Boris Johnson must pay attention to basic cybersecurity rules, says security adviser | Boris Johnson

Boris Johnson should ‘pay close attention’ to basic cybersecurity rules, a former national security adviser has claimed, after it emerged the UAE was accused of hacking into a mobile phone in Downing Street .

Peter Ricketts, who held the post between 2010 and 2012, said the cyberattack demonstrated that NSO Group’s “commercially manufactured” Pegasus software enabled a “wide range of actors” to engage in sophisticated espionage.

Anyone with access to secret information should be aware of the rapidly changing risk, the pair added, including the Prime Minister, who was forced to change his mobile number last year after he was appeared that it was available online.

“It is essential that anyone with access to sensitive material up to and including the Prime Minister pay close attention to basic cybersecurity rules, including their phone numbers,” Ricketts said.

Johnson was forced to suddenly switch cellphones last spring after it emerged his number had been available online for 15 years. It was published on a think tank press release from 2006 and has never been removed.

Pegasus is sophisticated software, made by the Israeli company NSO Group, which can secretly take control of a person’s cell phone, take and copy data from it and even make it a remote listening device without their permission. But for it to be effective, it must be assigned a phone number to target.

NSO Group said the allegations were “false and misleading” and the company denied any involvement. “For technological, contractual and legal reasons, the claims described are impossible and unrelated to NSO’s products,” the company said.

On Monday, Citizen Lab, a group of technology researchers based at the University of Toronto, said it had uncovered evidence of “several suspected cases of Pegasus spyware infections” within official UK networks, including Downing Street and the Foreign Office.

Using digital forensic techniques developed over several years, researchers said they concluded the Downing Street attack was “associated with a Pegasus operator that we link to the UAE”, and took place on July 7, 2020.

There is no solid evidence as to why the UAE might have wanted to target Downing Street on this date. However, a day earlier, the British government had announced a series of economic sanctions targeting 20 Saudi nationals accused of involvement in the murder of journalist Jamal Khashoggi, as well as individuals from Russia, Myanmar and North Korea. The neighboring United Arab Emirates is a close ally of Saudi Arabia.

UAE Ambassador to London Mansoor Abulhoul has denied reports that the UAE may have used spyware to hack Downing Street or the Foreign Office.

He said: “These reports are totally baseless and we reject them. The UK is one of the closest and dearest allies of the UAE and we would never do such a thing to them.

He added that he was shocked that the allegations had even been made, pointing to the recent improvement in relations between the two countries, including a growing economic partnership.

The denial reflects the importance the UAE attaches to the relationship and the potential damage the spying allegation could cause if credited.

A Citizen Lab researcher told The New Yorker, which first reported on the story, that he believes some data may have been stolen from Downing Street by the hackers. But the research group said it could not determine whether Johnson’s own phone or that of any other named official was targeted.

The Foreign Office declined to discuss the story, saying, “We don’t routinely comment on security issues.” But Citizen Lab said it alerted the UK and officials from the National Cyber ​​Security Center reportedly tested several phones but were unable to locate the compromised one.

Pegasus is sold to governments for counter-terrorism or national security purposes, but there have been repeated accusations that it has been used to spy on opposition politicians, human rights defenders and journalists by at least 10 countries, including the United Arab Emirates and Saudi Arabia.

Three civil society activists in Britain are taking civil action against NSO Group, the United Arab Emirates and Saudi Arabia, after an investigation by the Guardian and others showed more than 400 phone numbers had been selected for potential targeting.

Last year, the high court and appeals court also ruled that “servants or agents” of Sheikh Mohammed bin Rashid al-Maktoum, vice-president and prime minister of the United Arab Emirates, had engaged in ” the surveillance of the six telephones”. in Britain – including his ex-sixth wife, Princess Haya, with whom he was embroiled in a bitter divorce case, and his lawyer Fiona Shackleton.

After the episode was discovered, in August 2020 the NSO Group reportedly rewrote its software to prevent Pegasus from being allowed to target UK numbers.

Comments are closed.