The US government last week blacklisted the NSO Group and a second Israeli spyware firm, Candiru, saying their activities are contrary to US foreign policy and national security interests.

https://www.middleeasteye.net/news/israel-spyware-pegasus-used-hack-palestinian-rights-activists-phones

https://www.theguardian.com/world/2021/nov/08/hacking-activists-latest-long-line-cyber-attacks-palestinians-nso-group-pegasus-spyware

https://www.occrp.org/en/daily/15450-experts-pegasus-spyware-found-in-phones-of-palestinian-activists

https://www.timesofisrael.com/report-palestinian-activists-phones-hacked-with-controversial-nso-group-tech/

3 Responses to “Palestinian NGOs dubbed terrorist were hacked with Pegasus spyware”


  1. […] The Pegasus Project is an investigation by an international consortium of more than 80 journalists from 17 media outlets* in 11 different countries that was coordinated by the NGO Forbidden Stories with technical support from experts at Amnesty International’s Security Lab. Based on a leak of more than 50,000 phone numbers targeted by Pegasus, spyware made by the Israeli company NSO Group, the Pegasus Project revealed that nearly 200 journalists were targeted for spying by 11 governments — both autocratic and democratic — which had acquired licences to use Pegasus. This investigation has made people aware of the extent of the surveillance to which journalists are exposed and has led many media outlets and RSF to file complaints and demand a moratorium on surveillance technology sales. See also: https://humanrightsdefenders.blog/2021/11/10/palestinian-ngos-dubbed-terrorist-were-hacked-with-pega… […]


  2. […] Several victims of illegal surveillance have been identified in Hungary, where the government initially denied being a client of NSO Group, before admitting to having purchased the software. See also: https://humanrightsdefenders.blog/2021/11/10/palestinian-ngos-dubbed-terrorist-were-hacked-with-pega… […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: