It seems like every other day there’s a new shocking story about the shadowy company NSO Group and its notorious hacking tool, Pegasus — which has been used by authoritarian governments to spy on the phones of activists, politicians, and dozens of journalists around the world.
Every new story is a stark reminder to support not only the journalists reporting the facts, but also the brave whistleblowers who bring them to light.
This week, the Guardian and Washington Post reported on a new whistleblower coming forward, who alleged NSO Group offered “bags of cash” in exchange for access to U.S. telephone networks, so it could more easily spy on its clients’ targets. From the Post:
The surveillance company NSO Group offered to give representatives of an American mobile-security firm “bags of cash” in exchange for access to global cellular networks, according to a whistleblower who has described the encounter in confidential disclosures to the Justice Department that have been reviewed by The Washington Post.
NSO Group (sort of) denied the charge in a somewhat bizarre statement, saying its co-founder “has no recollection of using the phrase ‘bags of cash’, and believes he did not do so. However if those words were used they will have been entirely in jest.” The Post also revealed the Justice Department has a criminal investigation open against NSO Group.
Last week, a long New York Times investigative piece revealed that the FBI had bought a license to NSO’s hacking tool well after Pegasus was alleged to have been used in the lead up to the Saudi government’s gruesome murder of journalist Jamal Khashoggi. According to the Times, the CIA had “arranged and paid for the government of Djibouti to acquire Pegasus to assist the American ally in combating terrorism, despite longstanding concerns about human rights abuses there, including the persecution of journalists and the torture of government opponents.” (Maybe the Justice Department should also look into that!)
Then, last month, we also learned “the phones of a majority of staffers” at the El Salvadorian news outlet El Faro had been hacked using Pegasus software as well. (We’ve joined a broad coalition of civil society groups condemning this disturbing use case.)
These stories are only the tip of the iceberg. For many years now, huge teams of journalists have worked to expose NSO Group and its disturbing surveillance around the world. While the reporters doggedly uncovering this story have done incredible work, it’s important to remember these investigations would have been impossible without many brave whistleblowers who spoke out despite the fear of reprisals from the company or governments.
Gary Miller, the whistleblower at the center of the new stories, has bravely come forward to reveal his name. In doing so, he exposes himself to great legal and extralegal risk. Whistleblower Aid, the nonprofit legal group, is running a crowdfunding campaign to support the legal expenses of Miller. It’s a worthy cause, as what happens in these cases can often dictate whether more whistleblowers will come forward and what the consequences will be if they do.
“It’s very stressful to become a whistleblower,” John Tye, Whistleblower Aid’s executive director told Freedom of the Press Foundation (Tye is also a one-time whistleblower himself). “You can get sued, you can get hacked, often you need to find a new job or even a new career. We started working with Gary in December 2020, 14 months ago. It took us that long to tell this story in a way that minimized the risks to him.”