In January 2020, Mr. Hubbard published an account of a hacking attempt against his own phone. Mr. Hulio denied Mr. Hubbard’s phone was attacked by Pegasus, and suggested he was the target of a product made by a rival Israeli tech firm.
Michael Slackman, The Times’s assistant managing editor for international news, said: “Azam Ahmed and Ben Hubbard are talented journalists who have done important work uncovering information that governments did not want their citizens to know. Surveilling reporters is designed to intimidate not only those journalists but their sources, which should be of concern to everyone.”
With Nicole Perlroth, Mr. Ahmed helped lead Times reporting about how the Mexican government used the Pegasus application against some of the country’s most prominent journalists, democracy advocates, corruption fighters and lawyers — and later against international investigators brought into the country to investigate the tragic disappearance of dozens of students, as well as relatives of the Mexican government’s own inner circle after they began challenging government corruption. Tomás Zerón, who ran the Mexican F.B.I. and was involved in purchasing the spy systems for the country, is now wanted in Mexico for offenses related to the investigation and has found refuge in Israel.
The Times has also reported that Pegasus was deployed in Mexico in 2017 against policymakers and nutrition activists pushing for a soda tax in a country with serious health problems related to soda consumption, as well as the political adversaries of top Emirati officials.
Analysts from Amnesty International looked at 67 smartphones associated with numbers on its leaked list and concluded that 24 had been infected by Pegasus, and that 13 more had been targeted. Tests on the remaining 30 proved inconclusive, the consortium said.
Two of the targeted phones were owned by Szabolcs Panyi and Andras Szabo, investigative reporters in Hungary who regularly cover government corruption. Another belonged to Hatice Cengiz, the fiancée of Mr. Khashoggi, whose phone was penetrated in the days after his murder.
Pegasus can allow spies to gain access to an infected phone’s hard drive and view photos, videos, emails and texts, even on applications that offer encrypted communication. The software can also let spies record conversations made on or near a phone, use its cameras and locate the whereabouts of its users.
Ronen Bergman reported from Tel Aviv and Patrick Kingsley from Jerusalem.