My book review appears in today’s Sydney Morning Herald and Melbourne Age:
Imagine a weapon so powerful that it makes every person on the planet with a mobile phone potentially vulnerable. It isn’t a scammer or traditional hacker but a new, much more virulent form of intrusion that takes control of all your personal information without you even knowing and uses those details to exercise intolerable influence over your life.
Israeli cyberweapon company NSO Group is the maker of Pegasus, the most infamous cyberweapon today. This tool has been used by democracies and despots for more than a decade, routinely sold by Israel to nations with which it wants friendlier relations.
From Saudi Arabia to Mexico, Pegasus has infected innumerable phones, many of which are owned by so-called enemies of the state including journalists, dissidents and human rights activists (though NSO claims its clients only target terrorists and criminals).
New York Times journalists Ronen Bergman and Mark Mazzetti wrote in early 2022 that, “cyberweapons have changed international relations more profoundly than any advance since the advent of the atomic bomb”. It’s a debatable statement, but there’s no question that numerous other nations, including the US, China, Iran, Canada, New Zealand, Russia and Australia, also develop and deploy cyberweapons against friends and foes.
This book is a fascinating insight into how a global collective of journalists, led by the French journalism non-profit Forbidden Stories, uncovered the extent of Pegasus spying with the help of Amnesty International’s Security Lab. A leak of 50,000 phone numbers chosen for surveillance by NSO clients gave the reporters and technologists the ability to determine who exactly had been targeted, and why.
The aim, writes Laurent Richard and Sandrine Rigaud, was to confirm that cyberintrusion had been “weaponised to stifle the free press” and undermine political dissent. “We would also be able to reveal that it was being weaponised at a sweep and scale that astounds – and horrifies.”
I’ve spoken to countless victims of Pegasus spying, from the wife of a murdered Mexican journalist to a leading critic of the repressive Togolese regime in West Africa, and they all speak of the chilling effect when learning that their messages, photos and calls have been intercepted by nefarious forces. For some, though not all, it leads to self-censorship in their daily lives, such is the fear of being continually targeted.
The strength of this book lies in its detailed explanations of how to conduct this kind of investigation when not even the loved ones of key journalists could be told about what they were doing. The source of the leak was “risking life and limb”, and any breach would kill the story dead.
NSA whistle-blower Edward Snowden has been an outspoken critic of cyber-surveillance companies. He tells the journalists that, “a company [like NSO] shouldn’t exist … There’s only a pinky promise that they’re going to have their Ministry of Defence or whatever review the export licence.”
On this issue, the book has notable lapses in journalistic rigour. The writers claim that Israel has become “one of the world’s five cyber-technology superpowers” thanks to “vulnerability and need”. The country is framed as constantly on the defensive against external attack, but there’s no mention of the more than 50 years of illegally occupying Palestinian territory.
This is vital to include because it has given Israel invaluable experience and time to develop the most sophisticated weapons and cybertools to control an “enemy” population, the Palestinians. Most of the leading Israeli arms firms, including NSO Group, are staffed by veterans of the Israel Defence Forces and this training is leveraged and monetised to the tunes of billions of dollars annually.
Nevertheless, the book is an important contribution to the public debate about the cyberweapons industry and its ability to upend democracy. The authors don’t shy away from explaining how Pegasus has become a key weapon in Israel’s diplomatic arsenal when romancing new, often authoritarian friends (think Morocco, the United Arab Emirates, Hungary and Saudi Arabia).
The reality of these tools, largely unregulated across the globe, is that no country wants to commit to ending its proliferation. Under the guise of fighting terrorism or tackling drug cartels, cracking encrypted communication is the holy grail for law enforcement. But few governments also don’t want to snoop on perceived critics.
NSO Group is just the tip of a growing, worldwide trade in cyber-surveillance. Without tight controls, this industry will threaten the very possibility of privacy in the 21st century.
Pegasus: The Story of the World’s Most Dangerous Spyware by Laurent Richard & Sandrine Rigaud is published by Macmillan, $36.99.
Antony Loewenstein is author of The Palestine Laboratory: How Israel Exports The Technology of Occupation Around The World to be published by Scribe in May.