Pegasus spyware found on 5 French ministers’ phones

Many countries have decided to go deep into the issue by investigating the abuse of zero-click technology snooping on its citizens. The Supreme Court of India too indicated an intent to constitute a committee of technical experts to investigate the issue, writes MUDIT MATHUR

The global ramifications about the unauthorised use of military-grade most intrusive remotely hacking spyware – Pegasus attracted the spotlight after fresh revelations emerged of snooping of five French Ministers after French president, Emmanuel Macron, and international concerns about privacy and civil liberties in most of the democratic countries. Many countries have decided to go deep into the issue by investigating the abuse of zero-click technology snooping on its citizens against the basic human rights. As a journalist what is even more worrying is that sources and contacts may have been compromised, that these are violations not just of your privacy and private life, but of the larger freedom of the press.

The Supreme Court of India too indicated similar intent to constitute a committee of technical experts to investigate charges of acquiring “Pegasus” spyware and unlawfully abusing it for snooping and surveillance of the citizens. Several petitions were filed before the Indian Supreme Court disclosing alleged snooping target list that contain the names of one constitutional authority, two sitting cabinet ministers, prominent opposition leaders and people in their close proximity, business people, lawyers, student leaders, trade union leaders, Dalit-social-human rights defenders and uninfluenceable potent journalists who have been illegally spied upon by using most intrusive malicious spyware.

The last monsoon session of Indian Parliament was rocked with unruly protests over the exposé and BJP government did not allow any discussions over the issue citing national security reasons. But many democratic countries continue to express angst over imminent threat of digital war, crippling communication systems and many computerised and digitally controlled remote applications of war devises. Law makers have expressed their firm opinions before their representative parliament about potential danger to the privacy and freedom of expression.

Exposés surfaced in the global media about the German Federal Criminal Police Office (BKA) who secretly purchased the technology from the Israeli company NSO in 2019. In France, prosecutors are probing allegations that journalists from different media institutions including Le Monde, Agence France-Presse and FRANCE 24 were put under surveillance by Moroccan intelligence services using “Pegasus.” The French prime minister, Jean Castex, said the Élysée, French Presidency, had “ordered a series of investigations,” after vowing to “shed all light on the revelations.”

One of the 17 investigative media consortium “Mediapart” further collaborated that the phones of five current French cabinet ministers bore traces of Pegasus spyware citing the results of an analysis conducted by the country’s security agencies. The report confirmed that the phones of the ministers for education, territorial cohesion, agriculture, housing and overseas – Jean-Michel Blanquer, Jacqueline Gourault, Julien Denormandie, Emmanuelle Wargon and Sébastien Lecornu – showed traces of Pegasus, a military-grade spyware created by the Israel-based NSO group. The phone of one of Macron’s diplomatic advisers at the Élysée Palace had also been targeted, the report added.

European Parliament during last fortnight in Strasbourg, also discussed the scandal surrounding “Pegasus”, a spyware programme developed in Israel. Addressing at the beginning of a discussion before the EUMs, Didier Reynders, the bloc’s justice commissioner, while condemning hacking of political opponents and journalists, said, “Let me say right at the start that the commission totally condemns any illegal access to systems or any kind of illegal trapping or interception of community users’ communications. It’s a crime in the whole of the European Union.”

The EU must swiftly legislate to further protect the rights of activists, journalists and politicians following the Pegasus spyware scandal, and the perpetrators of illegal tapping must be prosecuted.

“The bloc is closely watching the Hungary investigation,” he added, urging for urgent action against Pegasus spyware. He informed that the EU’s executive branch was closely following an investigation by Hungary’s data protection authority into claims that Viktor Orbán’s far-right government had been among those targeting journalists, media owners and opposition political figures with invasive Pegasus spyware.

Last month, Hungary’s data protection authority, the NAIH said it had launched an official investigation into allegations about the Hungarian government’s use of the Pegasus software. At least five Hungarian journalists appeared on a leaked list reviewed by the Pegasus papers consortium. Also on the list was the number of the opposition politician György Gémesi, the mayor of the town of Gödöllő and the head of a nationwide association of mayors.

Didier Reynders told MEPs that the European Commission “totally condemned” alleged attempts by national security services to illegally access information on political opponents through their phones.

 “Any indication that such intrusion of privacy actually occurred needs to be thoroughly investigated and all responsible for a possible breach have to be brought to justice. This is, of course, the responsibility of each and every member state of the EU, and I expect that in the case of Pegasus, the competent authorities will thoroughly examine the allegations and restore trust,” Reynders said in the debate.

Reynders mentioned that it was already the case, as confirmed by the European court of justice, that governments could not “restrict the confidentiality and integrity of communications”, except in “very strictly limited” scenarios.  “In view of pending EU privacy regulation would further tighten the rules, and called for MEPs and the member states to urgently agree on the details of that new law in light of the spyware scandal,” he appealed.

Gwendoline Delbos-Corfield, an MEP in the Europe Ecologie Les Verts party, said, “So far, the Hungarian government still hasn’t reacted to the Pegasus project revelations. Neither transparency nor accountability has been brought to the public debate.”

In Washington, Democratic lawmakers have called on the Biden administration to consider placing NSO Group on an export blacklist and said recent revelations of misuse reinforced their conviction that the “hacking-for-hire industry must be brought under control.” The statement was released by four dominant lawmakers: Tom Malinowski of New Jersey, Katie Porter and Anna Eshoo of California, and Joaquin Castro of Texas.

They added that NSO had shown an “arrogant disregard for concerns that elected officials, human rights activists, journalists, and cyber-security experts have repeatedly raised.” They also singled out authoritarian governments like Saudi Arabia, Kazakhstan, and Rwanda, which are believed to have used NSO spyware and “make no distinction between terrorism and peaceful dissent.”

The statement came as a rare rebuke of an Israeli company by US members of Congress, who suggested that NSO Group should join the ranks of blacklisted companies like Huawei and Hikvision of China. “Private companies should not be selling sophisticated cyber-intrusion tools on the open market, and the United States should work with its allies to regulate this trade,” the lawmakers added. “Companies that sell such incredibly sensitive tools to dictatorships are the AQ Khans of the cyber world. They should be sanctioned, and if necessary, shut down.”

A consortium of 17 media outlets, including the Wire and the Guardian, had revealed in July this year that global clients of the Israeli surveillance firm NSO Group had used hacking software to target human rights activists, journalists and lawyers. The investigation was based on forensic analysis of phones and analysis of a leaked database of 50,000 numbers, including that of the French president, Emmanuel Macron, and European Council president, Charles Michel, along with other heads of state and senior government, diplomatic and military officials. Indian business people, lawyers, student leaders, trade union leaders, Dalit-social-human rights defenders and uninfluenceable potent journalists were also identified in the snooping targets among 34 countries.

The Indian government had declined to give detailed response to the contents of series of petitions filed by various eminent public figures complaining infringement of their fundamental rights through unlawful snooping of their mobile phones, abusing most intrusive spyware “Pegasus” developed by NSO group of Israel. It became murky when NSO group stated that it sells its powerful surveillance software to government clients around the world to track terrorists and criminals.