In recent years, smartphone and data security has become increasingly relevant as technological advancement enables unprecedented extent of surveillance. One example of such advancement is the Pegasus system, sophisticated spyware developed by Israeli technology company NSO Group. The system came under deep scrutiny due to allegations of its misuse to target politicians and individuals, raising concerns about privacy, cybersecurity and abuse of power. In recent days, attacks on cell phones belonging to NGOs, companies and state institutions working with NATO and engaging in the Russian-Ukrainian conflict have intensified.
What is Pegasus?
The Pegasus system is an espionage tool designed to infiltrate smartphones and gain access to sensitive data. It exploits vulnerabilities in various mobile operating systems, including the most popular ones such as iOS and Android, allowing the attacker to remotely monitor and control the attacked device. Once installed, the system can intercept calls, messages, emails, access contact lists, track location and even discreetly activate the microphone and camera. Essentially, it turns the targeted phone into a powerful surveillance tool, capable of capturing virtually every aspect of the owner’s digital life.
An additional consideration is the development of this software with the use of machine learning and artificial intelligence. With the development of artificial intelligence, we have to deal with the construction of machine learning and artificial intelligence systems that aim to acquire and find security vulnerabilities in applications and hardware used by politicians or individuals. The danger stems from the fact that the hackers are always two steps ahead of cybersecurity specialists who are constantly trying to improve protection. Even though the systems that keep our data and systems safe are also built on the basis of machine learning and artificial intelligence, they work as a response to known threats.
Politicians on target
Politicians and political dissidents have often been prime targets for surveillance, both at home and abroad. The alleged use of the Pegasus system against prominent figures has raised serious concerns about privacy and potential manipulation of te democratic process. Once the system falls into the wrong hands, it could be utilized to gather compromising information, manipulate public opinion or gain an unfair advantage in political campaigns. The very existence of such technology underscores the need for robust cyber-security measures to protect democratic institutions and the integrity of the electoral process.
In the context of the Russian war against Ukraine, access to information held by politicians and military officers working with NATO at various levels is crucial for planning military operations and spreading disinformation or developing long-term strategies after the conflict has ceased.
While politicians attract considerable attention, the reach of the Pegasus system extends far beyond political circles. Private individuals, including journalists, activists and human rights defenders, have also fallen victim to invasive surveillance. The ability to monitor personal communications and access sensitive information poses a serious threat to civil liberties and freedom of expression. Employees of organizations involved in Russia’s war against Ukraine are becoming key figures in the role of Pegasus surveillance, due to the fact that they are natural liaisons between governments and other institutions, thus having key data on their devices. Journalists and whistleblowers play a key role in holding authorities accountable and any violation of their privacy undermines the foundations of a democratic society.
The discovery of the Pegasus system and its alleged misuse has sparked outrage around the world, leading to calls for increased regulation and control of surveillance technology. Various efforts are undertaken to create a comprehensive legal framework that defines permissible use of such tools and establishes accountability mechanisms for their use. Governments and technology companies have to cooperate in order to strike a balance between national security concerns and the protection of individual rights and freedoms. Furthermore, one needs to consider that systems which provide access to data held on our mobile devices and computers have been operating in the public space for a very long time and have been used to gather evidence in ongoing investigations.
Strengthening cybersecurity measures
Effective protection from phone and data takeover requires robust cybersecurity measures. Both individuals and organizations should prioritize regular software updates, strong passwords and two-factor authentication to minimize the risk of infiltration. In addition, message encryption applications and secure communication tools can provide another layer of protection against potential surveillance attempts. The continued development of cybersecurity systems based on artificial intelligence and machine learning is also extremely critical due to the fact that systems like Pegasus take control of and access our data through vulnerabilities in software and hardware.
The revelations about the Pegasus system and its alleged misuse underscore the urgent need for a global discussion on the regulation and responsible use of surveillance technology. The impact of such invasive spyware goes well beyond the realm of politics, affecting individuals and entire societies. Furthermore, one needs to be aware of the fact that Pegasus is just one example of such software while there exists a wide range of systems for remote access to cell phones or mobile devices like laptops or tablets. Awareness of the cyber security of the devices we own has to increase. With the continuous technological advancement, it is essential to distinguish security from privacy to protect democratic values and the fundamental rights of all.
Author: Przemysław Szulecki, Cybersecurity expert