The IPI global press freedom network is appalled by the potential hacking of the phones of 180 journalists in at least 10 countries from 2016 to 2021 using the spyware Pegasus, a cyber-surveillance tool sold to governments to allegedly monitor terrorist activities.

The information, disclosed on Sunday by Forbidden Stories and a consortium of 16 other news outlets, is based on the leak of a list of 50,000 phone numbers associated to alleged people of interest for NSO clients which also includes politicians, human rights activities, presidents and prime ministers among others.

The phone numbers of more than 180 journalists that the leak revealed belong or have belonged to journalists and editors from the leading media organisations such as Reuters, CNN, the New York Times, France 24 and the Financial Times among others.

According to the leaked data, at least 10 countries are believed to have used Pegasus to monitor the activities of journalists: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates (UAE).

“The employment of spyware allegedly intended for anti-terrorism purposes to spy on journalists represents a serious threat to journalists and their sources and seriously undermines the core principles of journalism”, IPI Executive Director Barbara Trionfi said. “Governments and agencies identified as having spied on journalists must urgently provide answers on the misuse of NSO technology on journalists. IPI also urges the UN and intergovernmental bodies with a human rights mandate to conduct full and swift investigations into these revelations and hold accountable governments involved in this abuse of a cyber-surveillance weapon against journalists”.

The government of President Orban has been identified as using Pegasus to spy on journalists as part if it’s efforts to clamp down on press freedom. “While Orban’s efforts to curb independent media are well known to IPI, it is particularly disturbing that a EU member country can employ surveillance tools on journalists with complete impunity.”

The leaked data obtained by Forbidden Stories has been analysed with the technical support of Amnesty International’s Security Lab and Citizen Lab, a research group of the University of Toronto specialised in Pegasus.

The forensic analysis conducted by these labs on the data suggests that Saudi Arabia and the United Arab Emirates (UAE) also used the spyware to gain access to the private conversations and messages of close associates of the Washington Post journalist Jamal Khashoggi, months after his murder at the Embassy of Saudi Arabia in Istanbul.

An analysis of the data reveals that the phone numbers of at least 48 journalists in Azerbaijan, 38 in India, 38 in Morocco, 25 in Mexico and 12 in United Arab Emirates were included in the list as potential person of interest to be monitored.

The Israeli company NSO has denied the information as well some of the governments involved in the leak.