THOMAS A. CLARE, P.C.

tom@clarelocke.com
(202) 628-7401 10 Prince Street
Alexandria, Virginia 22314
(202) 628-7400
www.clarelocke.com

July 14, 2021

Via Email

Siddharth Varadarajan, Founding Editor

Sidharth Bhatia, Founding Editor
MK Venu, Founding Editor
The Wire
Email: svaradarajan@gmail.com
Email: sidharth01@gmail.com
Email: editorial@thewire.in

Re: NSO Group

Dear Messrs. Varadarajan, Bhatia, & Venu:
Our firm is defamation counsel to NSO Group.
We understand that an international consortium of journalists known as Forbidden Stories
intends to publish a series of defamatory articles “concerning the activities of NSO Group and its
[purported] clients.” Because The Wire (and/or certain journalists affiliated with The Wire are
members of the Forbidden Stories consortium, we are writing to put The Wire on written notice of
NSO Group’s substantial concerns regarding the false and damaging nature of the proposed
articles—and the risks that The Wire faces should it decide to publish the proposed articles (or excerpts
of the proposed articles).
On July 11, 2021, the director and editor-in-chief of Forbidden Stories sent NSO Group an
email accusing NSO Group of, among other things, colluding with multiple governments around
the world that have used NSO Group’s Pegasus technology to “systematically abuse the human rights
of . . . journalists, human rights defenders, lawyers, academics, union leaders, religious leaders,
doctors and businesspeople.” Although Forbidden Stories has apparently been working on the
proposed series of articles for many months, it gave NSO Group only three business days to respond
to the serious accusations in the July 11 email and respond to dozens of suggestive and inflammatory
questions regarding activities alleged to have occurred on multiple continents, over the course of
many years, around the world. Despite this unrealistic deadline, which suggests that Forbidden Stories
has already completed work on its preconceived narrative and intends to publish the many false
accusations regardless of NSO Group’s responses, NSO Group responded directly to Forbidden Stories
with a statement identifying, as best it could given the short deadline and the confidentiality
obligations imposed by contract and regulations, some of the flawed assumptions and factual errors
in its proposed reporting. Forbidden Stories’s July 11 email is attached as Exhibit A to this letter and
NSO Group’s July 14 response is attached as Exhibit B.
Based on the consortium’s conduct and statements to this point, it is evident that Forbidden
Stories has already formulated (and intends to publish on its own platform) a false, preconceived,
and highly damaging narrative regarding NSO Group—and that it intends to do so regardless of the
actual facts, without regard to NSO Group’s responses to its assertions, and without conducting the
necessary vetting of sources and corroboration that are required, under any serious journalistic
standard, before publishing such damaging allegations. With this letter, we are putting The Wire on
formal notice that Forbidden Stories will publish defamatory falsehoods about NSO Group in its series
of articles and that, should The Wire elect to publish or republish any portion of those articles, The
Wire runs a substantial risk of publishing defamatory falsehoods.
Journalists have a professional, ethical responsibility to “[t]ake special care not to
misrepresent or oversimplify” 1 a story, “do [their] best to ensure that everything [they] report
faithfully depicts reality—from the tiniest detail to the big-picture context that helps put the news
into perspective,”2 and “avoid pandering to lurid curiosity.”3 Far from seeking to present a fair and
accurate portrayal of NSO Group and its business, the proposed series of articles will present
conjecture and speculation by unnamed sources as fact and—instead of simply reporting its supposed
findings and allowing readers to make up their own minds—will purport to tell readers exactly what
they should “infer[]” from the series of articles and the “conclusions [that should be] drawn from
[its] reporting.” (Ex. A.) Telling readers what to think grossly exceeds the ambit of responsible,
objective reporting and wanders squarely into the territory of advocacy. The Wire, which holds itself
out as a responsible journalistic organization reporting hard news, must not allow its platform to be
used for this kind of viewpoint-focused reporting.
The extreme “conclusions” Forbidden Stories intends to publish include the following false
and defamatory accusations:
• “[A] Mexican freelance reporter, who regularly reported on links between corrupt local
politicians and drug cartels . . . [had] his phone number . . . targeted by a client of NSO
Group in Mexico in February 2017. In March 2017 he was murdered by gunmen at a
carwash. It is to be inferred that information harvested by the attack on his phone using
NSO Group software may have been used to facilitate his murder.”
• “It is to be inferred that NSO Group and its software may have helped the Aliyev regime
[in Azerbaijan] to steal and publish . . . intimate photos” of a “civil society and political
activist.”
• “In 2018 [a prominent Saudi Arabian human rights activist] was abducted in the United
Arab Emirates and forcibly rendered to Saudi Arabia, where she was detained and
tortured for three years. Her phone number was targeted by the government of the UAE,

1
E.g., Soc’y of Pro. Journalists, SPJ Code of Ethics (Sept. 6, 2014), https://www.spj.org/ethicscode.asp.
2
E.g., NPR, Ethics Handbook: Accuracy, https://www.npr.org/templates/story/story.php?storyId=688139552 (last visited
Jul. 13, 2021).
3
SPJ Code of Ethics.

2
 a client of the NSO Group, in early 2018, shortly before her arrest. It is to be inferred
that the NSO Group and its software helped to enable [her] detention and torture.”
• “The government of Saudi Arabia, which is a client of NSO Group, used Pegasus to
target the mobile phones of multiple relatives and friends of Jamal Khashoggi, a
Washington Post columnist who was murdered in the Saudi embassy in Istanbul. . . . It
is to be inferred that NSO Group and its software were used by the government of Saudi
Arabia to attempt to monitor, and potentially to sabotage, the campaign to bring his
murderers to justice. We note that NSO Group has previously denied any involvement
in the Khashoggi case.”
• “NSO Group’s software was used to target more than 15,000 individuals in Mexico
between 2016 and 2017 alone. These include at least 50 people close to then-leader of
the opposition (and now president) Andres Manuel Lopez Obrador . . . . At least 45
current and former governors of Mexico’s 32 states were targeted by Pegasus in this
period. It is to be inferred that NSO Group has lost control of Pegasus in Mexico and
the software is now being used indiscriminately.”
• “NSO Group’s hacking software has aided and abetted human rights abuses on [a]
massive scale. NSO Group is indirectly responsible for all abuses facilitated using
Pegasus.”
• “NSO Group has continued to supply Pegasus and related support services to client
governments that it knew had previously used Pegasus to perpetrate specific human
rights abuses, even after it announced its intention to align its business practices with the
UN Guiding Principles on Business and Human Rights. NSO Group’s public
commitment to the UN Guiding Principles on Business and Human Rights is a sham,
and an attempt to deceive the public and policymakers as well as the NSO Group’s own
investors.”
Needless to say, one would expect that, before such serious and damaging allegations would
be published, any responsible news outlet would require multiple on-the-record sources, a fulsome
understanding and transparent analysis of relevant data, documentation corroborating the core
allegations, and corroboration by credible sources who have been independently vetted by senior
editors and in-house attorneys to have been in a position to observe or corroborate the key facts.
None of that appears to have been done for the proposed series of articles. Although NSO Group’s
review of the proposed articles is still ongoing, we outline below just some of the most critical and
obvious flaws in the proposed articles we have identified to date:
First, Forbidden Stories apparently misinterpreted and mischaracterized crucial source data on
which it relied. In its July 11 email, Forbidden Stories stated that its “research is based on records of
thousands of phone numbers that were selected as targets by NSO Group’s clients.” NSO Group
has good reason to believe that this list of “thousands of phone numbers” is not a list of numbers
targeted by governments using Pegasus, but instead, may be part of a larger list of numbers that
might have been used by NSO Group customers for other purposes. Forbidden Stories’s claim that
“the phone records [it] reviewed show numerous U.S.-based phone numbers” supports that it was
relying on this larger list, not Pegasus data, because U.S. numbers cannot be surveilled by Pegasus.

3
Pegasus technology blocks such an ability. Thus, Forbidden Stories’s assertion that it reviewed records
of thousands of “targets” of NSO Group clients is false.
What is worse, Forbidden Stories never shared this list of phone numbers with NSO Group
for NSO Group to verify or comment on. This failure to “provide the detailed information
required” for NSO Group “to respond properly to the allegations” and “point out holes or
contradictions” in the narrative is a violation of journalistic standards. 4 NSO Group believes that
Forbidden Stories has not provided this list of phone numbers because it obtained the list through
illicit or unlawful means—another violation of journalistic standards.5
Second, Forbidden Stories’s July 11 email is riddled with factual inaccuracies. By way of
example, Forbidden Stories claimed that, in 2019, Saudi Arabia targeted a British human rights lawyer
who represented “the fiancée of Jamal Khashoggi” and a “Saudi Arabian human rights activist.”
This allegation simply cannot be true because NSO Group can prove that such use of Pegasus is
technically impossible. Similarly, Forbidden Stories erroneously claimed that “NSO Group lost
control of Pegasus in Mexico and the software [was] being used indiscriminately” between 2016 and
2017. In reality, NSO Group did not and cannot “lose control” of its software anywhere in the
world. NSO Group’s products do not operate in a manner that would allow this to happen.
Without confirming or deny which governments are NSO Group’s customers, Forbidden Stories also
makes incorrect assumptions regarding which clients use NSO Group’s Pegasus technology.
Third, Forbidden Stories repeatedly imputes human rights abuses—including alleged murder
and torture—to NSO Group based on alleged conduct by NSO Group’s clients and unsupported
logical leaps. Forbidden Stories concluded, for example, that “NSO Group software may have been
used to facilitate” the murder of a Mexican freelance journalist who reported on corrupt politicians
and cartels. Even if Forbidden Stories were correct that an NSO Group client in Mexico targeted the
journalist’s phone number in February 2017, that does not mean that the NSO Group client or data
collected by NSO Group software were in any way connected to the journalist’s murder the following
month. Correlation does not equal causation, and the gunmen who murdered the journalist could
have learned of his location at a public carwash through any number of means not related to NSO
Group, its technologies, or its clients.
Fourth, the allegation that “[a] copy of Pegasus was also operated out of a private office run
by Ansbacher’s company KBH, targeting individuals selected by then-president Enrique Pena Nieto”
is preposterous. Pegasus is licensed and provided solely to vetted governments, under strict licensing
regimes, with mechanisms to ensure that end users can use Pegasus solely on their premises.
Without commenting on any specific customer, the assertion that this sensitive tool can be operated
from a “private office” is farfetched and reflects the outlandish nature of Forbidden Stories’s other
allegations.

4
E.g., Sheila Coronel, et al., Rolling Stone’s investigation: ‘A failure that was avoidable,’ Colum. Journalism Rev. (Apr. 5,
2015) (publishers should afford subjects the meaningful opportunity to “point out holes or contradictions” and should
not avoid “hear[ing] challenging, detailed rebuttals” to contemplated stories), https://www.cjr.org/
investigation/rolling_stone_investigation.php.
5
E.g., see also Int’l Fed’n of Journalists, IFJ Glob. Charter of Ethics for Journalists (June 12, 2019) (“The journalist shall use
only fair methods to obtain information.”), https://www.ifj.org/who/rules-and-policy/global-charter-of-ethics-for-
journalists.html.

4
 Finally, the allegation that NSO Group takes governmental direction regarding customers is
false and confirms that Forbidden Stories is basing its reporting on unreliable sources. NSO Group is
a private company. It is not a “tool of Israeli diplomacy”; it is not a backdoor for Israeli intelligence;
and it does not take direction from any government leader.
These are just some examples of the myriad factual and methodological errors that plague
the series of articles Forbidden Stories intends to publish. These fundamental, fatal problems—and the
false “conclusions” that Forbidden Stories apparently intends “draw” or “infer” for readers—expose
Forbidden Stories to serious legal risk in multiple jurisdictions around the world. Now that The Wire
is on written notice of these same problems with Forbidden Stories’s flawed reporting, The Wire faces
the same risk of publishing defamatory falsehoods if it chooses to publish or republish some or all
of the Forbidden Stories series on its own platform. At the very minimum, before it publishes any
portion of the series or publishes its own article that is derived in whole or in part from Forbidden
Stories’s flawed reporting, The Wire must independently verify that anything it chooses to publish
meets or exceeds its own, substantially higher editorial and legal standards for accuracy,
corroboration, and fact checking. Any failure to do so may expose The Wire to liability for damage
caused by the knowing republication of Forbidden Stories’s defamatory falsehoods.

Very truly yours,

Thomas A. Clare, P.C.

5
Ex. A
From: Laurent Richard <laurent.richard@freedomvoicesnetwork.org>
Date: 11 July 2021 at 9:56:37 GMT+3
To: Ariella Ben abraham <AriellaB@nsogroup.com>, Media <Media@nsogroup.com>
Cc: Sandrine Rigaud <sandrine@freedomvoicesnetwork.org>, gtucker
<gtucker@mercuryllc.com>, lrynsard@mercurylcc.com
Subject: Request for comment before publication (please answer before Wednesday 14
July 2021 at 6pm CEST/Paris Time)

Subject: Request for comment before publication (please answer before Wednesday 14 July 2021
at 6pm CEST/Paris Time)

Dear NSO Group,

We are the Director and Editor-in-Chief of Forbidden Stories, a non-profit organization

dedicated to continuing the work of journalists threatened because of their reporting. We are
writing to you on behalf of an international consortium of journalists at media organizations -
including The Washington Post, Le Monde, Süddeutsche Zeitung/NDR/WDR, The Guardian,
Die Zeit, Knack, Le Soir, OCCRP, Daraj Media, Frontline (PBS), Proceso, Aristegui Noticias,
Direkt 36, Radio France, The Wire, Haaretz - because we are considering publishing a series of
articles concerning the activities of NSO Group and its clients. As fair and responsible journalists
working in the public interest, we would like to give you an opportunity to comment upon or
amend our information.

Our research is based on records of thousands of phone numbers that were selected as targets by
NSO Group’s clients, which we have seen; forensic analysis of some mobile phones targeted by
NSO Group’s clients; as well as interviews, documents and other materials that we have
reviewed. Forensic analysis of compromised devices was carried out by Amnesty International’s
Security Lab and peer-reviewed by Citizen Lab. A technical report by Amnesty International,
summarising that work, is appended to this letter for your convenience.

Our research suggests NSO’s technology has been used by multiple governments to
systematically abuse the human rights of individuals whom those governments have no
justifiable basis to place under surveillance. These victims include, but are not limited to,
journalists, human rights defenders, lawyers, academics, union leaders, religious leaders, doctors
and businesspeople. NSO government clients have also misused the technology to conduct
foreign espionage by targeting diplomats, ministers, senior officials and heads of state in other
countries. Our reporting suggests this abuse is systematic, widespread and ongoing.

We strongly believe it is in the public interest to reveal this information, which has serious
implications for the privacy rights of all people around the world, and the ability of people to
communicate freely with one another without fear of surveillance or repression, particularly in
societies where such human rights abuses are likely. We particularly note NSO Group’s publicly
stated position on human rights, including a commitment by the company to the public and to its
investors to align its activities with the UN Guiding Principles on Business and Human Rights.
We believe the information we have gathered, which is detailed below, calls this commitment
into question.
Based on our reporting, we understand that the following countries have been or currently are
clients of NSO: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia,
Togo, Hungary, India, Indonesia and the United Arab Emirates.

For clarity, we have divided this letter into four sections:

1. Individuals targeted using NSO’s technology;

2. Other information about NSO and its clients;

3. Conclusions to be drawn from our reporting; and

4. Questions for NSO Group.

We note NSO Group’s admission in its recent transparency report that abuse of Pegasus “can,
and in some cases, we believe have resulted in violations by customers of several fundamental
human rights,” as well as your commitment to “engagement with civil society organizations to
understand the concerns of potentially affected stakeholders.”

We have set out below some specific instances of the way in which NSO Group’s technology has
been used to perpetrate abuse. These are provided as examples so that you are aware of the range
of widespread abuses that have occurred across the countries mentioned. For the avoidance of
doubt, the international consortium will be reporting on many additional specific instances,
revealing hundreds of victims of NSO Group’s technology around the world.

I. INDIVIDUALS TARGETED USING NSO’S TECHNOLOGY

A. Journalists

We have identified more than 180 journalists, reporters and editors targeted using your software.
Many of them have suffered severe harm as a result of being attacked by you and your clients.
They include:

A1) Cecilio Pineda (+527671085241) was a Mexican freelance reporter, who regularly reported
on links between corrupt local politicians and drug cartels. His phone number was targeted by a
client of NSO Group in Mexico in February 2017. In March 2017 he was murdered by gunmen
at a carwash. It is to be inferred that information harvested by the attack on his phone using NSO
Group software may have been used to facilitate his murder.

