| Welcome to Global Village Space

Thursday, May 23, 2024

Pegasus spyware project: Here’s what we should know

Humaira Waheed, an e-activist at Amnesty International talks about pegasus spyware and what are the important details that we should know about it. She further talks about how this spyware is powerful enough to get into the democratic systems of the world and what measures are being taken to avoid these malicious traps.

The Pegasus Project is an earth shattering collaboration by more than eighty journalists from seventeen media associations in ten countries facilitated by Forbidden stories, with the technical support of Amnesty International that conducted cutting-edge forensic examinations on mobile phones to identify possible traces of the spyware.

During their investigation, Amnesty International uncovered a tremendous size of infringement executed through secretive cyber surveillance and massive data leaks which uncover that Israeli NSO Group Spyware has been used to target activists, journalists and political leaders universally and around 50,000 phone numbers were a target worldwide.

Agnes Callamard, Secy General of Amnesty International states:

“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril.”

Read more: Pegasus Project: Spyware Scandal targeting Indian & Pakistani leadership

Though NSO Group demand that Pegasus Programming was lawfully used to “collect data from the mobile devices of specific major criminals” however, recent investigation operated by Amnesty International claims that there has been a parallel use of the tool against the civil society that is a clear infringement of Human Rights law internationally. States have wilfully used Pegasus to unlawfully target some individuals, ignoring and disregarding their rights to privacy.

What is Pegasus Spyware?

For a layman to comprehend Pegasus Spyware, some essential technical know-how of what actually is Spyware, a must. Spyware can be characterized as malevolent programming intended to enter a PC or gadgets, assemble information about the client, and forward it to a third party without taking assent from the client.

U.S based computer intelligence consultant Edward Snowden’s disturbing disclosure concerning mass government spying authorized by the United States government raised worries about digital security around the world and compelled tech giants to go for end-to-end encryption and to address the situation, Pegasus was conceived.

Pegasus is a Spyware developed by the Israeli cyber-arms firm NSO Group that can be surreptitiously installed on mobile phones and can exploit all recent versions of iOS (upto 14.6), ipads and Androids phones data too. Pegasus has the capacity to pursue instant text messages, tracking calls, gathering passwords, location tracking, accessing the target device’s microphone and camera and reaping data from apps.

Read more: Pegasus, Israeli Spyware: Govt Officials Warned Not to Use WhatsApp

The spyware is named after the legendary winged horse Pegasus- a Trojan horse that can be sent “flying through the air” to contaminate phones. Notwithstanding of Amnesty International’s assertions and allegations, NSO has been denying the consortium reporting as bogus claims, baseless hypotheses and “uncorroborated theories”

The NSO group

NSO’s founders are ex-members of Unit 8200, the Israeli Intelligence Corps unit responsible for collecting signals intelligence. Since 2014, NSO Group was owned by an American private equity firm, but it was bought back by its founders in 2019. NSO Group is an auxiliary of the Q Cyber Technologies group of Companies.

Technologies is the name the NSO Group uses in Israel.NSO is authorized to export Pegasus software by the Israeli Ministry of Defence. The group states that “it provides authorized governments with technology that helps them combat terror and crime” and so far the group has published segments of agreements that expect clients to utilize its products only for criminal and national security investigations and has stated that it has an industry-leading approach to human rights and basic liberties.

NSO clients

NSO claims that it trades the Spyware to more than 40 countries with endorsement from the Israeli govt. Nonetheless, upon Amnesty International forensic analysis of mobile phones of potential targets, it was revealed that many of the numbers (from the list) were clustered in countries like  Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo and the United Arab Emirates etc.

Read more: WhatsApp faces backlash on new data sharing policy, delays it

The first time Pegasus threat was revealed

Pegasus’s iOS misuse was first recognized in August 2016 when Ahmed Mansoor, an Arab human rights defender tried a failed installation attempt on his iPhone. He then sent the link to “Citizen Lab” which investigated, with the coordinated effort of Lookout, finding that if Mansoor had followed the link it would have jailbroken his iPhone and embed the spyware into it, in a form of social engineering.

By this time, Panama had already encountered this issue since Pegasus entered the country in 2012 and was used until May 2014 according to information from the Public Ministry. The utilization of Pegasus to screen the lives of citizens has been witnessed in the preliminary trial of the former President of Panama (Ricardo Martinelli). In 2019, Whatsapp also sued NSO, alleging the company was behind Cyber-attacks on 1,400 mobile phones involving Pegasus. At that time, NSO denied any wrongdoing but the company was banned from using Whatsapp.

Afterward, on August 23, 2020, as indicated by insight acquired by the Israeli newspaper, Haaretz, NSO Group sold Pegasus spyware for hundreds of millions of US dollars to UAE and some other Gulf States for surveillance of anti-regime activists, journalists and political heads of adjoining states. In December 2020, Al-Jazeera’s investigative show The Tip of the Iceberg, spy partners, exclusively gave coverage to Pegasus and how it can be penetrated into the phones of media experts and activists; and its utilization by Israeli intelligence to eavesdrop on both opponents and allies.

