UK government networks infected with Pegasus, research group claimsLeigh Mc Gowranon April 19, 2022 at 07:59 Silicon RepublicSilicon Republic


The UK government was informed that multiple suspected instances of Pegasus spyware was discovered in its networks between 2020 and 2021, according to internet research group Citizen Lab.

In a statement yesterday (18 April), Citizen Lab claimed networks within the prime minister’s residence of 10 Downing Street and the Foreign and Commonwealth Office (FCO) had suspected infections of the notorious spyware during this period.

Citizen Lab said the suspected 10 Downing Street infection was connected to a Pegasus operator linked with the United Arab Emirates (UAE). The suspected FCO attack was linked to operators in the UAE, India, Cyprus and Jordan.

As there is staff working around the world for the FCO and its successor office, the Foreign Commonwealth and Development office, Citizen Lab said the suspected infections could be related to FCO devices foreign SIM cards in other countries.

“The United Kingdom is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy, as well as redress for spyware victims,” Citizen lab director Ron Deibert said in a statement. “We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware.”

Pegasus spyware was developed by Israel’s NSO Group, which creates surveillance technology that can be used to track targeted iOS and Android users. NSO claims its products are used by government intelligence and law enforcement agencies to prevent and investigate serious crime and terror incidents.

But the group made headlines last year when an investigation claimed the Pegasus spyware was abused and used to target journalists, activists and government officials.

Citizen Lab also said Pegasus was used to target dozens of individuals in Catalan, including legislators, EU Parliament members and presidents of the north-eastern Spanish region.

NSO group has denied the allegations in both cases. A spokesperson told the Guardian: “NSO continues to be targeted by a number of politically motivated advocacy organisations like Citizen Labs and Amnesty to produce inaccurate and unsubstantiated reports based on vague and incomplete information.

“We have repeatedly cooperated with governmental investigations, where credible allegations merit. However, information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons,” the spokesperson said.

Catalans targeted with spyware

Citizen Lab said it identified at least 65 individuals linked to the Catalan independence movement who were targeted by mercenary spyware. 63 were targeted with Pegasus while others were infected with Candiru, “another mercenary hacking company”.

Almost all of the incidents occurred between 2017 and 2020, though one instance of targeting was observed in 2015, according to the research group. A Catalan independence referendum took place in Spain in 2017.

“We do not conclusively attribute the targeting to a specific government, but extensive circumstantial evidence points to the Spanish government,” Citizen Lab said in a statement.

Catalan leader Pere Aragonès said on Twitter that the surveillance operation on the Catalan independence movement “is shameful and unjustifiable”.

“It is a very serious attack on democracy and fundamental rights,” Aragonès tweeted yesterday.  “Another example of repression against a peaceful and civic movement. We will take all necessary steps.”

The massive surveillance operation against the Catalan pro-independence movement is shameful and unjustifiable. It is a very serious attack on democracy and fundamental rights. Another example of repression against a peaceful and civic movement. We will take all necessary steps.

— Pere Aragonès i Garcia (@perearagones) April 18, 2022

The Canadian research group said it identified a previously-undisclosed ‘zero-click’ vulnerability on iOS devices, which it is calling Homage. Zero-click means it does not require any user interaction for an attack to be successful. The group claims this vulnerability was exploited on devices with iOS versions earlier than 13.2.

“We are not aware of any zero-day, zero-click exploits deployed against Catalan targets following iOS 13.1.3 and before iOS 13.5.1,” Citizen Lab said.

Citizen Lab said it does not believe up-to-date iOS devices are at risk and has reported the exploit to Apple.

Another zero-click exploit called ForcedEntry was discovered on iOS devices last year by Citizen Lab. The group claimed this exploit was used by NSO Group to infect the phone of a Saudi Arabian human rights activists.

Apple released a set of updates to fix the exploit and sued NSO Group last Novemeber, in a bid to “hold it accountable for the surveillance and targeting of Apple users”.

Last February, the EU’s data protection watchdog called for a ban on the development and use of Pegasus spyware following revelations of its potential impact on privacy rights.

“Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy,” the European Data Protection Supervisor said in a report published on 15 February. “This fact makes its use incompatible with our democratic values.”

UK Prime Minister Boris Johnson in 2020. Image: Pippa Fowles / No 10 Downing Street via Flickr (CC BY-NC-ND 2.0)

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

The post UK government networks infected with Pegasus, research group claims appeared first on Silicon Republic.

Leave a Comment