Pegasus Spyware Discovered In Downing Street

Click The Arrow For The Table Of Contents
concept of computer virus on the internet, trojan horse combined with coding program

The University of Toronto’s Citizen Lab found evidence that Pegasus spyware was being used to listen in on UK government networks for 10 Downing Street and the Foreign and Commonwealth Offices (FCO) in 2020 and 2021. 



Israeli-based NSO Group sells Pegasus spyware to governments to conduct surveillance by infecting phones with malicious surveillance software. Pegasus is essentially a complete surveillance toolkit generally sold to nation-states at prices that could be millions of US dollars. The software can extract the contents of a phone and give the operator access to any texts, photographs, the camera, and the microphone. This provides the Pegasus with the operator the ability to conduct real-time surveillance, e.g., private meetings. Pegasus is used for several surveillance purposes, e.g. by law enforcement tracking criminals or for authoritarians/governments listening in on people of interest such as journalists and activists to quash dissent. For example, Spain has recently been reported as being implicated in the use of Pegasus (and Candiru) to spy on 65 individuals related to Catalonia’s government. 

Who Was Listening?

The Citizen Lab has reported that the suspected infections related to the FCO were associated with Pegasus operators linked to the United Arab Emirates (UAE), India, Cyprus, and Jordan. Also, the suspected infection at the UK Prime Minister’s Office has been linked to the UAE. 


How Did They Get Infected With Spyware?

According to The Citizen Lab, it is because the UK Foreign and Commonwealth Office and its successor office, the Foreign Commonwealth and Development office (FCDO), have personnel in many countries. Therefore, the suspected FCO infections may have been related to FCO devices located abroad and using foreign SIM cards. This is similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021. Citizen Lab has also concluded that Pegasus was used to infect a device connected to 10 Downing Street’s network and the office of Prime Minister Boris Johnson on July 26 and 27, 2020. The servers to which the data was transmitted led The Citizen Lab suspects to suspect that the UAE was most likely behind the hack. 

In addition to the Downing Street infection, Citizen Lab reports that phones connected to the Foreign Office were hacked using Pegasus on at least five occasions, from July 2020, through June 2021. 

NSO Says…

NSO Group, the makers of the surveillance software, are reported to have said that the recent allegations about its software are false and that organisations like The Citizens Lab are politically motivated, and their reports may be inaccurate. 


What Does This Mean For Your Business?

Pegasus is known to be widely used by governments and agencies worldwide and has legitimate uses, e.g., tracking criminals. However, its ability to provide real-time surveillance and the difficulty in detecting it are likely reasons why it appears to have been used for many less savoury purposes and surveillance linked to repression. It is, of course, worrying that it could be so easy for (allegedly) other states to listen in on Downing Street and the UK Prime Minister, the implications of which we don’t yet fully know. Research from Amnesty International and Citizen Lab suggests that ways individuals can avoid infection by Pegasus include:

  • Rebooting the device daily (to clean it).
  • Disabling iMessage and Facetime (exploitation vectors).
  • Keeping the device up to date with the latest patches.
  • Never click on unsolicited links in SMS or email messages.