The latest developments
Numerous states use the Israeli surveillance software Pegasus to spy on journalists, human rights activists or opposition politicians. Among them are also European countries.
With the surveillance software Pegasus, smartphones can be spied on, messages read or conversations eavesdropped.
The latest developments
- Several dozen Catalan separatists were being monitored using Pegasus spy software. Between 2017 and 2020, over 60 Catalan politicians, journalists or lawyers are said to have been the target of state surveillance, as the Canadian research group Citizen Lab writes in a report on Monday (April 18). The actions began in 2017 when a declaration of independence by Catalonia sparked a political crisis. According to Citizen Lab, it is not possible to clearly prove who was behind the espionage actions: “But strong evidence points to a connection to the Spanish authorities.” According to the Spanish newspaper “El País”, the Spanish secret service CNI was using the Pegasus software. The Spanish government declined to comment on the Reuters news agency.
- The British government is said to have become the target of a spy operation with Pegasus. In 2020 and 2021 there were several devices with Pegasus installed in the Prime Minister’s office and at the Ministry of Foreign Affairs, writes the Canadian research group Citizen Lab in a blog entry on Easter Monday (April 18). The United Arab Emirates may have been behind the use of spyware in the prime minister’s office. According to Citizen Lab, the infected devices are linked to India, Cyprus, Jordan and the United Arab Emirates. The aim of the surveillance could also have been smartphones of employees abroad that are provided with local SIM cards. The manufacturer of Pegasus, the Israeli NSO Group, rejected the allegations as false to the Reuters news agency.
- High-ranking EU officials are said to have been spied on with Israeli surveillance software. The target of the espionage operation, which is said to have taken place last year, was, among others, Justice Commissioner Didier Reynders, as the Reuters news agency reported on Monday (April 11).. The European Commission became aware of the attack after Apple notified iPhone owners who were targeted by government surveillance in November. The exploited vulnerability in Apple’s operating system is used in the Israeli spyware Pegasus, but also in the product of a second Israeli manufacturer of spy software, QuaDream. It is unclear which state is behind the espionage campaign.
- After a wiretapping scandal involving the Pegasus surveillance software, Israel has set up a state commission of inquiry. According to media reports, the police bugged government critics, business people, local politicians and one of the sons of former Prime Minister Benjamin Netanyahu for years without a judicial order. Interior Minister Ajelet Schaked called on Twitter on Monday (February 7) for an external commission to investigate the allegations: “The Knesset and the entire public deserve answers, today.”
- The Swiss authorities also used the controversial spyware Pegasus – and probably still do. Several sources confirm to the NZZ that it was used between summer 2017 and autumn 2018. Various indications strongly suggest that the federal government is still using the software today. To the report
The most important questions about Pegasus
Pegasus is software designed to monitor cell phones. According to the Israeli manufacturer NSO, it only sells the product to state authorities such as the police, secret services or the military. The software is intended to help fight crime or terrorism, but is also misused for other purposes.
Pegasus can be installed remotely over the internet on most Android or iOS devices without the owner noticing. The authorities can then monitor the phone extensively, because Pegasus has access to practically all important functions.
The monitoring software can, for example, read conversations in messenger services such as Signal or Whatsapp or eavesdrop on telephone calls. However, Pegasus can also access saved files, copy the address book or read location data from the device.
The software can also be used to activate the camera and microphone of the infected smartphone. The smartphone becomes a bug that goes unnoticed and can be used, for example, to eavesdrop on a conversation in a room.
Because there are numerous documented cases where the software has been misused.
According to the manufacturer NSO, Pegasus is used in 40 countries. The company’s requirement is that the surveillance software may only be used on a legal basis, specifically, for example, for fighting crime or fighting terrorism.
In practice, however, not all countries that use Pegasus adhere to this requirement. The Canadian research group Citizen Lab at the University of Toronto first reported abusive surveillance in 2016. The target was human rights activist Ahmed Mansoor from the United Arab Emirates.
Later, numerous abusive surveillance practices in Mexico involving the use of Pegasus became known. The targets were lawyers, journalists or opposition politicians. According to the Washington Post, Pegasus was also used to spy on people close to Saudi opposition figure Jamal Khashoggi. He was allegedly murdered by members of the Saudi royal family in 2018.