A2) Khadija Ismayilova (+994516830384) is an award-winning Azerbaijani investigative

reporter and human rights activist who has over the past 15 years repeatedly exposed government
corruption, and in particular the corrupt self-enrichment of the family of President Ilham Aliyev.
She has faced several years of harassment, blackmail and fabricated criminal charges in
retaliation for her work. Her phone number was targeted by the Aliyev regime, a client of the
NSO Group, from 2019 until 2021.

A3) Roula Khalaf (+447740023709) is the editor of the Financial Times newspaper. In 2018 she
was a deputy editor. Her phone was targeted by the government of the United Arab Emirates, a
client of the NSO Group, throughout 2018. It is to be inferred that NSO Group and its software
helped the UAE to compromise her sources and surveil the work of the Financial Times.

A4) András Szabo and Szabolcs Panyi (+36705310076 respectively +36304652636 ) are
reporters for the Hungarian outlet Direkt36.

B. Lawyers

NSO Group’s software has been used to target the mobile phones of dozens of lawyers, allowing
NSO Group’s customers to violate their client confidentiality and potentially compromise their
efforts to seek justice. They include:

B1) Gatera Gashabana (+250788303744) is the lawyer of Paul Rusesabagina, the human rights
activist whose protection of Hutu and Tutsi refugees was dramatised in the film Hotel Rwanda.
He has since become a prominent critics of the regime of Paul Kagame, who is the president of
Rwanda. Gashabana’s phone was targeted by the government of Rwanda, which is a client of the
NSO Group, in 2017 and 2018.

B2) Rodney Dixon (+447940577062) is a British human rights lawyer who has represented,
among others, Hatice Cengiz, the fiancée of Jamal Khashoggi, and Loujain al-Hathloul, the
Saudi Arabian human rights activist. He was targeted by the government of Saudi Arabia, which
is a client of the NSO Group, in 2019.

B3) Joseph Breham (+33610544633) is a French Human Rights lawyer who is part of the group
of lawyers defending Sahwari prisoners. He was targeted by Moroccan authorities, who are a
client of NSO Group, in 2019.

C. Human rights defenders

NSO Group’s software has been used to target the mobile phones of hundreds of human rights
defenders, pro-democracy activists and civil society advocates. They include:

C1) Fatima Movlamli (+994775406846) is a civil society and political activist in Azerbaijan who
regularly criticises the Aliyev regime. In 2019 intimate photos of her were stolen from her phone
and published on the Internet. She was 18 at the time. Her phone number was targeted by the
government of Azerbaijan, which is a client of NSO Group, throughout 2019. It is to be inferred
that NSO Group and its software may have helped the Aliyev regime to steal and publish her
intimate photos in retaliation for her activism.
C2) Umar Khalid (+919205464174) was a student activist at Jawarlal Nehru University in Delhi
and is the former leader of the Democratic Students’ Union. He was charged with “sedition” in
2019 and was later charged with “terrorism” offences. He denies both charges. Police claim that
the evidence against him includes more than 1m pages of information drawn from his mobile
phone. His phone was targeted by an Indian client of NSO Group throughout 2018 and 2019.

C3) Loujain al-Hathloul (+966550001753) is a prominent Saudi Arabian human rights activist.
In 2018 she was abducted in the United Arab Emirates and forcibly rendered to Saudi Arabia,
where she was detained and tortured for three years. Her phone number was targeted by the
government of the UAE, a client of the NSO Group, in early 2018, shortly before her arrest. It is
to be inferred that the NSO Group and its software helped to enable al-Hathloul’s detention and
torture.

C4) Between 2016 and 2017 relatives of 43 Mexican students, who were abducted and are
presumed murdered, were targeted using Pegasus. They include Meliton Ortega
(+527474997108), a family member of one of the abducted students and a spokesperson for their
families. It is to be inferred that a Mexican state or regional agency, which is one of NSO
Group’s clients, used Pegasus to target their phones in order to monitor or sabotage their
campaign for justice.

C5) Carine Kanimba is the daughter of Paul Rusesabagina. She is a dual American-Belgian
citizen who has been campaigning for her father’s release from detention. Kanimba’s phone was
targeted by the government of Rwanda, which is a client of NSO Group, in 2021. During this
period she was in communication with senior American officials and European politicians about
the detention of her father. It is to be inferred that NSO Group helped the government of Rwanda
to illegally spy on Kanimba’s communication with senior US officials and EU politicians.

