Tinker tailor solider spyware

Whether or not global governments are willing to acknowledge it publicly, cyber espionage has become an expected, if not accepted, norm in the 21^st century. The era of Cold War-style spies, represented in popular culture by characters such as John Le Carre’s bespectacled George Smiley, is well and truly a thing of the past.

Today, cyber is the new frontier of international intelligence gathering. National security services worldwide are faced with a ceaseless battle to prevent hackers from accessing sensitive or classified data or intellectual property for economic gain, competitive advantage, or political reasons. The situation is very much a case of tit-for-tat; an eye for an eye.  However, something that is universally condemned is the use, by a nation-state, of cyber tools to spy on its own citizens to curb opposition and identify potential dissidents. Central to the ability of some governments to snoop on the public is a type of malware called spyware.

What is spyware?

According to Kaspersky, spyware is loosely defined as “malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent”. Many industry experts consider spyware to be one of the most pervasive and alarming threats on the internet, largely because it is very difficult to detect without advanced security tools and solutions. Major enterprises and international corporations might have the resources and cyber know-how to detect spyware, but the average organisation almost certainly won’t.

Spyware exploded back onto the public consciousness following news of endemic privacy abuses by authoritarian governments using Pegasus, a malware developed by NSO. The military spyware manufacturer first came under the spotlight back in 2019 when it emerged that a vulnerability in WhatsApp allowed attackers to inject spyware onto phones. So how did these events unwind?

Pegasus – what happened?

In July, an investigative consortium alleged that a spyware tool was used to target smartphones belonging to 37 journalists, human rights activists, and other prominent figures. The spyware in question, Pegasus, is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos, and emails, record calls, and secretly activate microphones. The revelations prompted global outrage and prompted further investigations into the allegations.

Over the weekend, Belgium’s military intelligence found signs of an attack using Pegasus spyware on the mobile devices of a Belgian journalist and his wife. Last week, Apple was forced to issue an emergency software update after cyber security researchers uncovered a new vulnerability allowing hackers to deploy malware through iMessage. The developments also prompted EU commissioner David Reynders to call for urgent action against Pegasus spyware.

This issue is likely to rumble on for the foreseeable future and has raised serious concerns about the depths that some governments will go to keep tabs on citizens. NSO has always stringently denied the claims, but the very existence of spyware such as Pegasus should, and rightly is, causing alarm bells to ring.

At Babel, we’re proud to work with some of the businesses at the forefront of cybersecurity. Our expertise in building and implementing impactful campaigns on behalf of our security clients is unmatched. If you’d be interested in learning how an integrated PR and communications programme can help build awareness of your brand with tier-one media and key industry decision-makers, we’d love to hear from you.

We will also be at the International Cyber Expo on Tuesday 28^th September. If you plan to attend and would be interested in arranging a meeting, please get in touch.

In the meantime, check out a recording of our #BabelTalks event on the impact of covid-19 on the cybersecurity landscape. The panel discussion features the CEO of the UK National Cyber Security Centre, Ciaran Martin, and New York Times cybersecurity reporter, Nicole Perlroth. You can also download our whitepaper on creating meaningful commentary in an industry full of FUD here.