When it comes to top secret government IT systems, spyware is used for just one task – spying. So serious questions were raised when security researchers from the digital rights watchdog Citizen Lab detected potential spyware infections in UK government systems.
Not your typical spyware
For most of us, spyware is designed to steal sensitive personal data like passwords or credit card numbers. But government IT systems, which are typically protected by the very highest levels of security, are very rarely affected by these malware types.
In the incidents reported by Citizen Lab, the infections were by a variant called Pegasus. Pegasus can be used to break into iPhones remotely; the spyware then installs itself silently so the victim never knows that their smartphone has been compromised. Data on the smartphone can then be stolen, or the microphone can be triggered remotely, turning it into a listening and recording device.
Pegasus was created by a commercial company from Israel called NSO Group. NSO Group is a cyberarms dealer that sells hacking and spying tools for use by government agencies, supposedly for maintaining their national security. It is not sold to hacking groups or non-government agencies.
This means that if the Pegasus spyware is present on UK government systems, it was almost certainly installed by a foreign spy agency.
Tracking the spies
Citizen Lab claim that they were able to detect the infections by monitoring internet traffic and signals being sent to known “spy servers” used by NSO to operate Pegasus for their clients. The researchers believe that one Pegasus infection within the Prime Minister’s office was being operated for the United Arab Emirates. Other suspected infections in the British Foreign Office appeared to have been launched from Cyprus, Jordan and India.
Citizen Lab claim that they reported their findings to the British government in April this year. They were unable to provide specific details of who had been targeted or what information had been stolen, but they did explain how the data had been gathered and the conclusions drawn from their analysis.
A disputed version of events
As is normal in situations involving national security, the British government has declined to comment. It has been reported elsewhere that the UK National Cyber Security Centre had conducted their own tests to identify compromised phones. However, these investigations were apparently inconclusive.
With the exception of Cyprus, none of the other countries accused have commented on Citizen Labs’ claims. The Cypriot government issued a statement denying any involvement and pointed to their excellent relations with Britain. They also confirmed that the British government had not approached them as any part of a cybersecurity inquiry.
Without conclusive evidence or an admission from any of the parties involved, it is almost impossible to confirm whether British government-owned systems were successfully hacked. But it does show just how common spyware really is – and how even the most we-protected IT systems on the planet can be compromised by determined hackers.