In the context of the Pegasus Project (the international investigative journalism project which aims to reveal the illegal spying abuses by the governments of various countries on its journalists, activists and opposition parties using the Israel based NSO company’s Pegasus spyware), the renowned journalist and whistleblower, Edward Snowden, in an interview with the Guardian said that the consortium’s findings illustrated how commercial malware had made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance.
Snowden said that for traditional police operations to plant bugs or wiretap a suspect’s phone, law enforcement would need to “break into somebody’s house, or go to their car, or go to their office, and we’d like to think they’ll probably get a warrant.”
While with the commercial spyware, which is also cost-efficient for targeted surveillance against vastly more people. “If they can do the same thing from a distance, with little cost and no risk, they begin to do it all the time, against everyone who’s even marginally of interest,” said Snowden.
“If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect.”
He said that part of the problem arose from the fact that different people’s mobile phones were functionally identical to one another. “When we’re talking about something like an iPhone, they’re all running the same software around the world. So if they find a way to hack one iPhone, they’ve found a way to hack all of them.”
He also said that the companies were commercialising vulnerabilities in widely used mobile phone models to an industry of “infectioneers” deliberately trying to develop new strains of disease.
“It’s like an industry where the only thing they did was create custom variants of Covid to dodge vaccines,” he said. “Their only products are infection vectors. They’re not security products. They’re not providing any kind of protection, any kind of prophylactic. They don’t make vaccines – the only thing they sell is the virus.”
He said commercial malware such as Pegasus was so powerful that ordinary people could in effect do nothing to stop it. Asked how people could protect themselves, he said: “What can people do to protect themselves from nuclear weapons?
“There are certain industries, certain sectors, from which there is no protection, and that’s why we try to limit the proliferation of these technologies. We don’t allow a commercial market in nuclear weapons.”
He said that the only viable solution to the threat of commercial malware was an international moratorium on its sale. “What the Pegasus project reveals is the NSO Group is really representative of a new malware market, where this is a for-profit business,” he said. “The only reason NSO is doing this is not to save the world, it’s to make money.”
He added that a global ban on the trade in infection vectors would prevent commercial abuse of vulnerabilities in mobile phones, while still allowing researchers to identify and fix them.
“The solution here for ordinary people is to work collectively. This is not a problem that we want to try and solve individually, because it’s you versus a billion dollar company,” he said. “If you want to protect yourself you have to change the game, and the way we do that is by ending this trade.”
In India, the investigation reveals, around 40 journalists, three opposition party members and many academics and activists were spied upon using the spyware. A new Guardian article also claims that “The selection of Indian numbers largely
commenced around the time of Modi’s 2017 trip to Israel, the first visit to the country by an Indian prime minister and a marker of the burgeoning relationship between the two states, including billions of dollars in deals between Delhi and Israeli defence industries.” The article said that it was days before this visit that Indian targets had started being
selected.
After the Pegasus project went viral in the public domain, the founder and chief executive of NSO – Shalev Hulio has said that he continued to dispute that the leaked data “has any relevance to NSO.” He added that he was “very concerned” about the reports and promised to investigate them all. “We understand that in some circumstances our customers might misuse the system,” he said.