Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Endpoint Security

UK Government Reportedly Infected With NSO Group Spyware

Prime Minister's Office Targeted in Suspected Espionage Campaign, Researchers Warn
UK Government Reportedly Infected With NSO Group Spyware
British Prime Minister Boris Johnson leaving 10 Downing St. (Photo: Number 10, via Flickr/CC)

The British government has received multiple alerts in the past two years that officials' smartphones were infected with spyware built by Israel's NSO Group.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

So reports Citizen Lab, a research group based at the University of Toronto that investigates human rights abuses perpetrated using technology.

On Monday, the group said it had issued "multiple" alerts to the British government that it was being targeted with commercial spyware as part of apparent nation-state espionage operations.

"In 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official U.K. networks," Ron Deibert, director of the Citizen Lab and a professor of political science at the University of Toronto's Munk School of Global Affairs & Public Policy, says in a blog post.

A spokesman for Downing Street declined to comment on the report.

Citizen Lab says it found suspected infections involving devices used by government officials inside both the Prime Minister's Office at 10 Downing St. and the Foreign and Commonwealth Office, which is now known as the Foreign, Commonwealth and Development Office.

"The suspected infections relating to the FCO were associated with Pegasus operators that we link to the UAE, India, Cyprus and Jordan," Deibert says. "The suspected infection at the U.K. Prime Minister's Office was associated with a Pegasus operator we link to the UAE."

News of the discovery that devices used by British government officials had been infected with Pegasus was first reported Monday by The New Yorker.

It reports that Citizen Lab researchers found that a Pegasus-infected device had connected to the No. 10 Downing St. network on July 7, 2020, and suspected that data had been exfiltrated. Citizen Lab says the infected British government devices it found in 2020 and 2021 may trace to officials who were largely based outside the U.K. and who perhaps used foreign SIM cards with non-U.K. telephone numbers.

NSO Group Disputes Fresh Reports

A spokesperson for NSO Group disputed claims contained in both the Citizen Lab and New Yorker reports.

"NSO Group wishes to clarify that the publications regarding the alleged hacking with Pegasus on phones related [to] 10 Downing St. are wrong and misleading and the company denies any involvement," the spokesperson tells Information Security Media Group.

"For technological, contractual and legal reasons, the described allegations are impossible and have no relation to NSO's products," the spokesperson says. "As The New Yorker itself cited, no evidence of relation to Pegasus was found."

In fact, The New Yorker did not report that there was "no evidence" that Pegasus had been used to infect British government smartphones. Instead, it reported that NSO employees told it that they were unaware of any such hacks, and one of them claimed: "We hear about every, every phone call that is being hacked over the globe, we get a report immediately."

The company has previously denied that it has such a capability. It has also claimed that it has "no visibility" into the data gathered by users.

The firm has said it sells its products "solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts." Its products are reportedly used by law enforcement and intelligence agencies across about 45 countries.

NSO Group Under Fire

NSO Group has faced intensifying criticism following the release last summer of an alleged target list used by its customers, suggesting that its products were in some cases being used not just for passive surveillance but for active repression and to target world leaders such as French President Emmanuel Macron.

NSO Group has also been sued by WhatsApp and Apple for allegedly targeting zero-day vulnerabilities in its products to infect users.

The apparently indiscriminate use of NSO Group's products, including its flagship Pegasus spyware, by some customers has led to the company being blacklisted by some countries, and the EU has called for a ban on such software.

In February, the European Data Protection Supervisor warned that the spyware, which is designed to infect smartphones that run iOS or Android operating systems, can "turn a mobile phone into a 24-hour surveillance device" and intercept all data captured by sensors, as well as all incoming and outgoing messages, stored photographs, voice and video calls and the GPS location.

Last November, the U.S. Department of Commerce added NSO Group and three other companies to a list of entities blocked from purchasing any U.S. technology without a license, for their having allegedly engaged in activities "contrary to the national security or foreign policy interests of the U.S." Both NSO Group and Israeli startup Candiru - launched by former NSO Group employees - were accused of supplying spyware to foreign governments to target officials, journalists, activists, academics, embassy workers and others.

Last December, Pegasus spyware was reportedly detected on about 10 smartphones belonging to U.S. State Department officials with "state.gov" email addresses who were working in Uganda or on Ugandan issues. The New Yorker reports that the Biden administration is also investigating additional suspected infections of U.S. government smartphones using Pegasus.

Citizen Lab says the hacked devices likely had non-U.S. phone numbers.

NSO Group's legal and public relations woes appear to have been complicating its once-close relationship with the Israeli government. In February, sparked by outrage from legislators, the Israeli government launched an investigation into the use of Pegasus by the country's police force against Israeli citizens. Alleged police surveillance targets included not only journalists but also Avner Netanyahu, the son of former Prime Minister Benjamin Netanyahu.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.