US diplomats in Uganda targeted by Israeli spyware

The advanced spyware Pegasus, created by Israeli firm NSO Group and used by governments like Saudi Arabia to gather intelligence on those it deems terrorists or criminals, has reportedly been detected on at least 11 iPhones used by US officials in Uganda or conducting business related to the country, as well as locals working for the embassy, reported by Vox.

That news — first reported Friday by Reuters — will likely exacerbate NSO Group’s fraught relationship with the US government; while the company claims that Pegasus can’t be used on phones with US numbers, the recent hack shows there are loopholes which allow foreign governments to spy on US citizens and government employees. It’s the first known incident of the technology being used against American officials, although it’s not yet known which of NSO Group’s clients hacked the devices.

NSO Group has long claimed that its clients — which run the gamut from from monarchies like the UAE to democratic nations like Germany and Mexico — are closely vetted, but there is a long record of its technology being misused for nefarious purposes, like spying on dissidents or estranged spouses, as the ruler of Dubai is alleged to have done.

Extensive reporting from 17 outlets and more than 80 journalists proves, however, that that hasn’t always been the case: Among other incidents, Pegasus was allegedly used to surveil Saudi dissident and Washington Post columnist Jamal Khashoggi before his murder in October 2018.
 

More recently, the US has started to take action against the company. In November, NSO Group was placed on the Commerce Department’s “entity list,” which severely restricts the export of American technologies that could be used by NSO Group to support Pegasus and similar projects.

Now, given the recent reporting on Pegasus’s use against State Department employees, harsher crackdowns on NSO and similar technology could be on the horizon. On Thursday, the Biden administration announced plans for a US-led initiative on the use of surveillance technology — like Pegasus — by authoritarian regimes. The aim, according to the Wall Street Journal, is to create a framework around the export and licensing controls of such technology, as well as create an information-sharing network to detect and report on its misuse.
 

According to the Pegasus Project, a list of 50,000 potential target phone numbers was hacked, apparently from servers in Cyprus, and leaked to Forbidden Stories and Amnesty International, who shared it with journalists. They were able to identify 1,000 different potential targets from the phone numbers, including politicians like French President Emmanuel Macron, a key US ally, as well as journalists, activists, and lawyers from around the world.