SpywareSpyware: Why the Booming Surveillance Tech Industry Is Vulnerable to Corruption and Abuse
The latest revelations about NSO Group’s Pegasus spyware are the latest indication that the spyware industry is out of control, with licensed customers free to spy on political and civilian targets as well as suspected criminals. We may be heading to a world in which no phone is safe from such attacks.
The world’s most sophisticated commercially available spyware may be being abused, according to an investigation by 17 media organizations in ten countries. Intelligence leaks and forensic phone analysis suggests the surveillance software, called Pegasus, has been used to target and spy on the phones of human rights activists, investigative journalists, politicians, researchers and academics.
NSO Group, the Israeli cyber intelligence firm behind Pegasus, insists that it only licenses its spyware to vetted government clients in the name of combating transnational crime and terrorism. It has labelled reports from investigative journalists a “vicious and slanderous campaign” upon which it will no longer comment.
Yet the founder and chief executive of NSO Group previously admitted that “in some circumstances our customers might misuse the system.” Given that the group has sold its spyware to a reported 40 countries, including some with poor records of corruption and human rights violations, it’s alleged that Pegasus has been significantly misused, undermining the freedom of the press, freedom of thought and free and open democracies.
These revelations are the latest indication that the spyware industry is out of control, with licensed customers free to spy on political and civilian targets as well as suspected criminals. We may be heading to a world in which no phone is safe from such attacks.
How Pegasus Works
Pegasus is regarded as the most advanced spyware on the market. It can infiltrate victims’ devices without their even having to click a malicious link – a so-called “zero-click attack”. Once inside, the power Pegasus possesses to transform a phone into a surveillance beacon is astounding.
It immediately sets to work copying messages, pictures, videos and downloaded content to send to the attacker. As if that’s not insidious enough, Pegasus can record calls and track a target’s location while independently and secretly activating a phone’s camera and microphone. With this capability, an infected phone acts like a fly on the wall, seeing, hearing and reporting back the intimate and sensitive conversations that it watches continuously.
There’s previous evidence of Pegasus misuse. It was implicated in the alleged hacking of Jeff Bezos’ phone by the crown prince of Saudi Arabia in 2018. The following year, it was revealed that several Indian lawyers and activists had been targeted by a Pegasus attack via WhatsApp.
