Pegasus reared its ugly head once again as a number of journalists, activists and human rights lawyers apparently fell victim to the spyware programme. The most recent case was in Jordan, where at least 35 individuals were targeted.
Owned by the Israeli firm NSO Group, Pegasus has gained notoriety for its unethical surveillance of individuals perceived as threats to their state or governments. These targets often include human rights lawyers, journalists, civil society activists, political activists, and even politicians themselves. As a nation-state spyware, Pegasus is sold to governments for public or national security purposes, but evidence suggests it has been used for other unauthorised reasons.
“Officially, Pegasus is only allowed to sell its products to government clients, but these clients have, in the past, turned the spyware against journalists instead of legitimate security threats,” said data privacy expert Murray Hunter.
In Jordan, members of human rights organisations, labour unions, and political parties were among those targeted by Pegasus. At least 16 individuals working as journalists or for independent media organisations in Jordan were hacked between 2020 and 2023, according to Access Now.
Similar incidents have been reported in India, where an investigation by Amnesty International and The Washington Post in December 2023 revealed that Pegasus targeted journalists from The Wire, as well as politicians Rahul Gandhi and Ashok Lavasa.
The prevalence and misuse of Pegasus in various countries have been investigated by different organisations. The Pegasus Project by Forbidden Stories found individuals in Mexico, Nigeria, Togo, Morocco, Jordan, Saudi Arabia, Turkey, Spain, Belgium, the UK, and India were at high risk of being wrongfully targeted.
How does it work?
Individuals are primarily targeted through WhatsApp and SMS. They receive messages from someone posing as a journalist, asking for assistance or a comment for a story. These messages contain malicious links, and once opened, the spyware is installed on the device, enabling surveillance of private communications, microphone and the camera.
Read more: What is Pegasus and how does it hack phones
Where does SA stand with this?
In 2021, the Pegasus Project leaked information from the NSO Group which found that South African president Cyril Ramaphosa’s name was on the list, and he was allegedly selected by Rwanda. He was among a number of other heads of states to be targeted, but the details were inconclusive.
According to Hunter, there is no obvious indication that South Africa is a client of Pegasus, however, there have been attempts in the past to spy on journalists in particular..
The Right2Know Campaign’s report “Spooked: Surveillance of Journalists in SA” investigated 10 case studies of surveillance targeting journalists.
This included tapping investigative journalist Sam Sole’s phone during his reporting on corruption investigations against Jacob Zuma in 2008, as well as spying on investigative reporter and author of The President’s Keeper, Jacques Pauw, who was subsequently charged for allegedly revealing information without permission.
Other journalists named in the report include former Mail & Guardian editor Athandiwe Saba, business, and financial journalists Peter Bruce and Rob Rose.
Hunter, who contributed to the report, emphasised that the South African government has previously engaged in unethical practices to obtain information from journalists.
“The South African government has shown that it will resort to dirty tricks to try to get into journalists’ communication, not for any legitimate public safety or national security reasons, but because they want to figure out who the sources are, and they want to clamp down on damaging or embarrassing reporting,” he said.
Evidence also seemed to point at the South African state security structures increasing their political intelligence gathering before elections, Hunter said, and despite being exposed by the Zondo Commission and the President’s expert panel on state security, there was supposed to be a crackdown on these surveillance issues and abuses, but it has not materialised.
“Frankly, we don’t know much about whether there’s been a proper cleanup,” Hunter said.
For any journalist who believes they may be exposed to a hacked phone, there are a few ways to ensure safety.
- Factory Reset your Smartphone
This is the nuclear option, but it is regarded as the only fool proof way of ensuring that your phone is clean. For those who cannot remember passwords, use a password keychain. You will have to download and login to all your platforms, but any reporter who believes they are being monitored through their Smartphone, this should be done regularly. It may irritate you, but think about how irritated the hacker must be! He/She has to start the process of setting you up all over again. So then please note point 3 below.
- Check Data Usage and thoroughly Spring clean your phone
There are various ways to check this on iPhones or Android devices. Here is a video explaining the various techniques you can use to check if your phone has been exposed to hacking activity.
- Avoid opening any links or downloading any pictures from non-contacts
Very often bad players send you an email which is opened on the phone, or sends a text or WhatsApp message that is clicked. The bad software is then downloaded through the picture or content you have clicked.
Content Writer