Ziryan Aziz explores how spyware has been used to hack the phones of hundreds of politicians, journalists and activists, signalling an unsettling lack of progress in digital privacy.
Photo by Bernard Hermant
At the beginning of November, the Biden administration placed the NSO Group, a company which manufactures spyware products, on its ‘entity’ list, effectively blacklisting the company in the US.
Described as being involved in “activities that are contrary to the national security or foreign policy interests of the United States”, the move is in response to a scandal from July, when a leaked database of 50,000 phone numbers revealed that numerous government officials, journalists, political opponents, activists, and lawyers across the globe had been targeted with the company’s signature spyware, Pegasus.
In light of these revelations, American whistle-blower Edward Snowdon has called for a total ban on the global spyware trade. Speaking to The Guardian in July, he stated that the sale of spyware is “an industry that should not exist”, and warned that if no action is taken the number of people targeted could grow exponentially.
The NSO Group & Pegasus
Spyware is a form of software that is installed on a user’s device without their knowledge or consent. This malicious software can then be used to steal internet data, track online and physical locations, and collect sensitive information such as banking details and passwords, all without the user being aware.
Based in Israel, the NSO Group develops and sells surveillance products internationally. Its flagship spyware product, Pegasus, can access both Android and iOS devices, and can hack a victim’s email, WhatsApp messages, photos, as well as record audio, and activate a device’s camera.
Shalev Hulio, founder and CEO of NSO Group, has conceded that “in some circumstances our customers might misuse the system,” though he maintains that Pegasus is exclusively sold to government clients, law enforcement, and intelligence agencies, and is only intended to be used in tackling crime and terrorism. Whilst the company insists that their customers are vetted for a good track record of human rights, Pegasus continues to be sold to oppressive regimes around the world.
High-Profile Victims
Some 600 Politicians, 189 journalists, 85 human rights activists and 64 business executives were amongst the 50,000 hacked. High profile names include the fiancé of the murdered Saudi journalist, Jamal Khashoggi, whose phone was hacked after her fiancé’s death. The NSO Group continued to do business with Saudi Arabia, despite the strong indication that his murder was orchestrated by the Crown Prince of the country.
Multiple world leaders also count among the 50,000 victims, including French president Emmanual Macron, alongside Imran Khan, prime minister of Pakistan and Cyril Ramaphosa, president of South Africa.
The first female editor of the Financial Times, Roula Khalaf, was allegedly targeted by the United Arab Emirates (UAE). Princess Latifa, who claimed that she was held hostage by her father, the Prime Minister of the UAE, was also a target, alongside the ruler’s ex-wife.
Edward Snowdon
Today, Edward Snowdon is best known as the whistle-blower who exposed the invasive nature of mass surveillance programs conducted by global intelligence agencies, as well as igniting a public discourse on digital privacy.
Born in North Carolina in 1983, Snowdon’s academic journey started when he dropped out of high-school due to illness, before taking up computing courses at community college in 1999. After briefly training with the US Army in between college, Snowdon graduated in 2004, and landed his first job as a security guard for the University of Maryland's Center for Advanced Study of Language. The centre had ties to the NSA, but in 2006, he joined the Central Intelligence Agency (CIA).
Working within the field of IT security, Snowdon was later posted to Switzerland in 2007. He later revealed that “Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world.” Resigning from the CIA in 2009, Snowdon first began working for Dell as a subcontractor at an NSA facility in Japan, then later Hawaii. It was during this time that Snowdon began downloading large quantities of NSA documents which detailed activities he found troubling.
After what he describes as a “breaking point” – seeing the Director of National Intelligence lie on oath of Congress – Snowdon left Dell and joined the subcontractor, Booz Allen Hamilton, with the intention of collecting as many NSA documents as he could. Convincing his supervisor that he needed medical leave, Snowdon boarded a flight to Hong Kong on the 20 May and met with journalists from The Guardian newspaper and the filmmaker Laura Poitras.
From his hotel room, Snowdon divulged large quantities of NSA secrets with the journalists and took part in a series of interviews. In June 2013, The Guardian began to publish Snowden’s revelations. The news made international headlines and Snowden chose to make himself publicly known as the whistle-blower. In response, the US government called for his arrest and extradition back to the US on charges of espionage.
Evading capture in Hong Kong, Snowdon fled to Russia with the aim of seeking asylum in Ecuador, but became stranded in Moscow airport for 39 days when his passport had been annulled by the US government. He was eventually granted temporary asylum in Russia, where he, alongside his wife and son remain today, with the hope of one day returning to the US.
Surveillance & Privacy Today
The findings of the Pegasus leak have only added to growing concerns that the digital privacy rights of internet users are increasingly being ignored. More recently, popular tech giants have stirred up controversy for their plans to tackle the trade of explicit content of child sexual abuse.
A report by ProPublica in September detailed how Facebook and its subsidiary, WhatsApp, have been sharing its users’ messages between the different platforms, despite Facebook CEO Mark Zuckerberg testifying that “We don’t see any of the content in WhatsApp.” A spokesperson from WhatsApp has stated that this is limited to complaints and content that violates the company’s standards.
This August, Apple revealed that they would be adding to their US products a tool called ‘neuralMatch’, which would enable the company to scan images on devices and compare them to a police database of missing and exploited children. Apple stresses this is an effective way of combatting the spread of child sexual abuse material (CSAM), but there are concerns that the technology could be abused by repressive regimes abroad, facilitating human rights abuses.
Striking a balance between our collective security and our privacy is an age-old conundrum that has run through the ages, continuously debated in the public discourse. However, with the rise of spyware, mass surveillance programs and data collected on every aspect of our lives, running parallel to our democratic systems, serious questions and equally serious answers are needed for us to decide the value of our right to privacy when the line between the digital and real world is increasingly unclear.
We are a not for profit socio-ethical impact initiative advocating for topics that matter, whilst supporting wider planetary change and acknowledgement. Support our journalism by considering becoming an advocate.
Comentários