When we were children, and while traveling, we loved to play “I spy with my little eye”. This innocent game has probably been played for years to come by thousands of people around the world. Well, the words from the name of the game don’t sound so innocent in the 21-st century. Nowadays, cybersecurity and privacy breaches are and will become an increasing global problem. One of the most recent scandals on these subjects was related to the Pegasus Spyware software, developed by the NSO Group from Israel.
The first sight of Pegasus was almost 5 years ago – in 2016 when it was detected on the phone of a civil rights defender with the help of Citizen Lab. In 2021, the name of Pegasus was heard again when reports detailing the problems with Pegasus were released by organisations and working on the Pegasus Project. It is an Initiative with 17 different media and the coordinating help of Amnesty International. And the first report that started it all was published by them in mid-July this year. A little later the network of journalists Forbidden stories released an in-depth article about the usage of the software to invade the privacy of journalists worldwide.
What is Pegasus Spyware?
If you are coming across the news for the first time, we will brief you a little bit. The Pegasus Spyware is a form of software developed by an Israeli company that goes by the name of NSO Group. The software function, as provided by the company, is to detect and prevent terrorist threats for big governmental institutions. Sounds nice, right? Well, an investigation in which the British media giant – The Guardian participates gave us another point of view.
The software was installed on the phones of people that some governments wanted to be tracked. “With just a single line text, it can bypass your phone’s security and install spyware that grants complete control of your device”, says a representative of The Guardian in a news video that gives details about the scandal.
According to the media, Pegasus can gain access to:
- All of your texts and messages;
- Your GPS and location data;
- The ability to turn on your mic and camera;
- All the files you have;
- Do screen recording.
The worst part? You won’t even notice that this is happening and have no way of detecting it. The Guardian refers to it as “probably the most advanced piece of spyware ever developed”. Here even end-to-end encrypted applications won’t help, since this is on your phone device. The main way of penetration is through zero-day vulnerabilities – ones that even the companies that made the phones are not yet aware of.
“It is effectively the most invasive form of surveillance imaginable”, The Guardian continues. It is proven that Pegasus can infiltrate both main operating systems – Android and iOS devices.
How big is the scandal and what is it about?
Let’s sum it up. We have a company that created spyware software that can be on your phone and track everything you do and give access to all of your data away. And some governments are clients of that company and want to spy on some people like journalists. When we put these two together we get one of the biggest scandals of 2021. The Guardian stated that some of the governments that bought and used Pegasus were using it for their agenda.
It is enough to say that it is used against human rights activists as well as journalists as Al Jazeera English says. According to a Bloomberg report that came in mid-July this year over 50 000 phone numbers worldwide were potential targets of this software. 1000 of them were traced to their owners and guess what – they belonged to people who should not be in the scope of surveillance by the software. They belonged to politicians and high-ranking officials and the already mentioned journalists and human rights activists.
Which countries use Pegasus?
The video story from The Guardian gave us the names of some of the countries that are clients of NSO Group. It is worth mentioning that in some of them there is a form of conflict between the government and the population. It is not clear which ones use the software to spy on members of civil society. Please, keep that in mind as you go down this list:
- Hungary;
- Azerbaijan;
- Kazakhstan;
- Rwanda;
- Bahrain;
- Mexico;
- India;
- Morocco;
- Dubai;
- UAE;
- Saudi Arabia.
In a tweet, Ashok Swain, Professor of Peace and Conflict Research at Uppsala University pointed out some of the countries where journalists were targets of Pegasus in something he called a “wall of shame”:
- 38 journalists in Morocco;
- 48 journalists in Azerbaijan;
- 38 journalists in India;
- 12 journalists in the UAE.
Although the software might be used to prevent terrorist attacks and threats as well, we can only assume the agenda of the people spying on government officials and civil society representatives.
What are the reactions and what follows next?
After the scandal went out, the NSO Group told The Guardian that “it will investigate any credible claims of misuse and take appropriate action based on the results of these investigations”. Some of the governments connected to the scandal denied using Pegasus for such activities (Rwanda, Morocco, Hungary, and India), while others (Azerbaijan, Bahrain, Kazakhstan, Saudi Arabia, Mexico, the UAE, and Dubai) did not respond to The Guardian’s request for comment.
While the scandal still unfolds, we are about to see what happens next. At the end of July 2021, Euronews reported that one of the potential politicians that were a target was the president of France himself. The French authorities began an investigation into the matter.
In mid-September, the MEPs in Strasbourg will discuss the scandal with Pegasus. One of them told Euronews that countries that used it should be held accountable. We are about to see what other actions will follow worldwide.
The end of privacy as we know it?
This statement has been used around in the past 20-30 years a lot. Spyware and Malware software will get more complicated and be harder to track in time. The scandal with Pegasus has shown us that. However, it is important to remain calm – cybersecurity threats may be on the rise, but there are also good guys in the picture. Professionals in companies like 3cyber-sec have dedicated their professional careers to the detection and prevention of cybersecurity breaches and hacker attacks. Businesses can rely on them for advice, training, and consulting on how to improve their cybersecurity defenses.
In the meantime, remember not to store any sensitive information on your devices. In the meantime, there are already ways to check if your smartphone has been infected by Pegasus.