D. Foreign espionage

NSO Group’s clients have abused its software in order to carry out espionage against foreign
governments and international institutions in an attempt to surveil or sabotage their work. They
include:

D1) The government of Morocco, which is an NSO client, targeted French government cabinet
ministers throughout 2018 and 2019 after being supplied with Pegasus. Targets of this effort
include:

• Adrien Quattenens (+33650227204) is a French prominent left wing Member of Parliament.

• Charles Michel (+32475683115) president of the European Council and former prime
minister of Belgium.
It is to be inferred that NSO Group and its software facilitated the Moroccan government in
carrying out hacking attacks on key French and European political figures.

D2) The government of the United Arab Emirates, which is an NSO client, targeted multiple
political and business figures linked to Qatar, a regional rival of the UAE. Targets of this effort
include:

• Khallid bin Mohammed Al Attiyah (+97455809080) has been the Defence Minister of Qatar
since 2016. He was targeted by Pegasus throughout 2018 and 2019.

• Youssf Ali Al-Khater (+447500000095) has been the Qatari ambassador to the United
Kingdom since 2014. He was targeted by Pegasus throughout 2018 and 2019.

• Saif Al Thani (+97455555323) is the director of government communications for Qatar. His
phone was targeted by Pegasus throughout 2018 and 2019, both by the government of the UAE
and also by the government of Saudi Arabia, who are both clients of the NSO Group.

E. Others

E1) The government of Saudi Arabia, which is a client of NSO Group, used Pegasus to target the
mobile phones of multiple relatives and friends of Jamal Khashoggi, a Washington Post
columnist who was murdered in the Saudi embassy in Istanbul. The targets of this campaign
include:

• Yasin Aktay (+905323754650), Jamal Khashoggi’s emergency contact in hospital.

• Hatice Cengiz (+905302634390), Jamal Khashoggi’s fiancée .

• Wadah Khanfar (+97455537470), a very close friend of Jamal Khashoggi.

It is to be inferred that NSO Group and its software were used by the government of Saudi
Arabia to attempt to monitor, and potentially to sabotage, the campaign to bring his murderers to
justice. We note that NSO Group has previously denied any involvement in the Khashoggi case.

E2) Throughout 2019 the emirate of Dubai, which is a client of the NSO Group, used its Pegasus
software to target the phones of individuals connected to Princess Haya bint al-Hussein, who is
the estranged wife of the Emir of Dubai, Sheikh Mohammed al Maktoum.

Targets of this campaign included:

• Princess Haya bint al-Hussein (+971505850000).

• Martin Smith (+447917336391), the CEO of the private security company Quest, which
provides security to Princess Haya.

• Dominic Crossley (+447769908959), a solicitor at the law firm Payne Hicks Beach.

Maktoum and Princess Haya are currently engaged in a legal dispute over the custody of their
children in the High Court of London. The judge in the case has previously concluded that
Maktoum attempted to subject Haya to a campaign of intimidation throughout 2019. It is to be
inferred that NSO Group and its software may have helped Maktoum to carry out this
intimidation campaign by stealing information from the phones of her friends, family and
security staff, and may have tried to sabotage her legal case by targeting the phone of her lawyer.

E3) In 2018 the emirate of Dubai used Pegasus software to target the phones of Princess Latifa
bint Al-Maktoum as well as individuals connected to her, after she fled Dubai.

Targets of this campaign included

• Princess Latifa bint al-Maktoum (+971504202222)

• Sioned Taylor (+971501441340)

E4) In 2019, the authorities of the UAE, which are a client of the NSO Group, targeted the
mobile phone of Pavel Durov (+447408857600), the founder of Telegram.

E5) NSO Group’s software was used to target more than 15,000 individuals in Mexico between
2016 and 2017 alone. These include at least 50 people close to then-leader of the opposition (and
now president) Andres Manuel Lopez Obrador, including his brother Martin De Jesus Lopez
Obrador (+529615792037) and his doctor Patricio Heriberto Ortiz Fernandez (+525521290561).
At least 45 current and former governors of Mexico’s 32 states were targeted by Pegasus in this
period. It is to be inferred that NSO Group has lost control of Pegasus in Mexico and the
software is now being used indiscriminately.

