Pegasus Spyware: all you need to know
Have you ever heard about Project Pegasus? Initially, this malware program was created to identify terrorists and criminals. Still, as a collaborative journalistic investigation shows, it was used by authoritarian regimes to spy on politicians, human rights activists, and journalists. In this article, we dig into the concept of Project Pegasus and explain to you what it is and how it affects human rights and people's basic security.
What is Project Pegasus?
Pegasus Spyware is malware created by the Israeli company NSO to prevent crime and terrorism. The company specializes in software for intelligence services, military, and law enforcement agencies, and among its clients is the Israeli Ministry of Defence, for example.
Pegasus Spyware infiltrates iOS or Android devices and allows access to chat and email messages, photos, and location data, activating the camera and microphone without the user's knowledge. It was developed to track terrorists and criminals and should only be available to public authorities.
What was the Pegasus spyware leak?
Although NSO claims that the software is being used only to track terrorists, the joint investigation led by 17 journalist organizations, including Forbidden Stories, The Guardian, The Washington Post, Haaretz, Suddeutsche Zeitung, human rights organization Amnesty International and the Center for the Study of Corruption and Organized Crime (OCCRP) among others shows that authorities in several countries massively spied on journalists, human rights activists and politicians using Pegasus spyware. Edward Snowden called this investigation “the story of the year”.
Journalists have uncovered a list of potential surveillance targets, including over 50,000 people. Forbidden Stories and Amnesty International have obtained a list of phone numbers that NSO Group's government clients have allegedly targeted for surveillance since 2016. There are no names on the list, but journalists have identified more than 1000 people from 50 countries: among them are 189 journalists, 65 business executives, 85 human rights activists, about 600 politicians, and officials of various levels, including ministers, diplomats, the military, several heads of state and prime ministers.
The data analysis let journalists identify 10 countries that used Pegasus software. These are Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates.
Pegasus software was used to attack the phones of two women close to Saudi journalist Jamal Khashoggi, who was murdered in October 2018 at the Saudi consulate in Istanbul. Mexican journalist Cecilio Pineda Birto’s name was included in the system a few weeks before his murder.
Some of these countries’ authorities deny their participation in hacking private cell phones and cyber-surveillance. Israeli officials claim that they only allow the export of IT products to prevent crime and terrorism and that Israel does not have access to the information collected by NSO clients, state officials said. The head of NSO Group, Shalev Julio, said the list of 50,000 phone numbers had nothing to do with the company but promised to investigate potential human rights abuses. However, it is impossible to know whether phones were successfully infected with Pegasus without analysis of devices by forensic experts.
For now, Pegasus is considered a new global weapon against journalists and human rights activists. It is a powerful cyber-surveillance tool that can track all the personal data, movements, and almost anything about anyone without the owner of the phone knowing that his device is infected.
WhatsApp CEO Will Cathcart tweeted that "NSO's dangerous spyware is used to commit horrible human rights abuses all around the world, and it must be stopped". UN Special Rapporteur 2014-2020 David Kaye has also suggested a global moratorium on the sale or transfer of spyware.
How to check your phone for Pegasus spyware?
After the news broke, Amnesty International launched a tool to help you check your phone for Pegasus software if you have doubts.
First of all, create an encrypted backup of your Android or iPhone. Then, download and install Amnesty’s MVT, Mobile Verification Toolkit. To get help, you can follow the instructions here. Next, you can start the analysis which will require some technical skills. You can just follow step-by-step instructions from Amnesty International for iOS and Android devices.