While the data is an indication of intent, the presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempt succeeded. The consortium believes the data indicates the potential targets NSO’s government clients identified in advance of possible surveillance. Amnesty’s Security Lab, a technical partner on the project, did the forensic analyses. More than 80 journalists have worked together over several months as part of the Pegasus project. Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International initially had access to the list and shared access with 16 media organisations including the Guardian. The data also contains the time and date that numbers were selected, or entered on to a system. The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group, which sells surveillance software.
