5.9k Share this
Powerful spyware linked to a United Arab Emirates operator – which could have allowed 24-hour surveillance of messages, photos and calls – was found on a device connected to Number 10‘s network, it has been claimed.
The alarming cyber security breach is said to have occurred on 7 July 2020, almost a year into Boris Johnson‘s time as Prime Minister.
According to researchers, the Israeli-created spyware known as Pegasus was also suspected to have infected phones connected to the Foreign Office on at least five occasions between July 2020 and June last year.
These were linked to operators in the UAE, India, Cyprus, and Jordan.
The infection of a Number 10 device was revealed by an investigative journalist working for the New Yorker magazine.
They reported that several phones were tested at Downing Street, including the PM’s, but that officials from Britain’s National Cyber Security Centre were unable to locate the infected device and the nature of any data that may have been stolen was never determined.
‘When we found the No10 case, my jaw dropped,’ John Scott-Railton, a senior researcher at the Citizen Lab centre at the Univestity of Toronto, told the magazine.
He claimed the UK had been ‘underestimating the threat from Pegasus’ and had been left ‘spectacularly burned’.
Bill Marczak, another senior researcher, added: ‘We suspect this included the exfiltration of data.’
Powerful spyware known as Pegasus was used to infect a device connected to the network at 10 Downing Street, it has been claimed
Boris Johnson visited the UAE last month in an attempt to encourage Middle Eastern states to ramp up their production of oil – as Western nations look to wean themselves off Russian supplies
Pegasus was developed by the Israeli company NSO Group and is known to have the capability to infect billions of phones running either iOS or Android operating systems.
Once Pegasus is on a person’s device, it can copy messages that are sent or received, harvest photos, record phone calls, or even secretly film the user through the phone’s camera, or record conversations by activating the microphone.
It could also potentially be used to pinpoint where someone is, where they’ve been, or who they’ve met.
Citizen Lab also found the suspected Foreign Office infections.
Ron Deibert, its director, wrote in an article on the lab’s website that because the Foreign Office has many staff overseas, the suspected infections could have related to ‘devices located abroad and using foreign SIM cards’.
He added this was ‘similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021’.
A government spokesperson said they do not routinely comment on security matters.
In November, the US added NSO Group to a trade blacklist and accused them of selling spyware to foreign governments that used the equipment to target government officials, journalists and others
At the time, the Israeli company said it was ‘dismayed’ by the decision and insisted its technologies ‘support US national security interests’
Following today’s claim that Pegasus was used to infect a Number 10 device and phones at the Foreign Office, an NSO Group spokesperson told MailOnline: ‘The information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons.
‘NSO continues to be targeted by a number of politically motivated advocacy organisations, like Citizens Labs and Amnesty, to produce inaccurate and unsubstantiated reports based on vague and incomplete information.
‘We have repeatedly cooperated with governmental investigations, where credible allegations merit.’
A month earlier, in October 2021, the High Court in London found that the ruler of Dubai, Sheikh Mohammed Al Maktoum, ordered the hacking of the phone of his ex-wife, Princess Haya of Jordan.
The court said that Pegasus software was used in a bid to infiltrate the phones of Princess Haya, some of her staff and two of her solicitors.
NSO Group was said to have ended its contract with the UAE following the disclosure.
The timing of the revelation about spyware on a No10 device – associated with an operator linked to the UAE – comes little more than a month after Mr Johnson visited the region.
The PM used the trip to try and encourage both the UAE and Saudi Arabia to ramp up their production of oil as Western nations look to wean themselves off Russian supplies.
Pegasus was also suspected to have infected phones connected to the Foreign Office, which at the time was run by then-Foreign Secretary Dominic Raab, on at least five occasions between July 2020 and June last year
A government source said: ‘We speak regularly with partners and work closely with allies to tackle threats, improve resilience and raise any concerns where they arise.’
In April last year, the PM was at the centre of another security scare after it was revealed his personal mobile phone number had been freely available on the internet for the past 15 years.
At the time, former national security adviser Lord Peter Ricketts warned that hostile foreign states or criminal gangs could have accessed the PM’s personal number.
Earlier this year, Mr Johnson blamed getting a new phone for his failure to disclose WhatsApp messages with a Conservative peer, in which they discussed the controversial funding of his Downing Street flat refurbishment.
The PM offered a ‘humble and sincere apology’ for not sharing the messages – in which he described his Downing Street residence as ‘a bit of a tip’ – with an investigation into the flat refurbishment being headed by Lord Geidt, his independent adviser on ministers’ interests.
In a letter to Lord Geidt in January, Mr Johnson said: ‘You appreciate the security issues faced at the time meant that I did not have access to my previous device and did not recall the message exchange.’
Source: Daily Mail