Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Powerful ‘Trojan horse’ spyware found on Downing Street phone, security researchers say

The so-called ‘Pegasus’ attack is believed to have originated from the United Arab Emirates

Jon Stone
Policy Correspondent
Monday 18 April 2022 12:35 EDT
Comments
Researchers say No 10 was infected by the spyware
Researchers say No 10 was infected by the spyware (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Powerful spyware used by hackers to snoop on communications and steal data has been found on a device at Downing Street, researchers have said.

Specialists at the University of Toronto’s Citizen Lab said the notorious “Pegasus” Trojan horse appears to have been used to target both the prime minister’s office and the Foreign Office (FCDO).

The researchers said they had identified “multiple suspected instances of Pegasus spyware infections” on devices used by UK government officials.

Several No 10 mobile phones, including Boris Johnson’s, were tested after the 2020 breach – but UK officials were apparently unable to locate the infected device nor the nature of any stolen data.

The researchers believe the cyberattack targeting Boris Johnson’s office came from the United Arab Emirates (UAE) – while the identified FCDO infections appear to be linked to Pegasus “operators” in the UAE, India, Cyprus, and Jordan.

Ron Deibert, director of the Citizen Lab and Professor of Political Science at the University of Toronto’s Munk School of Global Affairs and Public Policy said: “During the course of our investigations into mercenary spyware, we will occasionally observe cases where we suspect that governments are using spyware to undertake international espionage against other governments.

“The vast majority of these cases are outside of our scope and mission. However, in certain select cases, where appropriate and while preserving our independence, we decide to notify these governments through the official channels, especially if we believe that our actions can reduce harm.

“We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks.”

Approached for comment by The Independent on the matter, a government spokesperson said: “We do not comment on security matters.”

The claims were first revealed in The New Yorker magazine. John Scott-Railton, a senior researcher at the Citizen Lab told the outlet: “When we found the No 10 case, my jaw dropped.”

Once the software, which was developed by Israeli company NSO Group, finds its way onto a person’s device it can copy messages, harvest photos, record phone calls, and even secretly film the user through the phone’s camera.

Real world conversations can be secretly recorded by switching on a phone’s microphone. Both Android and iOS devices are vulnerable to the technology. Pegasus was first identified in 2016 after a botched installation attempt against an Emirati human rights activist.

Boris Johnson visited the UAE in March in a bid to boost trade ties with the country and persuade the Gulf state to incease oil and gas production in light of the Russian invasion of Ukraine.

The prime minister has previously been criticised for taking a lax approach to his personal data security after it emerged that he had not changed his phone number for years and that it was readily available online. Pegasus and other spyware can be installed on devices through sending a text message to a user, sometimes exploiting loopholes that do not even require a user to click a link.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in