By Mike Knight
The University of Toronto’s Citizen Lab has reported finding evidence that Pegasus spyware was being used to listen-in on UK government networks for 10 Downing Street and the Foreign and Commonwealth Offices (FCO) in 2020 and 2021.
Pegasus spyware is sold by Israeli-based NSO Group to governments to carry out surveillance by infecting phones with malicious surveillance software. Pegasus is essentially a complete surveillance toolkit that’s generally sold to nation states at prices that could be millions of US dollars. The software can extract the contents of a phone, give the operator access to any texts, photographs, the camera, and the microphone. This gives the Pegasus operator the ability to conduct real-time surveillance, e.g. of private meetings. Pegasus is used for several surveillance purposes, e.g. by law enforcement tracking criminals, or for authoritarians / governments listening-in on people of interest such as journalists and activists as a way of quashing dissent. For example, Spain has recently been reported as being implicated in the use of Pegasus (and Candiru) to spy on 65 individuals related to Catalonia’s government.
Who Was Listening?
The Citizen Lab has reported that the suspected infections related to the FCO were associated with Pegasus operators linked to the United Arab Emirates (UAE), India, Cyprus, and Jordan. Also, the suspected infection at the UK Prime Minister’s Office has been linked to the UAE.
How Did They Get Infected With Spyware?
According to The Citizen Lab, it is because the UK Foreign and Commonwealth Office and its successor office, the Foreign Commonwealth and Development office (FCDO), have personnel in many countries. The suspected FCO infections may, therefore, have related to FCO devices located abroad and using foreign SIM cards. This is a similar situation to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021. Citizen Lab has also concluded that Pegasus was used to infect a device connected to 10 Downing Street’s network and the office of Prime Minister Boris Johnson on July 26th and 27th, 2020. It was the servers to which the data was transmitted which led The Citizen Lab to suspect that the UAE was most likely behind the hack.
In addition to the Downing Street infection, Citizen Lab reports that phones connected to the Foreign Office were hacked using Pegasus on at least five occasions, from July, 2020, through June, 2021.
NSO Group, the makers of the surveillance software are reported to have said that the recent allegations about the use of its software are false and that organisations like The Citizens Lab are politically motivated, and their reports may be inaccurate.
What Does This Mean For Your Business?
Pegasus is known to be widely used by governments and agencies around the world and has legitimate uses e.g., tracking criminals. However, its ability to provide real-time surveillance and the difficulty in detecting it are likely reasons why it appears to have been used for many less savoury purposes and surveillance linked to repression. It is, of course, worrying that it could be so easy for (allegedly) other states to listen-in on Downing Street and the UK Prime Minister, the implications of which we don’t yet fully know. Research from Amnesty International and Citizen Lab suggest that ways individuals can avoid infection by Pegasus includes rebooting the device daily (to clean it), disabling iMessage and Facetime (exploitation vectors), keeping the device up to date with the latest patches, and never clicking on unsolicited links in SMS or email messages.