When one hears of the word “Pegasus” it is more likely that a mythical winged horse comes to mind than the most pernicious spyware ever devised. Pegasus software is the primary product sold to government clients by the Israeli cybersecurity company NSO Group. Although the technology was marketed by the company as a means of combatting terrorism and surveilling suspects, an international research network of 17 media organizations led by Amnesty International and the French non-profit organization Forbidden Stories accessed a leak of more than 50,000 records of phone numbers of people selected for surveillance and uncovered widespread abuse of the technology. Contrary to the company’s claims, the investigation, named The Pegasus Project, revealed that the primary targets of NSO Group’s government customers were not suspected criminals, but journalists, activists, lawyers, and politicians.
The Scope of the Spyware Technology
Pegasus is not your average, casual NSA-level surveillance; it is highly invasive and acts as an effectual end to privacy for anyone targeted. Once installed on a device, Pegasus spyware can view and copy your text messages and emails, making end-to-end encrypted messaging like WhatsApp useless. It can harvest your photos, record your phone calls, and access your GPS. It can even activate your camera or your microphone and secretly record you and your conversations all whilst remaining virtually undetectable. And the reach of Pegasus is global: government clients include India, Mexico, Saudi Arabia, Rwanda, Hungary and many more.
The leaked phone numbers, which Forbidden Stories and its collaborators analyzed over several months, reveal that a large number of people who appeared on the surveillance list had nothing to do with criminal activity or terrorism. This is despite NSO Group’s repeated claims that its technology exclusively targeted terrorists. The investigation uncovered that nearly 200 journalists around the world were subject to Pegasus surveillance, as well as 85 human-rights activists and many politicians, including French president Emmanuel Macron, Pakistani prime minister Imran Khan, and Indian opposition leader Rahul Gandhi. Not even the Tibetan leader Dalai Lama was safe, with the phone numbers of the spiritual figure’s senior advisors showing up on the list of possibly compromised devices.
A Threat to Freedom and Dissent
While the hacking of politicians’ and diplomats’ phones has serious consequences for international relations, this technology poses a direct threat to journalists, activists, dissidents, or anyone who dares to speak out against their governments. Investigations by the Pegasus Project are already revealing that the Pegasus software has likely been used to facilitate the arrests and murders of journalists and activists around the world.
Cecilio Pineda Birto, a Mexican journalist, was selected as a potential Pegasus target just weeks before his assassination in 2017. Indian student activist Umar Khalid’s data was also in the leak. He was arrested in September 2020 on charges of sedition with evidence obtained by ambiguous methods from his phone. The list is extensive, but most notably, traces of NSO Group’s spyware was found in the phones of murdered Saudi dissident Jamal Khashoggi’s friends and family members, with hacks apparently having occurred in the days before and after the journalist’s murder in 2018. This particular revelation came after NSO Group’s assured denial of its software’s involvement in the assassination.
The specific targeting of journalists, political opponents, and human rights defenders is indicative of a global effort to stifle truth and freedom. While the countries listed on NSO Group’s client list may differ in cultures and governmental systems, there seems to be one thing they can all agree on: the suppression of dissent.
In a video explainer for the Pegasus Project, investigative reporter for The Guardian David Pegg describes just how much of a threat Pegasus poses to global freedom.
“The most serious implications of something like Pegasus is that is makes it much more unlikely that a dictatorial regime would become a democracy, because those are already regimes and systems that are obsessive about trying to monitor their populations so that they can control them and prevent them from rising up and overthrowing them. And this technology exponentially increases your capacity to do that.”
John Scott-Railton, a senior researcher at Citizen Lab, emphasized the increasing danger NSO Group’s software poses to global democracy and particularly the United States in an installment of a nvestigations of The Pegasus Project:
“Reporting has shown that NSO is trying to sell to local police in the United States … I think that we need to be extremely concerned … Although today it may affect people who may not look like you or speak the same language as you, tomorrow it may very well be you. Or it may be somebody who a local police department decides is making unpopular points.”
In the U.S., journalists and activists have been resisting the surveillance architecture that was put into place under the Obama administration. With the exposé on Pegasus, surveillance has taken a on new form, putting thousands of journalists, human rights defenders, and private citizens at risk. Will Cathcart, who heads the encrypted messaging platform WhatsApp, recently said in an interview that technology companies need to raise their voices against spyware.
Edward Snowden, who famously blew the whistle on the NSA’s mass surveillance programs in 2013, commented in an interview with The Guardian on the necessity for an international moratorium on the sale of spyware technology. “There are certain industries, certain sectors, from which there is no protection, and that’s why we try to limit the proliferation of these technologies. We don’t allow a commercial market in nuclear weapons.”
The pressure for an international ban on spyware technology must come from the mainstream media. It is the duty of the media to inform the public about global threats to individual privacy and security. Predatory states will not enact change without first facing calls for action from the people, and the people must be informed about the dangers posed by malware companies like NSO Group before that can happen.
Image via The Quint