Pegasus is Watching

In Greek mythology, Pegasus is a winged horse and the servant of the Greek god, Zeus. In late antiquity, Pegasus’ flight was also interpreted as an allegory of the soul’s immortality. In modern times, it has been seen as a symbol of poetic inspiration. However, the Pegasus that has been making international news in recent weeks is not the stuff of Greek mythology, immortality, or poetic inspiration.

Pegasus is the hacking software, or spyware which has been marketed and licensed to several governments around the world by an Israeli company called the NSO Group. It has been revealed that Pegasus can infect billions of phones running either iOS (Apple Inc.) or Android operating systems.

The Guardian describes Pegasus as “perhaps the most powerful piece of spyware ever developed,” at least by a private company. Some of the capabilities associated with Pegasus include the ability to copy messages (both sent and received); harvest photos and address books; record conversations; extract call logs and files; exfiltrate internet browsing histories; and spy via a phone’s camera. Essentially, once installed on a phone, Pegasus’ capabilities are near omnipotent.

The “Pegasus Project,” a journalistic collective that includes The Guardian, Le Monde, The Washington Post, and several other established global news outlets, claims to have obtained a leaked list of more than 50,000 names slated for phone hacking with Pegasus. The French public broadcaster RFI has referred to these revelations as a “gigantic scandal of espionage” that has “provoked indignation, criticism, and diplomatic tensions.”

Journalists, human rights activists, political opponents, businesspeople and even heads of state have been reported as targets of Pegasus. “The Pegasus Project” uncovered evidence that the phone numbers for 14 heads of state, including French President Emmanuel Macron, Pakistan’s Imran Khan and South Africa’s Cyril Ramaphosa, as well as hundreds of government officials, were selected as people of interest by clients using the spyware.

Of course, it is important to note that the NSO Group has denied the many allegations against its software. The allegations have also not been independently verified. NSO Group maintains that its technology is used exclusively by intelligence agencies to track criminals and terrorists. According to NSO Group’s Transparency and Responsibility report, released in June 2021, the company has 60 clients in 40 countries around the world. In the report, NSO asserts that “[Pegasus] is not a mass surveillance technology, and only collects data from the mobile devices of specific individuals, suspected to be involved in serious crime and terror.”

Nonetheless, true or not, the allegations against NSO do raise some important questions around cybersecurity and individual liberties as broader, systemic problems, which go beyond Pegasus. For instance, on May 7, 2021, Colonial Pipeline, an American oil pipeline system that carries gasoline and jet fuel mainly to the South-eastern United States (US), was attacked by ransomware. Colonial’s computer equipment which managed the pipeline were attacked, forcing the company to shut down the pipeline as a precaution. Colonial was then forced to pay a ransom to the hackers of roughly US$4.4 million to regain control of its systems.

On individual liberties, the targeting of journalists, public officials and activists is a sign that no one is safe from the nefarious snooping of questionable actors. Steve Coll, writing for The New Yorker, argues that this “is a bad sign for the arc of global politics.”

Whether it is Pegasus or the kinds of attacks which targeted Colonial Pipeline, these threats demonstrate the vulnerability of vital public infrastructure, individuals and businesses to cyber threats. Especially for a small state, a single cyber-attack can bring a country to a halt, especially if there is an attack on critical infrastructure such as energy, telecommunications or the financial services sector. Therefore, the need for businesses and governments to be vigilant and proactive becomes self-evident. Beyond this, as Coll proffers, world governments might also want to rein in the sales of private spyware through effective worldwide regulation.

l Joel K Richards is a Vincentian national living and working in Europe in the field of international trade and development.
Email: joelkmrichards@gmail.com