The growing list of individuals whose phones were apparently illegally hacked by the Israel Police grew by dozens of names on Monday, as financial daily Calcalist revealed that despite previously alleging that the use of Pegasus – NSO Group's now-infamous surveillance technology – was limited to special cases, it was, in fact, extensively used to obtain information from civilians ranging from politicians and government functionaries to social activists and journalists.
Follow Israel Hayom on Facebook, Twitter, and Instagram
The daily first revealed the police's use of Pegasus last month. Initial denials were quickly replaced with an admission that the police "misused" the spyware, but police officials insisted that all was above board in terms of the "few instances" when the surveillance technology was employed.
Monday's report in Calcalist, however, revealed that the measure – classified by the police as "technological and data-oriented policing" – was not limited to special cases, rather became a routine tool in intelligence-gathering. Moreover, the wide-ranged use of Pegasus was done without court orders or authorization from the Attorney General's Office, as required by law.
NSO Group's Pegasus software allows its users to remotely access mobile phones infected with the spyware. It exploits security vulnerabilities in cellular operating systems to retrieve a device's content, including text and email messages, photos, call history, and location data.
The spyware has been the focus of a global scandal since mid-July, when the Pegasus Project, a group of 17 media organizations – having been provided with information by Amnesty International, the Citizen Lab of University of Toronto and Forbidden Stories – revealed that the classified technology was being used to hack the phones of journalists, government officials and human rights activists around the world.
The latest installment in Calcalist's exposé on the matter said that under then-police chief Roni Alsheikh's command, officers with the Signals Intelligence Unit had hacked the phones of dozens of Israelis in what the daily described as an "intelligence phishing expedition."
These efforts were conducted prior to any official investigation against the targets and without judicial warrants, despite knowing that any information obtained sans such warrants was inadmissible in court.
Among the victims listed in the report as having been hacked are then-directors-general of the Transportation, Finance and Justice ministries Keren Turner, Shai Babad and Emi Palmor, respectively, as well as the leaders of social protest movements, including anti-Netanyahu activists, social activists for disability rights and Israelis of Ethiopian descent. Several mayors were also hacked, including Miriam Feirberg (Netanya), Yoram Shimon (Mevaseret Zion), Yaakov Peretz (Kiryat Ata), and Motti Sasson (Holon).
The Pegasus spyware was also installed on the phone of witnesses and persons of interest in Case 4,000 against then-PM Benjamin Netanyahu, Bezeq chief's wife Iris Elovich, who is a defendant in the case, former Communications Ministry chiefs Shlomo Filber and Avi Berger, Bezeq CEOs Stella Hendler and Dudu Mizrahi, Walla CEO Ilan Yeshua, former Walla editor-in-chief Aviram Elad and other journalists at the newsoutlet.
Netanyahu's son, Avner, was also hacked, as were the phones of several members of the now-opposition leader's inner circle, including advisers Topaz Luk and Yonatan Urich.
Other prominent public figures whose phones were infected with the spyware include Businessman Rami Levy, and Yair Katz, the chairman of the workers union at Israel Aerospace Industries.
The Israel Police said in a statement that they are "cooperating with the Attorney General's Office review of the matter."
Outgoing Attorney General Avichai Mendelblit ordered an investigation into the spyware scandal last week in one of his last decrees before leaving office.
After the original story broke, Pegasus developer NGO Group issued a statement stressing that "the company does not operate the systems in its customers' possession and is not involved in their operation. NGO Group's employees are not privy to the purpose for which the software is used, nor are they privy to the information derived as part of the investigations conducted by clients.
"The company sells its products under the license and supervision of state security and law enforcement agencies to legally prevent crime and terrorism, according to court orders and local laws."
An NSO Group official told Calcalist, "There is no way for company employees to be exposed to the information gathered by clients" using Pegasus.
The revelation prompted immediate calls for a commission of inquiry into the scandal.
Interior Minister Ayelet Shaked said, "If this is true, it is an earthquake. These acts characterize dark regimes to which we cannot be similar.
"Mass privacy violation is nothing short of lawlessness and it must end today. We have to form an external commission of inquiry. This is not the purpose for which the police procured this software. The Knesset and the public deserve answers, now."
Constitution, Law, and Justice Committee Chairman MK Gilad Kariv called for a legislative change, saying, "The current laws were drafted before anyone could even imagine what powerful tools would be at [the police's] disposal. We have to make sure that the legislation keeps up with technology and that strict oversight is in place.
The Privacy Protection Authority also called for the formation of a commission of inquiry saying the implication of the report, if true, are "beyond far-reaching."
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
