New Delhi: Mobile phones of around 30 Pakistani government servants, who include serving army generals, officials attached with the ISI and senior bureaucrats, were hacked into by using Pegasus spying software during April and May 2019.

Pegasus takes control of the infected phone by entering the system through WhatsApp.

While the Pakistan government has so far kept the matter under wraps, possibly to avoid panic and public embarrassment, it, however, issued a special secret advisory to heads of departments, a copy of which was also sent to the secretary of Prime Minister Imran Khan, asking them to replace all phones purchased before 10 May 2019 immediately and prohibiting the transfer of official documents by using WhatsApp.

The hacking of the mobile numbers of around 30 officials—the exact number is known only to the group/individual/organisation that hacked into the phones—has sparked a frenzy among government officials because of speculation that key documents and vital information might have landed in unintended hands and offices across borders.

Information and classified documents that are generally found in the mobile phones of top government officials, are regarded as invaluable by both foreign government agencies and private operators as they give valuable insights into otherwise closely guarded policies and plans.

The Sunday Guardian reached out to the NSO Group, the Israel-based company that owns Pegasus, with a detailed questionnaire regarding the recent development. In a statement, the NSO Group said: “To protect the ongoing public safety missions of its agency customers and given significant legal and contractual constraints, NSO Group is not able to disclose who is or is not a client or discuss specific uses of its technology, as explained in its Transparency Statement of Principles. However, the company’s products are licensed only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime. NSO’s technology is only licensed after a thorough vetting process that goes well beyond the legal requirements that we follow. All potential customers must meet strict export authority regulations before any sale, in addition to NSO’s internal vetting process that includes a focus on human rights. NSO’s governance framework aligns us with the UN Guiding Principles on Business and Human Rights and sets the highest standards in the cyber intelligence industry, embedding human rights due diligence into everything we do.”

This newspaper also shared its questions with the Pakistan high commission in New Delhi, and Pakistan’s Ministry of Information Technology & Telecom for response. However, no response was shared until the time the story went to press.

The NSO group gained some kind of notoriety after it emerged that Pegasus had infected at least 1,400 numbers across the world through WhatsApp. Facebook, the owner of WhatsApp, has already filed a suit against NSO in US courts for illegally breaking into WhatsApp.

Despite the controversy it has attracted in recent times, “Q Cyber Technologies”, the parent company of NSO, continues to remain active in the world of cyber espionage. It was one of the main sponsors of “ISS World Asia”—touted as the world’s largest gathering of law enforcement agencies, intelligence analysts, electronic surveillance and intelligence gathering—which was held in Kuala Lumpur, Malaysia in the first week of December.

In the said event, “Q Cyber Technologies” had defined itself as a company that equipped select intelligence agencies, militaries and law enforcement organisations around the world with the strategic, tactical and analytical technology capabilities required to ensure the success of their operations in fighting crime and terrorism.