A major journalistic investigation of a data leak from Pegasus, a spyware originally licensed to be used against terrorists shows that the software has been used to facilitate surveillance against a massive number and range of targets including heads of state, activists and journalists. The investigative story led and coordinated by Paris based Forbidden Stories, found that at least “180 journalists around the world have been selected as targets by clients of the cybersurveillance company NSO Group”. The investigation is based on a leak of 50,000 phone numbers of potential surveillance targets.
Pegasus, a malware developed by Israel based NSO group, that allows mobile devices to access and surveill messages, media and emails. The malware can also record calls and secretly activate microphones to survey the target.
The Guardian, one of the news organisations that involved in the investigation, writes that that the investigation suggests “widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists”.
Pegasus at the borders
For Pakistan, the investigation has additional importance. According to Washington Post, another organisation that was a part of the investigation, writes that “among the hundreds of Pakistani phone numbers that appear on a list that includes numbers selected for surveillance by NSO Group clients was one once associated with Prime Minister Imran Khan”. The investigation found that from India, “more than 2,000 Indian and Pakistani numbers were selected as targets between 2017 and 2019”.
Investigation into numbers that were targeted by India appear to demonstrate that the Indian government has attempted to surviell on journalists and politicians who may be seen as critical of the Modi government. Initial reports indicate that more than the phones of more than 30 Indian journalists were targetted. Washington Post also reports the tarhettong of Prashant Kishor, an influential campaign strategist, who has helped developed electoral campaigns for Modi’s opponents.
Zero Click Surveillance
Forbidden Stories explains the developments in spyware technologies in detail, noting that overtime these malwares have become more subtle. Claudio Guarnieri, director of Amnesty International’s Security Lab, that conducted the forensic analysis of the recent data leak of the Pegasus Project explains that “Instead of the target having to click on a link to install the spyware, so-called “zero-click” exploits allow the client to take control of the phone without any engagement on the part of the target”. According to reports, once a phone is infected, Pegasus spyware can be activated and deactivated at will, allowing the clients to get complete access to the device, including the ability to bypass encryption. In essence, Pegasus works like someone physically standing over the target’s shoulder looking at the screen and tuned into the surroundings.
Part of a larger pattern
It is important to note that this is not the first investigation about the human rights violations being conducted by the use of this technology. In 2018, Canada based Citizen Lab, released a report titled ‘Hide and Seek’ that indicated abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates. Overall the report documented the use of this malware in at least 45 countries.
Amnesty International, found that the forensics of phones recently identified as being targeted by Pegasus are “consistent with past analyses of journalists targeted through NSO’s spyware, including the dozens of journalists allegedly hacked in the UAE and Saudi Arabia and identified by Citizen Lab in December of last year”.
According to the Guardian, slain Saudi journalists Jamal Kashoggi’s family was also targeted by Peagsus.
Condemnation by Human Rights Groups
Various global human rights watchdogs have expressed serious concerns about teh implications of the use of such technologies by regressive governments.
The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” said Agnès Callamard, Secretary General of Amnesty International.
The Committee to Protect Journalists (CPJ) has also expressed serious concerns. In an article published on CPJ’s website, Robert Mahoney, CPJ’s deputy executive director said that “governments and companies must act now to stop the abuse of this spyware which is evidently being used to undermine civil liberties, not just counter terrorism and crime. No one should have unfettered power to spy on the press, least of all governments known to target journalists with physical abuse and legal reprisals”.