Apr 30, 2026 · 7 min read

The IFJ Just Mapped Every Way Governments Spy on Journalists—And the Tools Are Now Off the Shelf

On April 28, 2026, the International Federation of Journalists released a five year mapping of how reporters are surveilled. Pegasus, Predator, and Graphite are now marketed to governments as "lawful intercept." In Gaza and Ukraine, AI is fusing telecom and drone feeds to find reporters in real time. The line between commercial spyware and state intelligence has effectively dissolved.

Journalist working at a desk in a low light office with a smartphone and notebook, telecommunications tower silhouette visible through a window at dusk

A 600,000 Journalist Federation Has Seen Enough

The International Federation of Journalists represents about 600,000 journalists across 146 countries. On April 28, 2026, it released Global Surveillance of Journalists: A Technical Mapping of Tools, Tactics and Threats—a five year analysis of how reporters are watched, where the tools come from, and who is paying for them.

The study's core finding is structural rather than incident based. Surveillance of journalists is no longer a series of isolated state operations. It is "a systemic infrastructure of control" that pulls commercial spyware vendors, telecom companies, and governments into a single global supply chain. The IFJ commissioned the work as part of the Brave Media project, a nine organization consortium led by BBC Media Action. It was authored by digital security engineer Samar Al Halal and reviewed by privacy researcher Lukasz Olejnik.

Pegasus, Predator, Graphite—Now Sold as "Lawful Intercept"

The named tools are familiar. Pegasus from NSO Group. Predator from Intellexa. Graphite from Paragon. What changed is the marketing. The IFJ documents how all three are now sold to governments under the "lawful intercept" label, which strips away the public outrage that "spyware" provokes and replaces it with the language of regulated investigative tooling.

The capability has not softened. Zero click and one click compromise are standard features. Once installed, the tools harvest messages, calls, location, contacts, photos, and live microphone and camera access. The same software that compromised Angolan journalist Domingos da Cruz on World Press Freedom Day is what governments are now licensing under a procurement framework.

The IFJ specifically calls out spyware exports as "often unregulated." The export controls that were supposed to govern these tools have not kept up with the commercial market. A government with a pen and a budget line can buy capabilities that, ten years ago, only a top tier intelligence service could build.

The 12 Country Map

The study draws on field research across 10 primary countries, with supplementary technical analysis from two conflict regions:

Primary case studies: India, Pakistan, Kenya, Italy, Serbia, Brazil, Mexico, El Salvador, Lebanon, Jordan
Conflict region analysis: Israel and Palestine, Russia and Belarus

Greece is singled out as a case study in how lawful intercept and Predator spyware can run in parallel inside a democracy. In other words, surveillance of journalists is not a problem confined to authoritarian states. The infrastructure travels.

AI Fuses Telecom Feeds and Drone Feeds in War Zones

The most chilling section of the report covers conflict zones. The IFJ documents how, in Gaza and Ukraine, AI systems are now fusing telecom signal data with drone surveillance feeds to identify and track journalists in real time. The quote that frames the analysis: surveillance "blurs the line between observation and physical targeting."

That sentence has consequences. When a journalist's phone metadata, social signals, and physical movements are correlated by an AI dashboard inside a military command structure, "covering a story" and "appearing on a kill list" stop being clearly different states. The infrastructure does not have to be malicious to produce that result. It only has to exist.

The Continuous Threat Spectrum

One of the report's framing devices is the idea of a continuous threat spectrum. Phishing emails sit on one end. Stalkerware sits next to them. Then commercial spyware. Then state grade implants. Then telecom interception. Then AI fused multi source surveillance.

A journalist does not "graduate" from one tier to the next. They face all of them simultaneously, often from the same actor. A state may use a phishing email for opportunistic credential theft, then a Pegasus zero click if that fails, then SS7 telecom abuse to track location, then drone surveillance for confirmation. The defensive posture has to assume continuous, layered pressure—not isolated incidents.

Recent reporting bears that out. Citizen Lab found two surveillance vendors hiding inside telecom networks earlier this month. UK intelligence said 100 countries can now hack a phone through commercial vendors. The CPJ filed an amicus brief on April 21 about Pegasus use against Azerbaijani journalists. Belarusian state TV broadcast 21 exiled journalists' home addresses on a single program in early April—doxxing as state policy, on prime time. The IFJ study is the connective tissue that ties those individual stories into a single industry analysis.

What the IFJ Is Asking For

The recommendations are policy oriented and pointed:

Transparency in spyware exports. Public disclosure of who is buying, what they are buying, and from whom.
Accountability for misuse. Real legal consequences when "lawful intercept" is used to target reporters.
Investment in regional forensic capacity. Most journalists who suspect compromise have no local lab to confirm it. Centralizing that work in a few research groups in the global north is not sustainable.
Digital safety training as a baseline. Not as advanced training for investigative reporters, but as default knowledge for every working journalist.
Encryption and anonymity as press freedom rights. The study frames these as protected categories, not technical preferences.

What This Changes for Newsrooms

For working journalists, the IFJ report is a reminder that operational security is no longer an exotic skill set. The threat surface includes the phone in your pocket, the email account holding your source notes, the Calendly link a stranger sent you, and the cell tower your device just connected to. None of those layers can be defended in isolation.

Three immediate steps any newsroom can take this week:

Audit who is on the spyware risk list. Reporters covering organized crime, foreign affairs, intelligence services, or domestic politics in the 12 countries the IFJ named are presumptive targets. They need device hardening, regular forensic checks, and clear escalation paths.
Treat metadata as source material. Who you call, when, and from where can deanonymize a source even when message content is encrypted. The defensive posture starts before any conversation does.
Centralize incident reporting. If a reporter sees a suspicious link, an unexpected calendar invite, or a strange notification, that signal needs to reach a single internal channel that can correlate it with other reports across the newsroom.

The Industrial Logic

The IFJ study's deepest contribution is naming what is now obvious to anyone tracking this space: surveillance of journalists has industrialized. There is a supply chain. There are vendors with marketing budgets. There are governments with procurement contracts. There are AI systems that fuse the data automatically because hiring human analysts to read every reporter's calls would be too expensive.

A reporter being tracked across a war zone, a journalist's phone being hacked in a democratic European capital, and an investigator's SS7 location being pulled from a regional carrier are not three different stories anymore. They are three customer segments of the same industry. The IFJ has now mapped the industry in detail. The harder work, of dismantling it, has not started.