Reports from the Guardian, the Washington Post and 15 other media organizations are based on leaks of tens of thousands of phone numbers targeted by Pegasus. Although the devices associated with the numbers in the list did not appear to be necessarily infected with spyware, the use of outlets data was able to establish that journalists and activists were targeted in many countries – and in some cases successfully hacked.

Leaks show the breadth of what cybersecurity reporters and experts have said over the years: While the NSO group claims that its spyware is designed to target criminals and terrorists, its actual applications are much broader. (The company issued a statement in response to the investigation, denying that its data had been leaked, and none of the resulting reports are true.)

My colleague Patrick Howell O’Neill has been reporting on the lawsuits against the NSO group for some time, including “the assassination of Saudi journalist Jamal Khashoggi, the targeting of scientists and campaigners pushing for political reform in Mexico, and the separatist government.” Monitoring, “he wrote earlier in August 2020. In the past, the NSO has denied these allegations, but it has more widely argued that it cannot be held accountable if the government misuses the technology it sells.

The company’s central argument, which we wrote at the time, is one that “is common to arms manufacturers.” Such as: “A company is a creator of technology that governments use, but it does not attack anyone on its own, so it cannot be held accountable.”