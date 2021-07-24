



A COLLABORATIVE investigation into a data leak of software sold by Israeli surveillance firm NSO Group has led to startling revelations. The company has sold Pegasus, malware used for cyber surveillance, to authoritarian governments who wish to spy on journalists, activists, politicians and government officials.

The software can infiltrate iPhones and Androids, allowing the operator to record calls, retrieve photos, messages and emails without the knowledge of the phone user. Although the company claims it only sells its software to those who wish to use it against terrorists and criminals, massive data leak in its archives shows that its clients may have used it against targets that do not fall into any of these categories. The leak contains the phone numbers of 50,000 people, and a forensic analysis of some devices showed traces of the Pegasus malware.

Pegasus spyware: how does it work?

At least 10 governments are believed to be clients of NSOs, including Saudi Arabia, India and the United Arab Emirates. The leaked phone numbers cover 45 countries, including Pakistan, where a number once used by Prime Minister Imran Khan has been targeted for potential surveillance. The government is currently investigating whether Mr. Khans’ device has in fact been infiltrated.

Spyware like Pegasus facilitates human rights violations, especially when in the hands of authoritarian regimes. A government or intelligence agency can use the software to spy on dissidents and critics, a dangerous and disturbing reality in countries where privacy and human rights are routinely violated. It can also be used by hostile countries to spy on rivals in a new era of cyber espionage. The fact that the list of phone numbers in the data breach are linked to people who clearly have no criminal or terrorist connections says a lot about how this spyware is being abused. It’s also a test for phone makers and app developers to offer enhanced protection. While it’s next to impossible for a device to be completely bug-free or hacker-proof, iOS and Android developers should invest in research to improve security.

It is important that the international community unites to regulate the use of these tools and curb the violation of human rights. Governments must lobby global rights organizations to monitor the countries that develop and sell this software. The export of this surveillance technology should either be stopped or heavily regulated to prevent abuse. One step towards this is the consortium itself. Much like the Panama Papers investigation, a group of journalists shed light on Pegasus customers and their demands. This story gives hope that countries can work together on the basis of a similar model to end human rights abuses in digital surveillance and cyber espionage. Until these companies can demonstrate that they can respect human rights and limit the abuse of their software, their large-scale sale should be limited.

Posted in Dawn, July 24, 2021

