Pegasus Project revelations (2021)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date The revelations appeared in July 2021, but it is believed that surveillance tools had been used probably since 2016.[1]
Suspected actor The Pegasus spyware was created by the NSO Group, an Israeli technology firm.[2] Nevertheless, the suspected actors are various governments, including Hungary,[3] Mexico, Azerbaijan, Kazakhstan, India, United Arab Emirates, Saudi Arabia, Bahrain, Morocco, Rwanda and Togo.[4]
Target Suspected and known criminals, as well as politicians, lawyers, diplomats, human rights defenders, heads of states and nearly 200 journalists from two dozen countries.[2]
Target systems iPhones and Android devices,  especially phones.[5] Nevertheless, the spyware is also able to infiltrate devices running Blackberry or Symbian.[6]
Method The Pegasus spyware is considered one of the most powerful pieces of spyware ever developed. Once it has wormed into the device, it can copy messages, harvest photos, and record the phone owner's calls.[5] Moreover, it could localize the owner of the phone and detect who s/he has met and even switch on microphones and cameras for recording live video and audio.[4] The phones could probably be infected by the spyware in two ways. The first option is a spear-phishing-text message or e-mail. The second option was placing a WhatsApp call to a target device. Via this phone call, it was possible to install the malicious Pegasus code on the device, even if the target never picked up it or took any action at all (zero-click exploit).[7][5]
Purpose Officially, Pegasus software was used to track criminals and terrorists. However, in this case, it is unclear who and why was targeted.[6]
Result More than 50,000 phone numbers were selected for surveillance by the customers of the Israeli company NSO Group. The list was published by a consortium led by the Paris-based journalism nonprofit Forbidden Stories, and the human rights group Amnesty International.[8] The goal of this project was the forensic analysis of the case which should result in the confirmation or refutation of their assumptions of the size and scope of the surveillance.[9]  In October 2021, the project was awarded the Daphne Caruana Galizia Prize for Journalism. [10]
Aftermath The revelation of the Pegasus project demonstrated that governments worldwide have been exploiting the Israeli NSO Group’s spyware to indulge in widespread surveillance of more than 50,000 ‘targets’ of interest. India's supreme court ordered inquiry into state’s use of the spyware,[11] and the U.S. added the NSO Group to a blacklist, prohibiting the company from receiving American technologies.[12]
Analysed in Scenario 07: Leak of State-developed hacking tools

Scenario 11: Sale of surveillance tools in defiance of international sanctions

Collected by: Anna Blechová

  1. Stephanie Kirchgaessner, Paul Lewis, David Pegg, Sam Cutler, Nina Lakhani, Michael Safi,  Revealed: leak uncovers global abuse of cube-surveillance weapon, The Guardian (18 July 2021)
  2. 2.0 2.1 Laurent Richard, Sandrine Rigaud, Spyware can make your phone your enemy. Journalism is your defence, The Guardian (19 July 2021)
  3. Pegasus Project revelations: MEPs debate government spying, European Parliament (9 Semptember 2021)
  4. 4.0 4.1 The Pegasus Project, About the Project, OCCRP, ( 18 July 2021)
  5. 5.0 5.1 5.2 David Pegg, Sam Cutler, What is Pegasus spyware and how does it hack phones?, The Guardian (18 July 2021)
  6. 6.0 6.1 Bhanukiran Gurijala, What is Pegasus? How Surveillance Spyware Invades Phones, Scientific American (9 August 2021)
  7. Stephanie Kirchgaessner, WhatsApp: Israeli firm ‚deeply involved‘ in hacking our users, The Guardian (29 April 2020)
  8. Pegasus Project consortium wins first Daphne Caruana Galizia journalism prize, Euronews (14. October 2021)
  9. About the Pegasus Project, Forbidden Stories, (2021)
  10. The Pegasus Project awarded the 2021 Daphne Caruana Galizia Prize for Journalism, News European Parliament (14. October 2021)
  11. Amrit Dhillon, Michael Safi, Indian supreme court orders inquiry into state’s use of Pegasus spyware, The Guardian (27 Oct 2021)
  12. Drew Harwell, Ellen Nakashima, and Craig Timberg, Biden administration blacklists NSO Group over Pegasus spyware, Washington Post (3 Nov 2021)