About three dozen journalists, lawyers and human rights workers in Jordan have been targeted by authorities using powerful spyware made by Israel’s NSO Group amid a broad crackdown on press freedoms and political participation, according to a report by the advocacy group Access Now.
The information suggests the Jordanian government has used the Israeli cyberweapon against members of civil society, including at least one American citizen living in Jordan, between 2019 and September 2023.
Tensions between Israel and Jordan are high after Israel’s campaign against Hamas in Gaza and accusations by a Jordanian official that the war waged by Israel’s prime minister, Benjamin Netanyahu, amounts to “retaliatory barbarism”.
Access Now’s findings about the “staggeringly widespread” attacks against journalists, political activists, civil society actors and human rights lawyers in Jordan underscores how countries across the region have quietly maintained strong intelligence and business ties to Israel and appear to be relying on its most potent cyberweapon to quash domestic dissent.
When it is successfully deployed, an operator of NSO’s Pegasus can fully control a mobile device, including access to all emails, phone calls, encrypted messages on Signal or WhatsApp and photographs. Pegasus can even turn a phone into a remote listening device by controlling its microphone.
In response to questions about the Access Now report, NSO said it complied with all laws and regulations and sold its products only to vetted intelligence and law enforcement agencies, which use the technologies to prevent crime and terror attacks. NSO is closely regulated by the Israeli ministry of defence and it said it was investigating all credible claims of misuse.
Among the people who Access Now found were targeted – and, in some cases, hacked by authorities – were 13 individuals who agreed to be named in the report. They include Adam Coogle, the deputy director of Human Rights Watch’s Middle East and north Africa division; Hiba Zayadin, HRW’s senior researcher for Jordan and Syria; Manal Kasht, a Jordanian translator and founder of Shabbat, an organisation that seeks to empower women in politics; and Alaa Al-Hiyari, a Jordanian lawyer and political activist, among others. At least 16 journalists were also targeted between 2020 and 2023, including two Organised Crime and Corruption Reporting Project journalists, who were targeted multiple times. They are Rana Sabbagh, a senior editor for the Middle East and North Africa and Lara Dihmis, an investigative reporter.
Access Now, whose findings were corroborated by the Citizen Lab at the University of Toronto, did not definitively attribute the attacks to the Jordanian government.
But authorities in Jordan have been widely suspected of using Pegasus against domestic targets since January 2022, when Access Now and its partner, Front Line Defenders, first confirmed that a prominent Jordanian human rights lawyer, Hala Ahed, had been hacked using the spyware in March 2021. At the time, she said the attack made her feel “violated, naked, and with no dignity”. In its latest report, Access Now said Ahed, who is a member of the legal team defending the Jordan Teachers’ Syndicate, a major labour union that was forcibly dissolved in 2020, was again targeted with Pegasus spyware in February 2023. The attempt was unsuccessful.
Axios, the US media publication, has previously reported that NSO was in negotiations to license its products to the Jordanian government beginning in late 2020. Citing two sources briefed on the matter, Axios said Jordanian intelligence services surveil terror groups as well as opposition activists who are critical of King Abdullah II.
In many cases, individuals became aware their phones were being targeted after notifications by Apple. Researchers noted that users who kept their phones in Apple’s lockdown security mode were not successfully hacked.
The cases involved documented by Access Now and other researchers involved both zero-click attacks, in which a user does not have to click on any button, and one-click attacks, in which Pegasus users deliver malicious links through sophisticated social engineering attacks. In one case, a victim received a message from someone claiming to be a journalist requesting a quote about Jordan’s new cyberlaw.
The Jordanian embassy in Washington DC did not respond to a request for comment.