IPI is deeply alarmed by a new report finding that at least 35 journalists, human rights advocates, and political activists have been targeted with Pegasus spyware since 2019.
The report, by Access Now and Citizen Lab, said that some of the targets’ devices had been infected multiple times. It also suggested that the findings may be just the tip of the iceberg and that Pegasus, a tool produced by NSO Group, could be deployed in Jordan on a much broader scale than evidenced so far.
The report did not identify who might have been behind the hacking or specifically point a finger at the Jordanian government. However, several of the named victims are associated with critical journalistic activities in Jordan.
One of the victims identified in the report is Adam Coogle, the deputy director of Human Right Watch’s (HRW) Middle East and North Africa (MENA) division. Coogle’s phone was hacked precisely two weeks after HRW published a chilling report about the Jordanian government’s crackdown on basic rights. Coogle said in comments reported in the media that he finds it difficult to imagine who other than Jordan’s government would be interested in hacking those who were targeted.
Another target was award-winning journalist and former IPI Vice-Chair Daoud Kuttab, currently the director-general of independent non-profit news outlet Community Media Network. Kuttab – who appears to have been hacked with Pegasus spyware on three occasions – was arrested by Jordanian police at the airport in Amman on March 8, 2022, only two weeks after the first hacking of his phone. Kuttab was detained under a newly written decree of Jordan’s Cybercrime Law and later released on bail.
“This case shows the importance to journalists and activists of staying alert and taking necessary steps to guard one’s phone and accounts from such illegal and unconstitutional violations of a citizen’s privacy”, Kuttab told IPI this week.
“But without clear proof, I can’t point my finger to any party or government.”
IPI Director of Advocacy Amy Brouillette called on Jordanian authorities to immediately investigate the hackings.
“These disturbing findings reveal that spyware continues to be weaponized against journalists and civil society. Jordanian authorities must urgently launch a thorough and credible investigation into these reports of surveillance, identify those responsible, and take concrete steps to protect against abuse surveillance”, she said.
“Jordan is the latest example of spyware abuse, but we fear it will not be the last. We repeat our previous calls – which are shared by journalism and civil society groups around the world – for a moratorium on the export, sale, and use of Pegasus and other spyware weapons at least until effective human rights safeguards can be implemented.”
In addition to Kuttab, three other journalists gave Access Now permission to be named in their publication about the hacking backlog.
Two of them, Rana Sabbagh and Lara Dihmis, are contributors to the Organized Crime and Corruption Reporting Journal (OCCRP). Sabbagh is the senior editor and Dishmis is the investigative reporter for the MENA unit. Both of them have participated in investigations that focus on corruption and the grey economy. The fourth journalist whose device was infected is Hosam Gharaibeh, the director and morning show host of Husna Radio.
Despite the fact that both NSO and different governments have denied trading on and infringing upon the privacy of activists, journalists and human right organizations, Pegasus spyware has been abused by authorities for years around the world from Mexico to India, Hungary, Morocco and Russia.
Jordan has recently put growing pressure on its civic space and taken steps to limit freedom of the press. Last August, the government hastily pushed ahead with a new cybercrime law. The law criminalized the publication of “false news” and introduced a range of measures that can be abused by authorities to target journalists and critics.
The measure illustrates the growing introduction and use by governments of cybercrime laws to repress critical voices, resorting to vague provisions on “terrorism”, “spreading disinformation” or “defaming authorities”, among numerous other examples.