Citizen Lab says UK’s number 10 and Foreign Office network was suspected to have been infected with Pegasus spyware, with allegation of UAE link
The infamous Pegasus spyware from NSO Group is once again the headlines, after it was alleged the UAE may have used it on Downing Street and Foreign Office computer systems.
Security researchers at Citizen Lab at the University of Toronto on Monday announced on Monday that the UK Prime Minister’s Office (10 Downing Street), and the Foreign and Commonwealth Office (FCO) may have been infected by Pegasus in 2020 and 2021.
NSO’s Pegasus spyware was sold mostly to governments for law enforcement purposes, but once its use for intelligence purposes was uncovered, it led to a huge outcry. In February the FBI made the startling admission that it obtained NSO Group’s powerful Pegasus spyware.
The FBI had purchased Pegasus during the administration of former President Donald Trump, and bought access to the surveillance tool to “stay abreast of emerging technologies and tradecraft,” and had not used it in support of any FBI investigation.
And now Citizen Lab has alleged Pegasus was suspected to have been used to the 10 Downing Street and Foreign Office network.
“The Citizen Lab’s core mission is to undertake research on digital threats against civil society,” said the researchers. “During the course of our investigations into mercenary spyware, we will occasionally observe cases where we suspect that governments are using spyware to undertake international espionage against other governments.”
“The vast majority of these cases are outside our scope and mission,” it said. “However, in certain select cases, where appropriate and while preserving our independence, we decide to notify these governments through the official channels, especially if we believe that our actions can reduce harm.”
“We confirm that in 2020 and 2021 we observed and notified the United Kingdom government of multiple suspected instances of Pegasus spyware infections within official UK networks,” said Citizen Lab.
Citizen Lab said that suspected infections relating to the FCO were associated with Pegasus operators that we link to the UAE, India, Cyprus, and Jordan.
The suspected infection at the UK Prime Minister’s Office was associated with a Pegasus operator we link to the UAE.
“The United Kingdom is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory issues surrounding cyber policy, as well as redress for spyware victims,” said Citizen Lab.
“We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware,” it said. “Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK Government was aware of the ongoing spyware threat, and took appropriate action to mitigate it.”
Prime Minister Boris Johnson has reportedly been informed of the matter.
The Citizen Lab claims are linked to an investigation by the New Yorker magazine which examined the targeting of individuals associated with the Catalan independence movement in Spain.
The Citizen Lab said it identified at least 65 individuals who were targeted or infected, including members of the European Parliament, Catalan presidents, and other officials.
The New Yorker reported that in the UK, a number of official phones were tested including those of the prime minister. However, it was not possible to establish which device was infected or if any data was compromised.
The case is also thought to have involved FCO staff overseas, using foreign SIM cards, the report alleges.
Once deployed, the user of Pegasus spyware can take complete control of a person’s phone, accessing messages, intercepting phone calls and using the phone as a remote listening device.
However NSO has denied the allegations that its tools were used to spy on the UK government.
An NSO spokesperson told Reuters the allegations are “false and could not be related to NSO products for technological and contractual reasons”.
A British government spokesperson meanwhile was quoted as saying “we don’t routinely comment on security matters”.
In December it was reported that NSO was allegedly exploring its strategic options that included shutting down its controversial Pegasus unit or selling the entire company.
A noted security expert said government officials need to take precautions, which includes keeping mobile devices away from government meetings.
“Governments often use spyware to carry out international espionage against other governments but like with any weapon art, it can also be lethal in the wrong hands,” noted Jake Moore, global cyber security advisor at ESET.
“Once the software is placed on a device it can copy messages, view photos, record phone calls, and even secretly view the user via the phone’s camera and both Android and Apple phones are vulnerable,” said Moore.
“This makes it extremely dangerous and powerful in surveillance attacks leaving targeted victims in the dark,” said Moore. “Pegasus can be installed on phones via a simple text message or through exploiting vulnerabilities on devices that can even deploy without requiring the user to click anything.”
“High profile people must be aware of the ease at which this can occur and must take precautions such as using a second device for official business and hold private meetings away from any device where possible,” Moore concluded.
NSO is currently engaged in a legal battle with WhatsApp, after Facebook sued NSO in October 2019 when it alleged NSO was behind the cyberattack that infected WhatsApp users with advanced surveillance hacks in May 2019.
Apple also sued NSO in November last year, alleging NSO engaged in surveillance and targeting of iPhone users in the US.
In November 2021, the Biden administration placed NSO on its Entity List, due to the furore surrounding the Pegasus spyware.