Image of the investigation report on how Pegasus crushes civic space in Jordan

New spyware attacks exposed: civil society targeted in Jordan

A new joint investigation, Between a hack and a hard place: how Pegasus spyware crushes civic space in Jordan, by Access Now, the Citizen Lab, and local partners reveals the widespread use of Israeli-owned NSO Group’s Pegasus spyware in Jordan. At least 35 journalists, activists, human rights lawyers, and civil society members have been targeted with Pegasus between 2019 and 2023. Read the full report.

The Pegasus hacking comes against a backdrop of escalating crackdowns on civic space and press freedom in Jordan, growing instability and violence across the region, and an increasingly-exposed use of invasive spyware across the globe. Among those targeted are two Jordan-based staff at Human Rights Watch, as confirmed by a forensic analysis conducted by Human Rights Watch in collaboration with Amnesty International’s Security Lab.

Civil society in Jordan is under attack. The staggering number of Pegasus victims uncovered by Access Now and the Citizen Lab’s investigation reveals only the tip of widespread surveillance and spyware abuse. Pegasus spyware is enabling the erosion of privacy and further crackdown on Jordan’s civic space. NSO Group must be held accountable, together with its government clients that perpetrate such abuse. Marwa Fatafta, MENA Policy and Advocacy Director at Access Now

Access Now’s key findings include:

  • At least 35 people were targeted by NSO Group’s Pegasus spyware between between 2019 and September 2023;
  • At least 16 journalists and media workers were attacked, including two Jordanian Organized Crime and Corruption Reporting Project (OCCRP) journalists, as confirmed by an OCCRP and Amnesty International Security Lab forensic analysis, and Daoud Kuttab, an award-winning Palestinian-American journalist;
  • Hala Ahed, a human rights lawyer, who was infected with Pegasus back in March 2021, was targeted again together with seven other human rights lawyers;
  • At least five local activists and one politician were targeted;
  • In some cases, perpetrators posed as journalists, seeking an interview or a quote from victims, while embedding malicious links to Pegasus spyware amid and in between their messages; and
  •  A number of victims were reinfected with Pegasus spyware multiple times — demonstrating the relentless nature of this targeted surveillance campaign. 

Due to the obfuscating nature of spyware technology, it is difficult to attribute attacks to a known perpetrator. NSO Group has previously stated it only sells to governments. Despite the company’s recent claims that abuse of its spyware has been significantly reduced in 2022 and 2023 due to its efforts, the report’s findings show that such abuse continues undeterred.

The shocking number of surveillance victims revealed in the investigation by Access Now and Citizen Lab is the biggest since 2022. The proliferating use of Pegasus spyware, facilitating more human rights abuses, demonstrates once again the urgent need for governments to regulate the surveillance industry. Rand Hammoud, Surveillance Campaigns Lead at Access Now at Access Now

Access Now reiterates its call on governments to implement an immediate moratorium on the export, sale, transfer, and use of targeted digital surveillance technologies until rigorous human rights safeguards are in place. Invasive commercial spyware technology which enables or facilitates human rights abuses, such as Pegasus, must be banned.