NSO Pegasus spyware has been used by at least five EU countries, admits the company. The admission was made as part of a European investigation into the impact of Pegasus, with an interim report now published.

It’s likely that the true number is higher, with the company promising to provide a ‘more concrete number’ …

What you need to know about NSO Pegasus spyware

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day security vulnerabilities (ones that are unknown to Apple) from hackers, and its software is capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.

Prime ministersUS State Department officialssenior EU officialsjournalistslawyers, and human rights activists are among those whose iPhones have been hacked by Pegasus. 

The US government banned the import and use of Pegasus, depriving the company of its most lucrative customer base: US law enforcement agencies. Apple added to the pressure, suing the company, and alerting owners of infected iPhones.

NSO claims to exercise care in approving customers, but few believe it, and the company’s CEO wanted to tear up even the claimed rules under which it operated.

Used by at least five EU countries

Politico reports on the latest admission.

The Israeli spyware firm NSO Group on Tuesday told European lawmakers at least five EU countries have used its software and the firm has terminated at least one contract with an EU member country following abuse of its Pegasus surveillance software.

Speaking to the European Parliament’s committee looking into the use of spyware in Europe, NSO Group’s General Counsel Chaim Gelfand said the company had “made mistakes,” but that it had also passed up a huge amount of revenue, canceling contracts since misuse had come to light […]

At least five EU countries had used NSO’s tool, Gelfand said, adding he would come back to MEPs with a “more concrete number.” 

NSO claims that it wants an international standard to be agreed on government use of spyware.

Year-long investigation into Pegasus

We’re three months into an European investigation into Pegasus, which is expected to take a year. An interim report has been published, explaining how the spyware works, and outlining the main concerns.

Pegasus is only supplied to governments, but there are concerns that governments are misusing the software to spy on their political opponents. It recently emerged that the Belgian European Commissioner for Justice Didier Reynders was the target of the software.

In addition to an investigation by the Council of Europe, the European Parliament is also investigating Pegasus. Parliamentarian Peter Omtzigt has made the first results of the investigation under his leadership public, so that citizens and politicians can view them. Omtzigt does not have many powers to compel governments to answer, but that is not a problem, according to him. “Just exposing what happened, getting the facts straight, is of great value for the public and political debate in Europe.” (source: rtlnieuws.nl).

The report provides a technical description of the Pegasus spyware and analyses the impact it may have on human rights and fundamental freedoms, in particular the right to privacy and freedom of expression. Furthermore, the report underlines the chilling effect that Pegasus spyware has or potentially could have on other human rights and fundamental freedoms, including the right to dignity, freedom of assembly, freedom of religion, and even the physical and psychological integrity of an individual.

9to5Mac’s Take on NSO Pegasus spyware

NSO has zero credibility. It doesn’t much matter what the company does or doesn’t admit to: it has prevaricated and outright lied enough times that nothing it says can be believed.

Governments, too, cannot be trusted to be truthful about the covert surveillance methods they employ. The smart money would be on Pegasus having been used by pretty much every country on the planet.

So while the interim report is a useful document to help politicians understand just how nasty NSO Pegasus spyware is, the only way anything will change is if the use of the spyware is banned internationally, and the company put out of business.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear