Leak reveals government spying on journalists and opponents with Pegasus programme

Global controversy rides on the back of Pegasus 

photo_camera AFP/JACK GUEZ - Headquarters of the Israeli NSO group, in Herzliya, near Tel Aviv

The name Pegasus is going around the world, this sophisticated system, developed by NSO, is now one of the major culprits in the global cyberwar being waged. Project Pegasus is an investigation involving more than 80 journalists from 17 media organisations in 10 countries, coordinated by Forbidden Stories, a Paris-based non-profit media organisation, and supported by Amnesty International, which conducted forensic analysis of mobile phones to identify traces of the spyware. Amnesty International and Forbidden Stories had access to a list of more than 50,000 phone numbers and shared them with the media, who used them for their research.

AFP/ STAN HONDA - La demanda presentada en un tribunal federal de California alegó que NSO Group intentó infectar aproximadamente 1.400 "dispositivos de destino" con 'software' malicioso para robar información valiosa de aquellos que utilizaban la aplicación de mensajería

The massive data breach analysed by The Guardian and 16 other media outlets points to systematic and ongoing abuse of the Pegasus spy programme. The revelations began on 18 July, with the publication that the data includes the phone numbers of more than 180 journalists, including reporters, editors and executives from the Financial Times, CNN, the New York Times, France 24, the Economist, Associated Press, Le Monde and Reuters among others. The Guardian and media partners will reveal in the coming days the identities of those whose numbers appear on the list.

The programme at the centre of the controversy is spyware created by the Israeli technology firm NSO Group headed by Shalev Hulio, which sells the software to up to 60 military, intelligence or security agencies in 40 countries around the world. The Israeli programme designed to track criminals and terrorists was used to infiltrate at least 37 mobile phones belonging to reporters, human rights activists and company directors. They include several members of Arab royal families, at least 65 senior business officials, 85 human rights activists, 189 journalists and more than 600 politicians and government officials, including heads of state and government, ministers and diplomats. 

PHOTO/REUTERS - Fotografía de archivo Shalev Hulio, cofundador del Grupo NSO

Governments or security agencies that used Pegasus to infiltrate the phones of journalists, activists and other politicians allegedly violated the licence created by NSO Group, which in theory designed the software to monitor terrorists and criminals. In 2012, Israel officially listed Pegasus as a weapon, thereby arrogating to itself the authority to decide to whom NSO could sell it and on what terms. It eventually authorised its sale, but only to governments that Israel authorised, and not to private companies. 

From Mexico to India, via Saudi Arabia, Hungary, Azerbaijan and Morocco, the network has spread to 45 countries with phones "infected" with the spying programme initially designed to combat terrorism and high crime. As the investigation progresses, the scandal grows and the governments allegedly involved deny more vehemently their involvement in the illegitimate use of the Israeli tech firm's software. However, the wide range of numbers on the list belonging to people with no apparent connection to criminality suggests that some NSO customers are breaching their contracts with the company, spying on activists, journalists, as well as political opponents. 

PHOTO/AP - Tarjetas SIM. El 14 de mayo de 2019, WhatsApp animó a sus usuarios a actualizar la aplicación para cubrir una brecha de seguridad que permitía a atacantes sofisticados introducir a escondidas programas espía en los teléfonos

Pegasus is malware that infects iPhones and Android devices to allow the tool's operators to extract messages, photos and emails, record calls and secretly activate microphones. The software can be installed on the mobile phone via a video call, it does not require the victim to answer the call: a missed video call is enough to infect the phone. The software can also arrive via SMS, IMessage and other similar apps. The victim will receive a text message prompting them to click on a link. If they do so, Pegasus will automatically install itself on their phone. 

Once installed, the power of Pegasus is almost infinite. According to a Citizen Lab report accessed by El País, this 'software' can listen in on phone calls, access your browsing history, activate the camera and microphone or access with impunity the entire content of conversations on apps such as Gmail, Facebook, WhatsApp, Telegram and Skype. It can also, according to the Financial Times, access the user's cloud data and even impersonate the user when accessing email. In short, it is total control over the device, which will be at the mercy of cyber-spies without the victim even realising what is happening.

The fact that a phone number is listed does not necessarily mean that the device has been infected with Pegasus or that an attempt has been made to hack it. But the information consortium believes it is the details of potential targets chosen by NSO's client governments, ahead of possible surveillance attempts.

PHOTO/AP - Tarjetas SIM. El 14 de mayo de 2019, WhatsApp animó a sus usuarios a actualizar la aplicación para cubrir una brecha de seguridad que permitía a atacantes sofisticados introducir a escondidas programas espía en los teléfonos

NSO Group was born in 2010 in Herzliya, a city of 93,000 inhabitants near Tel Aviv. It was started by Shalev Hulio, Niv Carmi and Omri Lavie, three former officers of the Israeli army's cyber-intelligence corps. It did so, in their own words, to enable governments to "monitor and capture terrorists, drug traffickers, paedophiles and other criminals with access to advanced technology"

Another peculiarity is that, in this case, it is not hackers or the governments of global powers, but a private company selling a product to governments, whose secret services thus have a spying capability that would otherwise only be available to the richest and most powerful states. The problem would be if it had been used outside any legal framework and mainly to spy on human rights activists, journalists and opponents, as well as heads of state and government, diplomats and heads of other intelligence services.

More in New technologies-innovation