An operator of the powerful Pegasus spyware linked to the United Arab Emirates is suspected of being behind the infection.
18 April 2022
The Prime Minister’s Downing Street office may have been the target of surveillance by powerful spyware made by the Israel-based NSO Group, according to a cyber watchdog group.
Citizen Lab at the University of Toronto on Monday said it “observed and notified” the Government of “multiple suspected instances of Pegasus spyware infections” within 10 Downing Street and the Foreign Office in 2020 and 2021.
A Pegasus operator linked to the United Arab Emirates is suspected of being behind the infection at Boris Johnson’s office, Citizen Lab said.
The group also associated the suspected Foreign Office hacking with NSO clients linked to the UAE, as well as to India, Cyprus and Jordan.
Pegasus is a powerful tool that allows its operator to infiltrate a target’s phone and sweep up its contents, including messages, contacts and location history.
Ron Deibert, Citizen Lab’s director, said in a statement that most cases in which his group suspect that governments are using spyware to carry out international espionage are “outside of our scope and mission”.
However, he said the suspected attacks on official UK networks were some of the rare cases in which they decided to notify the affected governments, “especially if we believe that our actions can reduce harm”.
Prof Deibert said: “The United Kingdom is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy, as well as redress for spyware victims.
“We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware.
“Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK Government was aware of the ongoing spyware threat and took appropriate action to mitigate it”.
The watchdog said Pegasus was suspected of having infected Foreign Office phones.
“Because the UK Foreign and Commonwealth Office and its successor office, the Foreign Commonwealth and Development office (FCDO), have personnel in many countries, the suspected FCO infections we observed could have related to FCO devices located abroad and using foreign SIM cards,” the statement read.
A Government spokesperson said: “We do not routinely comment on security matters”.
The Foreign Office is understood to be working with allies to tackle cyber threats, build resilience and raise concerns where they arise.
The Israeli tech company NSO has been linked to snooping on politicians, human rights activists and journalists in countries ranging from Saudi Arabia to Poland and Mexico to the United Arab Emirates.
Last November, the US Commerce Department blacklisted the company, saying its tools had been used to “conduct transnational repression”.
NSO has said it sells the product only to government entities to fight crime and terrorism, with all sales regulated by the Israeli government.
The company does not identify its clients and says it has no knowledge of who is targeted.
Although it says it has safeguards in place to prevent abuse, it notes it ultimately does not control how its clients use the software.