Tech News : Pegasus Spyware Discovered In Downing Street  

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

April 26, 2022

The University of Toronto’s Citizen Lab has reported finding evidence that Pegasus spyware was being used to listen-in on UK government networks for 10 Downing Street and the Foreign and Commonwealth Offices (FCO) in 2020 and 2021. 

Pegasus 

Pegasus spyware is sold by Israeli-based NSO Group to governments to carry out surveillance by infecting phones with malicious surveillance software. Pegasus is essentially a complete surveillance toolkit that’s generally sold to nation states at prices that could be millions of US dollars. The software can extract the contents of a phone, give the operator access to any texts, photographs, the camera, and the microphone. This gives the Pegasus operator the ability to conduct real-time surveillance, e.g. of private meetings. Pegasus is used for several surveillance purposes, e.g. by law enforcement tracking criminals, or for authoritarians / governments listening-in on people of interest such as journalists and activists as a way of quashing dissent. For example, Spain has recently been reported as being implicated in the use of Pegasus (and Candiru) to spy on 65 individuals related to Catalonia’s government. 

Who Was Listening? 

The Citizen Lab has reported that the suspected infections related to the FCO were associated with Pegasus operators linked to the United Arab Emirates (UAE), India, Cyprus, and Jordan. Also, the suspected infection at the UK Prime Minister’s Office has been linked to the UAE. 

How Did They Get Infected With Spyware? 

According to The Citizen Lab, it is because the UK Foreign and Commonwealth Office and its successor office, the Foreign Commonwealth and Development office (FCDO), have personnel in many countries. The suspected FCO infections may, therefore, have related to FCO devices located abroad and using foreign SIM cards. This is a similar situation to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021. Citizen Lab has also concluded that Pegasus was used to infect a device connected to 10 Downing Street’s network and the office of Prime Minister Boris Johnson on July 26 and 27, 2020. It was the servers to which the data was transmitted which led The Citizen Lab suspects to suspect that the UAE was most likely behind the hack. 

In addition to the Downing Street infection, Citizen Lab reports that phones connected to the Foreign Office were hacked using Pegasus on at least five occasions, from July, 2020, through June, 2021. 

NSO Says.. 

NSO Group, the makers of the surveillance software are reported to have said that the recent allegations about the use of its software are false and that organisations like The Citizens Lab are politically motivated, and their reports may be inaccurate. 

What Does This Mean For Your Business? 

Pegasus is known to be widely used by governments and agencies around the world and has legitimate uses e.g., tracking criminals. However, its ability to provide real-time surveillance and the difficulty in detecting it are likely reasons why it appears to have been used for many less savoury purposes and surveillance linked to repression. It is, of course, worrying that it could be so easy for (allegedly) other states to listen-in on Downing Street and the UK Prime Minister, the implications of which we don’t yet fully know.  Research fromfrom Amnesty International and Citizen Lab suggest that ways individuals can avoid infection by Pegasus includes rebooting the device daily (to clean it), disabling iMessage and Facetime (exploitation vectors), keeping the device up to date with the latest patches, and never clicking on unsolicited links in SMS or email messages.

You May Also Like…

0 Comments

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.