International investigations indicate that authoritarian governments with specific agendas have installed Pegasus spyware on the phones of high-profile journalists, activists and business persons. The software is created, marketed and owned by the NSO group, which sells it to governments around the world.

Pegasus spyware on iPhones and Androids enables spyware operators to see messages, photos and emails. Secret call recording and microphone activation capabilities also exist. Previous reports have shown that compromise is invisible and can manifest as a zero-click exploit in iMessage.

Who has Pegasus spyware definitively affected so far?

  • High-ranking political officials, including French President Emmanuel Macron, the King of Morocco, Mohammed VI, Pakistan’s Imran Khan and South Africa’s Cyril Ramaphosa and at least a dozen other heads of state.
  • Lesser-known political officials, including 14 serving ministers in France.
  • A British human rights activist and lawyer.
  • A legal official in India.
  • A senior staff member of the renowned French media outlet France 24, along with Middle-eastern, Hungarian and Turkish journalists.

Over time, as many as 180 journalists around the world may have experienced surveillance via Pegasus spyware. When journalists encounter mobile device espionage, journalists’ families are suddenly placed at-risk and sources and contacts may also experience compromise. At least one media company has vowed to take legal action in regards to illicit surveillance activities.

Pegasus spyware has been in the wild since 2016. The NSO group states that the software was first developed for use against criminals and terrorists. It is intended for use in that sphere.

Says Amnesty International’s Secretary General, Agnes Callamard, “States must implement a global moratorium on the export, sale, transfer and use of surveillance equipment [such as that of Pegasus spyware] until a robust human rights-compliant regulatory framework is in place.”

NSO complicity

In this international scandal, the precise level of responsibility belonging to the NSO group remains a point of contention, although most would agree that NSO group is culpable. However, should the country in which the NSO group have prevented licensing of the software in the first place? To what extent are the major private equity firms that finance NSO group liable? At present, NSO has prohibited known abusers of its technologies from continued access and deployment.

Sources have also stated that NSO group has newly prohibited the spyware’s deployment on British phone numbers. Similarly, NSO allegedly blocked spyware deployments on American phone numbers, starting six months ago. International media outlets have yet to offer further elucidation on these points.

Pegasus spyware, defense discussions

In Israel, a classified intelligence subcommittee meeting is scheduled to take place amidst the increasing international spotlight on the NSO Group and its spyware. Further, the defense committee will discuss spyware firms such as Candiru and Quadream. These groups have also made spyware sales to non-democratic regimes.

Think tank senior researcher, Tehilla Shwartz Altshuler, sent an Israeli lawmaker a note pushing him to “the public to get answers they deserve about this burning topic.”

For more information about Pegasus spyware, including how to check for it on your phone, see Cyber Talk’s past coverage. In addition, sign up for the Cyber Talk newsletter, which provides robust cyber security insights about trending topics.