Ramaphosa’s phone identified in leaked Pegasus spy project records

President Ramaphosa’s phone number has appeared in a leaked database of potential targets of the Pegasus spyware, The Guardian reported.

According to the report, the list is believed to indicate individuals who were identified as persons of interest by the government clients of Israeli spyware vendor NSO Group, which developed Pegasus.

The Guardian reported that Cyril Ramaphosa’s number seems to have been selected by Rwanda in 2019.

Rwandan authorities denied that they had access to NSO Group technology, but, according to the report, they have long been suspected of being a client of the spyware firm.

Just because a number is on the list does not mean it was necessarily subject to an attempted or successful hack.

However, an Amnesty International Security Lab forensic examination of a sample of 67 phones in the leaked data belonging to human rights activists, journalists and lawyers found 37 had contained traces of an attempted Pegasus infection.

Pegasus is a mobile phone spyware suite that requires that the attacker convince their target to click on an exploit link.

When you click the link, it activates a series of zero-day exploits which break your phone’s security and installs Pegasus without your knowledge.

“Once the phone is exploited, and Pegasus is installed, it begins contacting the operator’s command and control servers to receive and execute commands,” Citizen Lab stated in its 2018 report Hide and Seek.

After connecting to its command & control, Pegasus sends your private data to the servers, including passwords, contact lists, calendar events, text messages, and live voice calls from mobile messaging apps.

Pegasus can also remotely activate your phone’s camera and microphone.

NSO has denied that another world leader on the list, French president Emmanuel Macron, was a target of any of its customers.

The spyware firm said it defined targets as people who were “selected for surveillance using Pegasus, regardless of whether an attempt to infect her or his device is successful”.

Map of suspected Pegasus infections by Citizen Lab from 2018 Hide and Seek report

South Africa’s history with Pegasus dates back to at least June 2017, when Citizen Lab identified suspected infections in Kenya, Rwanda, South Africa, and Uganda.

The report showed that Citizen Lab detected infections of the Pegasus spyware in South Africa on the networks of Vodacom, MTN Business, Telkom, and Internet Solutions.

NSO Group asserted that it licenses its product exclusively to governments and law enforcement and that it requires its government clients to only use its spying tools for legitimate investigations into terrorism or crime

“Our business is conducted in strict compliance with applicable export control laws,” the NSO Group told Citizen Lab.

However, Citizen Lab said it witnessed the use of Pegasus to target activists, journalists, and politicians of opposition parties.

MyBroadband asked the Presidency whether President Cyril Ramaphosa’s phone had been targeted by spyware, but his spokespeople did not respond by the time of publication.

Now read: Committing high treason using WhatsApp in South Africa — what the law says

Latest news

Partner Content

Show comments


Share this article
Ramaphosa’s phone identified in leaked Pegasus spy project records