Israel’s Pegasus: Is your phone a ‘24-hour surveillance device’?
The Pegasus scandal is the latest episode in the dystopian science fiction thriller that we are presently living.
Between June 2020 and February 2021, the iPhones of nine Bahraini activists – including two dissidents exiled in London and three members of the Bahrain Centre for Human Rights – were hacked using the Pegasus spyware that was developed by NSO Group, an Israeli cyber-surveillance firm regulated by Israel’s defence ministry.
The hackings were revealed in a new report from Citizen Lab at the University of Toronto, which has studied Pegasus extensively along with related nefarious modern phenomena.
As the Guardian notes, Pegasus is “perhaps the most powerful piece of spyware ever developed” and can turn a mobile phone into a “24-hour surveillance device” – harvesting messages, passwords, photos, internet searches, and other data and seizing control of the camera and microphone.
This can all be done via “zero-click” technology, meaning that one does not have to click on a compromised link or do anything else for one’s phone to become infected.
As if Bahraini human rights campaigners didn’t already have enough on their plates in a torture-happy kingdom before, you know, the full obliteration of the right to privacy.
And yet the Citizen Lab report is merely the latest episode in the dystopian science fiction thriller that we are presently inhabiting on earth.
In July, the Pegasus Project – a consortium of 17 media outlets working with Amnesty International and the Paris-based NGO Forbidden Stories – revealed a leaked list of more than 50,000 smartphone numbers from across the world. The majority of the numbers were concentrated in countries known to have been clients of NSO, suggesting that the list was a compilation of potential surveillance targets.
The Washington Post, one of the affiliated outlets, explained that 37 of the listed phones had thus far been confirmed as targets of attempted or successful hacking by Pegasus spyware. Among the phones’ owners were journalists, activists, and “the two women closest to Saudi columnist” Jamal Khashoggi, who was murdered by agents of the Saudi state on October 2, 2018.
Exactly one day before the murder, Citizen Lab had warned with “high confidence” that the phone of Omar Abdulaziz, a Saudi critic in Canada, had been infected by Pegasus. Abdulaziz, it turned out, was a close friend and frequent correspondent of Khashoggi.
And while NSO representatives vociferously deny complicity in any sort of wrongdoing ever, the list of coincidences goes on.
More than 15,000 of the 50,000 phone numbers, for example, were in Mexico – which holds the distinction of having been NSO’s first international client-slash-guinea pig in 2011. Reflecting on the fate of Mexican freelance reporter Cecilio Pineda, who was shot to death in a hammock after his number appeared twice on the infamous list, the Washington Post threw in the disclaimer: “It is unclear what role, if any, Pegasus’s ability to geolocate its targets in real time contributed to his murder”.
According to Reuters, Mexican government agencies signed contracts worth upwards of $160m with NSO Group between 2011 and 2018, primarily during the reign of right-wing President Enrique Peña Nieto. Thanks to the investment, Pegasus operators were able to target, inter alia, investigators looking into the forcible disappearance of 43 students in the state of Guerrero by Mexican security forces in 2014. Also targeted were the wife, children, and cardiologist of left-wing politician Andrés Manuel López Obrador, who has since succeeded Peña Nieto.
Back over in Bahrain, Citizen Lab has verified that five out of the nine recently hacked numbers appear on the Pegasus Project list. Although Bahrain and Israel only formally normalised relations last year, a bilateral affinity predated the official declaration of love, and the Bahraini government is believed to have added Pegasus spyware to its repressive arsenal in 2017.
To be sure, it is not difficult to see why the “most powerful piece of spyware ever developed” might come in handy in a place known for repressing, detaining, torturing, and killing protesters – not to mention revoking the citizenship of Bahraini nationals who are too committed to things like human rights, activism, journalism, and other threatening pursuits.
The United Arab Emirates (UAE), which also celebrated normalisation with Israel last year, has long been in bed with Israeli spying technology – as evidenced by a mass civil surveillance system called Falcon Eye installed in Abu Dhabi by an Israeli-owned company.
A 2015 Middle East Eye article quoted a source close to Falcon Eye on its functions: “Every person is monitored from the moment they leave their doorstep to the moment they return to it. Their work, social and behavioural patterns are recorded, analysed and archived”.
As if that were not Big Brother enough, the phone of the author of that article went on to end up – where else? – on the Pegasus Project list.
In 2016, meanwhile, analysts documented a Pegasus hacking attempt against decorated Emirati human rights defender Ahmed Mansoor, who is currently imprisoned for such heinous crimes as insulting the “status and prestige of the UAE”. What, after all, could possibly be criticised in a prestigious country where civil liberties have been wiped out and replaced with shopping malls and artificial islands – and where persons suspected of opposition to the arrangement are eligible for jail time, torture, and disappearance?
So much for NSO’s “Human Rights Policy”, which appears on the firm’s website and is said to entail “contractual obligations requiring NSO’s customers to limit the use of the company’s products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights”.
Ostensibly as an additional safeguard, the Israeli defence ministry must approve all sales of NSO spyware to clients across the globe.
Of course, given that Israel’s own definition of counterterrorism involves, like, bombing Palestinian civilians, it is not difficult to see how human rights might fall by the wayside.
Indeed, Israel’s unique position as an apartheid state and violent occupying power has given it a significant advantage in the export of traditional armaments as well as cybersecurity products and other repressive expertise, all battle-tested on real live Palestinians.
As of 2016, Israel already possessed the most surveillance companies per capita anywhere on the planet. And as the case of NSO and Pegasus illustrates, the private surveillance industry is able to soar to ever greater heights courtesy of an abundance of ex-Israeli military cyberspies keen to get in on the action in a lucrative and largely unregulated field.
In 2019, incidentally, Facebook-owned WhatsApp filed a lawsuit against NSO over hacking accusations – a legal fight that is ongoing and has since been joined by Microsoft and other tech giants. Never mind that several of these outfits have themselves been implicated in the censorship of Palestinian journalists and activists – or that Microsoft once invested in an Israeli facial recognition firm that was secretly surveilling West Bank Palestinians.
For similarly solid ethics, one need look no further than the August 4 Associated Press article specifying that the Oregon state employee pension fund was “one of the largest investors, if not the largest” investor in the private equity firm with majority ownership of NSO Group.
In its new report on Bahrain, Citizen Lab notes that “under the pretext of addressing COVID-19, the Bahraini government has imposed further restrictions on freedom of expression”. It is no doubt less than comforting, then, that Naftali Bennett – the ultra-right-wing former Israeli defence minister who in 2020 proposed enlisting NSO to fight the coronavirus – is now the prime minister of Israel.
And as Israel’s mission to normalise the annihilation of Palestinian rights proceeds alongside the normalisation of mass spying and the effective criminalisation of freedom of thought, we must not lose sight of the fact that none of this is really normal at all.
The views expressed in this article are the author’s own and do not necessarily reflect Al Jazeera’s editorial stance.