Governments Use Spyware to Target Activists, Journalists, and Heads of State

Zoomed in shot of phone camera lens.

According to collaborative media reports, authoritarian governments have been using Pegasus hacking spyware to target political opposition, journalists, and activists around the globe. NSO, the $1 billion Israeli cyber surveillance company that sells the phone spyware, called the reports “false claims,” saying their surveillance tools are only intended to track criminals and terrorists.

Leaked List of Political Targets

Pegasus is military-grade spyware. Once installed on an iPhone or Android phone, it’s able to turn on a user’s camera or microphone to record video or audio or take photos. It can also turn on GPS and track an individual’s location. NSO states that Pegasus provides “authorized governments with technology that helps them combat terror and crime,” though critics have said it can be used by authoritative governments to target dissidents.

French journalism nonprofit Forbidden Stories and human rights group Amnesty International released a leaked list of 50,000 phone numbers believed to be potential targets of government surveillance. This included journalists, human rights lawyers, businesspeople, and heads of state. Though the outlets didn’t say how they had obtained the leaked data — or how many phones had actually had the malware installed — they did claim that the phone numbers were potential targets for future surveillance by NSO clients.

The initial reporting and research by Forbidden Stories, as well as the technical research done by Amnesty International, was part of a much larger investigative effort called the Pegasus project. Over seventeen media outlets including the Guardian, the Washington Post and Le Monde investigated leads and were able to identify around 1,000 people in 50 countries whose numbers appeared on the list.

Over 180 journalists from media companies like the New York Times, the Wall Street Journal, and CNN were identified. Reports also said many of the people were located in Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates.

Warning on iOS Zero-click iMessage Exploit Attack

Following reports of the leak, Amnesty International and Citizen Lab researchers said that Pegasus exposed a “zero-click” vulnerability in iOS’s latest version. “Zero-click” means that hackers can deploy malware without the victim having to click any malicious links. Apple’s iOS sometimes automatically runs data in iMessages and attachments — even from people the user doesn’t know — which can put them at risk.

Citizen Lab had previously reported that Pegasus hackers use zero-click exploits in iMessage. Though patches have been released in new versions of iOS, Bill Marczak — a researcher at Citizen Labs who has studied NSO’s hacks for years — said it exposed “major” issues. He told Forbes that the vulnerability is a “recipe for disaster,” and that Apple needs to institute a private messaging feature like Facebook or Twitter where messages from strangers are hidden.

Though Apple has become quite well-known for its focus on user privacy, it doesn’t quite seem to be hitting the mark in this area.

How Can You Detect Pegasus Spyware on Your Phone?

Amnesty Tech, a division of Amnesty International, has released a toolkit that lets you scan your iPhone or Android device for Pegasus spyware. It only operates on a Mac or Linux OS, and is not a particularly user-friendly program. Here are the detailed instructions on how to install it and use it to analyze your phone.

Unfortunately, for the average user, it’s nearly impossible to tell if Pegasus has infected your device. When nearly 1,400 phones were injected with Pegasus malware in a similar exploit to WhatsApp in 2019 (exploiting Whatsapp video calls) the only way users knew they had been affected was through an update from the messaging app. Facebook is currently pursuing legal action against the NSO Group over the incident.

There are, however, some hints you can look out for:

  • Slow, sluggish computer speeds are a sign of spyware. If you’re consuming more data than usual in your online activities, it could be a sign your activity is being sent to a third party.
  • Check for apps and make sure nothing’s been downloaded that you don’t remember downloading.
  • Look out for excessive pop-up ads. They’re another signal of spyware infestation.

Cybersecurity analysts and experts have said the only surefire way to completely remove Pegasus is to throw away or destroy the phone altogether. Citizen Lab said even wiping and resetting your phone to its factory settings may not completely remove the spyware. Once you’ve replaced the device, you should unlink all your cloud accounts, change any passwords you used, and make sure all your apps and software are up to date.

Tech journalist
Taylor is a tech writer and online journalist with a special interest in cybersecurity and online privacy. He’s covered everything from sports and crime, to explosive startups, AI, cybercrime, FinTech, and cryptocurrency. For VPNOverview.com he follows news and developments in online privacy, cybersecurity, and internet freedom.