Pegasus: Journalist, Wife Targeted by NSO Spyware, Finds Belgium’s Military Intelligence

The security agency said that due to the timing and the targets, Rwanda was 'highly likely' to be behind this case of spyware intrusion.

Listen to this article:

New Delhi: Following the revelations of the Pegasus Project, Belgium’s military intelligence drew up a list of probable victims, checked their phones and subsequently found signs of an attack using Pegasus spyware on the mobile devices of a Belgian journalist and his wife.

In July, a global investigation by 17 media organisations, including The Wire, had revealed how weapons-grade spyware manufactured and sold by Israel’s NSO Group may have potentially been used to target a large number of world leaders, politicians, journalists, government officials, lawyers and civil society members. This was based on an investigation of a leaked database of unattributed 50,000 phone numbers and forensic analyses of over 67 devices by Amnesty International’s Security Lab.

The Pegasus Project’s Belgian media partners, Knack and Le Soir, have found that following the revelations of the Pegasus Project, Belgium’s military intelligence service, the General Intelligence and Security Service (known by both its Dutch and French acronyms, ADVID-SGRS) launched an investigation by drawing up a list of several Belgian citizens who could be potential targets of the spyware.

In the intelligence agency’s report dated September 16 accessed by Knack and Le Soir, ADIV wrote that journalist Peter Verlinden and his wife, Marie Bamutese, were contacted by the intelligence agency for “security check of their communication devices”.

“As the full investigations are still ongoing, our service assesses likely that both Peter Verlinden and Marie Bamutese’s devices have been targetted by the Pegasus software. Given the timing of the intrusion and the nature of the individuals targetted, the SGRS assesses that such an intrusion was very likely initiated by Rwanda,” said the four-page document accessed by Knack and Le Soir.

Amnesty International’s Security Lab have also confirmed the infection after a forensic investigation.

“Due to the complexity of the NSO Pegasus spyware, further investigations by SGRS are ongoing in order to confirm our first assessment and determine the full scope of the compromise,” said the report by the Belgian security agency.

According to reports from Knack and Le Soir, more phones are being analysed by ADVID-SGRS. The agency refused to comment.

The NSO Group, which has staunchly dismissed the leaked database, claims that it sells its spyware only to “vetted” governments”.

Also read: Pegasus Project: How Phones of Journalists, Ministers, Activists May Have Been Used to Spy on Them

The likely possibility of Verlinden being targeted by Rwanda was based on his long journalistic career specialising in Central Africa.

“Given my relationship with the Rwandan regime, it didn’t really surprise us that Rwanda is trying to find out what my wife and I do. In recent years, we have come under fire from Internet trolls on social media. In 2018, we filed a complaint for defamation. In other words: we are used to the Rwandan regime,” Verlinden told the Pegasus Project.

The 64-year-old journalist worked for Belgium’s public broadcaster VRT for 32 years till 2019. He is currently an independent journalist who writes for several publications, including Knack. His wife, a former Rwandan refugee, has Belgian nationality.

He confirmed that ADIV had contacted him in August with the request to analyse both their phones. “At the end of August, they made a copy of the phones and then analysed it for five days. Then yesterday (on September 16) followed the report with the conclusion that both devices were probably hacked with Pegasus.”

In the classified analysis report, the intelligence agency has described Pegasus as “possibly among the most powerful pieces of spyware ever made by a private company”.

Once introduced into a phone, the device is “completely compromised and the spyware performs non-stop surveillance”. The spyware can remotely turn on a phone’s microphone and camera.

According to the report, phone users can’t do much “except for keeping the software of the telephone and applications up-to-date”.

Verlinden said that it was disheartening to read the insidious nature of Pegasus.

“But if you read ADIV’s explanation about what Pegasus can do, it is very dismal. Whoever sends Pegasus at you takes full possession of your phone. Even from the GPS tracker. They know perfectly where you are. Even Signal is not secure. You feel like everyone can watch what you do. It gives a very dirty feeling, a feeling of insecurity. We already tried to live with that, but this is a serious blow on top of it.”

Also read: Pegasus Project: 161 Names Revealed by the Wire on Snoop List So Far

Rwanda identified as “very likely” NSO client

As per the forensic analysis, the military intelligence service reported that Pegasus was “likely” installed on Verlinden’s phone between September 22 and 29, 2020. His phone was infected sometime between October 20 and November 2, 2020.

The report stated that the timing of the intrusion was “peculiar”. “The periods mentioned corresponds to the weeks that followed the kidnapping of Paul Rusesabagina and the international outrage that took over western media and placed Rwanda’s actions under the spotlight,” it said.

ADIV concluded that due to the timing and the targets, Rwanda was “highly likely” to be behind this case of spyware intrusion.

According to Knack, it is “exception for an intelligence agency to go this far in attributing a cyber attack”.

Rusesabagina became known all over the world due to the Hollywood film Hotel Rwanda, that documented the tale of how a hotel manager saved lives of over 1,200 Hutus and Tutsi during the Rwandan Genocide in 1994.

A Belgian citizen and permanent US resident, Rusesabagina’s lawyers had claimed that he was tricked into boarding a chartered flight to Kigali in August last year. A known critic of Rwandan President Paul Kagame, he was put on trial on a slew of terrorism-related charges. The judgment of the seven-month long trial, which Rusesabagina boycotted, is expected to be delivered on September 20.

The Pegasus Project already revealed that Rusesabagina’s daughter, Carine Kanimba, a US-Belgian dual citizen, had also been a victim of the intrusive software. She had been leading the campaign to free her father from Rwanda.

Amnesty International’s forensic analysis had found that Kanimba’s phone had been infiltrated multiple times since at least January this year.

The Guardian noted that Rwanda had been long suspected of being a client of NSO Group. WhatsApp had contacted at least six dissidents related to Rwanda in 2019 that they had targeted by spyware made by the NSO in an attack that affected hundreds of users around the world over a two-week period from April to May that year.

Several prominent names in the Rwandan diaspora have been spotted in the leaked list of probable targets selected by NSO clients.

Peter Verlinden hoped that that the Belgian government will send out a signal that the hacking of his phone “is a step too far”. He indicated that he would file a complaint soon.

There has been no reaction from the Rwandan government. Rwanda had previously dismissed allegations of being an NSO client and being behind the usage of Pegasus on several dissidents.

In a statement, the NSO Group responded, “We cannot make serious comments on “probable estimates” made by an anonymous actor. From the minimal information we received from you, it appears that this question is not related to NSO Group or any of its technologies.”

The Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news organisations in 10 countries coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab. Read all our coverage here.