We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks. These included:
- The Prime Minister's Office (10 Downing Street)
- The Foreign and Commonwealth Office (FCO) (Now the Foreign Commonwealth and Development office - FCDO)
Because the UK Foreign and Commonwealth Office and its successor office, the Foreign Commonwealth and Development office (FCDO), have personnel in many countries, the suspected FCO infections we observed could have related to FCO devices located abroad and using foreign SIM cards, similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021.
The United Kingdom is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy, as well as redress for spyware victims. We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware. Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK Government was aware of the ongoing spyware threat, and took appropriate action to mitigate it.
Ron Deibert
Director of the Citizen Lab and Professor of Political Science at the University of Toronto's Munk School of Global Affairs & Public Policy
It's time for Class Action lawsuits against Apple and Google - for hundreds of $ billions in compensation to everyone who owns a cell phone - whether infected or not. These companies are responsible to ensure an individual's cell phone cannot be maliciously violated.
These companies are negligent, and should therefore be sued out of existence, if necessary.