>> pegasus... pegasue... pegasue... >> narrator: in collaboration with forbidden films, a two-part investigation... >> this story would be huge... >> nso was established with an ambition to make the world a safer place... >> narrator: into powerful spyware... >> it is a military weapon used against civilians. >> narrator: used around the world... >> there is no control over how countries use it, and they have been using it in the worst way you could imagine. >> narrator: now on frontline part two of “global spyware scandal: exposing pegasus." >> frontline is made possible by contributions to your pbs

station from viewers like you. thank you. and by the corporation for public broadcasting. additional support is provided by the abrams foundation, committed to excellence in journalism... the john d. and catherine t. macarthur foundation committed to building a more just, verdant and peaceful world. more at macfound.org. park foundation, dedicated to heightening public awareness of critical issues... the heising simons foundation, unlocking knowledge, opportunity and possibilities. at hsfoundation.org. and by the frontline journalism fund with major support from jon and jo ann hagler. and additional support from laura debonis. ♪ ♪

(sirens blaring in distance) >> when you have your hands on a technology like this, the power must be quite intoxicating. you can get into the phone of most people in the world. and no one's looking over your shoulder. (distant sirenlaring) >> laurent (speaking french): ♪ ♪

(multiple international journalists saying "pegasus") >> it's like a pern over your shoulder, a person who will see what you are seeing, a person who will watch what you are watching, your emails, your encrypted communication, everything. so once you are infected, you're trapped. ♪ ♪ >> it was against so many people in civil society who clearly were not terrorists or criminals. and you got a real sense that it was a free-for-all. >> de acuerdo con la pesquisa acabada por "the washington post," "the guardian," "le monde" y otros medios... >> a joint investigation by 17 news outlets and forbidden stories... >> activists, lawyers and journalists are reportedly among those who've been targeted by the phone spyware... >> phone numbers belonging to some big name politicians. >> (speaking mandarin):

>> nso says they sell the software to governments for legitimate purposes, fighting terrorism or violating local laws. >> you have here a go-to spy service for tyrants. ♪ ♪ (distant traffic) ♪ ♪ (indistinct phone chatter) >> when we started analyzing the list, we saw a lot of french numbers. more than 1,000 potentially targeted by morocco. there were journalists, lawyers, activists, but t only.

we also saw members of the french government, and the president, macron, himself. we immediately realized that this story would be huge. (speaking fren) >> oh! >> we knew politicians were on the list. and to prove that they're... actually been infected with pegasus, we needed their phones. but politicians wouldn't hand you their phone that easily,

specifically, if you're an investigative journalist. ♪ ♪ >> leloup (speaking french):

>> (conversing in french)

(makes explosion sound) >> leloup: (train announcer speaking french) ♪ ♪

>> untersinger (speaking french): >> leloup:

>> we don't know exactly who in morocco was using pegasus. there were moroccan dissidents on the list, even the king of morocco himself was on the list. but we do know that nso only sells to governments and government agencies. we were reaching out to another dimension of the project. we were at this stage entering a space, a dangerous space, where we were talking about a country, a state, attacking another one. ♪ ♪ ♪ ♪ >> each time you look at how a client of nso group used the technology, it tells you something about that government.

in the uae, sheikh mohammebin rashid al maktoum is prime minister, vice president and, of course, the ruler of dubai. here is an autocratic leader. massively powerful. princess latifa is the daughter of sheh mohammed. she had for a long time been, by her account, unhappy about her life in dubai. she had been... incarcerated, effectively, by her father's regime. >> i'm making this video because it could be the last video i make, yeah. (sighs) this video can help me because all my father cares about is his reputation. he will kill people to protect his own reputation. he, he only cares about himself and his ego.

the princess latifa concocted this extraordinary attempted escape that involved jet skis, a yacht, and a trip to the indian ocean. i mean, it's an audacious thing to do. incredible, even, that she attempted it. i think remarkable that it nearly succeeded. ♪ ♪ the day after princess latifa went missing from dubai, we saw her number entered in the list. and in the days after that, as she was traveling toward india on this yacht, her friends, people she knew, people within her orbit, their phone numbers also appeared on the list.

