7 times the "world's most powerful cyberweapon" has been spotted in Africa

For lovers of Greek mythology Pegasus is simply an immortal, good-natured and helpful mythical creature. In the early 2010s, Pegasus came to life and unfortunately the manifestation experienced since then is nothing like the creature we grew up reading about in folklores. Present day Pegasus - spyware branded as “the most powerful cyberweapon”- makes the skin of politicians and influential business people crawl as an encounter spells nothing but doom…

The first version of Pegasus was developed in 2011 by NSO Group, an Israeli cyber-intelligence firm with the intent to make spyware that could eavesdrop on mobile phones and harvest the data found on these devices…

How is any of this legal you may be wondering? Well, NSO claimed that Pegasus was only sold exclusively to government security and law enforcement agents for the purpose of aiding rescue operations and as a tool for counter-terrorism. That sounds great but in practice the spyware has been in the news for all the wrong reasons…

It took 5 years and perhaps luck for the existence of Pegasus to become public knowledge after Ahmed Mansoor - a human rights defender received a suspicious text containing a link. Mansoor forwarded the message to Citizen Lab - an organisation studying information controls that impact internet openness & security who discovered how dangerous that link was. 

Investigations led to the revelation that the spyware capable of jailbreaking iOS devices when recipients opened links had been used by Panama between 2012-2014 and the United Arab Emirates in 2013.

Pegasus’ story in Africa started to pick up pace in the last half decade with at least 7 known incidents where the spyware has been used by or to target individuals on the continent.

Our story (as far as we know at least) starts in Djibouti- a relatively tiny country when considering it’s population of 1.1 million, sharing its borders with Ethiopia, Somalia and Eritrea. For travellers looking to visit the country located on the horn of Africa, one of the first thing travel blogs note is that there is a high threat of terrorist attack and that is how the country ended up acquiring Pegasus spyware in 2018. 

Interestingly, the spyware wasn’t bought by Djibouti but instead by the CIA who wanted to help their ally conduct counter-terrorism operations - which is the only occasion in which the spyware has been used in Africa for it’s claimed intended purpose. These details were revealed after a New York Times investigation which stated that the CIA purchased the spyware ignoring the fact that Djibouti’s government is oppressive. Djibouti denied ever purchasing or using the spyware and there hasn’t been any information further implicating the country with Pegasus.

If you leave Djibouti and travel 7500km northwest, you’ll find yourself in the Atlas Mountains. The mountains themselves are not significant to our tale but the host country, Morocco is because that’s where the most powerful cyberweapon popped up a year after the alleged CIA purchase in Djibouti.

In November that year - WhatsApp sent out messages to over a hundred activists they believed to have been hacked using spyware that would infiltrate their mobile phones. The spyware in question is of course Pegasus and among the victims were two Moroccan activists Aboubakr Jamaï and Abdellatif El Hamamouchi.

That incident didn’t seem to deter the North African country as they were accused of spying on French President, Macron using Pegasus in 2021. The blowback from these allegations is still being felt with Morocco acting out regarding the issue as recently as last month. The North African state recently moved to review ties with the EU citing how they have “long been the victim of an international attempt at destabilisation.” At this same time - Morocco was also accused of spying on Algerians and on over 6000 people using the software.

A pattern that is consistent throughout Pegasus’ appearances in Africa is that none of the alleged perpetrators have accepted allegations against them. Whether this is because they haven’t done anything or because the crimes are too significant to acknowledge is for all of us to wonder.

2019 was an eventful year for Pegasus with the next citing being in Uganda where the son of President Museveni - Lt. General Muhoozi Kainerugaba - was allegedly given a sales pitch on the merits of Pegasus and decided to purchase the Spyware. The ramifications of the deal which reportedly netted between $10-$20 million for NSO would only be felt two years later when an attempt was made to hack the phones of 11 American diplomats and employees of the US embassy in Uganda.

Whilst it hasn’t been established if the hackers were Ugandan or Rwandese - it’s clear this happened since NSO also decided to talk and say they had shut down the hacking service for customers involved in that case. It’s around this time it was made clear that NSO briefed its customers to steer clear of US phone numbers. The type of officials who buy this kind of software don’t strike me as the kind of guys and girls who follow rules but that is one of the few rules NSO has in place.

Shortly after this incident (in 2021) NSO was also reported to have stopped doing business in Africa…

Next up, Togo - a country I only know because of the mercurial Emmanuel Adebayor. We won’t be exploring his magical feats on a football pitch this time around since we have to harken back to that WhatsApp exploit we spoke about in Morocco. That breach was far reaching. Pegasus breached over 1400 victims including a catholic bishop along with other government critics and opposition in Togo. Around 2018, Citizen Lab had published a report citing Togo as one of five countries where possible operators of the NSO were present and this was proof. 

When NSO was asked about this incident all they said was that they didn’t know who clients would target and clients were contractually obligated to use the technology against terrorists and criminals. Again - plausible deniability. 

In July 2021, it was revealed that Carine Kanimba daughter of Paul Rusesabagina, the imprisoned Rwandan activist - had been a victim of Pegasus with a breach believed to have occured around January of that year. It was also revealed that Carine’s cousin, Jean-Paul, also had his phone infected with the spyware. Carine and Jean-Paul were actively working together to try and get Paul Rusesabagina out of prison and thus Carine believed it was the Rwandan government that had hacked the phones in order to foil plans they were making to that end. 

The same month it was revealed that Carine had fallen victim to Pegasus there was another high-profile target in the SADC region. It was revealed that South African President Cyril Ramaphosa had allegedly been selected for targeting by Rwanda. The Guardian newspaper who participated in the investigation alleged that Ramaphosa’s number had been selected for targeting in 2019. South Africa and Rwanda’s dicey history traces back to 2013 when the former chief of intelligence for Rwanda, Patrick Karegeya, was assassinated whilst living in exile in South Africa. In 2014, former Rwandan general Kayumba Nyamwasa was assassinated at a location near Johannesburg. Rwanda denied involvement in the assassinations along with the alleged cybercrime naturally. Interestingly, relations between the two countries which were on the mend seemed to have stalled again following the involvement of Pegasus.

Pegasus also hasn’t popped up on the continent since this incident it’s hard to know whether that is because the spyware isn’t active or if its because no one has caught on to the NSO’s work of late.

Whilst the NSO has always championed Pegasus as a tool for good many of the times it has made headlines have been for the wrong reasons. On the 7 occasions that Pegasus’ has popped up on the continent, all but one have been alleged human rights breaches. It’s hard to decipher if NSO’s tool really can be used to make the world a better place or if it is yet another toy for the powerful and rich to ensure the status quo is not disrupted…