Downing Street

Downing Street Hit With Spyware? CyberSec Group Claims

Foreign Office and No.10 Downing St.’s network systems were allegedly infected by spyware, says a Canadian cybersecurity group.

Information has been released that the Citizen Lab informed British officials in 2020 and 2021 that suspicious Pegasus spyware had infiltrated Downing Street’s computer networks, and this attack seems to be linked to perpetrators in the UAE.

Pegasus is allegedly sold by NSO Group to governments who  then use it to carry out surveillance by illicitly infecting phones. The Israeli-headquartered firm however denies these allegations, claiming it is untrue and impossible.

65 Political Officials Targeted

The Citizen Lab, responsible for monitoring surveillance, reports that in 2020 and 2021 it alerted the UK government that networks provisioning 10 Downing Street as well as Foreign and Commonwealth offices had been infiltrated by suspicious and malicious Pegasus spyware.

Pegasus gives governments the ability to take over specific people’s phones, in order to view and extract information and run surveillance.

NSO Group has for a long time refuted these claims, and that these pieces of software were only sold to law enforcement and intelligence objectives, for example surveilling against criminality or terrorism.

The most up-to-date allegations surround journalistic investigations by New Yorker magazine who tracked several people who were being monitored while doing campaigns over Catalan’s sovereignty from Spain.

The Citizen Lab claims that at least 65 people had been affected by this malware, the list includes officials from Europe’s Parliament, legislative, judicial, and presidential members of Catalan, and civil society members. 

The New Yorker claims that for Britain several mobile phones had been trialled by the software and the list included Boris Johnson’s, however it is not clear exactly what device was infected, and what data was extracted.

Spyware Controllers

The Citizen Lab continued, saying that the spyware operators allegedly responsible for infiltrating Foreign Offices are linked to those behind operations of Pegasus in the UAE, Cyprus, India, and Jordan.

It claims that data could have been extracted as a result of contact of foreign diplomats serving abroad – someone who used their local SIMs while abroad, which mirrors how a number of US officials were allegedly infiltrated in Uganda. NSO Group however claims that US phone no.s could not be hacked.

A High Court ruling concluded that the leader of Dubai Sheikh Mohammed hacked the phone of his ex-wife's phone using this NSO spyware

The Citizen Lab claims that the suspicious Downing Street software is also closely tied to the United Arab Emirates.

Archival investigations by a number of journalists allege that hundreds of UK phone numbers were included on a leaked letter or phone numbers associated with the NSO Group between 2017 and 2019, and that the UAE was responsible for the majority.

NSO Group says that they ended their partnership with the UAE in 2021 due to reports saying Pegasus was involved in the hackings by the leader of Dubai, a member of the UAE, in order to infiltrate his ex-wife's phone amongst other targets, which the ruler denies.

Worldwide, a number of officials, journalists and activists were included on a leaked list of potential targets. As a result, this software found itself landed on a US Department of Commerce blacklist with the intention of limiting its access and exposure to US technology.

The UK has been very tightlipped on the matter. One spokesman for the British government says that it does not make public statements on security topics as a routine matter. A spokesperson for NSO Group said they believed this data and allegations are not true, and could not be associated with NSO products due to preventions related to technology and contracts.

London’s UAE Embassy refrained from making comments.

Capabilities of Pegasus Spyware

Whatever the truth of number 10 Downing Street, Pegasus can successfully hack into phones is one reason this piece of spyware is so infamous. The actual infiltration takes place in a seamless way, so that the phone user is completely unaware of the compromised state of their device.

After the operator has found the phone number that they want to infiltrate, they send it an infected link, and if the target clicks that link, Pegasus installs itself on the device. 

But installation can also occur through a security flaw in voice call endpoints made possible through communication apps such as WhatsApp. Indeed, so effective and undetectable is this little-known vulnerability that Pegasus can be installed on a phone simply through making a missed call to the target. 

After this, it’s an easy matter for the software to remove this must call form previous entries so that the target user has no idea the transaction was made at all. 

What Pegasus does

After Pegasus installs itself on a phone, it’s possible for it to surveille the affected phone comprehensively on every level. 

Even encrypted communication apps like Telegram are theoretically accessible by Pegasus. Cyber security researchers discovered that Pegasus is able to read your call list, messages, and see into specific user activities inside of explicit apps, as well as tracking the location information, listening using microphones, or tapping into video cameras on the phone.

The following was discovered by researchers in 2017 at Kaspersky Labs:

The surveillance level is total. The actual spyware is a form of modular malware. Which means that once it scans through the target phone, it can install the required modules needed to carry out specific functions of surveillance. 

This includes being able to listen to calls, capture screenshots, see into messages, extracting browser history, reading contacts, and on and on. In other words, it can surveille every aspect of the phone or device, this even includes listening in on encrypted audio messages and encrypted chats – is able to do this through using keyloggers and according functions. These messages are captured before they enter encryption. As for encrypted messages, it captures them once they have been decrypted onto the phone. 

Which means, this is an ultimate form of spyware. If a government wants to track someone’s activities, Pegasus, or another similar model of malware, would be the most preferential option. 

It’s important to keep in mind that this is also an intelligent piece of spyware. It works very hard to avoid being detected when carrying out its activities. The continue, researchers at Kaspersky discovered the following:

Pegasus also works incredibly hard to hide itself. The malware goes so far as to self-destruct if it is not able to ping its findings to its command-and-control (C&C) server for a time period of two months. It also self-destructs if it finds it was installed on the warm device or the incorrect SIM card (reason? This formal spyware is designed to target very specifically; NSO customers weren’t looking to randomly victimise).