Random Image Display on Page Reload

Pegasus Spyware Is Detected in a War Zone for the First Time

Silhouettes of soldiers with headlights shining in the background

Armenian soldiers patrol at the check point outside Agdam to let the last vehicles leave the region late on November 19, 2020.Photograph: Karen MINASYAN/Getty Images

May 25, 2023 6:00 AM

Pegasus Spyware Is Detected in a War Zone for the First Time

Researchers say Armenian government workers, journalists, and at least one United Nations official were targeted by the NSO tool.

On November 10, 2021, Varuzhan Geghamyan, an assistant professor at Yerevan State University in Armenia, received a notification from Apple on his phone. His device had been compromised by Pegasus, a sophisticated piece of spyware created by the Israeli NSO Group that has been used by governments to spy on and repress journalists, activists, and civil society groups. But Geghamyan was mystified as to why he’d been targeted.

“At the time, I was delivering public lectures and giving commentaries, appearing on local and state media,” he says. He was mainly speaking about the ongoing conflict in Nagorno-Karabakh, a disputed territory that is internationally recognized as part of Azerbaijan but has sought independence, with the backing of Armenia.

In a joint investigation by Access Now, Citizen Lab, Amnesty International, CyberHub-AM, and independent security researcher Ruben Muradyan, the team concluded that Geghamyan was one of 13 Armenian public officials, including journalists, former government workers, and at least one United Nations official, whose phones were targeted by the elite spyware. Amnesty’s research previously found that more than 1,000 Azerbaijanis were also included on a leaked list of potential Pegasus targets. Five of them were confirmed to have been hacked.

“It was the first time that we have spyware use documented in a war like this,” says Natalia Krapiva, tech-legal counsel at Access Now. With it comes a whole host of complications.

NSO Group did not provide an attributable comment in time for publication.

Nagorno-Karabakh has been the site of ongoing violent clashes between Armenia and Azerbaijan since the fall of the Soviet Union. But in September 2020, these escalated into an all-out war that lasted for about six weeks and left more than 5,000 people dead. Despite a ceasefire agreement, clashes continued into 2021.

In 2022, Human Rights Watch documented war crimes against Armenian prisoners of war, and the region has suffered a massive blockade that has left tens of thousands of people without basic necessities. The researchers found that most of the spyware victims were infected during the time of the war and its aftermath.

Most Popular

“Most of the people targeted were those working on topics related to human rights violations,” says Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab.

While the researchers were unable to conclusively determine who was behind the surveillance, NSO Group has historically said that it only licenses its products to governments, particularly to law enforcement and intelligence agencies. Previous reporting has found that Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, Togo, and the United Arab Emirates were all likely NSO Group customers, In 2022, the company said it would no longer sell to non-NATO countries.

A Pegasus infection is a “zero-click” attack, meaning the victim doesn’t need to open a suspicious email or click a bad link. “There is no behavior that would have protected these people from this spyware,” says John Scott-Railton, senior researcher at Citizen Lab.

While Pegasus has historically been used by government officials against their own populations, particularly activists and journalists, for which the company has come under international scrutiny, Scott-Railton says the use across borders in a conflict is particularly concerning. “NSO is always saying, ‘We sell our stuff to fight crime and terror,’ obviously this suggests that the reality goes beyond that,” he says.

While Scott-Railton says it’s unclear what information was being sought from the victims, the Pegasus software gives nearly unprecedented access to anything in an infected phone. It also allows the surveillant to turn on the microphone or camera remotely, turning the device into a “pocket spy.” “It’s the kind of thing that could potentially … change or influence the course of a conflict.”

Nowhere is this more evident than in the experience of one victim, Anna Naghdalyan, a former spokesperson for the Armenian Foreign Ministry. In her role, Naghdalyan had intimate knowledge of the ceasefire negotiations between Armenia and Azerbaijan, with “all the information about the war on my phone,” she told Access Now.

“It’s one thing for a state to use a tool like this against military adversaries on the battlefield,” says David Kaye, a former UN special rapporteur on the right to freedom of opinion and expression and a clinical professor of law at the University of California, Irvine. But the potential to surveil across borders in a time of conflict has “not just human rights concerns, but national security concerns.”

According to the report, if any humanitarian organizations were caught in the surveillance dragnet, that could make the use of Pegasus a violation of international law, which protects humanitarian workers in conflict settings.

“Humanitarian workers are considered outside of combat, so efforts to infiltrate their communications or to conduct surveillance for purposes of military advantage on humanitarian aid workers and humanitarian installations is prohibited in most cases,” says Raymond, a coleader of the Humanitarian Research Lab and lecturer at Yale’s School of Public Health.

“Regardless of which state is using this, there needs to be a comprehensive investigation and accountability,” says Ó Cearbhaill.

Get More From WIRED

Vittoria Elliott is a reporter for WIRED, covering platforms and power. She was previously a reporter at Rest of World, where she covered disinformation and labor in markets outside the US and Western Europe. She has worked with The New Humanitarian, Al Jazeera, and ProPublica. She is a graduate of… Read more
Platforms and power reporter

More from WIRED

What Really Made Geoffrey Hinton Into an AI Doomer

The AI pioneer is alarmed by how clever the technology he helped create has become. And it all started with a joke.

Will Knight

This European Satellite Giant Is Coming for Starlink

To compete with American rivals, Eutelsat’s Eva Berneke first has to navigate Russia’s war in Ukraine, Brexit politics, and jamming attacks by Iran.

Morgan Meaker

These ChatGPT Rivals Are Designed to Play With Your Emotions

Startups building chatbots tuned for emotionally engaged conversation say they can offer support, companionship—and even romance.

Will Knight

You’re Probably Underestimating AI Chatbots

Just as the first iPhone reviews mostly missed the device’s huge potential, it’s folly to draw conclusions from today’s unrefined technology.

Steven Levy

Europe’s Moral Crusader Lays Down the Law on Encryption

Ylva Johansson is on a personal mission to make the internet safer for children. Her opponents say her plans would wreck online privacy.

Morgan Meaker

Twitter Rival Bluesky Has a Nudes Problem

In its chaotic early days, the platform’s algorithm shared naked pictures in its What’s Hot feed.

Chris Stokel-Walker

You Can Now Claim a .Dad Domain for Your Site. Cue the Dad Jokes

Google’s new dedicated domain lets you join the growing sites dedicated to puns, pets, and mowing the lawn.

Reece Rogers

Slack’s CEO Wants You to Stop Slacking So Much

We sat down with Lidiane Jones to talk about work culture, automation, and also how to step away from the notifications (and your job).

Gideon Lichfield

Credit belongs to : www.wired.com

Check Also

B.C. firm wins NASA challenge with space-friendly menu

Space food isn't just Tang and puréed meat in a tube anymore — it's mushroom …