FacebookTwitterLinkedIn

The Pegasus Project and the Political Fallout

Following the Washington Post’s expose regarding the spyware created by an Israeli firm, NSO, which had been used by the firm's clients in a questionable way, the political fallout is just beginning. Spyware can be defined as malware designed to track user activity on a device, not only can activity as in who the user communicates with or engages with the apps including browsers on the device but also location. Full-featured spyware can also log communications and grant the attacker privileged access to the user’s device and by extension the user’s life.

The spyware created by NSO, named Pegasus, has been active since 2016 and has made headlines in the past due to its questionable use by the firm's clients which include governments. The spyware is sold as a solution for tracking and monitoring terrorist activity but as the Washington Post, their media partners, and French investigative non-profit Forbidden Secrets show the spyware is used to track journalists, activists, and those deemed to pose a threat to authoritative regimes.

The list of those tracked was shared with media houses by Forbidden Secrets. The list contained 37 smartphones belonging to journalists, human rights activists, business executives, and two women close to murdered Saudi journalist Jamal Khashoggi.

pegasus project political fallout

It is important to note that the identity of who compiled the list is unknown with Forbidden Secrets merely having access to the list. However, the list was not just contained to 37 smartphones. The Washington Post notes,

“The numbers on the list are unattributed, but reporters were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents: several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials — including cabinet ministers, diplomats, and military and security officers. The numbers of several heads of state and prime ministers also appeared on the list…Among the journalists whose numbers appear on the list, which dates to 2016, are reporters working overseas for several leading news organizations, including a small number from CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde in France, the Financial Times in London and Al Jazeera in Qatar.”

In response to the article's claims has gone on the defensive saying that claims made by journalists for The Guardian are baseless. Further, claims made in the Washington Post are “overexaggerated”. The articles have raised questions as to the morality and legality of such software, which should be more adequately called malware due to its malicious nature, being developed and sold.

Especially to those in power with questionable attitudes to human rights. NSO relies on the excuse that it does operate the malware, nor does it collect the data the spyware harvests from the firm’s clients. Timothy Summers, a former cybersecurity engineer at a U.S. intelligence agency and now director of IT at Arizona State University speaking to the Washington Post summarised ethical concerns of creating such a program in the first place raises, saying,

“This is nasty software — like eloquently nasty…one could spy on almost the entire world population …there’s not anything wrong with building technologies that allows you to collect data; it’s necessary sometimes. But humanity is not in a place where we can have that much power just accessible to anybody.”

The Fallout

Some of the notable targets on the list include:

  • 50 people close to Mexico’s president, Andrés Manuel López Obrador, who include his wife, children, aides, and doctor. The monitoring was believed to have been done while the president was still an opposition politician to the powers that be at the time.
  • Rahul Gandhi, the most prominent political rival of the Indian prime minister, Narendra Modi, was twice selected as a potential target in leaked phone number data.
  • Carine Kanimba, the American daughter of Paul Rusesabagina, the Rwandan activist who inspired the film Hotel Rwanda, has been the victim of multiple attacks using NSO spyware, according to a forensic analysis of her mobile phone, although Rwanda denies it has the NSO technology.

In many cases where governments have been exposed either no response has been forthcoming, or they have denied any wrongdoing.

The spyware not only impacts individuals but also the manufacturers of smartphones, namely Apple and Google who provides the Android operating systems used by a majority of phone manufacturers. This has developed a cat and mouse game between the manufacturers and NSO with the manufacturers patching gaps exposed by the malware. This is then followed by NSO quickly developing new techniques to compromise devices. Ivan Krstić, head of Apple Security Engineering and Architecture, noted,

“Apple unequivocally condemns cyberattacks against journalists, human rights activists and others seeking to make the world a better place…For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

The above statement was made after it was revealed that Pegasus can even compromise Apple’s newest iPhones. It was discovered that Pegasus is designed to leave very few traces of its existence on both Apple and Android devices. Further, the spyware can circumvent traditional security measures like strong passwords and encryption.

While the spyware is present it is known to steal photos, recordings, location records, communications, passwords, call logs, and social media posts. The spyware can also turn on microphones and cameras to enable real-time surveillance of the target. In response to the news that Apple devices can be hijacked in such a way, the stock price of Apple fell over 2 percent.

The use of NSO’s spyware in India has further raised concerns regarding how the Indian government under Prime Minister Narendra Modi is actively looking to curtail civil liberties. Not only was Rahul Gandhi targeted but Ashok Lavasa, a key election official considered an obstacle to the ruling party, and M. Hari Menon, the local head of the Bill and Melinda Gates Foundation. Further, journalists, activists, opposition politicians, senior officials, business executives, public health experts, Tibetan exiles, and foreign diplomats were all found to have been compromised.

Even if half of what the list is true, the spyware is not used to protect citizens from terrorist attacks. Rather, it is used to keep tabs on political opponents or critics. This is an egregious overreach of power, and especially egregious in a democratic state.

Over the years we have seen numerous instances where individuals not only their right to privacy have been infringed upon by hackers but also by governments and corporations. It is true that modern technology has enabled a level of convenience for the individual unrivaled throughout history.

Our rights to privacy and freedom of expression, movement, and thought should not be sacrificed for such convenience. Pegasus is a good example of any if we are capable of doing something, we should always ask first, should we.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal