Pegasus Nightmare

Pegasus spyware filth completely bad for democracy, journalism and also terrible

by Anwar A. Khan

Pegasus is a spyware developed by the Israeli cyberarms firm NSO Group that can be covertly installed on mobile phones and other devices running most versions of iOS and Android. The 2021 Project Pegasus revelations suggest that current Pegasus software is able to exploit all recent iOS versions up to iOS 14.6. 

According to the Washington Post and other prominent media sources, Pegasus not only enables the keystroke monitoring of all communications from a phone (texts, emails, web searches) but it also enables phone call and location tracking, while also permitting NSO Group to hijack both the mobile phone's microphone and camera, thus turning it into a constant surveillance device.

The company had previously been owned by American private equity firm Francisco Partners, then bought back by the founders in 2019. NSO states that it provides "authorized governments with technology that helps them combat terror and crime", has published sections of contracts requiring customers only to use its products for criminal and national security investigations, and stated that it has an industry-leading approach to human rights. The spyware is named after the mythical winged horse Pegasus—it is a Trojan horse that can be sent "flying through the air" to infect phones.

Pegasus was discovered in August 2018 after a failed attempt at installing it on an iPhone belonging to a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. As of 2016, Pegasus was capable of reading text messages, tracking calls, collecting passwords, tracking location, accessing the target device's microphone and camera, and harvesting information from apps. News of the spyware caused significant media coverage. It was called the "most sophisticated" smartphone attack ever, and was the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected.

In the same year of 2020, according to intelligence obtained by the Israeli newspaper Haaretz, the NSO Group was reported to have sold Pegasus spyware software for hundreds of millions of US dollars to the United Arab Emirates and other Gulf States, for surveillance of anti-regime activists, journalists and political leaders from rival nations, with Israeli government encouragement and mediation. Later, on December 2020, Al Jazeera investigation show The Tip of the Iceberg, Spy partners, showed exclusive footage about Pegasus and its penetration into the phones of media professionals and activists, used by Israel to eavesdrop on its opponents and even its allies.

European politicians and media groups voiced outrage over reports that an Israeli firm supplied phone malware used by governments to spy on activists, journalists, lawyers and politicians in several countries.

The NSO Group and its Pegasus malware—capable of switching on a phone's camera or microphone and harvesting its data—have been in the headlines since 2016, when researchers accused it of helping spy on a dissident in the United Arab Emirates.

A collaborative investigation by The Washington Post, The Guardian, Le Monde and other media outlets, based on a leaked list of 50,000 phone numbers, revealed the spying may have been far more extensive than previously thought.

The leaked numbers are believed to be connected to people identified by NSO clients as potential surveillance targets.

They include one linked to a murdered Mexican journalist and family members of murdered Saudi journalist Jamal Khashoggi.

European Commission chief Ursula von der Leyen said the spying, if confirmed, was "completely unacceptable", while French government spokesman Gabriel Attal called it "extremely shocking.

UN rights chief Michelle Bachelet called for better regulation of surveillance technology and the head of Reporters Without Borders, Christophe Deloire, said the revelations provoked "shock and revulsion".

It is unclear how many devices were actually targeted or surveilled and NSO has denied any wrongdoing.

But the claims that countries such as Azerbaijan, Hungary, India and Morocco, where authorities have cracked down on independent media, spied on dissident journalists at home and abroad sparked indignation.

The other countries that accounted for most of the numbers on the list were Azerbaijan, Bahrain, Kazakhstan, Mexico, Rwanda, Saudi Arabia and the United Arab Emirates.

French investigative news site Mediapart claimed that the phones of its founder EdwyPlenel and one of its journalists were among those targeted by Moroccan intelligence services and said it had filed a criminal complaint.

Morocco denied the claims, saying it "never acquired computer software to infiltrate communication devices".

Pegasus is a highly invasive tool that can switch on a target's phone camera and microphone, as well as access data on the device, effectively turning a phone into a pocket spy.

In some cases, it can be installed without the need to trick a user into initiating a download.

NSO insists it is only intended for use in fighting terrorism and other crimes, and that any other use is the work of "rogue" operators—claims rubbished by Amnesty International.

"NSO's spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril," Amnesty International chief Agnes Callamard said in a statement."It's clear its technology facilitates systemic abuse."

Journalists are targeted to be potentially spied on with the spyware Pegasus. The numbers on the list were unattributed, but other media outlets participating in the project were able to identify more than 1,000 people in more than 50 countries.

They included several members of Arab royal families, at least 65 business executives, 85 human rights activists, 189 journalists and more than 600 politicians and government officials including heads of state, prime ministers and cabinet ministers.

The investigation identified at least 180 journalists in 20 countries who were selected for potential targeting with Pegasus between 2016 to June 2021.Among them were reporters for Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, El Pais, the Associated Press, Le Monde, Bloomberg, The Economist, and Reuters, The Guardian said.

ParanjoyGuhaThakurta, a veteran investigative journalist in India, said that Amnesty International had informed him that his phone and privacy had been "compromised" in 2018.

"It also puts my sources at risk. People who are speaking to you on condition of anonymity, if they get compromised, that's terrible," he told AFP. "It's bad for democracy, it's bad for journalism. It is terrible."

On the list were 15,000 numbers in Mexico—among them reportedly a number linked to Mexican journalist Cecilio Pineda, who was killed in 2017 and 300 in India, including politicians and prominent journalists.

In Mexico, the news website AristeguiNoticias reported that family members and the cardiologist of President Andres Manuel Lopez Obrador were spied on between 2016 and 2017 when he was leader of the opposition.

The president himself had been spared because he "apparently doesn't use a personal mobile phone", the report said.

Leading Indian opposition figure Rahul Gandhi was twice selected as a potential surveillance target, The Guardian reported.

Indian Home Minister Amit Shah denied the reports, saying they aimed to "humiliate India at the world stage, peddle the same old narratives about our nation and derail India's development trajectory."

Hungary's Foreign Minister Peter Szijjarto told reporters Budapest has "no knowledge of this type of data collection".

NSO Group, which is based in the Israeli hi-tech hub of Herzliya, near Tel Aviv, denied any wrongdoing.

It issued a denial, calling the investigation "full of wrong assumptions and uncorroborated theories", and threatening a defamation lawsuit."We firmly deny the false allegations made in their report," NSO said.

It said it was "not associated in any way" with the Khashoggi murder, adding that it sells "solely to law enforcement and intelligence agencies of vetted governments".

The Washington Post said a forensic analysis had revealed that two women close to Khashoggi had been hacked. He was murdered in 2018 by a Saudi hit squad.

In July 2021, widespread media coverage part of the Project Pegasus revelations along with an in-depth analysis by human rights group Amnesty International uncovered that Pegasus was still being widely exploited against high-profile targets. It showed that Pegasus was able to infect all modern iOS versions up to the latest release, iOS 14.6, through a zero-click iMessage exploit.

So, Pegasus spywarescandal iscompletely bad for democracy, journalism and it is also terrible!

-The End –

The writer is an independent political analyst based in Dhaka, Bangladesh who writes on politics, political and human-centred figures, current and international affairs