if you look at the dates and times that her number and those of people close to her were entered into the system, you have sometng that has to be more than a coincidence. eight days after her escape, indian special forces boarded the yacht, and then the princess was forcibly returned to dubai. we don't know exactly why the attempted escape didn't succeed, but nso's technology was, it seems, from the evidence 've seen, one of the tools that was being used by the state in a desperate attempt to find princess latifa, kidnap her, and return her back to dubai. we tried hard to get hold of a phone latifa had used but we couldn't. so we contacted her friends and her associates to ask if we couldheck their phones to see if they'd been targeted with pegasus. ♪ ♪ given how much david haigh was working on the latifa case, it wasn't a surprise when we discovered that

there was pegasus activity on his phone. >> i was infected on 3rd of august 2020 with pegasus, i believe at 3:00 a.m. in the morning and the next day as well. the fact that you can be hacked... on british soil, and that they can do that, it's, it's frightening. it really is. (waves crashing) my name is david haigh, from detained international. we founded the campaign to free the dubai princess, princess latifa, in 2018. >> david haigh was actually imprisoned in dubai for alleged fraud, and it was after his release

that he became a human rights campaigner. princess latifa began to message him after her failed attempt at escape. >> this is a picture that latifa drew of the jail villa, villa 96 in jumeirah, dubai, near the burj al-arab. um, and you can see here, "beach in this direction" where she was held captive. >> (on laptop): this villa has been converted into a jail. all the windows are barred shut, i can't open any window. uh, there's five policemen outside, and two policemen inside the house. i don't know what can happen to me and how long this will last and if they decide to release me, like, how my life will be? but, um, i'm not safe at all. ♪ ♪ >> that week before i was hacked, our secret contact with latifa had stopped suddenly. the seven hours became a day and then two days.

and then we start to worry because that was not normal. we had recorded a lot of videos and a lot of evidence latifa had that could be used to tell the world about her predicament, the fact she'd been held hostage. at the time i was hacked, we were in london with the videos that latifa recorded, the evidence, to meet media to decide if we were going to use it at that time or not. it was effectively dynamite evidence on that phone. ♪ ♪ the fact that they know your location... ...someone could be listening to us now, and seeing what we're doing. and it's that, sitting in the back of your head every day. we can't let nso and the governments that abuse their system,

get away with what they've done. because if we do, and if nothing happens, and people are not brought to justice, people are not put in jail and people are not taken to court, the next company and the next company, and the next company, wherever they may be, will do exactly the same. and it will just carry on, but get worse. ♪ ♪ ♪ ♪ (brakes screeching) >> amitai (speaking hebrew):

♪ ♪

>> (voice distorted): israel has this advantage of not only developing new technologies and weaponry, but testing it live. and this is something israel knows it can use to sell outside. when you want to control a huge population like we do with palestinians, you have to have assets everywhere. so everyone can be a target, because you don't want only the, i don't know, terrorist from the hamas, but also maybe his neighbor or the... his cousin, or the person who sells milk in the corner of the street. if you want to recruit human agents, you need to collect their weaknesses, things that you can use to blackmail.

anso part of what 8200 does is to collect this blackmail, potential information about everybody. if you're gay, or if you have medical, a special medical condition, or you have financial problems, or someone from your family has one of those, then that's something we can use against you to blackmail you and get you to cooperate. >> israeli intelligence has a strategic view of how their employees should be used after they leave their employ. they promote them. they want them to start these companies. and they see a deep communications, a continued relationship between the government and their former employees as valuable to israel's national security interest. (siren blaring) >> there's a lot of evidence to suggest

that nso group had the direct backing in support of bibi netanyahu's government. in order to sell its product to governments around the world, it required permits, effectively licenses from the israeli defense ministry. >> i decided several years ago to turn israel into one of the five cyber powers of the world. in order for the companies to develop, they need to make-- what do they need to make? >> (distant): money. >> money! they need to make money. now the easiest way to make sure that they don't make money is one, high taxes, right? what's the other one? regulations! have you ever heard of regulations? we have a problem with regulations. so the policy we have is keep taxes low

and keep regulations low. minimize regulations. there is no industry more susceptible and more inviting of regulations than cybersecurity. it's like weapons-- it is a weapon. ♪ ♪ >> (speaking hebrew)

the timeline for hungary is that the visit was in july 2017, and the operation of hungary, we know almost the exact date by the database of forbidden sries. it's february 2018. so, similarities. (speaking hebrew)

(audience applauds) ♪ ♪

♪ ♪ ♪ ♪ >> going through all the numbers on the list was a huge job. more than 15,000 of the numbers were in mexico. and one of those numbers belonged to a journalist who was murdered just weeks after he was put on the list. was pegasus used in that case to spy on a journalist, or to geolocate him? >> ¿sabes que cecilio pineda es también en la lista?

>> sí, ¿el que fue asesinado? >> sí, es en la lista, sí. >> uf, qué fuerte. ♪ ♪ en méxico es muy grave que se haya usado pegasus como se usó. me remito al caso de cecilio pineda. ♪ y the pegasus project lo mostró públicamente que su teléfono fue ingresado, días antes o semanas antes de haber sido cometido al asesinato.

el estado de guerrero es una de las entidades más impactadas por el crimen organizado. hay lugares en donde literalmente el estado ya no tiene dominio. las autoridades en realidad están pues mezcladas con el crimen organizado y hay pues actividad del narcotráfico, hay actividad diversa, delincuencial. (dog barking) >> de acuerdo con el reporte de la policía varios sujetos armados llegaron a un autolavado donde el periodista cecilio pineda esperaba que le entregaran su camioneta y le dispararon. (dog barking) >> no me sorprende q cecilio pineda estuviera en esa lista porque el tema que se estaba tocando era serio. >> pues calentando, ya estamos cansados de violencia.

pero nadie, eh, tiene segura su vida. la mera verdad, vivimos en una región donde estamos solos. en una región en donde todas las autoridades pues no te... no te apoyan. y aquí uno tiene que defenderse con sus propias uñas. mm. buenas tardes, amigos de tierra caliente, pues aquí ya de regreso después de estar en dos municipios de la región y pues nos encontramos con esto. >> cecilio había hecho un video. venía en camino y quiso dar un mensaje anticipado de lo que iba a presentar después. él dijo que unas horas después iba a mostrar el video de la relación que había entre el gobierno del estado y el grupo del tequilero. después de eso ya no presentó nada, a él lo asesinaron.

♪ ♪ >> ese día, este... ♪ ♪ y al llegar a la clínica, este, yo quise pasar a verlo. entonces me dice la señorita, dice: « no, lo están atendiendo ». entonces yo pensé pues que iba a estar bien. dije, no, pues nada más fue, pues algo... ya como a los tres minutos sale el doctor, dice, « no », dice, « pues ya... ya falleció ». y es la única vez en mi vida que me he desmayado.

cuando volví, pues estaba toda aturdida. dije, pues no sabía que... y pues ya, fue cuanque, este... a decir pues que había fallecido que ya había llegado prácticamente casi muerto pues. ♪ ♪ >> you can only prove infection if you do forensics on the phone and find traces of pegasus, but in many cases, the phone was not findable. that was the case of cecilio pineda. >> no se puede afirmar categóricamente que lo que se obtuvo de el posible espionaje haya sido lo que provocó el asesinato. pero tampoco podemos ser ingenuos. ♪ ♪

(bird caws) >> we were able to set up a date where we all agreed that will be the day of the publication. in 2021, july 18. and we knew that the most dangerous phase was those two weeks before the , when you knock on the door of the nso group to say "we are forbidden stories, we are 80 reporters,

we investigate your businesses and we have evidence a global misuse that is threatening democracy. (speaking french) they can come blackmail the source, they can hack me, one of the person of the team, they can follow us. they can come into our offices. >> by now the members of the consortium had managed to do forensics on over 60 phones connected to numbers on the list, and we had forensic proof that at least 37 phones had been targeted or infected with pegasus. the more publication day was approaching, the more paranoid we all became. before publication we already had that habit to switching off the phones or even our computers before having any conversation about the investigation, so most of the day were living and working

without our phones, or even our computers. so we had different ways of working, we had other devices we could work on. >> laurent: i remember that day clicking on the button "send." i was sending the official request for comment from the 80 reporters with dozens of questions inside. we were giving a deadline to the nso group, and to all the state actors. and we were expecting some answers. ♪ ♪

(phone beeps) >> (on phone): hello? >> this is laurent richa from forbidden stories. how are you doing? >> (on phone): yeah, i am good. >> yeah, thank you for taking the time to answer. i was just wondering if you, um, are planning to answer our questions. >> (on phone): well, you can see it in your email now. yes? >> okay, i see it. >> thank you. >> oka thank you, bye. >> bye. (phone beeps) >> okay. what we got is an email from the nso group, saying that, "all you think is wrong, thank you, best regards." "nso group firmly denies false claims made in your report which many of them are uncorroborated theories "that raise serious doubts about the reliability of your sources, as well as the basis of your story."

