Pegasus Review by Laurent Richard – Spyware Hiding in Plain Sight | Science and nature books

wThe hen asked what superpower they would like, many people choose invisibility. The desire to be able to spy on others unnoticed calls for something in our nature: the desire to know without punishment.

The arrival of the mobile phone, and then the smartphone, brought the invisible power of censorship to governments willing to pay the relatively small cost – some millions of pounds – of licensing invasive software that would silently monitor the phone. The most common of them (that we know of) are called PegasusCreated by an Israeli company called NSO.

Pegasus originally arrived in the form of a text message from an unfamiliar number. If the recipient clicks on it, the phone will be infected. Later versions did not need this interaction: The text message alone could be the infection factor. The phone then became a gateway for government observers: they could download any content, surreptitiously turn on a camera or microphone, and listen in on any call. The infection persisted until the phone rebooted – at which point the controllers would notice, and send another infection message.

The basic problem with Pegasus is the problem with any superpower: It’s too easy, and so tempting, to abuse. NSO, and especially its CEO, has publicly insisted that sales are conditional on using the software to target criminals only. (And you never know US phone numbers; NSO knows not to piss off the bigger beast.) But many authoritarian countries, and those teetering on the brink, see telling the truth as a criminal act — and so they target journalists and lawyers, too.

NSO indicates that it could not know which individuals were targeted. Pegasus’ opening seems to contradict this: Two journalists, Laurent Richard and Sandrine Rigaud of French investigative journalism outlet Forbidden Stories, receive a list of 50,000 phone numbers from around the world with a vague string of dates and times attached. As they discovered, the numbers, dates, and times correspond to cell phones in multiple countries, and the time of attempted or successful infection. (The timing of the infusion curiously overlaps A case heard in London In 2021, during which it appeared that Pegasus was being used to spy on the British lawyer, Baroness Shackleton, and her client, Princess Haya, who was seeking a divorce from Sheikh Mohammed bin Rashid Al Maktoum, ruler of Dubai).

The book focuses on how the duo first built a team that could identify who had been targeted and then coordinated with media partners, including the Guardian, to uncover the extent of such abuse. It’s absorbing reading, the main roles being played by an app called Truecaller, which once installed on the phone will upload the names and numbers of your contacts to create a global “identity list,” a former hacker from the LulzSec group, who made for a wild few months in 2011 addresses around the world, among other things, for leaking the names of 73,000 X Factor US contestants. Detects the small residue left behind by Pegasus on infected phones.

Overall, it’s a celebration of journalism and hacking used to expose the bad guys. As part of their work, the team has also released an app that allows people to see if they have been infected with the Pegasus virus. It’s a neat piece of turning the tables on the surveillance community.

The only frustration is that NSO refuses to be held accountable for how its product has been misused. This broadcasts our sense of justice. Since writing the book, the US Department of Commerce NSO blacklistedand the CEO leaves during NSO It says it will focus on sales to NATO members. But the latter still includes countries that have targeted journalists. We are not yet safe from the invisible man.

Charles Arthur is the author of Social Warming: How Social Media Is Polarizing Us All. Pegasus: The Story of the World’s Most Dangerous Spyware by Laurent Richard and Sandrine Rigaud, published by Macmillan (£20). To support Guardian and Observer, order your copy at Delivery charges may apply.

Leave a Comment