Pegasus spyware scandal

The global impact of Pegasus

Print edition : August 27, 2021

Public protest against the Hungarian government for using Pegasus spyware to monitor journalists, opposition leaders and activists in Budapest on July 26. Photo: Marton Monus/ REUTERS

Recent revelations have proved that governments across the world, from Mexico to Rwanda to Saudi Arabia, used Pegasus to spy on their own citizens, especially journalists, human rights campaigners and politicians, despite the Israeli government’s assurance to the contrary.

There were clear warning signals since 2016, which the international community chose to wilfully ignore, about the dangers posed by Pegasus, the lethal spyware created by the NSO Group, an Israeli company that has close ties with the country’s political and security establishment. According to the investigations conducted by an international consortium of 17 news outlets led by the Forbidden Stories platform, a Paris-based non-profit media organisation, and Amnesty International Security Lab on the Pegasus data leak, at least 10 governments in Latin America, Africa and Asia had purchased and used the Israeli spyware on its own people.

Other reports, however, suggest that the Pegasus spyware has been sold to more than 50 countries. The sale of the Pegasus software by the NSO to foreign governments has to be authorised by the Israeli government. The NSO has claimed that it has sold its wares to 40 countries so far. The sale of the Pegasus spyware to countries such as India, Mexico and Rwanda reportedly took place after the visit of the Israeli Prime Minister, Benjamin Netanyahu to their capitals. Cybersecurity experts have described Pegasus as the most effective spyware developed and deployed till date.

Other countries which bought Pegasus include Arab monarchies such as Saudi Arabia, Bahrain and the United Arab Emirates (UAE), which had broken ranks from the Arab cause in the last decade and established close informal relations with Israel. Bahrain and the UAE, along with Morocco, formally established diplomatic relations with Israel in 2020 after the signing of “the Abraham accords”. The kingdom of Morocco, a traditional ally of the West, has allowed Israeli secret services to operate in the capital Rabat for a long time. The other buyers of the Pegasus spyware identified in the recent expose were Mexico, Azerbaijan, Kazakhstan and Hungary.

Also read: Journalists, activists among 50,000 targets of Israeli spyware, as per reports

According to reports, the government of Saudi Arabia used Pegasus extensively against domestic critics. Among those targeted was the Saudi dissident, Jamal Khashoggi and his circle of close friends. His movements and his activities were obviously monitored prior to his brutal murder. Many observers of the region have connected his death at the hands of a Saudi assassination team in Istanbul to the surveillance tools provided by the NSO.

According to reports in the United States media, the Netanyahu government encouraged Israeli technology firms such as the NSO to aggressively market its products in Saudi Arabia after the Khashoggi killing. Five leading Israeli security firms are now doing business with Saudi Arabia. After the Khashoggi killing in 2018, the NSO briefly cancelled its contract with Saudi Arabia at the behest of a group of U.S. advisers led by Daniel Shapiro, ambassador to Israel during the Obama administration. It quietly resumed work the next year.

Another Israeli company called Canderu has been accused by Microsoft of helping the Saudi intelligence services to spy on more than 100 journalists, politicians, dissidents and human rights activists from all over the world. Microsoft had conducted its investigations in collaboration with Citizens Lab, a research institute based in the University of Toronto.

The UAE was among the earliest users of Pegasus, and employed it to target its own citizens and foreigners. The Pegasus spyware was allegedly used in the capture, on the high seas, of Princess Latifa, a member of the Dubai royal family, with the help of the Indian Coast Guard. The Emir of Dubai’s former wife’s phone, along with those of her associates, was also targeted by the Pegasus spyware.

Rwanda used the Pegasus spyware to target dissidents, including Paul Rusesabagina and his close relatives. Rusesabagina’s story of courage inspired the movie “Hotel Rwanda”. He is now in a Rwandan prison after being kidnapped from Dubai. The Rwandan government claims he was “tricked” into coming back home. The right-wing Hungarian government of Viktor Orban targeted the phones of at least five investigative journalists and prominent opposition politicians. In all, according to reports in the Hungarian media, more than 300 citizens were targeted.

