David Pegg and Paul Lewis in London, Michael Safi in Beirut, Nina Lakhani in Ciudad Altamirano:

successful Pegasus infection gives NSO customers access to all data stored on the device. An attack on a journalist could expose a reporter’s confidential sources as well as allowing NSO’s government client to read their chat messages, harvest their address book, listen to their calls, track their precise movements and even record their conversations by activating the device’s microphone.

Reporters whose numbers appear in the data range from local freelancers, such as the Mexican journalist Cecilio Pineda Birto, who was murdered by attackers armed with guns one month after his phone was selected, through to prize-winning investigative reporters, editors and executives at leading media organisations.

In addition to the UAE, detailed analysis of the data indicates that the governments of Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda and Saudi Arabia all selected journalists as possible surveillance targets.

It is not possible to know conclusively whether phones were successfully infected with Pegasus without analysis of devices by forensic experts. Amnesty International’s Security Lab, which can detect successful Pegasus infections, found traces of the spyware on the mobile phones of 15 journalists who had agreed to have their phones examined after discovering their number was in the leaked data.

Obama used the Espionage Act to put a record number of reporters’ sources in jail, and Trump could be even worse