What is the most problematic tech company in the world? Facebook? Google? Palantir? Nope. It is a small, privately held Israeli company called NSO that most people have never heard of. On its Web site, it describes itself as “a world leader in precision cyberintelligence solutions.” Its software, sold only to “licensed government intelligence and law-enforcement agencies,” naturally, helps them to “lawfully address the most dangerous issues in today’s world. NSO’s technology has helped prevent terrorism, break up criminal operations, find missing people and assist search-and-rescue teams.”
So what is this magical stuff? It is called Pegasus and it is ultra-sophisticated spyware that covertly penetrates and compromises smartphones. It is particularly good with Apple phones, which is significant because these devices are generally more secure than Android ones. This is positively infuriating to Apple, which views protecting its users’ privacy as one of its unique selling points.
How does Pegasus work? Pay attention, iPhone users, journalists and heads of government: Your cherished and trusted device will emit no beep or other sound when it is being hijacked. However, the intruder has gained entry and from then on everything on your phone becomes instantly accessible to whoever is running the spyware. Your camera can be secretly activated to take photographs, for example, and your microphone switched on at the whim of a distant watcher or listener. Everything you type on iMessage or WhatsApp will be read and logged. And you will have no idea that this is happening. You have been “Pegasused,” as it were. And the perpetrator might well be a government, which is interesting if you happen to be a president like Emmanuel Macron or a prime minister like Imran Khan, but potentially fatal if you happen to be a journalist like Jamal Khashoggi.
Those of us who follow these things have known about NSO for quite a while, mainly thanks to the Citizen Lab at the University of Toronto, which is the nearest thing civil society has to the National Security Agency. Its researchers have done sterling work tracing the ways in which journalists’ phones have been Pegasused by authoritarian regimes.
In December last year, for example, the Lab published the report of an investigation that showed how Pegasus spyware had been used to hack into 36 personal phones belonging to journalists, producers, anchors and executives at al-Jazeera and a phone of a London-based journalist at Al Araby TV. The phones were compromised using an invisible zero-click exploit in iMessage. The hacking was done by four Pegasus clients, two of which appeared to be Saudi Arabia and the United Arab Emirates (UAE).
There is a good deal more where that came from. NSO’s invariable corporate response is that contractual confidentiality prevents it from identifying its clients and that the company does not itself operate the spyware — it just sells it to sovereign governments and is therefore not responsible for what they do with it.
If that reminds you of another industry that sells powerful and potentially dangerous products, then join the club. NSO is basically the same as an arms manufacturer, because its software is regarded by its home government as a weapon and the company needs an export license before it can sell to anyone. From which we might infer that regimes that get their paws on Pegasus are ones of which the government of Israel covertly or tacitly approves.
NSO is back in the news because Amnesty International, in collaboration with the Organized Crime and Corruption Reporting Project and 16 media organizations, including the Guardian, has launched The Pegasus project, aimed at uncovering who might have fallen victim to the spyware and to tell their stories.
The project was triggered when a consortium of journalists gained access to a leak of more than 50,000 phone numbers allegedly entered into a system used for targeting by Pegasus. The list makes for interesting reading, not least because it identifies the governments that are likely to be assiduous users of Pegasus. They include Mexico, Azerbaijan, Kazakhstan, Hungary, India, Saudi Arabia, the UAE and — interestingly — Rwanda.
Until now, NSO’s activities seemed unstoppable: In a Westphalian world of sovereign states that can do what they like, if your home government gives you a license to export, then you are in business. However, recently, three things have changed.
First, and most importantly, there are new administrations at the helm in Israel and the US. If US President Joe Biden decided that NSO’s activities have suddenly become unacceptable, then a serious phone call to the Israeli prime minister might have an effect. Second, Apple is mightily pissed off about having its iPhones compromised and it has more technical clout than even NSO hackers. And finally, the Amnesty project has suddenly brought NSO, blinking, out of the shadows and into the light.
Some good might come of this.
John Naughton is professor of the public understanding of technology at the Open University.
There is much evidence that the Chinese Communist Party (CCP) is sending soldiers from the People’s Liberation Army (PLA) to support Russia’s invasion of Ukraine — and is learning lessons for a future war against Taiwan. Until now, the CCP has claimed that they have not sent PLA personnel to support Russian aggression. On 18 April, Ukrainian President Volodymyr Zelinskiy announced that the CCP is supplying war supplies such as gunpowder, artillery, and weapons subcomponents to Russia. When Zelinskiy announced on 9 April that the Ukrainian Army had captured two Chinese nationals fighting with Russians on the front line with details
Within Taiwan’s education system exists a long-standing and deep-rooted culture of falsification. In the past month, a large number of “ghost signatures” — signatures using the names of deceased people — appeared on recall petitions submitted by the Chinese Nationalist Party (KMT) against Democratic Progressive Party legislators Rosalia Wu (吳思瑤) and Wu Pei-yi (吳沛憶). An investigation revealed a high degree of overlap between the deceased signatories and the KMT’s membership roster. It also showed that documents had been forged. However, that culture of cheating and fabrication did not just appear out of thin air — it is linked to the
The Chinese Nationalist Party (KMT), joined by the Taiwan People’s Party (TPP), held a protest on Saturday on Ketagalan Boulevard in Taipei. They were essentially standing for the Chinese Communist Party (CCP), which is anxious about the mass recall campaign against KMT legislators. President William Lai (賴清德) said that if the opposition parties truly wanted to fight dictatorship, they should do so in Tiananmen Square — and at the very least, refrain from groveling to Chinese officials during their visits to China, alluding to meetings between KMT members and Chinese authorities. Now that China has been defined as a foreign hostile force,
On April 19, former president Chen Shui-bian (陳水扁) gave a public speech, his first in about 17 years. During the address at the Ketagalan Institute in Taipei, Chen’s words were vague and his tone was sour. He said that democracy should not be used as an echo chamber for a single politician, that people must be tolerant of other views, that the president should not act as a dictator and that the judiciary should not get involved in politics. He then went on to say that others with different opinions should not be criticized as “XX fellow travelers,” in reference to
RSS