Also read: Surveillance state: The Pegasus saga unravels

According to the Israeli government, the NSO was only permitted to do business with countries after receiving assurances that the spyware would not be used to target political opponents and the civilian population. But as the latest revelations have shown, the governments promptly used their new military grade acquisition to spy on their own citizens, giving special attention to politicians, journalists, bureaucrats and even businessmen. The first detailed report about the spyware being used on journalists, human rights campaigners and politicians broke in Mexico in mid 2017. Those against whom the Pegasus software was used included human rights campaigners looking into the mass disappearances of 43 university students in 2014. The incident had caused anuproar in the country’s civil society and led to a steep fall in the popularity of the ruling party. Sections of the media critical of the government, along with opposition politicians highlighting the corruption and violence plaguing civil society, were soon targeted.

The phones of at least 50 close associates, including the wife and family of the current Mexican President, Andres Lopez Manuel Obrador, known as Amlo, were among those targeted by Pegasus. Many senior members of the former ruling party, Institutional Revolutionary Party (PRI), were also spied upon by the Pena Nieto government.

Mexico: NSO’s first client

Mexico has been buying cyberarms from the NSO since 2012. According to reports, Mexico was the NSO’s first international client. The NSO had stated at the time that there was an explicit agreement with the Mexican government that its software would be used only to combat terrorists and drug cartels. According to reports, the NSO charged $650,000 on top of a $500,000 installation fee, to spy on groups of ten iPhone users. (The Indian government must have paid quite a tidy sum to the NSO Group, given the numbers of individuals it has targeted with Pegasus).

The Mexican government at the time had denied, despite evidence to the contrary, that it used the spyware to target its political opponents. The NSO has also so far denied all culpability, not only in Mexico but all over the world where its wares are being used to target unsuspecting individuals. But the current left-wing government under Amlo has launched a thorough investigation into the links between the previous government and the NSO. On taking office, Amlo had said that his government would never indulge in such activities. He has ordered the cancellation of all contracts with the NSO in case they are still active.

Also read: Pegasus spyware: Mexico one of the biggest targets

Mexico’s top investigative officer said that the two previous governments of Felipe Calderon (2006-12) and Enrique Pena Nieto (2012-2018) had spent more than $61 million to buy the Pegasus spyware. The government said that many of the contracts were signed with front organisations to facilitate the payment of kickbacks to top officials and politicians.

Santiago Nieto, the head of Mexico’s Financial Intelligence Unit, has said that the payment of bills for spyware like Pegasus were inflated to include excess payment that was then routed as kickback to government officials. He said: “This implies or at least presumes that existence of acts of corruption, by selling the spyware at inflated prices to the government between 2012 and 2018.” Mexican government agencies that have brought the NSO spyware include the Defence Ministry, the attorney general’s office and the National Security Agency. The recent investigation by international media outlets, has found out that more than 15,000 individuals in Mexico alone were selected for targeting between 2016 and 2017.

Tomas Zeron, the former Director of Mexico’s Criminal Investigation Agency and a close friend of the former President, who is under investigation for his links with the NSO Group and for other crimes including torture and corruption, fled to Israel last year, where he was promptly given asylum. Israel has refused to hand him over to the Mexican government despite repeated requests.

The Pegasus spyware could not have been sold to countries without the concurrence of the Israeli government and a tacit green signal from Washington. The Pegasus spyware has not been sold to either Russia or China though Israel has good relations with both countries. But given Washington’s fraught relationship with both these countries, the security establishment there would have surely vetoed the sale of the most sophisticated spyware produced so far to its strategic enemies.

But many of the U.S.’ allies have found out that they are not immune from Pegasus’ reach. French authorities have accused the Moroccan security agencies of using the latest spyware provided by Israel to snoop on the French President and other top officials. The mobile phones of 15 heads of state, including that of the Prime Minister of Pakistan, have also been targeted, allegedly by Indian intelligence agencies. The French government was quick to take up the illicit surveillance issue with the Israeli government.

