A recent investigation has revealed that some 50,000 phone numbers were targeted by organizations using “Pegasus” spyware.
The spyware was created and is licensed by Israeli-based company NSO Technologies Group.
The investigation was undertaken by The Pegasus Group—a collaboration between Amnesty International, Forbidden Stories, and several media outlets, such as The Guardian and The Washington Post.
Pegasus is licensed to governments in the interests of law enforcement, background checks, etc. Yet, the investigation found that at least 37 of the targeted phones belonged to journalists, human rights activists, business executives, and political leaders.
There is concern that the spyware is used for illegitimate reasons, such as political suppression and the harassment of journalists.
While the investigation found no evidence that any US phones were affected, phones in countries under investigation for human rights abuse were.
The Pegasus software gives the user unfettered access to the contents of a smartphone—from monitoring activity on-screen and recording calls to activating microphones and stealing passwords.
NSO stresses that it intends for the software to be used in the interests of justice and national security. As such, it will terminate licenses when presented with evidence of misuse.
An Unregulated Market
Government regulations are forever playing catch up with new technologies. The increasing speed of tech development with the comparative sluggishness of legislation makes it difficult.
Many countries have laws dealing with old forms of surveillance, like wiretapping. Few have regulated the new and more invasive methods, such as smartphone hacking.
Pegasus is advanced to the point where it can be used in “zero-click” hacks.
Often installing spyware includes some type of phishing. “Zero-click” hacks simply require the attackers to send a message to the target phone for it to begin working.
Even if technology like Pegasus is used solely by vetted and approved agencies, the internal checks and balances can see the software misused.
In response to the investigation, former head of Mexico’s domestic intelligence agency CISEN, Guillermo Valdes Castellanos, said that Pegasus is useful for crime-fighting.
A “lack of checks and balances,” however, he added, is responsible for it ending up in private hands. It is then used for personal or political gain.
Naturally, governments have access to informational databases with capabilities similar to people search sites. But a lack of oversight like the above mentioned presents a lot of dangers to the privacy of individuals, seeing as potentially anyone could be a target for any reason.
The potential for systemic abuses is worse, whereby a government in a country without independent judicial oversight can intensify campaigns against journalists, activists, and political opponents pushing for reform.
NSO disputes many of the findings of the investigation. It also clarified that it does not operate the software for clients but purely licenses it to them.
The Pegasus Project, for its part, will continue to monitor licensing and use in the interest of transparency.