We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Hacked by Pegasus spyware: The human rights lawyer trying to free a princess
In April 2021, David Haigh, a human rights lawyer who'd been fighting to free Dubai’s detained Princess Latifa, received a shocking notification from investigators at The Guardian and Amnesty International: his phone was likely infected with Pegasus spyware. Forensic analysis confirmed that Haigh was the first confirmed British citizen to be hacked by Pegasus, a military-grade spyware created by Israel’s NSO Group that’s licensed to governments all over the world and used for covert surveillance.
Haigh was targeted by a foreign government, likely the ruler of Dubai, but his story isn’t unusual: Over 80% of all internet users are infected with some form of spyware, according to the US National Cyber Security Alliance.
For the first episode of “Caught in the Digital Crosshairs: The Human Impact of Cyberattacks,” a new video series on cybersecurity produced by GZERO in partnership with Microsoft, we spoke to Haigh and Kimberly Ortiz, a cyber security expert, to learn more about the threat of invasive spyware and best practices for cybersecurity, and how you can prevent similar attacks from happening to you.
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- Hard Numbers: Thais come clean on Pegasus, Salvadoran emergency extended, Tunisian pol questioned, Chinese boycott mortgages ›
- What We're Watching: Dry China, UK inflation forecast, Pegasus spyware shakeup ›
- Digital peace: Trust and security in cyberspace ›
Spyware concerns prompt US Congress to move toward sanctions
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
After years of inaction from lawmakers, there are now louder and louder calls in Congress for sanctions of spyware companies. Even those from Israel, which is remarkable because it has a strong surveillance industry, but also has been a strong ally for the United States.
What is on US lawmakers' sanction list?
Well, a number of members of Congress are calling on the Treasury and state departments to sanction NSO Group, as well as three other companies. And they're responding to the growing alarm about human rights abuses that these technologies, and so these companies are enabling. Their tools are sold as counterterrorism kits, but instead governments around the world are deploying spyware against critics, journalists, or human rights defenders. Besides the notorious NSO Group, the UAE-based company, DarkMatter, and European companies Nexa Technologies and Trovicor are in focus on Capitol Hill. And it's remarkable that after decades of allowing spyware companies to flourish, the recent revelations of infiltration of the phones of US diplomats, as well as broader concerns over the proliferation of commercial intelligence broker seems to have caused the current tipping point. But my hope is that beyond ad hoc sanctions to individual companies, US lawmakers, along with their partners around the world, will adopt a binding ban on all similar systems, which damage has become completely disproportionate to the shallow promises of security benefits.
US, NATO, & EU condemn China's Microsoft hack; Pegasus spyware leak
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
The US, NATO, and the EU have all condemned China for its hack of Microsoft Exchange servers. What happens next?
Now, the joint statement sends a strong signal, but there are operational steps that need to be clarified. Firstly, why was it possible to hack Microsoft servers at all and how to close the gaps to make software more resilient? Additionally, governments making statements condemning China or others are well-advised to attach consequences to such attributions. Sanctions of the economic, financial or immigration type, as well as restrictions on state-owned enterprises, should all be on the table. Certainly, clear criteria need to be there with regard to responsible behavior and the application of international law in cyberspace.
What do we know about the Pegasus spyware leak?
Now, on the one hand, we have known about the toxic surveillance and spyware market for over a decade. But the Pegasus Project provides new and important insights into the targets of Israeli spyware company NSO Group. It is impossible to consider those targets, journalists, human rights defenders, politicians, even President Macron, to be suspects of terror or crime. But that is how NSO defends the sales of intelligence-grade technology around the world, including to the rulers of Saudi Arabia with their dismal record of human rights violations. So it is now crystal clear that claims stating that these spyware systems are for targeted and controlled purposes are false and that the spyware and surveillance sector is out of control. I can only hope that democratic governments will draw a line and stop this market from running out of control even further once and for all.