II. OTHER INFORMATION ABOUT NSO GROUP AND ITS CLIENTS

F1) At one point the Emirate of Dubai requested a software upgrade that would grant it the
ability to target the UK territory. This request was controversial within NSO, but was backed by
board member Stephen Peel and ultimately granted in July 2019. As documented above, Dubai
subsequently used this ability to target family members of the Emir of Dubai and individuals
connected to them.

F2) NSO Group sold its software to multiple Mexican state and regional agencies via the broker
Uri Ansbacher, a friend of Shalev Hulio. A copy of Pegasus was also operated out of a private
office run by Ansbacher’s company KBH, targeting individuals selected by then-president
Enrique Pena Nieto. We understand that NSO Group was able to monitor the details of the
targets selected for attack by Pegasus by this company. Bank statements that we have seen show
transfers of millions of dollars from KBH to NSO Group. It is to be inferred that NSO Group’s
claim that it has only ever sold Pegasus to governmental organisations is false.

F3) A person close to NSO has told us that the office of the Israeli prime minister, and
specifically the office of Benjamin Netanyahu, has given input in the past on decisions regarding
clients, including whether to drop clients or reinstate them.

F4) You rescinded Saudi Arabia’s access to Pegasus after the murder of Jamal Khashoggi.
However in 2019 you restored Saudi Arabia’s access to Pegasus following pressure from the
Israeli government. In July 2021 you rescinded Saudi Arabia’s access to Pegasus once again, this
time following allegations that they had hacked Al Jazeera journalists.

III. CONCLUSIONS TO BE DRAWN FROM OUR REPORTING

In full consideration of the above, it is to be inferred from the information that:

• NSO Group’s hacking software has aided and abetted human rights abuses on massive scale.
NSO Group is indirectly responsible for all abuses facilitated using Pegasus.

• NSO Group’s claims that its software is solely used to counter serious crime or terrorism are
fraudulent. None of the targets identified above were or are involved in serious crime or
terrorism. The abuse of NSO’s spyware, and its use against innocent people, has been
widespread.

• NSO Group’s software is used by some clients to perpetrate human rights abuse, repress free
expression, and stifle anti-corruption and democracy movements.

• NSO Group has sold its products to client governments notorious for perpetrating human
rights abuse. NSO Group knew, or should have known, that the governments to whom it sold its
software were systematic perpetrators of human rights abuse, and was therefore either negligent
in licensing its technology to them or actively complicit in all human rights abuses they
subsequently perpetrated using Pegasus.

• NSO Group has continued to supply Pegasus and related support services to client
governments that it knew had previously used Pegasus to perpetrate specific human rights
abuses, even after it announced its intention to align its business practices with the UN Guiding
Principles on Business and Human Rights. NSO Group’s public commitment to the UN Guiding
Principles on Business and Human Rights is a sham, and an attempt to deceive the public and
policymakers as well as the NSO Group’s own investors.
IV. QUESTIONS FOR NSO GROUP

In addition to any response you may have to the points above, we invite you to provide an
answer to the following questions:

• How does the NSO Group justify selling its tools in countries such as India, where existing
laws (IT Act, 2000) clearly prohibit the usage of hacking/unauthorised access and do not grant
any special exception (for national security or otherwise) to the government?

• In India, media reports have alleged that the NSO group made a presentation to Chattisgarh
state police officials in late 2017. Is this true?

• In August 2019 Shalev Hulio told 60 Minutes that NSO Group software had not been used to
target relatives of Jamal Khashoggi. As documented above, this was false. NSO Group’s clients
Saudi Arabia and the United Arab Emirates used Pegasus to target at least one relative before his
murder, and several after his murder. Why did Shalev Hulio, who claimed that he had checked
the targeting records, lie about this?

• Can NSO Group comment on the suggestion that Israeli diplomatic relations improved with
certain countries at least in part because the sale of Pegasus to those countries was used to build
stronger ties? Is NSO Group a tool of Israeli diplomacy?

• In 2017 Shalev Hulio and at least one broker for NSO Group traveled to Saudi Arabia to
finalise a contract between NSO Group and Saudi Arabia. Permission was required from Israeli
authorities to make such a visit to Saudi Arabia at the time. When was this permission granted?
Was it backdated, after the trip?

• It has been reported that the deal with Saudi Arabia was worth 55 millions dollars. Is it true?

• Is it true that Shalev Hulio once approached the Mossad and asked for permission for NSO
staffers to travel to Riad for maintenance work on “Pegasus”?

