Spyware and Pegasus: How Democracies Spy on Their Citizens

Spyware and Pegasus: How Democracies Spy on Their Citizens (newyorker.com)



from the I’ll-be-seeing-you dept.

Writing for the New Yorker, Ronan Farrow reports on Pegasus, “a spyware technology designed by NSO Group, an Israeli firm, which can extract the contents of a phone, giving access to its texts and photographs, or activate its camera and microphone to provide real-time surveillance — exposing, say, confidential meetings.”

Pegasus is useful for law enforcement seeking criminals, or for authoritarians looking to quash dissent…. In Catalonia, more than sixty phones — owned by Catalan politicians, lawyers, and activists in Spain and across Europe — have been targeted using Pegasus. This is the largest forensically documented cluster of such attacks and infections on record. Among the victims are three members of the European Parliament… Catalan politicians believe that the likely perpetrators of the hacking campaign are Spanish officials, and the Citizen Lab’s analysis suggests that the Spanish government has used Pegasus….

In recent years, investigations by the Citizen Lab and Amnesty International have revealed the presence of Pegasus on the phones of politicians, activists, and dissidents under repressive regimes. An analysis by Forensic Architecture, a research group at the University of London, has linked Pegasus to three hundred acts of physical violence. It has been used to target members of Rwanda’s opposition party and journalists exposing corruption in El Salvador. In Mexico, it appeared on the phones of several people close to the reporter Javier Valdez Cárdenas, who was murdered after investigating drug cartels. Around the time that Prince Mohammed bin Salman of Saudi Arabia approved the murder of the journalist Jamal Khashoggi, a longtime critic, Pegasus was allegedly used to monitor phones belonging to Khashoggi’s associates, possibly facilitating the killing, in 2018. (Bin Salman has denied involvement, and NSO said, in a statement, “Our technology was not associated in any way with the heinous murder.”) Further reporting through a collaboration of news outlets known as the Pegasus Project has reinforced the links between NSO Group and anti-democratic states.

But there is evidence that Pegasus is being used in at least forty-five countries, and it and similar tools have been purchased by law-enforcement agencies in the United States and across Europe. Cristin Flynn Goodwin, a Microsoft executive who has led the company’s efforts to fight spyware, told me, “The big, dirty secret is that governments are buying this stuff — not just authoritarian governments but all types of governments….” “Almost all governments in Europe are using our tools,” Shalev Hulio, NSO Group’s C.E.O., told me. A former senior Israeli intelligence official added, “NSO has a monopoly in Europe.” German, Polish, and Hungarian authorities have admitted to using Pegasus. Belgian law enforcement uses it, too, though it won’t admit it.

Calling the spyware industry “largely unregulated and increasingly controversial,” the article notes how it’s now impacting major western democracies.
“The Citizen Lab’s researchers concluded that, on July 26 and 27, 2020, Pegasus was used to infect a device connected to the network at 10 Downing Street, the office of Boris Johnson, the Prime Minister of the United Kingdom…. The United States has been both a consumer and a victim of this techÂnology. Although the National Security Agency and the C.I.A. have their own surveillance technology, other government offices, including in the military and in the Department of Justice, have bought spyware from private companies, according to people involved in those transactions.”

But are the company’s fortunes faltering?
The company has been valued at more than a billion dollars. But now it is contending with debt, battling an array of corporate backers, and, according to industry observers, faltering in its long-standing efforts to sell its products to U.S. law enforcement, in part through an American branch, Westbridge Technologies. It also faces numerous lawsuits in many countries, brought by Meta (formerly Facebook), by Apple, and by individuals who have been hacked by NSO….

In November, the [U.S.] Commerce Department added NSO Group, along with several other spyware makers, to a list of entities blocked from purchasing technology from American companies without a license. I was with Hulio in New York the next day. NSO could no longer legally buy Windows operating systems, iPhones, Amazon cloud servers — the kinds of products it uses to run its business and build its spyware.

Save energy: Drive a smaller shell.


Read More