A set of reports has been published that alleges some countries are using malware to spy on political opponents, activists and journalists.
The investigations were carried out by a media alliance called Forbidden Stories, with contribution from Amnesty International. They call it ‘the Pegasus Project’ because is focuses on the use of Pegasus spyware made by Israeli firm NSO Group. “Our products help government intelligence and law-enforcement agencies use technology to meet the challenges of encryption to prevent and investigate terror and crime,” says the NSO website.
We would imagine the principle challenge posed by encryption lies in breaking it in order to gain access to the material. The reason encryption exists, of course, is to protect the privacy of those using it, which is why WhatsApp initiated legal action against NSO a couple of years ago, which is still ongoing. It’s all very well helping to hack the phones of baddies, but its hardly surprising if some governments decide anyone who is politically inconvenient to them should get the same treatment.
The Guardian has gone all-in on the story and has some handy graphics, which reveal Mexico, Morocco and the UAE are the biggest users of Pegasus to hack specific phone numbers in locations that include Western Europe. Apparently even the Editor of the FT has been targeted but somehow Telecoms.com has escaped the wrath of global authoritarians so far.
— Edward Snowden (@Snowden) July 18, 2021
“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” said Agnès Callamard, Secretary General of Amnesty International.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology. While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations.
“Clearly, their actions pose larger questions about the wholesale lack of regulation that has created a wild west of rampant abusive targeting of activists and journalists. Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology.”
As you would expect, NSO doesn’t view the matter in quite the same way. “The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources,” it said in a published statement. “It seems like the ‘unidentified sources’ have supplied information that has no factual basis and are far from reality.
“After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims. In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.”
This isn’t the first time NSO has threatened legal retaliation for one of these exposes, but we’re not aware of it ever following through on one. The fact remains that any software specifically designed to hack phones clearly has the potential for misuse in the wrong hands. Once such software is sold its owner is free to use it on whoever they please and it’s hard to see how the vendor could to anything to prevent that.