Edward Snowden, the renowned whistleblower of the US National Security Agency (NSA) has warned against the trade of Pegasus and similar spyware and urged the governments to put a ban on it.
If the trade between companies that make for-profit software – which can become a surveillance weapon in the wrong hands, such as Israel’s NSO Group – and the governments continues, we will soon see a world “in which no mobile phone is safe from state-sponsored hackers,” Snowden said.
In a conversation with The Guardian, Snowden expressed his concern against the use of mass surveillance software by global governments to snoop on the smart devices of anyone. NSO Group’s Pegasus raised eyebrows after an investigation carried out by Amnesty International – and the report of which was reviewed by a consortium of news organisations called the Pegasus Project – revealed the software was used to intercept mobile phones of prominent journalists, politicians, and their close ones. Snowden calls spyware developers such as NSO Group “an industry that should not exist.”
State-sponsored hacking involves legal rights that governments issue hackers to hack into a device in a bid that the government deems necessary for the security of the country. The hacking is done through sophisticated software, such as Pegasus that NSO Group manufactures and sells to governments.
Snowden said that smartphones are “worse than a spy in your pockets”.
In the wake of the revelations about the clientele of the Israeli NSO Group, whose software Pegasus was used to hack mobile phones for surveillance, Snowden said the consortium’s findings illustrated “how commercial malware had made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance”.
For traditional police operations to plant bugs or wiretap a suspect’s phone, law enforcement would need to “break into somebody’s house, or go to their car, or go to their office, and we’d like to think they’ll probably get a warrant,” he said.
He said: “If they can do the same thing from a distance, with little cost and no risk, they begin to do it all the time, against everyone who’s even marginally of interest.”
“If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect,” he warned.
Snowden compared companies commercialising vulnerabilities in widely used mobile phone models to an industry of “infectioneers” deliberately trying to develop new strains of disease.
“It’s like an industry where the only thing they did was create custom variants of COVID to dodge vaccines,” he said.
“Their only products are infection vectors. They’re not security products. They’re not providing any kind of protection, any kind of prophylactic. They don’t make vaccines – the only thing they sell is the virus.”
Snowden said commercial malware such as Pegasus was so powerful that ordinary people could in effect do nothing to stop it.
Asked how people could protect themselves, he said: “What can people do to protect themselves from nuclear weapons?
“There are certain industries, certain sectors, from which there is no protection, and that’s why we try to limit the proliferation of these technologies. We don’t allow a commercial market in nuclear weapons.”
The Pegasus spyware can be installed on a mobile phone through a loophole and help the government or the user harvest information. The level of information that this tool can intercept is scary, at least that is what the investigation has revealed. According to Amnesty, the Pegasus software could have been used to see call logs, text messages, photos, videos, stored files, as well as firing the camera unknowingly to surreptitiously record or click what the phone’s camera can see.
Although NSO Group has defended its software by terming it as a tool to detect activities related to terrorism and crime and calling the entire process of spying a controlled activity that leaves no traces. It has also claimed that it takes ethical considerations seriously, which is why it sells its software to “vetted” governments. Some of the customers of NSO’s Pegasus software include Saudi Arabia, the United Arab Emirates, and Azerbaijan.
The leaked database of the entities targeted using Pegasus software also includes names of people from India, but the government has denied the allegations, calling media reports “fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions.” However, the government has neither denied nor accepted buying the Pegasus software.
The use of software like Pegasus is a matter of grave concern, and that is something WhatsApp CEO Will Cathcart agrees with. In a series of tweets, Cathcart said, “NSO’s dangerous spyware is used to commit horrible human rights abuses all around the world, and it must be stopped.”