International research published in July 2021 attracted worldwide attention. At the center was a list of 50,000 telephone numbers that are said to have been the target of Pegasus surveillance. Among them, the research network, led by the human rights organization Amnesty International and the journalist organization Forbidden Stories, was also able to identify numbers of journalists, human rights activists, politicians and members of the government.
On the one hand, the criticism is directed at those states that have misused Pegasus. Hungary, for example, is said to have wiretapped members of the opposition. On the other hand, the Israeli manufacturer of Pegasus is also criticized because it does not control the customers and their use of the spy software too strictly.
In Israel, the Ministry of Defense must authorize the sale of surveillance software abroad. It may only be sold to government agencies and only for the purpose of fighting crime and terrorism. “Israel claims there are export controls,” Citizen Lab founder Ron Deibert said in a 2018 interview with the NZZ. “But obviously there are problems here.”
In general, it is difficult to control the use of software after the sale – similar to the case with conventional weapons or dual-use goods. However, operating Pegasus requires a whole system of servers to infect the target devices and control the spyware. The customers presumably do not operate this system completely independently of the manufacturer, which is why it seems fundamentally possible for the NSO to monitor the operations.
The telephone list, to which the international research network gained access in 2021, is said to contain at least a thousand numbers that could be assigned to journalists, human rights activists, business people and politicians. Among the most prominent targets on the list were three presidents, ten heads of government and one king, like that “Washington Post” writes.
According to the report, possible targets of Pegasus surveillance were French President Emmanuel Macron and his counterparts in Iraq and South Africa, current or former heads of government in Belgium, Yemen or Kazakhstan, and the King of Morocco, Mohammed VI. In total, the research network found traces of the Pegasus spy software on smartphones in 37 cases. It is unclear whether the high-ranking politicians mentioned were also spied on with the software because their cell phones were not accessible to the investigative team.
It is usually not officially known who is behind the surveillance actions. The NSO Group keeps its customers secret. She only says that you are in business with a total of 60 authorities from 40 countries. According to Amnesty International there is evidence of at least 11 countries using Pegasus: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo and the United Arab Emirates.
The accused governments have either denied or are silent about espionage via Pegasus. The manufacturing company NSO Group wrote in a statement, that the allegations of the research network are denied.
Pegasus is being developed by the NSO Group, an Israeli company that makes surveillance software for government agencies. NSO was founded in 2010 and is said to have around 800 employees by now. Today the company also operates out of Bulgaria and Cyprus.
Pegasus is likely to be among the market leaders when it comes to surveillance software. In general, companies from Israel are considered leaders in spy software because they benefit from a strong connection between the military and the economy in the country.
The NSO Group has been under public criticism for years because cases of misuse of its Pegasus software have been reported time and again. The company is trying to refute these allegations. For a good year now, the company has had a process with which cases of possible misuse of its software can be checked.
At the end of June, the NSO Group also published a transparency report on its activities for the first time. According to the report, NSO Group has so far renounced deals totaling more than $300 million because of a negative human rights assessment from the potential client.
Surveillance software is secretly installed on the smartphone without the user’s knowledge. In this regard, this software behaves the same as malware used by criminals or government attackers, for example.
Over the years, Pegasus has used different ways to nest on the target device. In September 2021, for example, a vulnerability in Apple devices that affected the iMessage messenger service and was exploited by Pegasus became known. This was a so-called “zero-click” vulnerability, whereby the cell phone owner did not have to click on a link for the software to be able to exploit it.
A few years ago it became known that Pegasus had exploited a vulnerability in Whatsapp. A call with Whatsapp was enough for the installation without having to be answered. Previous methods of infection are also documented, in which the target person had to click on a link, for example in an SMS, in order to install Pegasus.
When attackers exploit an unknown “zero-click” vulnerability, it is virtually impossible to protect themselves. This applies regardless of whether a state police agency or cyber criminals are behind the infection.
Anyone who receives links in SMS, chat messages or emails should only click on them cautiously. Special caution is required if the sender is unknown or the text contains strange wording or spelling mistakes. The same applies to files such as Word or PDF documents that are sent to you.
It is also important to keep the software on your smartphone or computer up to date. Security updates should be installed as soon as possible.