Pegasus, "Israel's" Trojan Horse

• 

In a world plagued with cyber insecurity, Pegasus stands out as the most powerful piece of spyware ever developed and to which the most recent hacking scandals involving privacy invasion can be attributed. The mastermind behind this hacking software is no other than the Israeli firm NSO Group. 

What is Pegasus? How does it function?

As a spyware, Pegasus, which has the capability to infect billions of phones running either iOS or Android operating systems, silently infiltrates your phone, takes hold of your data, and turns your device into a 24/7 surveillance unit. It can copy all your messages, harvest your photos, and record your calls. It might even infiltrate your camera and microphone and secretly film you and eavesdrop on your conversations. It can also potentially pinpoint your location, anytime, anywhere. For governments and spying agencies, the software is quite the miracle, but for dissidents, journalists, and the general populace, Pegasus is a nightmare. 

Targets 

Forbidden Stories, a Paris-based media foundation, and Amnesty International, a human rights organization, had access to a list of over 50,000 phone numbers, which they provided to news media for additional investigation and analysis. The phones were forensically examined by Amnesty International's Security Lab.

The investigation discovered that 37 targeted smartphones were found on a list of more than 50,000 numbers concentrated in countries known to engage in citizen surveillance and also known to have been clients of NSO Group.

The numbers on the list are unattributed, but via research and interviews on four continents, reporters were able to identify more than 1,000 people from more than 50 countries.

Some of the known targets include:

Roula Khalaf, Financial Times Editor 

According to The Guardian, there were leaked records of more than 180 editors, investigative reporters, and other journalists around the world who were selected as possible candidates for surveillance by government clients of the surveillance firm NSO Group. The list of names extends to include names of journalists at Reuters, France Press, and other news agencies involved in exposing corruption in the countries subjected to the hacking. The Financial Times Editor Roula Khalaf is one of those targeted by Pegasus. Her phones were infected with the spyware, placing her under surveillance. By analyzing the leaked data, it becomes clear that Khalaf's phone was selected as a potential target by the United Arab Emirates.

Bradley Hope, Wall Street Journal Journalist 

Moreover, according to the same source, a UK phone number belonging to the American investigative journalist Bradley Hope, who lives in London and who was an employee at the Wall Street Journal at the time of his selection, was also listed in the leaked records. Hope was working on an investigation of a corruption scandal involving the theft of $4.5bn from the state of Malaysia. Part of the investigation was focused on the possibility that some of the money had been spent by Sheikh Mansour bin Zayed, the Deputy Prime Minister of the UAE and a senior member of the Abu Dhabi royal family, to buy a luxury yacht, called the Topaz.

Hope believes that the UAE was most likely after the source of his information on Mansour bin Zayed's yacht, believing it was Qatar, and after his whereabouts to find out if he had actually been in Qatar at the time of the investigation.

Omar Radi, Moroccan human rights activist

In the same context, Omar Radi, a Moroccan freelance journalist and human rights activist who has published repeated exposés of government corruption, was hacked by an NSO client believed to be the Moroccan government throughout 2018 and 2019. Since then, he has been accused of being a British spy, in allegations that Human Rights Watch describes as "abusing the justice system to silence one of the few remaining critical voices in Moroccan media."

It is worth noting that in addition to the UAE and Morocco, a detailed analysis of the data indicates that the governments of Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Rwanda, and Saudi Arabia have all selected journalists as possible surveillance targets.

Pegasus, a tool in murders?

Hacking tools such as Pegasus were being misused to abet heinous crimes.

Cecilio Pineda Birto

• 

According to "The Guardian", Cecilio Pineda Birto, a 38-year-old freelance reporter in Mexico, was shot dead on March 2, 2017.  Prior to the incident, Pineda had received a number of anonymous death threats. At about the same time, his mobile phone number was selected as a possible target for surveillance by a Mexican client of the NSO Group spyware company. His attackers knew exactly where to find him, although his exact whereabouts were known to no one. 

Jamal Khashoggi

• 

In the same context, Jamal Khashoggi, a US-based writer and vocal opponent of Saudi Arabia's government, entered the Saudi Consulate in Istanbul on October 2, 2018, where he was murdered. In the following months, different accounts of how he died, what happened to his body, and who was to blame emerged.

In 2017, NSO sold Pegasus to Saudi Arabia. The spyware was employed as part of a merciless drive to quell internal dissent and track down Saudi dissidents overseas, according to a report by The New York Times.

Citing the same report, it is not publicly known whether Saudi Arabia used Pegasus or other Israeli-made spyware in the plot to kill Khashoggi. NSO has rejected that its software was used.

However, based on a complaint filed by a friend of Khashoggi, the latter's phone was hacked by Saudi Arabia using Pegasus, granting Saudi officials access to his talks with Khashoggi, including communications regarding opposition projects.

According to the same report, Saudi Arabia has continued to use NSO software to spy on perceived opponents abroad.