Pegasus Spyware: Bangladesh among infected locations

Bangladesh is reportedly among 45 countries where people have been spied upon with the Pegasus spyware, created by Israeli company NSO Group.

Reports by a number of major international news outlets said rights activists, journalists, politicians and jurists in 45 countries across the world have been targeted since 2016 with the spyware that works on iPhones and Android devices.

The spyware can harvest data, turn on mic and camera of a smartphone without the user's input, track location, and record keystrokes, the reports said. In some cases, it can be installed without the need to trick a user into initiating a download.

NSO Group sold the software to at least 10 countries and scores of its clients.

Seventeen news organisations in 10 countries launched the Pegasus Project, an investigative reporting consortium, following a massive leak. The probe was coordinated by the Paris-based journalism non-profit Forbidden Stories and advised by Amnesty International.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016, writes The Guardian.

Bangladesh was not specifically mentioned in the report published on Sunday, which sent shockwaves across the world.

But the Washington Post in its Q&A: A guide to 'spyware' said Citizen Lab, a Canadian cybersecurity organisation, has documented suspected Pegasus infections in 45 locations.

Bangladesh was named among the locations mentioned by the Washington Post, which also said, "However, the presence of infected phones does not necessarily mean a country's government is a client."

In Sunday's reports, the media outlets said they would gradually publish the names of countries and clients of NSO Group.

Bangladesh government last night outright rejected the claim of the international media.

Post and Telecommunication Minister Mustafa Jabbar told The Daily Star, "It is an attempt to tarnish the image of Bangladesh. ...  I am saying that neither telecommunication division nor ICT division purchased such spyware. There is no question of purchasing such spyware."

He also said the media outlets did not mention which organisation bought the spyware.

When asked whether law enforcement agencies used the spyware, the minister said, "I cannot say anything about this … they [law enforcement agencies] can say this."

Md Sohel Rana, AIG (media and public relations) of Bangladesh Police, said, "Bangladesh police does not use it."

Contacted, Commander Khandaker Al Moin, director (media and legal wing) of Rapid Action Battalion, told The Daily Star that Rab does not use the spyware.

Sunday's revelations -- part of a collaborative investigation by The Washington Post, The Guardian, Le Monde and other media outlets -- raise privacy concerns and reveal the far-reaching extent to which the private firm's software could be misused, reports AFP.

The leak consists of more than 50,000 smartphone numbers believed to have been identified as connected to people of interest by NSO clients since 2016.

Among the numbers on the list are those of journalists for Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, El Pais, the Associated Press, Le Monde, Bloomberg, The Economist, and Reuters, The Guardian said.

On the list were 15,000 numbers in Mexico -- among them reportedly a number linked to a murdered reporter -- and 300 in India, including politicians and prominent journalists.

Indian National Congress leader Rahul Gandhi, election strategist Prashant Kishor, Trinamool leader Abhishek Banerjee are among the many potential targets of Israeli spyware Pegasus, reported Times of India.

The Pegasus list reportedly has also names of two ministers in the Indian central government, including information technology minister Ashwini Vaishnaw, who had earlier said in Lok Sabha that there was no substance in Pegasus Project report.

The Wire, which was a part of Pegasus Project, confirmed that at least two mobile phone accounts used by Congress leader Rahul Gandhi were among 300 verified Indian numbers listed as potential targets.

Last week, the Indian government -- which in 2019 denied using the malware to spy on its citizens, following a lawsuit -- reiterated that "allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever."

The Washington Post said a forensic analysis of 37 of the smartphones on the list showed there had been "attempted and successful" hacks of the devices, including those of two women close to Saudi journalist Jamal Khashoggi, who was murdered in 2018 by a Saudi hit squad.

NSO has denied any wrongdoing, labelling the allegations "false".

A liberal party in Israel's governing coalition said yesterday it would ask the defence ministry about exports of Israeli spyware that media reports have linked to hacking of phones of journalists, civil servants and rights activists worldwide, reports Reuters.

POCKET SPY

The Washington Post said the numbers on the list were unattributed, but other media outlets participating in the project were able to identify more than 1,000 people in more than 50 countries.

They included several members of Arab royal families, at least 65 business executives, 85 human rights activists, 189 journalists and more than 600 politicians and government officials -- including heads of state, prime ministers and cabinet ministers.

Many numbers on the list were clustered in 10 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.