>> but then, when i woke up in the next morning, i opened my phone. and i saw that nso sent letters from lawyers to most of the partners at the same time, on all continents, to threaten them, and to tell them that if you publish anything, we will sue you. ♪ ♪ >> it's a bit tense here, if i'm honest. >> yeah? >> yeah. um, we've had a provisional response from nso to "the washington post," um, and we will have the formal, another response from them to us in about... 15, 20 minutes.

so we're gonna keep this call really quick. (voiceover): um, the stakes are really high when you do this kind of reporting. here was a company valued at over a billion dollars. and the nso group and itclients, these governments, were not going to put their hands up and confess to this activity. they were fighting as hard as they possibly could. all going well if we're proceeding with this project. i think the crunch point, really, is going to be in the next 12 hours. >> in the sense of, if we are proceeding, paul? >> yeah. >> is that in doubt? well, it's always-- it's never confirmed, until it's confirmed, right? (typing on keyboard) (computer chimes)

we can confirm at least-- (speaking french): ♪ ♪ (door beeps) >> elodie (speaking french):

>> (on phone): so paul, just to be 100% clear, you guys are ready to hit the button on a version of the story in 42 minutes? >> of the heads of states story. >> heads of state only. >> we're not ready now, but in 42 minutes we will be ready. (laughs) >> here we were simultaneously publishing 17ifferent media outlets all over the world in several different languages, all at the same time, at the same minute, the same day after months of investigating. >> the investigation into the nso... >> (speaking french) >> that's okay... >> (speaking french) >> we've done it. >> a tiff! (chattering in french)

>> so the story is now live. >> an explosive investigation from the "washington post," and a consortium of media partners. >> activists, lawyers, and journalists... (overlapping news reports in multiple languages) >> de la utilización de pegasus en el mundo. >> (speaking french) >> (speaking french) >> what can be done to protect our country from commercial spyware? the kind of threat that is now being reported at the top of the news across the nation. >> there had been reporters who've been doing stories on pegasus for years. this sort of tipped the scale, beuse it was in so many countries,

it was against so many people in civil society who clearly were not terrorists or criminals. and you got a real sense that it was an... it was a free-for-all. we even found out afterwards that the fbi considered using a version of pegasus that could hack into us phones. but that fell apart and the biden administration actually blacklisted nso group. they've made a bigger deal than i would have expected against not just an israeli company, but really they're criticizing the israeli government for allowing this to happen, because it actually could not happen without the israeli government's permission. >> you have here a go-to spy service for tyrants. ♪ ♪

what the executives of these companies and the engineers are hoping for most is to make a whole lot of money, and do it in a way where there's minimal regulation and minimal oversight. >> a u.s. appeals court is allowing whatsapp messaging service to move forward with a lawsuit against nso group over allegedly targeting... >> silicon valley has a big role to play. company like whatsapp, company like apple, they are suing nso. they are the ones with money. they are the ones who promise you safety and security. >> all we've seen nso group is deny, deny, deny. and that's showed up entirely through the legal process as well. the way i think about it is tech companies can and should do everything they can to make their software as secure as possible. but at the end of the day, if there's no consequences

for people who try to break that software to commit human rights abuses, then there will always be people trying to do it. it's just like the only solution to stopping bank robbery is not to have the best technology in banks. yes, you do that too. 's also that bank robbers get caught and have consequences for trying to rob banks. and we need that for the spyware industry. ♪ ♪ >> pegasus spyware is once again back in the spotlight. this time for targeting pro-independence supporters in spain... >> several members of poland's opposition have produced evidence they were hacked by pegasus software... >> this scandal is being dubbed the polish watergate. >> in europe, we were discovering new victims of the spyware, and new countries were accused of using pegasus to spy on their opponents.

at the european parliament, representatives from nso agreed to answer questions from politicians. it was the first time they'd done this. >> (speaking german): we know that nso is now on the market. so maybe they are trying to polish their image. that would be interesting to see. (indistinct chatter)

(chiming) >> thank you, mr. chairman. on behalf of nso, i want to thank the members of the committee of inquiry for having us here today. before we begin we should note there are limits to the information we can share with the committee and others. as you know, nso is a private company providing export-controlled cyber intelligence technologies only and exclusive to government agencies for the purpose of preventing and investigating terrorism and other serious crimes. as a result, we are unable to share details about our customers, as well as the crimes prevented and criminals tracked and apprehended using our technologies or trade secrets of the technology. it is not true that nso group operates pegasus and collects information about individuals. it is not true that nso group

sells its technology to private companies. the issues that came up about jamal khashoggi, about president macron, the system was not used on those numbers. >> i will go immediately into the q&a session of today's meeting, we already have 15 members who have asked for the floor. >> have you ever terminated a contract with an eu member state? >> we have terminated a contract with eu member states, but to get into, again, the exact numbers... >> that's fine, thank you-- next question. if a country does not give you a permission to audit, is that a reason for you to terminate a contract? yes or no? >> as statedefore, if they do not allow us to do the audit and do not participate and provide us with information needed in our investigation, yes, that is a reason to terminate a contrac i can state that we've terminated eight customers over the past several years. >> have the united arab emirates and saudi arabia

ever gone through your due diligence check and have they passed it? (person coughs) >> as i said, i'm not going to respond to questions regarding specific potential customers. >> given that uae and saudi arabia have been using pegasus software, who are legitimate actors to issue warrants in these countries according to your checks? >> again, i repeat it again, i'm not going to respond to questions regarding specific customers. >> (speaking polish) >> i cannot and again, i repeat, i cannot because of various confidentiality and secrecy issues, i cannot get into specific questions regarding specific customers or specific cases. >> (speaking hungarian):

