Paris, France – Hackers have used the notorious Pegasus spyware to break into the phones of dozens of journalists and activists in Jordan over the past four years, according to the findings of an investigation released Thursday.
The Access Now NGO highlighted 35 cases of hacking that date back to 2019, with targets that also include lawyers and at least one politician.
The report did not accuse Jordan’s government of deploying the spyware but said its use came as the authorities “dialed up their repression of citizens’ rights to freedom of expression, association and peaceful assembly”.
The malware, which can seize control of a phone’s microphone and camera and access documents, hit global headlines when a leak in 2021 showed how governments used it to spy on critics.
Despite the scandal, the Israeli firm behind Pegasus, NSO Group, and similar companies continue to sell their products to governments around the world.
The United States is one of the few countries to act against the industry, blacklisting companies including NSO, which limits the ability of Americans to do business with them.
But Access Now’s regional policy director Marwa Fatafta said there was generally no oversight of companies offering such spying software, allowing the surveillance sector to continue its “secretive and shady” manner of business.
“Governments are feverishly purchasing their technologies to spy on their citizens and to crack down on civil society,” she told AFP.
The NGO reiterated its call for an outright ban on any spyware that enables rights abuses.
“There is no proportionate use of spyware,” Fatafta said.
Much more intrusive
Access Now said most of the cases it had uncovered in Jordan dated from 2020 to late 2023.
Daoud Kuttab, a Palestinian-American journalist in Jordan, had his phone hacked three times in 2022 and 2023 and faced a further seven failed attempts.
He said most journalists working in the Middle East expect their phones to be tapped.
“In the past it was only people overhearing what you say, but Pegasus is much more intrusive,” Kuttab told AFP.
He said the most worrying aspect was the possibility that bad actors could get access to his contacts.
“I don’t want to burn my contacts, I don’t want to hurt them,” he said.
According to Access Now, many of the people targeted had been connected in some way to a month-long teachers’ strike in 2019, which prompted the authorities to arrest hundreds of teachers and dissolve their union.
Access Now said it had not been able to prove forensically who was behind the Pegasus attacks.
But a separate 2022 report from two other NGOs, Citizen Lab and Front Line Defenders, identified “two Pegasus operators that we believe are likely agencies of the Jordanian government”.
NSO, which faces multiple lawsuits from Apple and others, has repeatedly insisted it sells its software only to government clients and only for peaceful purposes.
But the 2021 leak suggested there were around 50,000 potential victims of Pegasus around the world, many of whom were dissidents, journalists and activists.