In a statement posted on its website, NSO said the list of numbers had not come from its database. “Such data never existed on any of our servers,” the statement said.
“As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi,” the statement continued. “We can confirm that our technology was not used to listen, monitor, track, or collect information regarding him or his family members mentioned in the inquiry.”
In an interview, the firm’s chief executive and founder, Shalev Hulio, said he had first been made aware of the list in June, when four separate people told him that hackers were attempting to sell a list supposedly stolen from the company’s servers.
Mr. Hulio said that NSO did not have any active servers from which such data could be stolen, and that from the moment he saw the list, he realized that it was “not a list of targets attacked by Pegasus, or something born out of Pegasus’ system or any other NSO product.” He said the list appeared to have been produced by users of a separate app called HLR LookUp.
Calling the consortium story “flimsy from the start,” Mr. Hulio took issues with the claims made about the list of phone numbers.
“This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it,” he said.
The Times journalists whose numbers are said to be on the leaked list include Azam Ahmed, a former Mexico City bureau chief who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself; and Ben Hubbard, The Times’s bureau chief in Beirut, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman.