By Akshaj Gaur
For the Diamondback
Dana Priest, the John S. and James L. Knight Chair in Public Affairs Journalism at the University of Maryland’s journalism college, won a George Polk Award in technology reporting for the “Pegasus Project,” an investigation into the use of military-grade Israeli spy software, by The Washington Post and other global news outlets.
“The people who are fighting for the survival of democracy, kind of against all odds in [India, Poland, Hungary], this is a tool to destroy them. It’s a tool to make what they’re doing so much harder,” Priest said.
The tool Priest is talking about is the NSO Group’s Pegasus spyware, a licensed military-grade spyware whose stated purpose is to surveil specific devices of terrorists or major criminals.
Licensed to governments around the world, Pegasus is described to “have helped prevent attacks and bombings and broken up rings that trafficked in drugs, sex and children” in a statement released by NSO Group to the Washington Post. However, the Pegasus Project has yielded a different story.
The Washington Post’s report found the spyware was employed to successfully hack 37 smartphones belonging to journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi. These 37 smartphones were part of a larger list of more than 50,000 phone numbers, many of which were concentrated in regions where citizen surveillance has been used extensively by increasingly authoritarian regimes.
NSO Group, an Israeli technology firm, has refused to acknowledge its role in the hack, repeatedly shifting the blame to its clients. Priest points to the group’s relationship with the UAE as an example of NSO’s culpability in the misuse of its software.
“You look at a country like UAE and you look at their chronic human rights abuses, and their suppression of independent media … So why would you give them more tools?” Priest said.
In addition to holding NSO partially liable for the attack, Priest also called upon the international community to begin regulating these cyber surveillance weapons, likening these regulations to those for nuclear weapons and ballistic missiles.
In the United States, there are questions about whether Pegasus is actually used by law enforcement agencies. The FBI confirmed it purchased the software for testing purposes but denied any practical use of the software.
Despite these claims, Priest urged more transparency regarding the software in the U.S. One solution, according to Priest, is holding law enforcement agencies accountable through the judicial system, similar to the procedure in Europe.
Offensive cyber, such as Pegasus, is not a new revelation in the political world. Sophisticated, state sponsored disinformation campaigns have been a staple of countries such as Russia, dating back to the mid-2000s, Priest said. Russia treats these cyber campaigns as essential pieces of its defense budget, she said. For example, the Russia-based Internet Research Agency used Facebook ads to target Maryland more than any other state before, during and even after the 2016 U.S. presidential election, according to the Washington Post.
“We also have to educate citizens and just people in general on how to identify truthful sources versus misinformation,” journalism college Dean Lucy Dalglish said.
Dalglish said while the U.S. is still far from authoritarianism, she is concerned the country is becoming less tolerant.
“We are sometimes our own worst enemy,” she said. “We’re starting to lose our ability to actively engage and discuss issues with people whose backgrounds and thoughts might be different from our own, and I think social media has played a big part of that.”
Sarah Oates, a professor in the journalism college, referred to social media as a “double-edged sword.”
While acknowledging the ability of social media to give citizens of authoritarian regimes a voice, she warned of authoritarian regimes’ unprecedented ability to monitor these voices by applying algorithms and surveillance, such as Pegasus.
“Hybrid war is now the standard way that countries wage war,” Oates said. “Part of that is, of course – traditional warfare: munitions, tanks, soldiers – but a big part of it is winning the hearts and minds of not only your domestic population … but of the people you’re invading.”
Priest warns this risk is not confined to Pegasus and calls upon future cybersecurity professionals to protect democratic institutions across the world.
“There are lots of other companies that are trying to do or are doing similar things [to Pegasus], and I think it’d be really cool if we could get our cybersecurity people to start training on forensics for phones so that they can help detect when the wrong people are being surveilled,” she said.