Israeli cyber arms firm, NSO Group, have been selling their Pegasus spyware software to terrorist states around the world. Pegasus is a highly sophisticated form of spyware that can easily bypass any type of phone security and access all your messages, images, videos, emails and even your GPS location. It can track your keystrokes and capture your login details and it can even transform your phone into a bug as it can switch on your microphone and listen in on your conversations (both on the phone and in the room) and it can turn on your camera. Unlike previous forms of malware where the user might accidentally click on a link that a hacker had sent to them, which effectively then operates as a Trojan horse and opens the door to an attack, the Pegasus software doesn’t need you to click on a link. It simply searches for a weakness in your phone’s own software and exploits it.
A number of media organisations around the world launched a collaboration project to investigate the NSO group and found that a number of governments had used Pegasus to spy on activists, politicians, dissidents, human rights defenders and journalists. In some instances it was also used to spy on their family and friend as well. Investigators managed to get hold of a leaked list of 50,000 phone numbers that belonged to “persons of interest” to NSO customers. Amongst others, the list included 14 heads of state of governments, including SA President Cyril Ramaphosa, President Emmanuel Macron of France and Pakistan’s PM Imran Khan. It also included the wife of the murdered Journalist, Washington Post’s Jamal Khashoggi. Also on the list was Princess Haya bint al-Hussein, the ex-wife of Dubai’s emir, Sheikh Mohammed bin Rashid al-Maktoum, along with 8 of her closest aides, advisers and friends, her lawyer and members of her private security firm. Sheikh Mohammed had threatened Princess Haya and her children on numerous previous occasions. In 2018, Princess Haya’s daughter, Princess Latifa, also fled to the United Arab Emirates and it was later discovered Princess Latifa and some of her friends had been put on the Pegasus list. Latifa was later captured by Indian special forces and returned to Dubai.
Dr Agnes Callamard, Amnesty’s Secretary General, told Democracy now that “the misuse of the spyware is systematic and it is global”. She goes on to explain that the NSO group has a relationship with the Israeli government, both on a strategic and regulatory level. As governments appear to have weaponised this software against ordinary civilians, Edward Snowden and Amnesty International are now calling on a complete halt to the trade of spyware technology before the 50,000 figure becomes 50 million or more.
The UN has been arguing for better regulation for some time but it’s unclear whether there might be any increased efforts to achieve this. Given that the US administration tried to bury the story by running another story about China’s spyware capabilities on the same day that the Pegasus story broke, we can assume that it’s probably not in their interests to take any action either. Of course, one reason why they might be attempting to distract from the story is that they might be feeling vulnerable. If there is currently no known way to stop the Pegasus software from hacking a smartphone and if it’s almost untraceable then, presumably, anyone is a potential target – even members of the UN &US administrations? Or perhaps it’s already a part of their own arsenal?
The extent of the abuse and consequences for the victims are very real and extremely severe. Earlier this week a Moroccan court sentenced journalist Omar Radi to 6yrs in prison after Moroccan authorities had hacked his phone using Pegasus spyware. Radi had been reporting on government corruption and human rights abuses for years. Dr Agnes Callamard also describes how a Mexican journalist, Cecilio Pineda Birto, was shot dead hours after reporting on corruption. Cecilio’s phone number had somehow found its way onto the Mexican NSO client list.
Indian news channels are reporting allegations that figures within the Indian government have used the spyware to spy on journalists, political opponents (including an election commissioner) and business leaders. It’s even been used against a woman who reported that she had been sexually harassed by the sitting Chief Justice of India. The newly leaked list even includes members of her family as targets.
On Sunday 18th July, a consortium of global media outlets, including the Guardian, Washington Post, Die Zeit, Süddeutsche Zeitung and Le Monde, revealed that Israeli government clients around the world had used Pegasus hacking software to target human rights activists, journalists and lawyers. The BBC, who were not part of the consortium, then picked up the story days later and somehow managed to get a statement from the NSO group (something none of the other global media outlets were able to do) in which NSO attempted to blame their customers and argued that it’s like.. “criticising a car manufacturer when a drunk driver crashes”. Perhaps a better analogy might be that it’s a bit like filing the serial number off a gun and then selling that gun to someone who you already know to be a serial killer.
The hit list was apparently hacked from NSO’s Cyprus servers but the NSO spokesperson told the BBC that they don’t even have servers in Cyprus and, for the record, they don’t personally hold the data that their customers produce. They’re also disputing the volume of targets being reported and claim that they are “sending the system to governments” and that they “get all the correct accreditation and do it all legally.” Basically, everything they do is authorised by the Israeli government.
The Israeli government has now decided to create task force of government, Mossad and military officials to “manage” a global response to the Pegasus project.
Spotlight is 100% independent. Our content is free for all to read and share and we also prefer to stay advert free. If you appreciate this content then please consider supporting Spotlight by subscribing or making a one off donation. You can take out a monthly subscription for as little as £1 a month or you can make a one-off donation if you prefer.