Cyberwarfare / Nation-State Attacks , Device Identification , Endpoint Detection & Response (EDR)

Pegasus Spyware: World Leaders Demand Israeli Probe

French President, US Lawmakers and Others Call for Urgent 'Hacking for Hire' Review
Pegasus Spyware: World Leaders Demand Israeli Probe
French President Emmanuel Macron (Photo: Jacques Paquier via Flickr/CC)

Calls are growing for an investigation into how commercial Pegasus spyware developed by Israel's NSO Group gets sold to autocratic governments and used to target journalists, lawyers, human rights advocates and others.

See Also: Improving Security Compliance in Financial Institutions with Data Privacy Regulations (German Language)

On Monday, four U.S. Democratic lawmakers called for legislation or an executive order to crack down on privately built spyware. They also called for consideration of potential sanctions again all individuals and organizations that sell such software.

"Enough is enough. The recent revelations regarding misuse of the NSO Group's software reinforce our conviction that the hacking-for-hire industry must be brought under control," according to the joint statement from Reps. Tom Malinowski of New Jersey, Katie Porter and Anna G. Eshoo of California, and Joaquin Castro of Texas.

"Private companies should not be selling sophisticated cyber-intrusion tools on the open market, and the United States should work with its allies to regulate this trade," they said.

Meanwhile, French President Emmanuel Macron last week reportedly called Israeli Prime Minister Naftali Bennett to demand a thorough government investigation into the use of Pegasus spyware, including how such software gets approved for export and subsequently policed.

Alleged Targeting List

The controversial software is again in the limelight following allegations that a list of customers' supposed targets included contact details for 50,000 individuals.

Named on that list were Macron; the presidents of Iraq and of South Africa; the prime ministers of Egypt, Morocco and Pakistan; seven former prime ministers who were in office when their names were added to the list; and the king of Morocco.

The list was obtained as part of data leaked to French nonprofit journalism group Forbidden Stories. Working with technical experts at rights group Amnesty International and 17 media organizations as part of a joint Pegasus Project, the group began publishing details of its monthslong research effort on July 18.

In the Thursday call, Bennett assured Macron that he would launch a high-level investigation, while also emphasizing that the alleged behavior took place before Bennett became Israel's prime minister, Israel's Channel 12 News reported Saturday.

On Thursday, the Foreign Affairs and Defense Committee of Israel's Knesset - aka parliament - created a committee to probe the use of Pegasus spyware by foreign governments and whether Israel's export-control checks on who gets granted a license to use the software need to be tightened, The Times of Israel reported.

"The defense establishment appointed a review committee made up of a number of bodies," lawmaker Ram Ben-Barak, the former deputy head of Israel's Mossad intelligence agency, told Army Radio on Thursday, The Times of Israel reported. "When they finish their review, we'll demand to see the results and assess whether we need to make corrections."

Israeli Defense Minister Benny Gantz, in a trip reportedly planned some time ago, is scheduled to travel to France on Wednesday to discuss issues with French Defense Minister Florence Parly. In a statement, the Israeli government said those discussions will also now focus on NSO Group, Haaretz reported.

NSO Group Denies Allegations

How the leaked data was obtained remains unclear, as does the purpose of the apparent targeting list. Forbidden Stories says the list includes 50,000 individuals' contact details - across 50 countries - amassed by these 10 Pegasus-using governments: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.

How many of these apparent targets of interest were targeted with Pegasus spyware remains unknown. While Amnesty International was able to study some smartphones for signs of infection, it has been unable to obtain access to devices used by the vast majority of individuals on the list.

NSO Group has continued to deny that the list was in any way a master list of individuals being targeted. The company has claimed to have about 45 government customers and says each only targets about 100 individuals per year.

"We would like to emphasize that NSO sells it technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts," the company said in a statement issued last week. "NSO does not operate the system and has no visibility to the data."

But security experts who track spyware have asked: If NSO has no visibility into the data, how does it investigate claims that its software has been misused, for example, by autocratic regimes to spy on citizens? On Wednesday, for example, Chaim Gelfand, the chief compliance officer at NSO Group, told Israeli television network i24 that it could "specifically come out and say for sure that the president of France, Macron, was not a target."

Exactly how NSO Group reviews such allegations - and if it does so proactively, or only in response to reports by investigative journalists or other third parties - remains unclear.

Last week, a company spokesman told Information Security Media Group that whenever NSO Group investigates allegations of inappropriate use by a customer, "they are obligated to provide us with such information."

Probes in France, Mexico and Beyond

French prosecutors, meanwhile, have launched their own investigation into the leak, following French investigative website Mediapart and satirical newspaper Le Canard Enchaine both filing complaints on July 19. Mediapart attributed the spying against it to Morocco's security services, saying the spying came after it published reports on how the North African kingdom targets journalists and human rights advocates.

Mexico's president, Andrés Manuel López Obrador, aka AMLO, has also launched a probe into the software, following revelations that the previous administration had used the software against him, his family members and advisers while he was running for president.

Mexican officials say they're reviewing the government's decision to purchase a license for Pegasus in 2014 for $32 million to see if graft was involved. Obrador has stated that the software now only gets used to conduct surveillance on criminals, rather than against political figures or journalists, AFP reported.

Reports that names on the list included 300 Indian journalists, politicians, lawyers and other citizens led opposition politicians to disrupt parliament on July 20, calling for a full investigation and answers from the government of Prime Minister Narendra Modi about whether it used such software, the Guardian reported.

In the runup to the 2019 national elections, in which Modi was reelected, his chief rival, Rahul Gandhi, as well as several aides and close friends, appear to have had their smartphones infected with Pegasus software, according to news reports.

In Hungary, opponents of the far-right government have called for an investigation into how the software has reportedly been used to target journalists and others.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.