Read more: Top 10 Techniques to Secure Privacy Online

 Scale of secretive cyber surveillance: an international crises

The last few days have witnessed how the world is outraged by the systematic targeting of human rights activists, journalists, lawyers and state heads as revealed by the Pegasus Project. The Pegasus Project involved 80 journalists from the media accomplices: The Guardian (UK), Radio France and Le Monde (France), Die Zeit and SuddeutscheZeitung (Germany), The Washington Post (USA), Haaretz/The Marker (Israel), AristeguiNoticias, Proceso OCCRP, knack, Le Soir, the Wire (India), Daraj, Direkt36 (Hungary) and PBS Frontline along with Amnesty International.

They mutually found that many phones with numbers in the list had been the target of Pegasus spyware. Though, it is not clear where the list came from, who put the numbers on it – or how many phones have been hacked so far. However, the forensic examination held by the security lab of Amnesty International toward 67 smartphones showed that 23 numbers out of 67 were successfully hacked by Pegasus, with 14 others showing signs of attempted penetration.

Moreover, the targeting of these smartphones appears to conflict with the stated purpose of NSO’s licensing of the Pegasus spyware, which the company says is intended only for use in surveillance of militants and significant lawbreakers.

Read more: Cyber Security Check: Are you protected in the wake of the recent hacking?

Not only do they expose the risk and harm to the individuals unlawfully targeted, but also the extremely destabilizing consequences on global human rights and the security of the digital environment at large, concernedly expressed by Agnes Callamard, Amnesty International Secy. General.

Cooperate responsibilities of states 

For quite a long time Amnesty International has been offensively safeguarding the digital rights of individuals. Similarly, States have binding obligations and commitments under international human rights law to shield human rights from maltreatment by third parties, including privately owned businesses that work outside their boundaries.

According to International legitimate guidelines, an organization might be complicit in human rights violations and common freedom infringement if it meets two main criteria: that through its business activities it helped in the commission of infringement and that the company knew or ought to have realized that its acts would help in assisting the infringement.

Agnes Callamard states: “Private companies like NSO Group have shown they will flout their human rights responsibilities with impunity, all the while profiting from human rights abuse by allowing NSO software to be used without taking adequate steps to protect our rights, states worldwide have allowed an unlawful system to flourish resulting in rampant human rights violations and abuses on a grand scale.

Read more: How to protect your data online?

Known targets of Pegasus spyware

The numbers on the rundown are unattributed, yet reporters have identified more than 1,000 people spanning more than 50 countries through research and interviews from four continents:

Several Arab Royal Family members, at least 65 business executives, 85 human rights activists, 189 journalists and more than 600 politicians and government officials. The numbers of several heads of state and Prime Ministers also showed up on the list such as President of France, Emmanuel Macron, eighth president of Iraq (Barham Salih), current President of South Africa, Cyril Ramaphosa, three current Prime Ministers such as Imran Khan from Pakistan, Mostafa Madbouly from Egypt and Saadeddine Othmani from Morocco.

Some former PMs were also spied during being in power such as Ahmed Obeid Bin Daghr from Yemen, Saad Hariri from Lebanon, RuhakanaRugunda from Uganda, Edouard Philippe from France, BakitzhanSagintayev from Kazakhstan, NoureddineBedoui from Algeria and Belgium’s Charles Michel. Even the phone number of Morocco’s King Mohammad VI was spied. Princess Latifa (UAE Emir’s daughter) and Princess Haya (UAE Emir’s Ex-wife) numbers are also listed in leaked Pegasus Project data.

Read more: Saudi Crown Prince: A Mastermind behind Covert Operations

Jamal Khashoggi (a famous journalist who was murdered in Saudi Consulate in Turkey)fiance’s phone number was also on the list investigated recently by Amnesty International. In India, the number of phones belonging to hundreds of journalists, activists, opposition politicians, government officials and business executives were in the list as numbered in several other countries in the region including Azerbaijan, Kazakhstan and Pakistan.

Pegasus snooping: Pakistan probes if PM’s phone was hacked

The US based Washington Post newspaper reported that a number once used by Khan is in the rundown of hundreds of numbers potentially hacked using Pegasus cell phone infiltration and surveillance software. Information Minister, Fawad Chaudhry said Pakistan is investigating the possible hacking attempt and would raise the issue at unspecified forums if it is confirmed, as reported by Dawn newspaper.

“Apple prides itself on its security and privacy features, but NSO Group has ripped these apart”, said Danna Ingleton- Dy. Director of Amnesty Tech.

Read more: Pakistan seeks UN investigation of ruthless Indian usage of spyware against PM Khan

Spywares becoming a threat to democratic systems 

Though with technological advances, the individual intrusion has been made possible through smartphones reconnaissance, the widespread utilization of spyware is turning into a significant threat to democracies around the world.  Journalists and activists can’t work for vulnerable people in the society, opposition parties are not given level playing fields by allowing them to plot their campaign strategies without people with significant influence anticipating their moves.

With Pegasus like spywares, one could spy on the whole total populace, even Head of States are no exclusion. We need to comprehend that Pegasus is spyware and spyware are not made to regard protection. So significant control of the spyware industry is urgently needed to stop further violations.

Read more: India demands answers from WhatsApp after reports of spying

All legitimate advances ought to be required to unveil the full extent and nature of the NSO complicity in the denial of basic liberties. Pakistan ought to likewise take vital measures to craft a comprehensive cyber-security policy to counter back well-organized noxious cyber campaigns against Pakistan at the International level by unfriendly states like India.

Humaira Waheed is an e-activist in amnesty international. The views expressed in the article are the author’s own and do not necessarily reflect the editorial policy of Global Village Space.