>> first of all, every customer that we sell to goes through the due diligence review in advance, and if, and very often if the concerns are raised regarding the rule of law-- 'cause what we're looking at is also the rule of law. and any country that we've decided to sell to has been approved in this manner. >> please, stop the, stop the storytelling. i'm going to continue in hungarian. (speaking hungarian):

>> (quietly): good question. >> aga, as i said, >> not "again," it was a new question, so please. >> (clears throat) i have not said... we have not said that we have determined recently that hungary is or is not a secure country. >> you did consider it secure because you sold the stuff to them! >> excuse me, colleague... >> i said, now we will, >> let's keep a little bit of order in the meeting as well. i understand there is frustration, but you have the concrete question, we have a concrete answer, and, uh, please. >> you keep repeating the same thing, and there seems to be a complete disconnect between reality and between what you're saying. this is like, you know, it's an insult to our intelligence, sorry. ♪ ♪ (horn honks)

>> (speaking hebrew) >> (speaking hebrew): ♪ ♪

>> amarai (speaking hebrew): ♪ ♪ (indistinct chatter) >> (speaking hebrew):

>> the bottom line is nobody regulates these companies.

that's the bottom line. technology is just so far ahead of government regulation and even of public understanding of what's happening out there. >> it's a wild west. and this is where we are when you have a private security company meeting state actors with no regulation in the cyber civilian space, and when it's possible to use military weapons against civilians. >> in some ways, we can talk about the impact on the company and say it's been really profound. a more pessimistic view would be to look at the entire industry, which remains unreformed, pretty wild, unregulated... and nso may vanish. but i feel no more secure talking in front of my phone now than i did when we first published.

you know, i don't think these issues have gone away. ♪ ♪ >> go to pbs.org/frontline for a q&a with the journalists at forbidden stories who led the pegasus investigation. >> and once on the phone it can extract and access everything from the device. >> everything, so once you are infected, you're trapped. >> and an archive of stories with our reporting partners on the pegasus project. connect with frontline on facebook, instagram and twitter, and stream anytime on the pbs app, youtube or pbs.org/frontline. >> vladimir putin is as cold blooded as any foreign leader i have ever seen. >> narrator: an inside look at how five american presidents confronted putin. >> president putin simply speaks mistruth after mistruth and tries to misinform,

but he does it as easily as he breathes. >> president putin simply speaks >> narrator: leading to a dangerous new conflict with the tries twest.inform, >> if russia is allowed to get away with this, it affects the entire international order. >> frontline is made possible by contributions to your pbs station from viewers like you. thank you. and by the corporation for public broadcasting. additional support is provided by the abrams foundation, committed to excellence in journalism... the john d. and catherine t. macarthur foundation committed to building a more just, verdant and peaceful world. more at macfound.org. park foundation, dedicated to heightening public awareness of critical issues... the heising simons foundation, unlocking knowledge, opportunity and possibilities. at hsfoundation.org.

and by the frontline journalism fund with major support from jon and jo ann hagler. and additional support from laura debonis. captioned by media access group at wgbh access.wgbh.org. >> for more on this and other frontline programs visit our website at pbs.org/frontline. ♪ ♪ ♪ ♪ frontline's "global spyware scandal: exposing pegasus" is available on amazon prime video.

you're watching pbs. ♪♪ ♪♪

- i decided, this is not being egotistical, i decided i was gonna be the best triple amputee there's ever been. i haven't achieved that and never will, but at least i'm trying to get there. - i don't think anything i did was heroic. i think that we made mistakes that actually cost lives. so i feel, you were talking about survivors remorse earlier, so i don't feel like i did anything that was heroic. i did almost 300 patrols looking for ieds at 12 miles an hour, but i mean, a monkey could have done it. - we don't say commit. we're teaching died by suicide because it's not a crime. it's their mental illness that took their life. that injury they sustained overseas, they're all combat veterans, so that injury took their life. to me, that's the same as me dying on the operating table. the injuries i sustained in war is what took my life. same thing when it comes to suicide.