Researchers detect ‘multiple spyware infections’ of No.10 and FCDO since 2020

Canadian academics claim attack on No.10 using Pegasus software was launched from the UAE
Photo: Paul Bloch/Pixabay

By Sam Trendall

22 Apr 2022

Over the last two years Downing Street has been repeatedly infected with spyware in attacks perpetrated from the United Arab Emirates, according to academic research.

An announcement published yesterday by the University of Toronto’s Citizen Lab reveals that, during 2020 and 2021, the unit’s researchers “observed and notified the government of the UK of multiple suspected instances of Pegasus spyware infections within official UK network”.

Infections were detected at the Prime Minister’s Office and the-then Foreign and Commonwealth Office, according to the statement, which is attributed to professor Ron Deibert, director of the lab.

The Pegasus technology reportedly used to target the government entities is a spyware program developed by Israeli company NSO Group.

The FCO was targeted by “Pegasus operators that we link to the United Arab Emirates, India, Cyprus, and Jordan”, Deibert said. 

“Because the FCO – and its successor office: the Foreign Commonwealth and Development Office – have personnel in many countries, the suspected infections we observed could have related to devices located abroad and using foreign SIM cards,” he added.

Citizen Lab researchers ascertained that “the suspected infection at the UK Prime Minister’s Office was associated with a Pegasus operator we link to the UAE,” according to Deibert.

The UAE is understood to have previously been a customer of Pegagus. However, the company ended its engagement with the state in light of a judgement published by the UK High Court six months ago which found that the software had been used by agents acting on behalf of the ruler of Dubai, Sheikh Mohammed bin Rashid al Maktoum, who had ordered the unlawful hacking of the phone of his ex-wife and five of her associates.

“The UK is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy, as well as redress for spyware victims,” Deibert said. “We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware. Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK government was aware of the ongoing spyware threat, and took appropriate action to mitigate it.”

The government has indicated that it does not comment on security matters.

The NSO Group, meanwhile, said that it “continues to be targeted by a number of politically motivated advocacy organisations like Citizen Lab and Amnesty to produce inaccurate and unsubstantiated reports based on vague and incomplete information”.

“We have repeatedly cooperated with governmental investigations, where credible allegations merit,” a spokesperson added. “However, information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons.”

The company’s website claims that is Pegasus spyware platform and other products “are used exclusively by government intelligence and law enforcement agencies to fight crime and terror”.

The Citizen Lab is based in the University of Toronto’s Munk School of Global Affairs and Public Policy. It describes its work as being focused on “research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security”.

Sam Trendall is editor of CSW sister title PublicTechnology, where this story first appeared

Read the most recent articles written by Sam Trendall - ICO to continue 'minimal-fine regime' for public-sector bodies

Share this page