30.03.2022 IT International Tech

Pegasus spyware: friend, foe or traitor?

Pegasus: a friend?

Pegasus is spyware for iOS and Android developed by the Israeli company NSO Group, specialising in spyware development. According to NSO Group, the software is designed to help to prevent terrorist attacks and break up crime rings. NSO Group’s software allows its customers to target specific phone numbers and infect the associated devices with the Pegasus code. Pegasus gained a reputation as the “world’s most powerful cyberweapon”. If inserted into a smartphone, it can retrieve undetected messages, photos, contacts and even listen to its owner’s calls. According to the Council of Foreign Relations, since 2011, “NSO has licensed Pegasus to foreign law enforcement and intelligence agencies to combat terrorism, drug trafficking, and other major crimes.”  [1] At least nineteen governments reportedly own the product, even though the total number has never been confirmed.

Pegasus: a foe?

Behind this smoke window, and after many years of investigation, in 2021, a journalism consortium called the Pegasus Project revealed how NSO Group’s Pegasus spyware had been used to facilitate human rights violations around the world on a massive scale, following the revelation that at least fifty thousand phone numbers were reportedly entered into a Pegasus database. This journalistic investigation reported that all those phone numbers were related to politicians, government officials, business executives, journalists, and activists. Following those severe allegations, significant political or legal action have been taken against Pegasus spyware. The United States blacklisted NSO, and US companies were banned from selling critical technology to NSO. On February 15th 2022, the European Data Protection Supervisor (EDPS), also known as the Europe data watchdog, has called for a bloc-wide ban on the controversial Pegasus spyware tool to protect “fundamental freedoms but also to democracy and the rule of law” and warning its use could lead to an “unprecedented level of intrusiveness” [2] As a follow-up, mid-march 2022, the European Parliament has set up three new committees to look into the use of spyware by EU governments, malicious foreign interference, and lessons from the pandemic.

Israel / Ukraine / Russia: the three-headed Pegasus

After the invasion of Crimea in 2014, Ukraine tried to gain access to Pegasus spyware on several occasions to monitor Russian officials. Israel, in charge of the attribution of the licences, said that “it would not have wished to interfere in the conflict.” Israel has imposed a near-total embargo on selling weapons, including Pegasus, to Ukraine. Since Russia invaded Ukraine, Israel has been criticised for offering only limited support to Ukraine’s military forces and government. They might not be an ally of Russia on paper, but neither have they been an ally to Ukraine, with support limited to basic humanitarian supplies. A recent article by The New York Times (NYT) states, “Israel is wary of crossing Moscow on critical security issues” as Russia plays a pivoting role in the Middle East. As indicated by NYT, Pegasus might become the new “bargaining chip in diplomatic negotiations” [3], for better or for worse.

[1] Council of Foreign Relations
[2] Tech Crunch
[3] New York Times