Cyber security: UK Government attacked by spyware

“We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks.”

The Citizen Lab, a Canadian investigative group, claims that Downing Street and Foreign Office phone and computer systems have been attacked by spyware.

They found that there were at least 65 victims targeted or infected with mercenary spyware, including the UK government.

Pegasus

The software used in these attacks is called Pegasus – created by NSO Group, an Israeli company.

Pegasus along with other spyware can be installed on devices using spear phishing, such as ‘smishing’ – a text message including a link for a person to click, although it has been known to bypass this and can install itself, even without the recipient clicking said link.

Pegasus Spyware was first discovered in August 2016 when a human rights activist from the United Arab Emirates received a phishing scam via text message.

He then sent these messages to a security agency and they discovered that if he had opened the links, his phone would have been infected with Pegasus malware.

At the moment, the spyware is able to read text messages, track calls, collect passwords, track locations, access the device’s microphone and camera and harvest information from installed apps.

Terror and crime

NSO have stated that they provide “authorised governments with technology that helps them combat terror and crime” and that their spyware is not to be used maliciously as it’s intended to assist in criminal and national security investigations.

NSO have also denied the current allegations, stating that these events could not happen and that the claims are false.

Their official statement:

“The information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons.

“NSO continues to be targeted by a number of politically motivated advocacy organisations, like Citizens Labs and Amnesty, to produce inaccurate and unsubstantiated reports based on vague and incomplete information.

“We have repeatedly co-operated with governmental investigations, where credible allegations merit.”

Why?

Currently, the UK Government’s NCSC (National Cyber Security Centre) are unable to locate the targeted devices, nor establish the nature of the stolen data.

The severity of this case is still unknown, this is because the amount of information – as well as the exact contents – cannot be found.

This includes the specific individuals targeted, all that’s been announced is that the devices were based in the Foreign Office and Downing Street.

The intent behind this attack is also unknown. The lack of information has left Downing Street, the NCSC and the general public in the dark.

The Foreign Office did not deny the reports. A spokesperson said: “We do not routinely comment on security matters.”

It is suspected that the cyber-attacks originated from the United Arab Emirates – visited by Prime Minister Boris Johnson in March – in an attempt to boost trade ties and to discuss the Gulf state’s ability to increase oil and gas production due to the Russian Government’s invasion of Ukraine.

Current progression

The phone attacks on the Foreign Office are believed to have taken place between July 2020 and June 2021 on at least 5 occasions.

The attack on the phone connected to the Prime Minister’s office is believed to have taken place during this time.

After detecting attacks during their research, The Citizen Lab alerted the PM’s office to the situation, in an attempt to alleviate the threat.

Ron Deibert, director of The Citizen Lab and University Professor, made this statement:

“During the course of our investigations into mercenary spyware, we will occasionally observe cases where we suspect that governments are using spyware to undertake international espionage against other governments.

“The vast majority of these cases are outside of our scope and mission. However, in certain select cases, where appropriate and while preserving our independence, we decide to notify these governments through the official channels, especially if we believe that our actions can reduce harm.

“We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks.”

Infected device has still not been found

Now, Ronan Farrow – a journalist for The New Yorker – reported that the Prime Minister’s phone, along with many others within No.10, were examined but the infected device has still not been found.

For information on how to protect your business from scams and attacks, contact us and we’ll walk you through our industry-leading cyber security options.