The world of privacy has been shaken after a leak exposed global abuse of cyber-surveillance used on certain people and organizations. The most targeted were human rights activists, lawyers, journalists, and field researchers who are people of interest in their respective countries. Authoritarian governments feel the need to keep a constant eye on individuals who might influence national issues, so they have been persuaded to devise innovative ways of overseeing the actions of these persons. Technology-enabled the governments to spy on people, and it was greatly exploited to the extent of abusing people’s rights to privacy.
In the data leaked, an Israeli surveillance company named NSO Group has been blamed for a spying conspiracy. The company is responsible for distributing a hacking spyware Pegasus which they say is given to their clients. According to the company’s officials, the spyware is only meant to be used against criminals and terrorists, so it was not designed as a weapon against ordinary citizens. But just like regular software, it is bound to be abused or misused by the clients and other people. Some clients are also known for redistributing the spyware to their peers or for further personal gains.
Pegasus was designed explicitly as hacking spyware that works effectively on most technological gadgets. By operating as malware, Pegasus infects both iPhones and Android devices, and this is an effective technique because, in the modern world, everyone has a smart device. For most people, these devices have become their life and contain every aspect of their livelihood. If a phone is infected by Pegasus, it becomes vulnerable with all the defence systems down, so the malware can extract messages, pictures, calendar events, emails, and call records. This hacking spyware also can activate the microphone and camera, which the user will not notice. An iPhone or Android user is tricked into clicking a malicious link, then the device is infected, and the attacker will have access to any data on the device. It can even hack the contacts book, record calls, and show GSP data, thus pinpointing one’s location and all the areas visited by a targeted individual. The recent development of the malware enables it to infect a device without the user even clicking on a malicious link. This makes it a dangerous program that can infect the most secure ISO system in iPhones, and it is accused of exploiting the iMessage app to penetrate the iPhone firewalls [Source].
The leaked data revealed a list of 50 000+ phone numbers that were under surveillance by NSO’s clients since 2016, and this shows how some people’s privacy was being violated for more than half a decade. The list does not indicate if the phone numbers inserted in a device infected by Pegasus might be an intended target. But it is believed that every listed number is either under surveillance or prone to be hacked in the near future, and tech officials’ analysis depicted that many numbers were tapped into. Forbidden Stories, which is a Paris-Based non-profit media organization, and Amnesty International enable access to the list for other media fraternities. The biggest challenge left for the media organization and other tech experts is to reveal the identities of people who own the listed phone numbers.
An overview of a few selected numbers show that they belong to famous lawyers, presidents, prime ministers, editors, cabinet ministers, government official, union officials and members, NGO employees, prominent academics, religious figures, CEOs, journalists, media corporations’ officials, reporters, field researchers, and business executives. Relatives of nations’ leaders own some phone numbers, and it is very interesting to know that some leaders spy on their relatives and close family members [Source].
Media houses’ officials’ phone numbers were flagged on the list. Most of them belong to reporters, editors, and executives at the Financial Times, CNN, the New York Times, France 24, The Economist, Associated Press, and Reuters. These media companies are well-known for doing intensive investigative journalism while delving deep into nations’ secrets. Some journalists can even go to the extent of endangering their lives to get a juicy story. Hence it is no surprise that they were included on the list. The late freelance Mexican reporter, Cecilio Pineda Brito’s phone, was also found on the list. Still, it was not conclusive that any information was extracted from his cell phone, and he was one of the 25+ Mexican journalists who were to be put under the surveillance radar.
Around 10 governments were revealed from an analysis of the leaked data. These include Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. Mexico recorded the highest figure of surveillance phone numbers amounting to 15 000, with both Morocco and The UAE recording 10 000 numbers. European countries had 1 000+ numbers on the list, and the whole list was from about 45 countries across four continents [Source]. According to NSO, the company does not have any access to hacked data by its customers, so it had no idea what was being extracted and denied that its clients were indulging in these hacking activities being suggested. In its defence, the company noted how the officials would investigate the issue and take appropriate action relating to any abuse or misuse of their hacking program by the clients. It further argued that the list might contain numbers not targeted by Pegasus users and denied that the 50 000 figure of phone numbers on the list is just an exaggeration.
NSO’s policies state that it sells its products to military services, security and intelligence services or agencies, and law enforcement facilities from 40 undisclosed countries. Before selling the hacking spyware, intense vetting is undertaken to determine that the buyer or client respects human rights. NSO is regulated by the office of the Israeli minister of defence, who gives out export licenses to foreign purchasers wishing to utilize their spy tools or any other form of technology. The company emphasized their clients’ activities and contended that the malware was designed to tackle criminality among the people. The leaked data also includes numbers of suspected crime bosses and criminal organizations [Source].
In consideration of client privilege and confidentiality, NSO will not reveal its customers, so now it is up to innovative tech-gurus to reveal the faces behind listed phone numbers on the ‘Pegasus project’. Such a leak can cause panic among various professions, especially those who have friction with the government. This will also alert criminal organizations to strengthen their devices’ firewalls or look for secure platforms to interact on.
