How Pegasus compromised the UK government phone systems

by Giuseppe Gagliano

Telephone systems belonging to the British government have been compromised by Pegasus surveillance software, according to a Canadian research group. The allegation was made Monday in a New Yorker investigative report that focuses on NSO Group Technologies, an Israeli digital surveillance company headquartered near Tel Aviv. The company is behind the development of Pegasus, which is arguably the most powerful telecommunications surveillance software available in the private sector. Pegasus is able to install on targeted phones without requiring its users to click on a link or download an application. Upon installation, the software provides almost complete control of a targeted phone. This includes the ability to browse the device's contents, such as photos and videos, record conversations, as well as activate the phone's built-in microphone and camera at any time, without the user's consent or knowledge. According to the New Yorker, information on the use of Pegasus software against British government telephone networks was leaked by the Citizen Lab, a research unit at the University of Toronto's Munk School of Global Affairs and Public Policy, which focuses on information technology, international security and human rights. The research unit said it notified the UK government in 2020 and 2021 that a number of its telephone networks had been infected with Pegasus software. The compromised networks were allegedly used by officials from the Foreign and Commonwealth Office, as well as 10 Downing Street, which houses the prime minister's office. The article states that this operation is attributable to users in the United Arab Emirates, as well as users in India, Cyprus and Jordan. This does not necessarily mean that malicious actors from these countries have broken into the British government's telephone systems. These could be spies from third countries operating abroad; alternatively, there may be a link to unsuspecting British diplomats, whose government cell phones have been compromised by Pegasus in foreign countries. Citizen Lab said it couldn't be sure what kind of data might have been compromised due to the penetration. NSO Group Technologies was among two Israeli companies that the US Department of Commerce placed on a sanctions list in November 2021. According to a statement released by the US government, the two companies engaged "in activities that [ were] contrary to national security or US foreign policy interests. "