[mshanowitz]

Another part of this story is that the company completely denies their connection to this "list".

The media thus far has presented very little evidence that this list is actually from NSO Group.

They have provided no information on how this list was obtained and 67 phones (out of 50k) seems like a very small amount of phones (with a 55 percent success rate) to use as a basis for an international story across many major media outlets. These stories only consist of that this or this person is on the "list" (no evidence at all of spyware on their phone).

[dwater]

The media has presented it's evidence and reasoning for why they believe the list of 50k numbers is from NSO. In the original Washington Post article, they link to the methodology used by Amnesty to determine why they concluded it's likely from NSO.

https://www.washingtonpost.com/investigations/interactive/20...

https://www.amnesty.org/en/latest/research/2021/07/forensic-...

From the Washington Post article:

"The media consortium, titled the Pegasus Project, analyzed the list through interviews and forensic analysis of the phones, and by comparing details with previously reported information about NSO. Amnesty’s Security Lab examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration.

For the remaining 30, the tests were inconclusive, in several cases because the phones had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, Androids do not log the kinds of information required for Amnesty’s detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages."

[mshanowitz]

I don't dispute that there is evidence that 67 phones had been targeted with Pegasus software. I am however skeptical of that justifying an international breaking news story that so-and-so is on the "list" without having checked if their phone has been infected.

[boomboomsubban]

>with a 55 percent success rate

I assume that getting a new phone would make you a miss unless there was a new request for you to be tracked.

And unless the 67 people who agreed to have their phone examined were terrorists or felons, 37 positives proves the broader point of the story that the software is being abused even if there's some discrepancy with the 50,000 number list.

[inglor]

My theory is that NSO is paying for this PR blitz since companies like NSO need physical sales and now that international travel is back they need a lot of articles that talk about how powerful/dangerous the NSO hacking tools are.

Basically "look at it from a Saudi prince's perspective".

[mshanowitz]

I've seen no PR blitz. I'm honestly just a little skeptical seeing how some stories gained mainstream acceptance over the years without much basis in fact

[JKCalhoun]

A spyware company denying their connection to a list that would cause them embarrassment is so unsurprising that we should probably simply ignore it — not a relevant data point.

While I agree "the media" ought to back up their data with sources I think we can agree that data like this is only going to be provided with extraordinary precautions. Therefore I am also unsurprised that the source has not been revealed.

I'm probably more skeptical than the average person (the past so many years has convinced me of that) but if you're going to suggest this list of phone numbers is a plant and part of a conspiracy you ought to at least suggest who would be behind this and why. That "the media" made this up whole cloth strains credibility.

[mshanowitz]

I'm not suggesting we take their word for it at all. I brought this point because some times in the "denial" you see their admittance (which isn't the case here).

It's just a bit weird that media couldnt bother to test more than 67 phones before coming out with this breaking international story.