The latest bombshell that the Israeli – designed Pegasus spyware has been used by some 40 states of an authoritarian tendency to undermine thousands of critics, journalists, human rights activists – in fact anyone deemed by any latter day Nero to be an enemy of the state – can come as no surprise. In many respects the latest reports – eye watering though they may be – from Amnesty International Labs’ investigations, the French NGO Forbidden Stories and the Guardian, backed by its colleagues at the Washington Post, are news hidden in plain sight for some time now.

Variants of the Pegasus have been marketed by the NOS group of Israel under licence from the Israeli government for the last decade. Notionally, the spyware was for surveillance of “criminal and terrorist groups.”  It appears a form of this spyware was used to monitor the calls of Edward Snowden, the whistle blower from the US National Security Agency, who revealed in 2013 that communications by the billion were being harvested by the Agency in huge sweeps of ‘bulk data.’ This was all deemed in the interest of national security in the wake of the 9/11 attacks and the onslaught of the global jihad of ISIS, al Qaeda, and their affiliates.

Snowden was branded a traitor , threatened with a life sentence and forced to flee. Security chiefs and gurus in the US and UK believed , and still believe , that he had violated the old Roman nostrum of “The security of the people is the highest law,” – Salus populi suprema lex est. At best this principle needs some close discussion in today’s terms. At worst , it can be downright dangerous in the wrong hands, and can be the licence for the worst tyranny

This is why the revelations from Amnesty and the Guardian are so shocking. They have analysed 50,000 calls subjected to the Pegasus spyware from across 40 countries. Any iPhone or Android phone is vulnerable. The spyware has been used copiously and conspicuously by regimes such as that of Viktor Orban in Hungary and Ilham Aliyev of Azerbaijan. Some one hundred prominent journalists and human rights critics are named today , including Roula Khalaf, the editor of the Financial Times, Gregg Carlstrom of the Economist, and Siddarth Varadarajan, founder of the influential The Wire in India. 

Among the big users are Morocco, the UAE and Saudi Arabia, India and Pakistan and the ‘stans’ of central Asia. In Mexico, two prominent journalists investigating state corruption and organised crime have been targeted . It is believed that by monitoring his calls and movements, Cecilio Pineda Birto was tracked to a car wash in Ciudad Altamirano on 2 March 2017 when he was gunned down  by a professional hit squad. 

The NSO enterprise is thought to be one of many created in the past two decades for the commercial surveillance and spyware market. “Israel really has been start-up central for this world,” says a British consultant for UK cyber security services. “There have been quite a few about , and it’s not clear how closely they are monitored.”

In Israel, the security services and the defence forces are empowered to monitor any phone call in the interests of state security and the anti-terrorism strategy. At a demonstration of cell phone monitoring in a counter-terror operation exercise, Philip Johnston, the highly experienced deputy editor of the Daily Telegraph, turned to me,  saying: “You just couldn’t do this kind of phone surveillance in the UK – the human rights lobby and MPs would go mad.” 

Commenting on the Pegasus news, Amital Ziv of the liberal daily Haaretz remarks: “The moment cyberwarfare is in the picture, it has a chilling effect on democracy. Opposition activists are afraid in advance to communicate among themselves. Sources are afraid to be in contact with journalists. The demonstration won’t even be held, it will be monitored and silenced well before anyone steps out onto the street. A critical new article won’t be written at all because nobody will be in contact with the reporter. In this sense, cyberattacks are an almost perfect version of Orwell’s all-knowing dystopian Big Brother in Nineteen Eighty-Four.”

Prominent among the hundred or so names  of people whose phones were treated to the unsolicited attentions of Pegasus spyware is Hatice Cengiz, fiancée of the murdered journalist and commentator, Jamal Khashoggi. By the accounts from the Guardian and Amnesty , she was being tracked for some time before the murder in Istanbul on 6^th October 2018. It’s highly likely he was being traced in the same way – more details are to come – by the UAE regime of Mohammed bin Zayed. It is also suggested by the phone hack trail that the assignation was set up from the travel details gleaned from the hacks. This might explain how such a large hit squad could be flown into Istanbul, and out in time, and with such precision to slay the journalist on the day he was picking up his marriage legal documents. From the information so far analyzed , it is evident that Mohammed bin Salman of Saudi Arabia was using the spyware on members of his own family – some quite close to him.

The list of publications and media outlets makes pretty intriguing reading . Prominent among them are Al Jazeera, CNN, the New York Times, the Washington Post, the Wall Street Journal, El Pais, Reuters, France 24, the Economist, the FT, VOA and Radio Free Europe. There is more to come. 

The provenance of the whole process is transparent – and worrying. It was the brainchild and marque product of NSO, which was founded in 2010 by three experts in this kind of cyber activity, Omri Lavie, Shalev Hulio, and Niv Carmi. There have been multiple sales and purchases en route. Put up for sale for $1 billion in 2017, it was bought out by the two founders, Lavie and Hulio, together with a European private equity fund, Novalpina Capital in 2019.

The prime product Pegasus is classified as a weapon and must have specific export permission from the Israeli government.

The founders are graduates of Unit 8200 , the aggressive cyber surveillance sector of Israeli military intelligence. 8200 is an elite within and elite, veterans and serving members are a tight-knit community – “it’s a bit Hotel California – you can check in, but never check out,” said a senior British defence executive.  Unit 8200 can be highly active in the field . The assassination of the senior Iranian scientist,   Mohsen Fakhrizadeh, in his car in Absard last November 20^th was organized by Unit 8200 and not Israel’s foreign security agency, Mossad. 

This is worth noting because Boris Johnson and his advisers on security and cyber warfare are known to be enamoured of Unit 8200 as a model for at least the more military sections of the new UK cyber force. 

The implications for security in Britain are more direct and personal. Pegasus spyware is engineered to disrupt , bug, and even place secret recording modes in most common forms of western mobile phone. If you have either an iPhone or android device, if the latest revelations are anything to go by, you too could be a target.