• Former and current US security officials have told us that they suspect the Israeli
government is monitoring your clients’ use of Pegasus. What measures, if any, has NSO Group
put in place to stop the Israeli government monitoring its clients use of Pegasus?

• Grupo Comercial Vicra SA de CV is a company controlled by Uri Ansbacher. According to

bank statements that we have seen, on 19 January 2015 Vicra transferred $2.5m to NSO Group.
On 26 January 2015 Vicra transferred a further $500,000 to “Shalev Holy” [Shalev Hulio’s legal
name]. Why did Mr Hulio receive $500,000 from Vicra?

• The phone records we have reviewed show numerous U.S.-based phone numbers, with +1
country codes. NSO group has repeatedly asserted that phones in the United States cannot be
surveilled by Pegasus. Can you please explain why these records show attempts to surveil +1
phone numbers? Is NSO’s bar against targeting US phones merely a policy, or is there a
technical barrier in the software’s code to doing so? Is there any barrier to using Pegasus against
US citizens or diplomats while operating abroad? What about if they are using their +1 American
phones while abroad?

As fair and responsible journalists we would like to invite you to comment upon the above
information, and let us know if you dispute any of it. Please respond no later than Wednesday 14
July 2021 at 6pm French time (CEST). Any substantive comment will be fairly reflected in any
coverage. Please note that we do not accept generalised assertions of “inaccuracy” as
substantive.

In addition to providing a response in writing to our questions, we would also like to offer you
the opportunity of a filmed interview in which you can address the points we have made in the
letter. If you would like to take up this offer, we would ask you to let us know no later than
Wednesday 14 July 2021 at 6pm French time (CEST).

We look forward to receiving your response. I would be grateful if you could confirm by receipt
that you have received this email. This will save us from chasing.

Yours faithfully,

Laurent Richard.

Executive Director of Forbidden Stories

Sandrine Rigaud.

Editor in chief.

Laurent Richard

Executive director and Founder of Forbidden Stories

Investigative Reporter
Signal/Whatsapp:+33 6 03 85 84 98
www.forbiddenstories.org
Ex. B
 NSO GROUP RESPONSE TO FORBIDDEN STORIES

NSO Group firmly denies false claims made in your report which many of them are
uncorroborated theories that raise serious doubts about the reliability of your sources, as well as
the basis of your story. Your sources have supplied you with information that has no factual basis,
as evidenced by the lack of supporting documentation for many of the claims.

For example, you wrongly assert that NSO has operated the systems that it sells to vetted
Government Customers, as well as to having access to the data of its Customer’s targets.
Additionally, you falsely claim that the Israeli Government monitors the use of our customer’s
systems, which is the type of conspiracy theory that our critics peddle. When making such
incendiary claims, readers would naturally expect you to provide some modicum of proof. Instead,
it appears you are simply furthering the salacious narrative about NSO Group that has been
strategically concocted by several closely aligned special interest groups.

Furthermore, as NSO has previously stated, our technology was not associated in any way with the
heinous murder of Jamal Khashoggi. This includes listening, monitoring, tracking, or collecting
information. We previously investigated this claim, immediately after the heinous murder, which
again, is being made without validation.

We also stand by our previous statements that our products, sold to vetted foreign governments,
cannot be used to conduct cybersurveillance within the United States, and no customer has ever
been granted technology that would enable them to access phones with U.S. numbers. It is
technologically impossible and reaffirms the fact your sources claims have no merit.

Notwithstanding the above, NSO Group will continue to investigate all credible claims of misuse
and take appropriate action based on the results of these investigations. This includes shutting
down of a customer’s system, something NSO has proven it’s ability and willingness to do, due to
confirmed misuse, done it multiple times in the past, and will not hesitate to do again if a
situation warrants.

This process is documented in NSO Group’s ‘Transparency and Responsibility Report,’ which was
released last month.

The fact is, NSO Group’s technologies have helped prevent terror attacks, gun violence, car
explosions and suicide bombings. The technologies are also being used every day to break up
pedophilia-, sex-, and drug-trafficking rings, locate missing and kidnapped children, locate
survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by
dangerous drones. Simply put, NSO Group is on a life-saving mission, and the company will
faithfully execute this mission undeterred, despite any and all continued attempts to discredit it on
false grounds.