Also read: France opens spyware probe with Macron identified as Pegasus target

Israeli Defence Minister Benny Gantz, on a visit to Paris after the scandal broke, assured his French counterpart, Florence Parly, that his government is taking the issue seriously. A statement from Gantz said: “Israel grants cyber licenses only to nation-states and only for the needs of dealing with terrorism and crime.”

After the French President, Emmanuel Macron, called for a serious investigation into the matter, the Israeli government announced the creation of an inter-ministerial committee to look into the allegations that Israeli spyware was abused on a gargantuan scale. An investigative team from the Israeli government visited the NSO offices after the global outcry. Nobody expects any action to be taken by Israel to curb the indiscriminate export of dangerous surveillance technology. The Israeli Prime Minister in a recent speech said that his country had memorandums of understanding with dozens of countries on cyber security. He said that he wanted to upgrade it into “a global security shield”.

Israel the ‘start-up nation’

The government of Israel likes to describe itself as the “only functioning democracy” as well as a “start-up nation” that has made great strides in cutting edge technology relating to the military. With billions of dollars coming in as military aid from the U.S, Israel, with the tacit encouragement of Washington, was allowed to develop spyware and military technology that was first tested on the Palestinians. Some of the technology was knowingly supplied to the Israeli military industrial complex by the U.S. and West European countries like France. (France was the country which helped Israel to become a nuclear power). Israel has, as a matter of policy, always leveraged its expertise in military and cybertechnology to gain diplomatic and military advantage in the region.

Israel is also known to have “stolen” some of the technology which it has used in the manufacture of spyware and weaponry like drones. Jonathan Pollard, an analyst working for the U.S. navy, has been described as one of the most effective spies for Israel. President Donald Trump pardoned Pollard who was serving a life sentence and allowed him to settle in Israel, where he received a hero’s welcome.

The current Prime Minister, Naftali Bennet, is himself a former tech entrepreneur who made his billions in the U.S. In a 2005 report, the Federal Bureau of Investigation (FBI) stated that Israel has “an active program to gather proprietary information within the United States, these collection programs are primarily directed at gathering information on military systems and advanced computing applications that can be used in Israel’s sizeable armaments industry”. The report added that Israel recruits spies and uses electronic methods to gather classified information.

The NSO, which earlier operated under different names, employed Michael Flynn, who was briefly Trump’s National Security Adviser. The company was then known in the U.S. as OSY Technologies. Way back in 1996, a U.S. Defence Investigative Service reported, “Israel has great success stealing technology by exploiting the numerous co-production projects it has with the Pentagon”.

Also read: Taking spying allegations 'seriously', Israel tells France

The U.S. General Accounting Office (GAO) concluded that Israel conducts “the most aggressive espionage operations against the U.S. of any ally”. But successive U.S. administrations have treated Israel with kid gloves. According to a former FBI counter intelligence officer, John Cole, the U.S. Justice Department ordered the dropping of many espionage cases against Israelis. He has said that at least 125 investigations into Israeli espionage cases have been dropped.

As far as the Pegasus spyware was concerned, the Israeli government had given an assurance to the U.S. authorities that it would not be used on U.S. territory or against U.S. citizens. The U.S. did not mind other nations and citizens in the rest of the world being indiscriminately and illegally put under surveillance. Washington has been accusing Moscow and Beijing of indulging in hacking, interfering in elections and spreading misinformation using technology to subvert “democratic” countries and export their authoritarian models. But now it has become clear that Washington’s closest ally, Israel, is responsible for most of the skullduggery, including providing authoritarian governments the means to harass and eliminate their opponents and hack into the phones of its politicians, journalists and ordinary citizens.

Edward Snowden, who blew the lid off the U.S.’ worldwide snooping activities, said that the NSO should bear “direct, criminal responsibilities for the deaths and detentions of those targeted by the digital infection vector it sells, which have no legitimate use”. He warned that if the NSO is not stopped now “it is not going to be 50,000 targets, it is going to be 50 million”. Snowden said that companies like the NSO should be shut down. “They don’t sell vaccines, the only thing they sell is the viruses”. He also reminded the public that the NSO Group gave “blood money” to Obama, Trump and Biden during their presidential campaigns.

This article is closed for comments.
Please Email the Editor
×